[patch] Can't pass Wi-Fi WPS Test Plan.

[Jouni Malinen]

On Thu, Jan 22, 2009 at 03:39:54PM +0900, Masashi Honma wrote:

> I can't pass the "Wi-Fi WPS Test Plan Version 1.0 [5.1.4. Add to AP using PIN Config method and PASS PHRASE through wired external registrar]". The wpa_supplicant-0.6.7 can't recoginize the testbed AP(BCM94704AGRRev-E.2.4) as WPS PIN AP. Because after PIN entered, the AP sends Selected Registrar attribute=0 and not send Device Password ID attribute.

Thanks for reporting this! This AP behavior is quite unfortunate.. If I
understood correctly, this would mean that the AP does not follow the
requirement of setting Selected Registrar to TRUE when processing
SetSelectedRegistrar message message from the external Registrar.

> Both attributes are optional on beacon and probe response on specification. So I think
> 1. Selected registrar=1 should not be checked on PIN. Because when Enrollee will try to start Registration protocol with not ready Registrar, the Registrar will response M2D message. On PBC, the check needed for multi PBC detection.

These attributes are only optional if Selected Registrar is FALSE. If
the external Registrar used SetSelectedRegistrar, the AP is required to
include these attributes. While I can agree that there are cases where
it could be beneficial to send M1 to such an AP without selected
registrar attribute set to 1 (e.g., if the optional Probe Request WPS IE
cannot be added), this is likely to cause problems for environments
where there are multiple WPS-enabled (but not active in the sense of
having a selected registrar) APs.

If the selected registrar check is removed, wpa_supplicant would need to
try connecting to every WPS-enabled AP in order to find the AP that has
the a selected registrar. This can take considerable amount of time if
there are large number of APs in scan results. Consequently, I do not
really want to make this change to be default behavior.

It should be possible to select the AP based on BSSID in the current
implementation and that does not require the selected registrar
attribute to be set in the AP. As far as the case where automatic AP
selection is more desirable, this workaround behavior should only be
started after not being able to find any WPS AP with selected registrar
attribute set to 1 in couple of scan attempts. This would not punish the
implementations that set selected registrar flag properly and would
still allow the particular case you mentioned to be handled eventually
(e.g., start picking WPS-enabled, not-selected registrar APs after two
scan rounds).

> 2. Device password id attribute should be checked if it exists. Because it is optional.

This attribute is required if Selected Registrar is TRUE, but I agree
that there is not really much point in verifying it in this function and
this check can indeed be done only if the attribute exists.

> Below is patch for wpa_supplicant 0.6.7.

Thanks. I applied the parts that fix a typo in the comment and make
Device Password ID check optional (i.e., only verified if present). As
far as the change to remove Selected Registrar validation is concerned,
I do not want to apply it in the proposed form. I need to think a bit
more about this and how it would work with the iteration through all
WPS-enabled APs and that part is likely to end up being in
wpa_supplicant{scan,events}.c and not in this file.

-- 
Jouni Malinen                                            PGP id EFC895FA