DPP-WPA2-QR - Hostapd enrollee - Supplicant configurator
DPP-WPA2-QR-CODE (AP as Enrollee and STA as Configurator) frame exchange
Wi-Fi Device Provisioning Protocol (DPP) is a replacement of the Wi-Fi Protected Setup (WPS). With DPP, devices can be authenticated to join a network without a password through various means, including QR codes or NFC tags. this is not simply a mechanism for communicating the password but rather it is a way for devices to perform mutual authentication without a password.
The following is a resprestaion of DPP-WPA2-QR-CODE (AP as Enrollee and STA as Configurator) handshake
Hostapd(AP-Enrollee) wpa_supplicant(STA-Configurator)
|<<-----------------------DPP_Auth_Req-----------------------|
|-------------------------DPP_Auth_Resp-------------------->>|
|<<-----------------------DPP_Auth_Confirm-------------------|
|-------------------------DPP_Config_Req------------------->>|
|<<-----------------------DPP_Config_Resp--------------------|
|<<-----------------------PEER_Disc_Req----------------------|
|-------------------------PEER_Disc_RESP------------------->>|
|<<-----------------------Auth_Req---------------------------|
|-------------------------Auth_Resp------------------------>>|
|<<-----------------------Assoc_Req--------------------------|
|-------------------------Assoc_Resp----------------------->>|
|-------------------------EAPOL-M1------------------------->>|
|<<-----------------------EAPOL-M2---------------------------|
|-------------------------EAPOL-M3------------------------->>|
|<<-----------------------EAPOL-M4---------------------------|
Test bed
Inorder to execute below practical example, two Linux machines are needed with ubuntu version >= 16.04.
- Check the Ubuntu version on your machine. Ubuntu version used for in this site is 20.04
$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.2 LTS Release: 20.04 Codename: focal
wpa_supplicant compilation
The daemon process that runs in the client stations. It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. Following are the steps to download and compiling wpa_supplicant from source code
- Download latest wpa_supplicant
$ wget https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
- Install required packages
$ sudo apt install libnl-genl-3-dev libnl-3-dev libdbus-glib-1-dev- below messages indicate that packages are installed successfully
The following NEW packages will be installed: libdbus-glib-1-dev libdbus-glib-1-dev-bin libnl-3-dev libnl-genl-3-dev 0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded. Need to get 212 kB of archives. After this operation, 1,235 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev-bin amd64 0.110-5fakssync1 [39.5 kB] Get:2 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev amd64 0.110-5fakssync1 [69.2 kB] Get:3 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-3-dev amd64 3.4.0-1 [92.2 kB] Get:4 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-genl-3-dev amd64 3.4.0-1 [10.7 kB] Fetched 212 kB in 1s (293 kB/s) Selecting previously unselected package libdbus-glib-1-dev-bin. (Reading database ... 385264 files and directories currently installed.) Preparing to unpack .../libdbus-glib-1-dev-bin_0.110-5fakssync1_amd64.deb ... Unpacking libdbus-glib-1-dev-bin (0.110-5fakssync1) ... Selecting previously unselected package libdbus-glib-1-dev:amd64. Preparing to unpack .../libdbus-glib-1-dev_0.110-5fakssync1_amd64.deb ... Unpacking libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ... Selecting previously unselected package libnl-3-dev:amd64. Preparing to unpack .../libnl-3-dev_3.4.0-1_amd64.deb ... Unpacking libnl-3-dev:amd64 (3.4.0-1) ... Selecting previously unselected package libnl-genl-3-dev:amd64. Preparing to unpack .../libnl-genl-3-dev_3.4.0-1_amd64.deb ... Unpacking libnl-genl-3-dev:amd64 (3.4.0-1) ... Setting up libdbus-glib-1-dev-bin (0.110-5fakssync1) ... Setting up libnl-3-dev:amd64 (3.4.0-1) ... Setting up libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ... Setting up libnl-genl-3-dev:amd64 (3.4.0-1) ... Processing triggers for man-db (2.9.1-1) ...
