Re: Setup hostapd as a DPP Responder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Apr 06, 2020 at 09:35:05PM +0000, Schmidt, Wystan W wrote:
> Is it possible to setup hostapd as a DPP responder and configurator that can provision clients with a DPP connector? 

Yes.

> If so, could you put together some instructions on how to do this?
> 
> I was able to follow the updated instructions in README-DPP: http://w1.fi/cgit/hostap/plain/wpa_supplicant/README-DPP, but this setup requires the configurator to initiate DPP Authentication. 

The case of Configurator as the Responder was a bit inconvenient to use
in the older snapshots and it has not yet been fully documented. The
initial implementation allows this to be done by setting the
dpp_configurator_params value on the Configurator side with items that
would be used with the DPP_AUTH_INIT command on the Initiator side. For
example following commands over the hostapd control interface:

DPP_BOOTSTRAP_GEN type=qrcode chan=<current opclass/opchan> mac=<bssid>
(returns bootstrap info ID; print QR Code)

DPP_CONFIGURATOR_ADD
(returns conf id)

SET dpp_configurator_params conf=sta-dpp ssid=<SSID hexdump> configurator=<conf id>

DPP_QR_CODE <URI from an Enrollee>
(repeat for multiple Enrollees, if desired)

If you are using a recent snapshot of the hostap.git master branch,
there is a more flexible alternative for that global
dpp_configurator_params value: "DPP_BOOSTRAP_SET <id> <params>" can be
used to specify different parameters separately for each peer after the
DPP_QR_CODE command. This should be quite a bit more flexible approach
for the Configurator as Responder case.

> I am trying to setup hostapd to do the following with a generic client:
> 
> 1. Generate a DPP URI as the configurator. 

DPP URI is not really specific to Configurator/Enrollee, i.e., that is
done in the same manner for both to allow bootstrapping to occur. Role
is then negotiated as part of Authentication exchange.

> 2. Scan the DPP URI encoded as a QR-Code with a client device. 
> 3. Have the client device initiate DPP Authentication with hostapd and receive a DPP Connector.

The commands above achieve this.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux