Readme for DPP - Patchwork

Message ID	25aab4fd732840038f44fc5171f708c6@comcast.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: "Damodaran, Rohit (Contractor)" <Rohit_Damodaran@comcast.com> To: "hostap@lists.infradead.org" <hostap@lists.infradead.org> Subject: [PATCH] Readme for DPP Thread-Topic: [PATCH] Readme for DPP Thread-Index: AQHUkSLbcZM52SGeBUiLk4WW4PmdOA== Date: Tue, 11 Dec 2018 07:30:27 +0000 Message-ID: <25aab4fd732840038f44fc5171f708c6@comcast.com> Accept-Language: en-US Content-Language: en-US MIME-Version: 1.0 summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record Precedence: list Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Readme for DPP \| expand Readme for DPP

Message ID

25aab4fd732840038f44fc5171f708c6@comcast.com

State

Accepted

Headers

From: "Damodaran, Rohit (Contractor)" <Rohit_Damodaran@comcast.com>
To: "hostap@lists.infradead.org" <hostap@lists.infradead.org>
Subject: [PATCH] Readme for DPP
Thread-Topic: [PATCH] Readme for DPP
Thread-Index: AQHUkSLbcZM52SGeBUiLk4WW4PmdOA==
Date: Tue, 11 Dec 2018 07:30:27 +0000
Message-ID: <25aab4fd732840038f44fc5171f708c6@comcast.com>
Accept-Language: en-US
Content-Language: en-US
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Readme for DPP | expand

Commit Message

Damodaran, Rohit (Contractor) Dec. 11, 2018, 7:30 a.m. UTC

Adding a readme file for users for on-boarding devices with Device Provisioning Protocol (DPP) 

Signed-off-by: Rohit Damodaran <Rohit_Damodaran@comcast.com>

---
 wpa_supplicant/README-DPP | 168 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
 create mode 100644 wpa_supplicant/README-DPP


--
2.14.1

Comments

Jouni Malinen Dec. 23, 2018, 3:28 p.m. UTC | #1

On Tue, Dec 11, 2018 at 07:30:27AM +0000, Damodaran, Rohit (Contractor) wrote:
> Adding a readme file for users for on-boarding devices with Device Provisioning Protocol (DPP) 

Thanks, applied.

diff --git a/wpa_supplicant/README-DPP b/wpa_supplicant/README-DPP
new file mode 100644
index 000000000..b7fe8f580
--- /dev/null
+++ b/wpa_supplicant/README-DPP
@@ -0,0 +1,168 @@ 
+Device Provisioning Protocol (DPP)
+=====================================================
+
+This document describes how the Device Provisioning Protocol (DPP) implementation
+in wpa_supplicant and hostapd can be configured and how the STA device and AP can
+be configured to connect each other using DPP Connector mechanism.
+
+Introduction to DPP
+-------------------
+
+Device provisioning Protocol allows enrolling of interface-less devices in a secure Wi-Fi network
+using many methods like QR code based authentication( detailed below ), PKEX based authentication etc.
+In DPP a configurator is used to provide network credentials to the devices.
+The three phases of DPP connection are authentication, configuration and network introduction.
+
+Build config setup
+------------------
+The following changes must go in the config file used to compile hostapd and wpa_supplicant
+
+wpa_supplicant build config
+---------------------
+
+Enable DPP and  protected management frame in supplicant build config file
+CONFIG_IEEE80211W=y
+CONFIG_DPP=y
+
+hostapd build config
+--------------
+
+Enable DPP and  protected management frame in hostapd build config file
+CONFIG_IEEE80211W=y
+CONFIG_DPP=y
+
+configurator build config
+-------------------
+
+Any STA or AP device can act as a configurator. Enable DPP and protected managment frames in build config.
+For an AP to act as configurator, interworking needs to be enabled. For supplicant it is not required.
+
+CONFIG_INTERWORKING=y
+
+
+Sample supplicant config file before provisioning
+---------------------------------------------
+
+ctrl_interface=DIR=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+pmf=2
+dpp_config_processing=2
+
+Sample hostapd config file before provisioning
+---------------------------------------------
+
+interface=wlan0
+driver=nl80211
+ctrl_interface=/var/run/hostapd
+ssid=test
+channel=1
+wpa=2
+wpa_key_mgmt=DPP
+ieee80211w=1
+wpa_pairwise=CCMP
+rsn_pairwise=CCMP
+
+
+Pre-requisites
+--------------
+
+It is assumed that an AP and client Station are up by running hostapd and wpa_supplicant using respective config file.
+
+
+Creating configurator
+---------------------
+
+Add a configurator
+> dpp_configurator_add
+
+To get key of configurator
+> dpp_configurator_get_key <id>
+
+
+How to configure an enrollee using configurator
+-----------------
+
+On enrollee side:
+
+Generate QR code for the device. Store the qr code id returned by the command.
+> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-channel> key=<key of the device>
+
+Get QR code of device using the qr code id.
+> dpp_bootstrap_get_uri <qr-code-id>
+
+Make device listen to DPP request (The central frequency of channel 1 is 2412) in case if enrollee is a client device.
+> dpp_listen <frequency>
+
+On configurator side:
+
+Enter the QR code in the configurator.
+> dpp_qr_code "<qr-code-generated-at-enrollee>"
+
+On successfully adding QR code, a qr code id is returned.
+
+Send provisioning request to enrollee.( conf is ap-dpp if enrollee is an AP. conf is sta-dpp if enrollee is a client )
+> dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
+
+The DPP values will be printed in the console. Save this values into the config file. If the enrollee is an AP, we need
+to manually write these values to the hostapd config file. If the enrollee is a client device,
+these details can be automatically saved to config file using the following command.
+> save_config <network-id>
+
+To set values in runtime for AP enrollees
+
+> set dpp_connector <connector-value-printed-on-console>
+> set dpp_csign <csign-value-on-console>
+> set dpp_netaccesskey <netaccess-value-on-console>
+
+To set values in runtime for client enrollees, set dpp_config_processing to 2 in wpa supplicant conf file.
+
+once the values are set in run-time( if not set in run-time, but saved in config files, they are taken up in next reboot ), the
+client device will automatically connect to the already provisioned AP and connection will be established.
+
+
+Self-configuring a device
+-------------------------
+
+It is possible for a device to configure itself.
+Create a configurator in the device and use the dpp_configurator_sign command to get
+DPP credentials.
+
+> dpp_configurator_add
+> dpp_configurator_sign " conf=<ap-dpp|sta-dpp> configurator=<configurator-id>"
+
+
+Sample AP configuration files after provisioning
+-----------------------------------
+
+interface=wlan0
+driver=nl80211
+ctrl_interface=/var/run/hostapd
+ssid=test
+channel=1
+wpa=2
+wpa_key_mgmt=DPP
+ieee80211w=1
+wpa_pairwise=CCMP
+rsn_pairwise=CCMP
+dpp_connector=<DPP-Connector value provided by configurator>
+dpp_csign=<DPP-Csign value provided by configurator>
+dpp_netaccesskey=<DPP-Net access key provided by configurator>
+
+
+Sample Client configuration file after provisioning
+------------------------------------------------
+
+ctrl_interface=DIR=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+pmf=2
+dpp_config_processing=2
+network={
+       ssid="test"
+       key_mgmt=DPP
+       ieee80211w=2
+       dpp_connector="<DPP-Connector value provided by configurator>"
+       dpp_netaccesskey=<DPP-Net access key provided by configurator>
+       dpp_csign=<DPP-Csign value provided by configurator>
+}