- Extract the tar file
$ tar -xvf wpa_supplicant-2.9.tar.gz
- Go to wpa_supplicant directory
$ cd wpa_supplicant-2.9/wpa_supplicant
- Copy the default configuration into .conf file
$ cp defconfig .config
- Enable below configs in .config
$ vim .config CONFIG_DRIVER_NL80211=y CONFIG_WPA_PSK=y CONFIG_DPP=y CONFIG_IEEE80211W=y CONFIG_INTERWORKING=y CONFIG_SHA512=y CONFIG_SHA384=y CONFIG_CRYPTO=y
- Build the wpa_supplicant
$ makeBelow is the list of files compiled based on the features enabled in “.config”
CC config.c CC notify.c CC bss.c CC eap_register.c CC ../src/utils/common.c CC ../src/utils/wpa_debug.c CC ../src/utils/wpabuf.c CC ../src/utils/bitfield.c CC op_classes.c CC rrm.c CC wmm_ac.c CC ../src/utils/os_unix.c CC ../src/utils/eloop.c CC config_file.c CC ../src/rsn_supp/wpa_ft.c CC ../src/common/sae.c CC ../src/common/dpp.c CC dpp_supplicant.c CC ../src/rsn_supp/wpa.c CC ../src/rsn_supp/preauth.c CC ../src/rsn_supp/pmksa_cache.c CC ../src/rsn_supp/wpa_ie.c CC ../src/common/wpa_common.c CC ibss_rsn.c CC p2p_supplicant.c CC p2p_supplicant_sd.c CC ../src/p2p/p2p.c CC ../src/p2p/p2p_utils.c CC ../src/p2p/p2p_parse.c CC ../src/p2p/p2p_build.c CC ../src/p2p/p2p_go_neg.c CC ../src/p2p/p2p_sd.c CC ../src/p2p/p2p_pd.c CC ../src/p2p/p2p_invitation.c CC ../src/p2p/p2p_dev_disc.c CC ../src/p2p/p2p_group.c CC ../src/ap/p2p_hostapd.c CC wifi_display.c CC hs20_supplicant.c CC interworking.c CC ../src/eap_peer/eap_tls.c CC ../src/eap_peer/eap_peap.c CC ../src/eap_common/eap_peap_common.c CC ../src/eap_peer/eap_ttls.c CC ../src/eap_peer/eap_md5.c CC ../src/eap_peer/eap_mschapv2.c CC ../src/eap_peer/mschapv2.c CC ../src/eap_peer/eap_gtc.c CC ../src/eap_peer/eap_otp.c CC ../src/eap_peer/eap_leap.c CC ../src/eap_peer/eap_fast.c CC ../src/eap_peer/eap_fast_pac.c CC ../src/eap_common/eap_fast_common.c CC ../src/eap_peer/eap_pax.c CC ../src/eap_common/eap_pax_common.c CC ../src/eap_peer/eap_sake.c CC ../src/eap_common/eap_sake_common.c CC ../src/eap_peer/eap_gpsk.c CC ../src/eap_common/eap_gpsk_common.c CC ../src/eap_peer/eap_pwd.c CC ../src/eap_common/eap_pwd_common.c CC wps_supplicant.c CC ../src/utils/uuid.c CC ../src/eap_peer/eap_wsc.c CC ../src/eap_common/eap_wsc_common.c CC ../src/wps/wps.c CC ../src/wps/wps_common.c CC ../src/wps/wps_attr_parse.c CC ../src/wps/wps_attr_build.c CC ../src/wps/wps_attr_process.c CC ../src/wps/wps_dev_attr.c CC ../src/wps/wps_enrollee.c CC ../src/wps/wps_registrar.c CC ../src/eap_peer/eap_ikev2.c CC ../src/eap_peer/ikev2.c CC ../src/eap_common/eap_ikev2_common.c CC ../src/eap_common/ikev2_common.c CC ../src/eap_peer/eap_tnc.c CC ../src/eap_peer/tncc.c CC ../src/eapol_supp/eapol_supp_sm.c CC ../src/eap_peer/eap.c CC ../src/eap_peer/eap_methods.c CC ap.c CC ../src/ap/hostapd.c CC ../src/ap/wpa_auth_glue.c CC ../src/ap/utils.c CC ../src/ap/authsrv.c CC ../src/ap/ap_config.c CC ../src/utils/ip_addr.c CC ../src/ap/sta_info.c CC ../src/ap/tkip_countermeasures.c CC ../src/ap/ap_mlme.c CC ../src/ap/ieee802_1x.c CC ../src/eapol_auth/eapol_auth_sm.c CC ../src/ap/ieee802_11_auth.c CC ../src/ap/ieee802_11_shared.c CC ../src/ap/drv_callbacks.c CC ../src/ap/ap_drv_ops.c CC ../src/ap/beacon.c CC ../src/ap/bss_load.c CC ../src/ap/eap_user_db.c CC ../src/ap/neighbor_db.c CC ../src/ap/rrm.c CC ../src/ap/ieee802_11_ht.c CC ../src/ap/ieee802_11_vht.c CC ../src/ap/ctrl_iface_ap.c CC ../src/eap_server/eap_server.c CC ../src/eap_server/eap_server_identity.c CC ../src/eap_server/eap_server_methods.c CC ../src/ap/wmm.c CC ../src/ap/ap_list.c CC ../src/ap/ieee802_11.c CC ../src/ap/hw_features.c CC ../src/ap/dfs.c CC ../src/ap/wps_hostapd.c CC ../src/eap_server/eap_server_wsc.c CC ../src/ap/dpp_hostapd.c CC ../src/ap/gas_query_ap.c CC ../src/ap/gas_serv.c CC ../src/ap/hs20.c CC ../src/ap/wpa_auth.c CC ../src/ap/wpa_auth_ie.c CC ../src/ap/pmksa_cache_auth.c CC ../src/common/dragonfly.c CC ../src/crypto/ms_funcs.c CC ../src/eap_common/chap.c CC ../src/eap_peer/eap_tls_common.c CC ../src/crypto/tls_openssl.c CC ../src/crypto/tls_openssl_ocsp.c CC ../src/crypto/crypto_openssl.c CC ../src/crypto/aes-siv.c CC ../src/crypto/aes-ctr.c CC ../src/crypto/aes-omac1.c CC ../src/crypto/sha256-kdf.c CC ../src/crypto/sha384-kdf.c CC ../src/crypto/sha512-kdf.c CC ../src/crypto/sha256-prf.c CC ../src/crypto/sha256-tlsprf.c CC ../src/crypto/sha384-prf.c CC ../src/crypto/sha512-prf.c CC ../src/crypto/dh_groups.c CC ../src/crypto/random.c CC ../src/common/ctrl_iface_common.c CC ctrl_iface.c CC ctrl_iface_unix.c CC dbus/dbus_dict_helpers.c CC dbus/dbus_new_helpers.c dbus/dbus_new.c: In function ‘wpas_dbus_unregister_p2p_group’: dbus/dbus_new.c:4793:3: warning: ‘%s’ directive argument is null [-Wformat-overflow=] 4793 | wpa_printf(MSG_DEBUG, | ^~~~~~~~~~~~~~~~~~~~~ 4794 | "%s: Group object '%s' already unregistered", | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4795 | __func__, wpa_s->dbus_groupobj_path); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC dbus/dbus_new.c CC dbus/dbus_new_handlers.c CC dbus/dbus_common.c CC dbus/dbus_new_handlers_wps.c CC dbus/dbus_new_handlers_p2p.c CC dbus/dbus_new_introspect.c CC ../src/utils/base64.c CC sme.c CC ../src/common/ieee802_11_common.c CC ../src/common/hw_features_common.c CC ../src/eap_common/eap_common.c CC ../src/crypto/sha1-prf.c CC ../src/crypto/sha1-tprf.c CC ../src/crypto/sha1-tlsprf.c CC bgscan_simple.c CC bgscan.c CC ../src/common/gas_server.c CC ../src/common/gas.c CC gas_query.c CC offchannel.c CC ../src/utils/json.c CC ../src/drivers/driver_common.c CC wpa_supplicant.c CC events.c CC blacklist.c CC wpas_glue.c CC scan.c CC main.c CC ../src/drivers/driver_wired.c CC ../src/drivers/driver_wired_common.c CC ../src/drivers/driver_nl80211.c CC ../src/drivers/driver_nl80211_capa.c CC ../src/drivers/driver_nl80211_event.c CC ../src/drivers/driver_nl80211_monitor.c CC ../src/drivers/driver_nl80211_scan.c CC ../src/drivers/netlink.c CC ../src/drivers/linux_ioctl.c CC ../src/drivers/rfkill.c CC ../src/utils/radiotap.c CC ../src/drivers/driver_wext.c CC ../src/drivers/drivers.c CC ../src/l2_packet/l2_packet_linux.c LD wpa_supplicant CC wpa_cli.c CC ../src/common/wpa_ctrl.c CC ../src/common/cli.c CC ../src/utils/edit_simple.c LD wpa_cli LD wpa_passphrase
- Install the compiled commands (optional)
$ make install
hostapd compilation
The hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Following are the steps to download and compiling hostapd from source code
- Download latest hostapd
$ wget http://w1.fi/releases/hostapd-2.9.tar.gz
- Install required packages
$ sudo apt install libnl-genl-3-dev libnl-3-dev libdbus-glib-1-dev- below messages indicate that packages are installed successfully
The following NEW packages will be installed: libdbus-glib-1-dev libdbus-glib-1-dev-bin libnl-3-dev libnl-genl-3-dev 0 upgraded, 4 newly installed, 0 to remove and 4 not upgraded. Need to get 212 kB of archives. After this operation, 1,235 kB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev-bin amd64 0.110-5fakssync1 [39.5 kB] Get:2 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libdbus-glib-1-dev amd64 0.110-5fakssync1 [69.2 kB] Get:3 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-3-dev amd64 3.4.0-1 [92.2 kB] Get:4 http://in.archive.ubuntu.com/ubuntu focal/main amd64 libnl-genl-3-dev amd64 3.4.0-1 [10.7 kB] Fetched 212 kB in 1s (293 kB/s) Selecting previously unselected package libdbus-glib-1-dev-bin. (Reading database ... 385264 files and directories currently installed.) Preparing to unpack .../libdbus-glib-1-dev-bin_0.110-5fakssync1_amd64.deb ... Unpacking libdbus-glib-1-dev-bin (0.110-5fakssync1) ... Selecting previously unselected package libdbus-glib-1-dev:amd64. Preparing to unpack .../libdbus-glib-1-dev_0.110-5fakssync1_amd64.deb ... Unpacking libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ... Selecting previously unselected package libnl-3-dev:amd64. Preparing to unpack .../libnl-3-dev_3.4.0-1_amd64.deb ... Unpacking libnl-3-dev:amd64 (3.4.0-1) ... Selecting previously unselected package libnl-genl-3-dev:amd64. Preparing to unpack .../libnl-genl-3-dev_3.4.0-1_amd64.deb ... Unpacking libnl-genl-3-dev:amd64 (3.4.0-1) ... Setting up libdbus-glib-1-dev-bin (0.110-5fakssync1) ... Setting up libnl-3-dev:amd64 (3.4.0-1) ... Setting up libdbus-glib-1-dev:amd64 (0.110-5fakssync1) ... Setting up libnl-genl-3-dev:amd64 (3.4.0-1) ... Processing triggers for man-db (2.9.1-1) ...
