I think I'm close.
> SET dpp_configurator_params conf=sta-dpp ssid=<SSID hexdump> configurator=<conf id>
This command fails because SET is expecting only 2 arguments.
>dpp_configurator_add
1
>SET dpp_configurator_params conf=sta-dpp ssid=74657374 configurator=1
Invalid SET command: needs two arguments (variable name and value)
> If you are using a recent snapshot of the hostap.git master branch,
> there is a more flexible alternative for that global
> dpp_configurator_params value: "DPP_BOOSTRAP_SET <id> <params>" can be
> used to specify different parameters separately for each peer after the
> DPP_QR_CODE command. This should be quite a bit more flexible approach
> for the Configurator as Responder case.
The control interface does not recognize the command DPP_BOOTSTRAP_SET.
>DPP_BOOTSTRAP_SET
Unknown command 'DPP_BOOTSTRAP_SET'
Any ideas? I'm working from the latest snapshot.
pi@raspberrypi:~:$ /usr/local/bin/hostapd -v
hostapd v2.10-devel-hostap_2_9-1031-gec182d5e9+
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2019, Jouni Malinen <j@xxxxx> and contributors
Thanks,
Wystan Schmidt
Charter Communications
On 4/7/20, 8:54 AM, "Jouni Malinen" <j@xxxxx> wrote:
On Mon, Apr 06, 2020 at 09:35:05PM +0000, Schmidt, Wystan W wrote:
> Is it possible to setup hostapd as a DPP responder and configurator that can provision clients with a DPP connector?
Yes.
> If so, could you put together some instructions on how to do this?
>
> I was able to follow the updated instructions in README-DPP: http://w1.fi/cgit/hostap/plain/wpa_supplicant/README-DPP, but this setup requires the configurator to initiate DPP Authentication.
The case of Configurator as the Responder was a bit inconvenient to use
in the older snapshots and it has not yet been fully documented. The
initial implementation allows this to be done by setting the
dpp_configurator_params value on the Configurator side with items that
would be used with the DPP_AUTH_INIT command on the Initiator side. For
example following commands over the hostapd control interface:
DPP_BOOTSTRAP_GEN type=qrcode chan=<current opclass/opchan> mac=<bssid>
(returns bootstrap info ID; print QR Code)
DPP_CONFIGURATOR_ADD
(returns conf id)
SET dpp_configurator_params conf=sta-dpp ssid=<SSID hexdump> configurator=<conf id>
DPP_QR_CODE <URI from an Enrollee>
(repeat for multiple Enrollees, if desired)
If you are using a recent snapshot of the hostap.git master branch,
there is a more flexible alternative for that global
dpp_configurator_params value: "DPP_BOOSTRAP_SET <id> <params>" can be
used to specify different parameters separately for each peer after the
DPP_QR_CODE command. This should be quite a bit more flexible approach
for the Configurator as Responder case.
> I am trying to setup hostapd to do the following with a generic client:
>
> 1. Generate a DPP URI as the configurator.
DPP URI is not really specific to Configurator/Enrollee, i.e., that is
done in the same manner for both to allow bootstrapping to occur. Role
is then negotiated as part of Authentication exchange.
> 2. Scan the DPP URI encoded as a QR-Code with a client device.
> 3. Have the client device initiate DPP Authentication with hostapd and receive a DPP Connector.
The commands above achieve this.
--
Jouni Malinen PGP id EFC895FA
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
