1Device Provisioning Protocol (DPP) 2================================== 3 4This document describes how the Device Provisioning Protocol (DPP) 5implementation in wpa_supplicant and hostapd can be configured and how 6the STA device and AP can be configured to connect each other using DPP 7Connector mechanism. 8 9Introduction to DPP 10------------------- 11 12Device provisioning Protocol allows enrolling of interface-less devices 13in a secure Wi-Fi network using many methods like QR code based 14authentication( detailed below ), PKEX based authentication etc. In DPP 15a Configurator is used to provide network credentials to the devices. 16The three phases of DPP connection are authentication, configuration and 17network introduction. 18 19Build config setup 20------------------ 21 22The following changes must go in the config file used to compile hostapd 23and wpa_supplicant. 24 25wpa_supplicant build config 26--------------------------- 27 28Enable DPP and protected management frame in wpa_supplicant build config 29file 30 31CONFIG_IEEE80211W=y 32CONFIG_DPP=y 33 34hostapd build config 35-------------------- 36 37Enable DPP and protected management frame in hostapd build config file 38 39CONFIG_IEEE80211W=y 40CONFIG_DPP=y 41 42Configurator build config 43------------------------- 44 45Any STA or AP device can act as a Configurator. Enable DPP and protected 46managment frames in build config. For an AP to act as Configurator, 47Interworking needs to be enabled. For wpa_supplicant it is not required. 48 49CONFIG_INTERWORKING=y 50 51 52Sample supplicant config file before provisioning 53------------------------------------------------- 54 55ctrl_interface=DIR=/var/run/wpa_supplicant 56ctrl_interface_group=0 57update_config=1 58pmf=2 59dpp_config_processing=2 60 61Sample hostapd config file before provisioning 62---------------------------------------------- 63 64interface=wlan0 65driver=nl80211 66ctrl_interface=/var/run/hostapd 67ssid=test 68channel=1 69wpa=2 70wpa_key_mgmt=DPP 71ieee80211w=1 72wpa_pairwise=CCMP 73rsn_pairwise=CCMP 74 75 76Pre-requisites 77-------------- 78 79It is assumed that an AP and client station are up by running hostapd 80and wpa_supplicant using respective config files. 81 82 83Creating Configurator 84--------------------- 85 86Add a Configurator over the control interface (wpa_cli/hostapd_cli) 87 88> dpp_configurator_add 89(returns id) 90 91To get key of Configurator 92> dpp_configurator_get_key <id> 93 94 95How to configure an enrollee using Configurator 96----------------------------------------------- 97 98On enrollee side: 99 100Generate QR code for the device. Store the qr code id returned by the 101command. 102 103> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-channel> key=<key of the device> 104(returns bootstrapping info id) 105 106Get QR Code of device using the bootstrap info id. 107> dpp_bootstrap_get_uri <bootstrap-id> 108 109Make device listen to DPP request (The central frequency of channel 1 is 1102412) in case if enrollee is a client device. 111 112> dpp_listen <frequency> 113 114On Configurator side: 115 116Enter the QR Code in the Configurator. 117> dpp_qr_code "<QR-Code-read-from-enrollee>" 118 119On successfully adding QR Code, a bootstrapping info id is returned. 120 121Send provisioning request to enrollee. (conf is ap-dpp if enrollee is an 122AP. conf is sta-dpp if enrollee is a client) 123> dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> configurator=<configurator-id> 124 125The DPP values will be printed in the console. Save this values into the 126config file. If the enrollee is an AP, we need to manually write these 127values to the hostapd config file. If the enrollee is a client device, 128these details can be automatically saved to config file using the 129following command. 130 131> save_config 132 133To set values in runtime for AP enrollees 134 135> set dpp_connector <Connector-value-printed-on-console> 136> set dpp_csign <csign-value-on-console> 137> set dpp_netaccesskey <netaccess-value-on-console> 138 139To set values in runtime for client enrollees, set dpp_config_processing 140to 2 in wpa_supplicant conf file. 141 142Once the values are set in run-time (if not set in run-time, but saved 143in config files, they are taken up in next restart), the client device 144will automatically connect to the already provisioned AP and connection 145will be established. 146 147 148Self-configuring a device 149------------------------- 150 151It is possible for a device to configure itself if it is the 152Configurator for the network. 153 154Create a Configurator in the device and use the dpp_configurator_sign 155command to get DPP credentials. 156 157> dpp_configurator_add 158(returns configurator id) 159> dpp_configurator_sign conf=<ap-dpp|sta-dpp> configurator=<configurator-id> 160 161 162Sample AP configuration files after provisioning 163------------------------------------------------ 164 165interface=wlan0 166driver=nl80211 167ctrl_interface=/var/run/hostapd 168ssid=test 169channel=1 170wpa=2 171wpa_key_mgmt=DPP 172ieee80211w=1 173wpa_pairwise=CCMP 174rsn_pairwise=CCMP 175dpp_connector=<Connector value provided by Configurator> 176dpp_csign=<C-Sign-Key value provided by Configurator> 177dpp_netaccesskey=<Net access key provided by Configurator> 178 179 180Sample station configuration file after provisioning 181---------------------------------------------------- 182 183ctrl_interface=DIR=/var/run/wpa_supplicant 184ctrl_interface_group=0 185update_config=1 186pmf=2 187dpp_config_processing=2 188network={ 189 ssid="test" 190 key_mgmt=DPP 191 ieee80211w=2 192 dpp_connector="<Connector value provided by Configurator>" 193 dpp_netaccesskey=<Net access key provided by Configurator> 194 dpp_csign=<C-sign-key value provided by Configurator> 195} 196