From patchwork Tue Dec 11 07:30:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Damodaran, Rohit (Contractor)" X-Patchwork-Id: 1010861 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=comcast.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pG6RjhFM"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43DWpF0jJlz9s3q for ; Tue, 11 Dec 2018 18:31:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=fa2JpIArInkc7hPoBsYe13mT1NGoFN/LbOzPgjaqcio=; b=pG6RjhFMRjXVr1 v6pCVnmo2iA9rtSJnQUopE3xKxe+Ojj1UhPjeNJNcBjslF+GL8N+yhzp+oMWhoVTAGEHC8zrPSrv3 ER12tlMtRk6Sg+LQIPFct6iazKN8UluVk7N80+3ySH4IFAapTo2/tBw7mbW//o3EDJU+CA0y4DskP 4kI/rYfSJxr6FXEgejauTU3WUUWPWuo9yvPYOi6S6tAJVEfg+1lGqPFDnwoMrqx181Q9Qq28ENsph Ve1qblYY2/I05XCpnr/ZpO5myAKJ68/rQTkVRpPxRftdVq3ZlXyqQvOwqPJ6iRZvLLAXgxH1/XK6G vAiBTgPKNI7FXKqABr+w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gWcVI-0004CH-M2; Tue, 11 Dec 2018 07:30:52 +0000 Received: from copdcmhout02.cable.comcast.com ([96.114.158.212]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gWcVF-0004BX-Fu for hostap@lists.infradead.org; Tue, 11 Dec 2018 07:30:51 +0000 X-AuditID: 60729ed4-3bdff70000002a0e-3a-5c0f6761edba Received: from COPDCEXC35.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 4F.83.10766.1676F0C5; Tue, 11 Dec 2018 00:29:37 -0700 (MST) Received: from COPDCEXC35.cable.comcast.com (147.191.125.134) by COPDCEXC35.cable.comcast.com (147.191.125.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Tue, 11 Dec 2018 02:30:27 -0500 Received: from COPDCEXC35.cable.comcast.com ([fe80::3aea:a7ff:fe38:65f8]) by COPDCEXC35.cable.comcast.com ([fe80::3aea:a7ff:fe38:65f8%15]) with mapi id 15.01.1466.012; Tue, 11 Dec 2018 02:30:27 -0500 From: "Damodaran, Rohit (Contractor)" To: "hostap@lists.infradead.org" Subject: [PATCH] Readme for DPP Thread-Topic: [PATCH] Readme for DPP Thread-Index: AQHUkSLbcZM52SGeBUiLk4WW4PmdOA== Date: Tue, 11 Dec 2018 07:30:27 +0000 Message-ID: <25aab4fd732840038f44fc5171f708c6@comcast.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [96.115.73.253] MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOIsWRmVeSWpSXmKPExsWSUDRnsm5iOn+MwY4WeYu1j9IcGD02L6kP YIxqYLQpyShKTSxxSU1LzStOteNSwAA2Salp+UWprolFOZVBqTmpidiVgVSmpOZklqUW6WM1 Rh+rOQldTBlrF81kLVhkVPHi9APGBsbNWl2MnBwSAiYS0zatY+pi5OIQEtjFJHHt2QRGCKeF SeJF53aozGlGiV07brCDtLAJOEs83zOVCcQWEbCVWL3lC1hcWEBe4vuNNVBxFYmrE44wQth6 EucWngeLswioSqycdYkFxOYVsJLYdqYHrIZRQEzi+ymIXmYBcYlbT+YzQZwnILFkz3lmCFtU 4uXjf6wQtqLEvg8rmCHq9SRuTJ3CBmFrSyxb+JoZYr6gxMmZT1gg6sUlDh/ZwTqBUWQWkhWz kLTPQtI+C0n7AkaWVYx8lmZ6hoYmeoamFnpGhkabGMHRPe/KDsbL0z0OMQpwMCrx8ObH8scI sSaWFVfmHmKU4GBWEuHVTeONEeJNSaysSi3Kjy8qzUktPsQozcGiJM5bsZMvRkggPbEkNTs1 tSC1CCbLxMEp1cC4/tNlQ2nNsov2JjwFddY3C6u2/2wQP2oxzWPR0lXXQjr777XVb4iVS1l/ 6Sur6wN/ExGFkzO0xYUVijxfPl7AupFV1eAgl0FljvPaN4X6r1eYTdSRZbg55YAby13d3LsF c6K71600OJpxKq/5yny7Tg2/9KeBZ7jtzpX+7OPNflEbqPtrdbMSS3FGoqEWc1FxIgAYfhco 6gIAAA== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181210_233049_577606_4F3FC4C7 X-CRM114-Status: GOOD ( 15.32 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Adding a readme file for users for on-boarding devices with Device Provisioning Protocol (DPP) Signed-off-by: Rohit Damodaran ---  wpa_supplicant/README-DPP | 168 ++++++++++++++++++++++++++++++++++++++++++++++  1 file changed, 168 insertions(+)  create mode 100644 wpa_supplicant/README-DPP -- 2.14.1 diff --git a/wpa_supplicant/README-DPP b/wpa_supplicant/README-DPP new file mode 100644 index 000000000..b7fe8f580 --- /dev/null +++ b/wpa_supplicant/README-DPP @@ -0,0 +1,168 @@ +Device Provisioning Protocol (DPP) +===================================================== + +This document describes how the Device Provisioning Protocol (DPP) implementation +in wpa_supplicant and hostapd can be configured and how the STA device and AP can +be configured to connect each other using DPP Connector mechanism. + +Introduction to DPP +------------------- + +Device provisioning Protocol allows enrolling of interface-less devices in a secure Wi-Fi network +using many methods like QR code based authentication( detailed below ), PKEX based authentication etc. +In DPP a configurator is used to provide