- Extract the tar file
$ tar -xzvf hostapd-2.9.tar.gz
- Go to Hostapd directory
$ cd hostapd-2.9/hostapd
- Copy the default configuration into .conf file
$ cp defconfig .config
- Enable below configs in .config
$ vim .config CONFIG_DRIVER_NL80211=y CONFIG_WPA_PSK=y CONFIG_DPP=y CONFIG_IEEE80211W=y CONFIG_INTERWORKING=y
- Build the Hostapd
$ makeBelow is the list of files compiled based on the features enabled in “.config”
CC main.c CC config_file.c CC ../src/ap/hostapd.c CC ../src/ap/wpa_auth_glue.c CC ../src/ap/drv_callbacks.c CC ../src/ap/ap_drv_ops.c CC ../src/ap/utils.c CC ../src/ap/authsrv.c CC ../src/ap/ieee802_1x.c CC ../src/ap/ap_config.c CC ../src/ap/eap_user_db.c CC ../src/ap/ieee802_11_auth.c CC ../src/ap/sta_info.c CC ../src/ap/wpa_auth.c CC ../src/ap/tkip_countermeasures.c CC ../src/ap/ap_mlme.c CC ../src/ap/wpa_auth_ie.c CC ../src/ap/preauth_auth.c CC ../src/ap/pmksa_cache_auth.c CC ../src/ap/ieee802_11_shared.c CC ../src/ap/beacon.c CC ../src/ap/bss_load.c CC ../src/ap/neighbor_db.c CC ../src/ap/rrm.c CC ../src/drivers/drivers.c CC ../src/utils/eloop.c CC ../src/utils/common.c CC ../src/utils/wpa_debug.c CC ../src/utils/wpabuf.c CC ../src/utils/os_unix.c CC ../src/utils/ip_addr.c CC ../src/common/ieee802_11_common.c CC ../src/common/wpa_common.c CC ../src/common/hw_features_common.c CC ../src/eapol_auth/eapol_auth_sm.c CC ../src/eapol_auth/eapol_auth_dump.c CC ../src/radius/radius.c CC ../src/radius/radius_client.c CC ../src/radius/radius_das.c CC ../src/ap/accounting.c CC ../src/ap/vlan_init.c CC ../src/ap/vlan_ifconfig.c CC ../src/ap/vlan.c CC ../src/common/ctrl_iface_common.c CC ctrl_iface.c CC ../src/ap/ctrl_iface_ap.c CC ../src/ap/iapp.c CC ../src/common/sae.c CC ../src/drivers/driver_hostap.c CC ../src/drivers/driver_nl80211.c CC ../src/drivers/driver_nl80211_capa.c CC ../src/drivers/driver_nl80211_event.c CC ../src/drivers/driver_nl80211_monitor.c CC ../src/drivers/driver_nl80211_scan.c CC ../src/drivers/netlink.c CC ../src/drivers/linux_ioctl.c CC ../src/drivers/rfkill.c CC ../src/utils/radiotap.c CC ../src/l2_packet/l2_packet_linux.c CC ../src/eap_server/eap_server_md5.c CC ../src/eap_server/eap_server_tls.c CC ../src/eap_server/eap_server_peap.c CC ../src/eap_common/eap_peap_common.c CC ../src/eap_server/eap_server_ttls.c CC ../src/eap_server/eap_server_mschapv2.c CC ../src/eap_server/eap_server_gtc.c CC ../src/utils/uuid.c CC ../src/ap/wps_hostapd.c CC ../src/eap_server/eap_server_wsc.c CC ../src/eap_common/eap_wsc_common.c CC ../src/wps/wps.c CC ../src/wps/wps_common.c CC ../src/wps/wps_attr_parse.c CC ../src/wps/wps_attr_build.c CC ../src/wps/wps_attr_process.c CC ../src/wps/wps_dev_attr.c CC ../src/wps/wps_enrollee.c CC ../src/wps/wps_registrar.c CC eap_register.c CC ../src/eap_server/eap_server.c