Home | History | Annotate | Download | only in wpa_supplicant
      1 Device Provisioning Protocol (DPP)
      2 ==================================
      3 
      4 This document describes how the Device Provisioning Protocol (DPP)
      5 implementation in wpa_supplicant and hostapd can be configured and how
      6 the STA device and AP can be configured to connect each other using DPP
      7 Connector mechanism.
      8 
      9 Introduction to DPP
     10 -------------------
     11 
     12 Device provisioning Protocol allows enrolling of interface-less devices
     13 in a secure Wi-Fi network using many methods like QR code based
     14 authentication( detailed below ), PKEX based authentication etc. In DPP
     15 a Configurator is used to provide network credentials to the devices.
     16 The three phases of DPP connection are authentication, configuration and
     17 network introduction.
     18 
     19 Build config setup
     20 ------------------
     21 
     22 The following changes must go in the config file used to compile hostapd
     23 and wpa_supplicant.
     24 
     25 wpa_supplicant build config
     26 ---------------------------
     27 
     28 Enable DPP and protected management frame in wpa_supplicant build config
     29 file
     30 
     31 CONFIG_IEEE80211W=y
     32 CONFIG_DPP=y
     33 
     34 hostapd build config
     35 --------------------
     36 
     37 Enable DPP and protected management frame in hostapd build config file
     38 
     39 CONFIG_IEEE80211W=y
     40 CONFIG_DPP=y
     41 
     42 Configurator build config
     43 -------------------------
     44 
     45 Any STA or AP device can act as a Configurator. Enable DPP and protected
     46 managment frames in build config. For an AP to act as Configurator,
     47 Interworking needs to be enabled. For wpa_supplicant it is not required.
     48 
     49 CONFIG_INTERWORKING=y
     50 
     51 
     52 Sample supplicant config file before provisioning
     53 -------------------------------------------------
     54 
     55 ctrl_interface=DIR=/var/run/wpa_supplicant
     56 ctrl_interface_group=0
     57 update_config=1
     58 pmf=2
     59 dpp_config_processing=2
     60 
     61 Sample hostapd config file before provisioning
     62 ----------------------------------------------
     63 
     64 interface=wlan0
     65 driver=nl80211
     66 ctrl_interface=/var/run/hostapd
     67 ssid=test
     68 channel=1
     69 wpa=2
     70 wpa_key_mgmt=DPP
     71 ieee80211w=1
     72 wpa_pairwise=CCMP
     73 rsn_pairwise=CCMP
     74 
     75 
     76 Pre-requisites
     77 --------------
     78 
     79 It is assumed that an AP and client station are up by running hostapd
     80 and wpa_supplicant using respective config files.
     81 
     82 
     83 Creating Configurator
     84 ---------------------
     85 
     86 Add a Configurator over the control interface (wpa_cli/hostapd_cli)
     87 
     88 > dpp_configurator_add
     89 (returns id)
     90 
     91 To get key of Configurator
     92 > dpp_configurator_get_key <id>
     93 
     94 
     95 How to configure an enrollee using Configurator
     96 -----------------------------------------------
     97 
     98 On enrollee side:
     99 
    100 Generate QR code for the device. Store the qr code id returned by the
    101 command.
    102 
    103 > dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-channel> key=<key of the device>
    104 (returns bootstrapping info id)
    105 
    106 Get QR Code of device using the bootstrap info id.
    107 > dpp_bootstrap_get_uri <bootstrap-id>
    108 
    109 Make device listen to DPP request (The central frequency of channel 1 is
    110 2412) in case if enrollee is a client device.
    111 
    112 > dpp_listen <frequency>
    113 
    114 On Configurator side:
    115 
    116 Enter the QR Code in the Configurator.
    117 > dpp_qr_code "<QR-Code-read-from-enrollee>"
    118 
    119 On successfully adding QR Code, a bootstrapping info id is returned.
    120 
    121 Send provisioning request to enrollee. (conf is ap-dpp if enrollee is an
    122 AP. conf is sta-dpp if enrollee is a client)
    123 > dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
    124 
    125 The DPP values will be printed in the console. Save this values into the
    126 config file. If the enrollee is an AP, we need to manually write these
    127 values to the hostapd config file. If the enrollee is a client device,
    128 these details can be automatically saved to config file using the
    129 following command.
    130 
    131 > save_config
    132 
    133 To set values in runtime for AP enrollees
    134 
    135 > set dpp_connector <Connector-value-printed-on-console>
    136 > set dpp_csign <csign-value-on-console>
    137 > set dpp_netaccesskey <netaccess-value-on-console>
    138 
    139 To set values in runtime for client enrollees, set dpp_config_processing
    140 to 2 in wpa_supplicant conf file.
    141 
    142 Once the values are set in run-time (if not set in run-time, but saved
    143 in config files, they are taken up in next restart), the client device
    144 will automatically connect to the already provisioned AP and connection
    145 will be established.
    146 
    147 
    148 Self-configuring a device
    149 -------------------------
    150 
    151 It is possible for a device to configure itself if it is the
    152 Configurator for the network.
    153 
    154 Create a Configurator in the device and use the dpp_configurator_sign
    155 command to get DPP credentials.
    156 
    157 > dpp_configurator_add
    158 (returns configurator id)
    159 > dpp_configurator_sign conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
    160 
    161 
    162 Sample AP configuration files after provisioning
    163 ------------------------------------------------
    164 
    165 interface=wlan0
    166 driver=nl80211
    167 ctrl_interface=/var/run/hostapd
    168 ssid=test
    169 channel=1
    170 wpa=2
    171 wpa_key_mgmt=DPP
    172 ieee80211w=1
    173 wpa_pairwise=CCMP
    174 rsn_pairwise=CCMP
    175 dpp_connector=<Connector value provided by Configurator>
    176 dpp_csign=<C-Sign-Key value provided by Configurator>
    177 dpp_netaccesskey=<Net access key provided by Configurator>
    178 
    179 
    180 Sample station configuration file after provisioning
    181 ----------------------------------------------------
    182 
    183 ctrl_interface=DIR=/var/run/wpa_supplicant
    184 ctrl_interface_group=0
    185 update_config=1
    186 pmf=2
    187 dpp_config_processing=2
    188 network={
    189 	ssid="test"
    190 	key_mgmt=DPP
    191 	ieee80211w=2
    192 	dpp_connector="<Connector value provided by Configurator>"
    193 	dpp_netaccesskey=<Net access key provided by Configurator>
    194 	dpp_csign=<C-sign-key value provided by Configurator>
    195 }
    196