Adding a readme file for users for on-boarding devices with Device Provisioning Protocol (DPP)
Signed-off-by: Rohit Damodaran <Rohit_Damodaran@xxxxxxxxxxx>
---
wpa_supplicant/README-DPP | 168 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 168 insertions(+)
create mode 100644 wpa_supplicant/README-DPP
diff --git a/wpa_supplicant/README-DPP b/wpa_supplicant/README-DPP
new file mode 100644
index 000000000..b7fe8f580
--- /dev/null
+++ b/wpa_supplicant/README-DPP
@@ -0,0 +1,168 @@
+Device Provisioning Protocol (DPP)
+=====================================================
+
+This document describes how the Device Provisioning Protocol (DPP) implementation
+in wpa_supplicant and hostapd can be configured and how the STA device and AP can
+be configured to connect each other using DPP Connector mechanism.
+
+Introduction to DPP
+-------------------
+
+Device provisioning Protocol allows enrolling of interface-less devices in a secure Wi-Fi network
+using many methods like QR code based authentication( detailed below ), PKEX based authentication etc.
+In DPP a configurator is used to provide network credentials to the devices.
+The three phases of DPP connection are authentication, configuration and network introduction.
+
+Build config setup
+------------------
+The following changes must go in the config file used to compile hostapd and wpa_supplicant
+
+wpa_supplicant build config
+---------------------
+
+Enable DPP and protected management frame in supplicant build config file
+CONFIG_IEEE80211W=y
+CONFIG_DPP=y
+
+hostapd build config
+--------------
+
+Enable DPP and protected management frame in hostapd build config file
+CONFIG_IEEE80211W=y
+CONFIG_DPP=y
+
+configurator build config
+-------------------
+
+Any STA or AP device can act as a configurator. Enable DPP and protected managment frames in build config.
+For an AP to act as configurator, interworking needs to be enabled. For supplicant it is not required.
+
+CONFIG_INTERWORKING=y
+
+
+Sample supplicant config file before provisioning
+---------------------------------------------
+
+ctrl_interface=DIR=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+pmf=2
+dpp_config_processing=2
+
+Sample hostapd config file before provisioning
+---------------------------------------------
+
+interface=wlan0
+driver=nl80211
+ctrl_interface=/var/run/hostapd
+ssid=test
+channel=1
+wpa=2
+wpa_key_mgmt=DPP
+ieee80211w=1
+wpa_pairwise=CCMP
+rsn_pairwise=CCMP
+
+
+Pre-requisites
+--------------
+
+It is assumed that an AP and client Station are up by running hostapd and wpa_supplicant using respective config file.
+
+
+Creating configurator
+---------------------
+
+Add a configurator
+> dpp_configurator_add
+
+To get key of configurator
+> dpp_configurator_get_key <id>
+
+
+How to configure an enrollee using configurator
+-----------------
+
+On enrollee side:
+
+Generate QR code for the device. Store the qr code id returned by the command.
+> dpp_bootstrap_gen type=qrcode mac=<mac-address-of-device> chan=<operating-channel> key=<key of the device>
+
+Get QR code of device using the qr code id.
+> dpp_bootstrap_get_uri <qr-code-id>
+
+Make device listen to DPP request (The central frequency of channel 1 is 2412) in case if enrollee is a client device.
+> dpp_listen <frequency>
+
+On configurator side:
+
+Enter the QR code in the configurator.
+> dpp_qr_code "<qr-code-generated-at-enrollee>"
+
+On successfully adding QR code, a qr code id is returned.
+
+Send provisioning request to enrollee.( conf is ap-dpp if enrollee is an AP. conf is sta-dpp if enrollee is a client )
+> dpp_auth_init peer=<qr-code-id> conf=<ap-dpp|sta-dpp> configurator=<configurator-id>
+
+The DPP values will be printed in the console. Save this values into the config file. If the enrollee is an AP, we need
+to manually write these values to the hostapd config file. If the enrollee is a client device,
+these details can be automatically saved to config file using the following command.
+> save_config <network-id>
+
+To set values in runtime for AP enrollees
+
+> set dpp_connector <connector-value-printed-on-console>
+> set dpp_csign <csign-value-on-console>
+> set dpp_netaccesskey <netaccess-value-on-console>
+
+To set values in runtime for client enrollees, set dpp_config_processing to 2 in wpa supplicant conf file.
+
+once the values are set in run-time( if not set in run-time, but saved in config files, they are taken up in next reboot ), the
+client device will automatically connect to the already provisioned AP and connection will be established.
+
+
+Self-configuring a device
+-------------------------
+
+It is possible for a device to configure itself.
+Create a configurator in the device and use the dpp_configurator_sign command to get
+DPP credentials.
+
+> dpp_configurator_add
+> dpp_configurator_sign " conf=<ap-dpp|sta-dpp> configurator=<configurator-id>"
+
+
+Sample AP configuration files after provisioning
+-----------------------------------
+
+interface=wlan0
+driver=nl80211
+ctrl_interface=/var/run/hostapd
+ssid=test
+channel=1
+wpa=2
+wpa_key_mgmt=DPP
+ieee80211w=1
+wpa_pairwise=CCMP
+rsn_pairwise=CCMP
+dpp_connector=<DPP-Connector value provided by configurator>
+dpp_csign=<DPP-Csign value provided by configurator>
+dpp_netaccesskey=<DPP-Net access key provided by configurator>
+
+
+Sample Client configuration file after provisioning
+------------------------------------------------
+
+ctrl_interface=DIR=/var/run/wpa_supplicant
+ctrl_interface_group=0
+update_config=1
+pmf=2
+dpp_config_processing=2
+network={
+ ssid="test"
+ key_mgmt=DPP
+ ieee80211w=2
+ dpp_connector="<DPP-Connector value provided by configurator>"
+ dpp_netaccesskey=<DPP-Net access key provided by configurator>
+ dpp_csign=<DPP-Csign value provided by configurator>
+}
--
2.14.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