CC ../src/eap_common/eap_common.c CC ../src/eap_server/eap_server_methods.c CC ../src/eap_server/eap_server_identity.c CC ../src/common/dragonfly.c CC ../src/crypto/ms_funcs.c CC ../src/eap_common/chap.c CC ../src/eap_server/eap_server_tls_common.c CC ../src/crypto/tls_openssl.c CC ../src/crypto/tls_openssl_ocsp.c CC ../src/crypto/crypto_openssl.c CC ../src/crypto/aes-omac1.c CC ../src/crypto/sha1-prf.c CC ../src/crypto/sha1-tlsprf.c CC ../src/crypto/sha256-prf.c CC ../src/crypto/sha256-tlsprf.c CC ../src/crypto/sha256-kdf.c CC ../src/crypto/dh_groups.c CC ../src/crypto/random.c CC ../src/utils/base64.c CC ../src/ap/wmm.c CC ../src/ap/ap_list.c CC ../src/ap/ieee802_11.c CC ../src/ap/hw_features.c CC ../src/ap/dfs.c CC ../src/common/gas.c CC ../src/ap/gas_serv.c CC ../src/drivers/driver_common.c LD hostapd CC hostapd_cli.c CC ../src/common/wpa_ctrl.c CC ../src/common/cli.c CC ../src/utils/edit_simple.c LD hostapd_cli
- Install the compiled commands (optional)
$ make install
Running hostapd
Check if wifi interface with the name “wlan0” is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually
$ iwconfig wlan0 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on $ iw dev phy#1 Interface wlan0 ifindex 5 wdev 0x100000001 addr 02:00:00:00:00:00 type managed txpower 20.00 dBm
- Create a hostapd.conf file in /etc/hostapd/ folder with below content
$ sudo vim /etc/hostapd/hostapd.confCopy below content
interface=wlan0 driver=nl80211 ctrl_interface=/var/run/hostapd ssid=test channel=1 wpa=2 wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 DPP ieee80211w=1 wpa_passphrase=passwordpasswordpassword wpa_pairwise=CCMP rsn_pairwise=CCMP
- Go to hostapd directory
$ cd hostapd-2.9/hostapd
- Run hostapd by issuing follwing command
$ sudo ./hostapd /etc/hostapd/hostapd.confBelow log messages are seen on console after running hostapd
Configuration file: /etc/hostapd/hostapd.conf Using interface wlan0 with hwaddr 02:00:00:00:00:00 and ssid "test" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLEDMode of “wlan0” interface is now assigned as “AP/Master”. Check this by querying information via iwconfig/iw command
$ iwconfig wlan0 IEEE 802.11 Mode:Master Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on $ iw dev phy#1 Interface wlan0 ifindex 5 wdev 0x100000001 addr 02:00:00:00:00:00 ssid test type AP channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz txpower 20.00 dBm
Running wpa_supplicant
- Check if wifi interface with the name “wlan1” is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually
$ iwconfig wlan1 IEEE 802.11 ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:on $ iw dev phy#2 Interface wlan1 ifindex 6 wdev 0x200000001 addr 02:00:00:00:01:00 type managed txpower 20.00 dBm
- Go to wpa_supplicant directory