network credentials to the devices. +The three phases of DPP connection are authentication, configuration and network introduction. + +Build config setup +------------------ +The following changes must go in the config file used to compile hostapd and wpa_supplicant + +wpa_supplicant build config +--------------------- + +Enable DPP and  protected management frame in supplicant build config file +CONFIG_IEEE80211W=y +CONFIG_DPP=y + +hostapd build config +-------------- + +Enable DPP and  protected management frame in hostapd build config file +CONFIG_IEEE80211W=y +CONFIG_DPP=y + +configurator build config +------------------- + +Any STA or AP device can act as a configurator. Enable DPP and protected managment frames in build config. +For an AP to act as configurator, interworking needs to be enabled. For supplicant it is not required. + +CONFIG_INTERWORKING=y + + +Sample supplicant config file before provisioning +--------------------------------------------- + +ctrl_interface=DIR=/var/run/wpa_supplicant +ctrl_interface_group=0 +update_config=1 +pmf=2 +dpp_config_processing=2 + +Sample hostapd config file before provisioning +--------------------------------------------- + +interface=wlan0 +driver=nl80211 +ctrl_interface=/var/run/hostapd +ssid=test +channel=1 +wpa=2 +wpa_key_mgmt=DPP +ieee80211w=1 +wpa_pairwise=CCMP +rsn_pairwise=CCMP + + +Pre-requisites +-------------- + +It is assumed that an AP and client Station are up by running hostapd and wpa_supplicant using respective config file. + + +Creating configurator +--------------------- + +Add a configurator +> dpp_configurator_add + +To get key of configurator +> dpp_configurator_get_key + + +How to configure an enrollee using configurator +----------------- + +On enrollee side: + +Generate QR code for the device. Store the qr code id returned by the command. +> dpp_bootstrap_gen type=qrcode mac= chan= key= + +Get QR code of device using the qr code id. +> dpp_bootstrap_get_uri + +Make device listen to DPP request (The central frequency of channel 1 is 2412) in case if enrollee is a client device. +> dpp_listen + +On configurator side: + +Enter the QR code in the configurator. +> dpp_qr_code "" + +On successfully adding QR code, a qr code id is returned. + +Send provisioning request to enrollee.( conf is ap-dpp if enrollee is an AP. conf is sta-dpp if enrollee is a client ) +> dpp_auth_init peer= conf= configurator= + +The DPP values will be printed in the console. Save this values into the config file. If the enrollee is an AP, we need +to manually write these values to the hostapd config file. If the enrollee is a client device, +these details can be automatically saved to config file using the following command. +> save_config + +To set values in runtime for AP enrollees + +> set dpp_connector +> set dpp_csign +> set dpp_netaccesskey + +To set values in runtime for client enrollees, set dpp_config_processing to 2 in wpa supplicant conf file. + +once the values are set in run-time( if not set in run-time, but saved in config files, they are taken up in next reboot ), the +client device will automatically connect to the already provisioned AP and connection will be established. + + +Self-configuring a device +------------------------- + +It is possible for a device to configure itself. +Create a configurator in the device and use the dpp_configurator_sign command to get +DPP credentials. + +> dpp_configurator_add +> dpp_configurator_sign " conf= configurator=" + + +Sample AP configuration files after provisioning +----------------------------------- + +interface=wlan0 +driver=nl80211 +ctrl_interface=/var/run/hostapd +ssid=test +channel=1 +wpa=2 +wpa_key_mgmt=DPP +ieee80211w=1 +wpa_pairwise=CCMP +rsn_pairwise=CCMP +dpp_connector= +dpp_csign= +dpp_netaccesskey= + + +Sample Client configuration file after provisioning +------------------------------------------------ + +ctrl_interface=DIR=/var/run/wpa_supplicant +ctrl_interface_group=0 +update_config=1 +pmf=2 +dpp_config_processing=2 +network={ +       ssid="test" +       key_mgmt=DPP +       ieee80211w=2 +       dpp_connector="" +       dpp_netaccesskey= +       dpp_csign= +}