xref: /freebsd/contrib/wpa/wpa_supplicant/README-DPP (revision c203bd70b5957f85616424b6fa374479372d06e3)
1Device Provisioning Protocol (DPP)
2==================================
3
4This document describes how the Device Provisioning Protocol (DPP)
5implementation in wpa_supplicant and hostapd can be configured and how
6the STA device and AP can be configured to connect each other using DPP
7Connector mechanism.
8
9Introduction to DPP
10-------------------
11
12Device provisioning Protocol allows enrolling of interface-less devices
13in a secure Wi-Fi network using many methods like QR code based
14authentication( detailed below ), PKEX based authentication etc. In DPP
15a Configurator is used to provide network credentials to the devices.
16The three phases of DPP connection are authentication, configuration and
17network introduction.
18
19Build config setup
20------------------
21
22The following changes must go in the config file used to compile hostapd
23and wpa_supplicant.
24
25wpa_supplicant build config
26---------------------------
27
28Enable DPP and protected management frame in wpa_supplicant build config
29file
30
31CONFIG_IEEE80211W=y
32CONFIG_DPP=y
33
34hostapd build config
35--------------------
36
37Enable DPP and protected management frame in hostapd build config file
38
39CONFIG_IEEE80211W=y
40CONFIG_DPP=y
41
42Configurator build config
43-------------------------
44
45Any STA or AP device can act as a Configurator. Enable DPP and protected
46managment frames in build config. For an AP to act as Configurator,
47Interworking needs to be enabled. For wpa_supplicant it is not required.
48
49CONFIG_INTERWORKING=y
50
51
52Sample supplicant config file before provisioning
53-------------------------------------------------
54
55ctrl_interface=DIR=/var/run/wpa_supplicant
56ctrl_interface_group=0
57update_config=1
58pmf=2
59dpp_config_processing=2
60
61Sample hostapd config file before provisioning
62----------------------------------------------
63
64interface=wlan0
65driver=nl80211
66ctrl_interface=/var/run/hostapd
67ssid=test
68channel=1
69wpa=2
70wpa_key_mgmt=DPP
71ieee80211w=1
72wpa_pairwise=CCMP
73rsn_pairwise=CCMP
74
75
76Pre-requisites
77--------------
78
79It is assumed that an AP and client station are up by running hostapd
80and wpa_supplicant using respective config files.
81
82
83Creating Configurator
84---------------------
85
86Add a Configurator over the control interface (wpa_cli/hostapd_cli)
87
88> dpp_configurator_add
89(returns id)
90
91To get key of Configurator
92> dpp_configurator_get_key <id>
93
94
95How to configure an enrollee using Configurator
96-----------------------------------------------
97
98On enrollee side:
99
100Generate QR code for the device. Store the qr code id returned by the
101command.
102
103> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-class/operating-channel> key=<key of the device>
104(returns bootstrapping info id)
105
106Get QR Code of device using the bootstrap info id.
107> dpp_bootstrap_get_uri <bootstrap-id>
108
109Make device listen to DPP request (The central frequency of channel 1 is
1102412) in case if enrollee is a client device.
111
112> dpp_listen <frequency>
113
114On Configurator side:
115
116Enter the QR Code in the Configurator.
117> dpp_qr_code "<QR-Code-read-from-enrollee>"
118
119On successfully adding QR Code, a bootstrapping info id is returned.
120
121Send provisioning request to enrollee. (conf is ap-dpp if enrollee is an
122AP. conf is sta-dpp if enrollee is a client)
123> dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
124
125The DPP values will be printed in the console. Save this values into the
126config file. If the enrollee is an AP, we need to manually write these
127values to the hostapd config file. If the enrollee is a client device,
128these details can be automatically saved to config file using the
129following command.
130
131> save_config
132
133To set values in runtime for AP enrollees
134
135> set dpp_connector <Connector-value-printed-on-console>
136> set dpp_csign <csign-value-on-console>
137> set dpp_netaccesskey <netaccess-value-on-console>
138
139To set values in runtime for client enrollees, set dpp_config_processing
140to 2 in wpa_supplicant conf file.
141
142Once the values are set in run-time (if not set in run-time, but saved
143in config files, they are taken up in next restart), the client device
144will automatically connect to the already provisioned AP and connection
145will be established.
146
147
148Self-configuring a device
149-------------------------
150
151It is possible for a device to configure itself if it is the
152Configurator for the network.
153
154Create a Configurator in the device and use the dpp_configurator_sign
155command to get DPP credentials.
156
157> dpp_configurator_add
158(returns configurator id)
159> dpp_configurator_sign conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
160
161
162Sample AP configuration files after provisioning
163------------------------------------------------
164
165interface=wlan0
166driver=nl80211
167ctrl_interface=/var/run/hostapd
168ssid=test
169channel=1
170wpa=2
171wpa_key_mgmt=DPP
172ieee80211w=1
173wpa_pairwise=CCMP
174rsn_pairwise=CCMP
175dpp_connector=<Connector value provided by Configurator>
176dpp_csign=<C-Sign-Key value provided by Configurator>
177dpp_netaccesskey=<Net access key provided by Configurator>
178
179
180Sample station configuration file after provisioning
181----------------------------------------------------
182
183ctrl_interface=DIR=/var/run/wpa_supplicant
184ctrl_interface_group=0
185update_config=1
186pmf=2
187dpp_config_processing=2
188network={
189	ssid="test"
190	key_mgmt=DPP
191	ieee80211w=2
192	dpp_connector="<Connector value provided by Configurator>"
193	dpp_netaccesskey=<Net access key provided by Configurator>
194	dpp_csign=<C-sign-key value provided by Configurator>
195}
196