$ cd wpa_supplicant-2.9/wpa_supplicantCreate wpa_supplicant.conf file with following network block contents
delete all existing content and copy below content
ctrl_interface=/run/wpa_supplicant update_config=1 ctrl_interface_group=0 pmf=2 dpp_config_processing=2
- Run wpa_supplicant
$ sudo ./wpa_supplicant -Dnl80211 -i wlan1 -c wpa_supplicant.conf
Syntax : Sequence of commands
Steps |
AP (hostapd_cli) |
Station (wpa_cli) |
---|---|---|
Step 1 |
> dpp_configurator_add
> returns <CONFIGURATOR_ID>
* Note : Use the returned <CONFIGURATOR_ID> in step2
|
|
Step 2 |
> dpp_configurator_get_key <CONFIGURATOR_ID>
> returns <KEY>
* Note : Use the returned <KEY> in step4
|
|
Step 3 |
> dpp_configurator_sign conf=sta-dpp \
configurator=<CONFIGURATOR_ID> \
ssid=<ssid in hex>
* Note :
1. <CONFIGURATOR_ID> is derived from step1
|
|
Step 4 |
Generate QR code for the device
> dpp_bootstrap_gen type=qrcode \
mac=<MAC_OF_ENROLLEE> \
chan=<operating-class/channel of Configurator> \
key=<KEY>
> returns <BOOT_STRAPPING_INFO_ID>
* Note :
1. <KEY> is derived from step2
2. Use returned <BOOT_STRAPPING_INFO_ID> in step5
3. <MAC_OF_ENROLEE> is derived using ifconfig command on enrollee
|
|
Step 5 |
Get URI for the QR Code
> dpp_bootstrap_get_uri <BOOT_STRAPPING_INFO_ID>
> returns <URI_OF_QR_CODE>
* Note :
1. <BOOT_STRAPPING_INFO_ID> is derived from step
2. Use returned <URI_OF_QR_CODE> in step7
|
|
Step 6 |
> dpp_listen <frequency>
|
|
Step 7 |
Enter URI of QR code
> dpp_qr_code <URI_OF_QR_CODE>
> returns <QR_CODE_ID>
* Note :
1. <URI_OF_QR_CODE> is derived from step5
2. Use returned <QR_CODE_ID> in step8
|
|
Step 8 |
> dpp_auth_init peer=<QR_CODE_ID> \
conf=ap-dpp configurator=<CONFIGURATOR_ID> \
ssid=<ssid in hex>
* Note :
1. <QR_CODE_ID> is derived from step7
2. <CONFIGURATOR_ID> is derived from step1
|
|
Step 9 |
Set DPP values on AP
> set dpp_connector <DPP-CONNECTOR value>
> set dpp_csign <DPP-C-SIGN-KEY value>
> set dpp_netaccesskey <DPP-NET-ACCESS-KEY value>
|
|
Step 10 |
> save_config
|
wpa_cli logs ; Step 1, Step 2, Step 3
> dpp_configurator_add 1 > dpp_configurator_get_key 1 30770201010420544bd34e7b84ec0c988178a5c5659e4cc0f74f52fc9bba6854c54d9388cd5624a00a06082a8648ce3d030107a14403420004083f4a398d8122ea36fb7a7e1c2d7f9a0de6f58c5bf680facf559a0f79ac30eb84211e6bf25eb0e09fe1d157a7ebf7e270f57558e1e8fa59cd566aafeb89ccf5 > dpp_configurator_sign conf=sta-dpp configurator=1 ssid=74657374 OK <3>DPP-CONF-RECEIVED <3>DPP-CONFOBJ-SSID test <3>DPP-CONNECTOR eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJBeEhqSlpMaW9oZmRWem9WR01SUzM1aGlnWkFVYWtoRXRKOUJCM29hMjFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZ2hhN2g4ZjB1M0xWLWY3dUZUYi1hY0hGREQ3b0xLUzkzQ3RaXzlOd0lmcyIsInkiOiI3VTczM05hejBKc1QyeERGUUFlMV9wN1IyMndza2pIbENGOVpib2FwWWN3In19.aNXbfWFLp42teqQR8_Gow7LAExJWv6XCuFl9xJkcsQmWSAOvFBj2p1NWaP2T7EHH538Iy4YJTm_2qeUqFlIJbQ <3>DPP-C-SIGN-KEY 3059301306072a8648ce3d020106082a8648ce3d030107034200042878f1ff8200bf5f6984fad582b6acca880bda91b23bb37dee4ce6856b0d76b27f0229bd183df8e80c6f22aa19f644f9af1f71418ec712056ac5da8a72b8806b <3>DPP-NET-ACCESS-KEY 307702010104208c5949daa7079bed9c7d7bae8f1c6d1a420b66e507e0c0ee602b81a570a3236ba00a06082a8648ce3d030107a144034200048216bb87c7f4bb72d5f9feee1536fe69c1c50c3ee82ca4bddc2b59ffd37021fbed4ef7dcd6b3d09b13db10c54007b5fe9ed1db6c2c9231e5085f596e86a961cc <3>DPP-NETWORK-ID 0 <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>DPP-TX dst=02:00:00:00:00:00 freq=2437 type=5 <3>DPP-TX-STATUS dst=02:00:00:00:00:00 freq=2437 result=SUCCESS
hostapd_cli logs ; Step 4, Step 5, Step 6
> dpp_bootstrap_gen type=qrcode mac=6466b3172c59 chan=81/6 key=30770201010420544bd34e7b84ec0c988178a5c5659e4cc0f74f52fc9bba6854c54d9388cd5624a00a06082a8648ce3d030107a14403420004083f4a398d8122ea36fb7a7e1c2d7f9a0de6f58c5bf680facf559a0f79ac30eb84211e6bf25eb0e09fe1d157a7ebf7e270f57558e1e8fa59cd566aafeb89ccf5 1> > dpp_bootstrap_get_uri 1 DPP:C:81/6;M:020000000000;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADCD9KOY2BIuo2+3p+HC1/mg3m9Yxb9oD6z1WaD3msMOs=;; > dpp_listen 2437 OK > <3>DPP-RX src=02:00:00:00:01:00 freq=2437 type=0 <3>DPP-TX dst=02:00:00:00:01:00 freq=2437 type=1 <3>DPP-TX-STATUS dst=02:00:00:00:01:00 result=SUCCESS <3>DPP-RX src=02:00:00:00:01:00 freq=2437 type=2 <3>DPP-AUTH-SUCCESS init=0 <3>GAS-QUERY-START addr=02:00:00:00:01:00 dialog_token=0 freq=2437 <3>GAS-QUERY-DONE addr=02:00:00:00:01:00 dialog_token=0 freq=2437 status_code=0 result=SUCCESS <3>DPP-CONF-RECEIVED <3>DPP-CONFOBJ-AKM dpp <3>DPP-CONFOBJ-SSID test <3>DPP-CONNECTOR eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJBeEhqSlpMaW9oZmRWem9WR01SUzM1aGlnWkFVYWtoRXRKOUJCM29hMjFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwTHg0aEhvWVg4VExHRkJzZzF0MGt0bEk5OGQ2bzN3aUZGdTNRT0xWU2JNIiwieSI6IlFodDhaM2IxVEpLbFdnZUlyTVotVzk1MjdnVG5FSFFsS3FlVGhjRWZ0b1EifX0.JAcBI2qyqo976NsiznuJU6_VRYQ16uBEtOXuD6MAyquBwojg0hvo9vFjRetIJjfdSHP97BNdoYXiQL2xJk8jxQ <3>DPP-C-SIGN-KEY 3059301306072a8648ce3d020106082a8648ce3d030107034200042878f1ff8200bf5f6984fad582b6acca880bda91b23bb37dee4ce6856b0d76b27f0229bd183df8e80c6f22aa19f644f9af1f71418ec712056ac5da8a72b8806b <3>DPP-NET-ACCESS-KEY 307702010104202e2d484656fd3e62c1b08b725d9031fe1e6de6d0ac3e9acea394e4978ab23d8fa00a06082a8648ce3d030107a14403420004d0bc78847a185fc4cb18506c835b7492d948f7c77aa37c22145bb740e2d549b3421b7c6776f54c92a55a0788acc67e5bde76ee04e71074252aa79385c11fb684 > <3>DPP-RX src=02:00:00:00:01:00 freq=2437 type=5
wpa_cli logs ; Step 7, Step 8
> dpp_qr_code DPP:C:81/6;M:020000000000;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADCD9KOY2BIuo2+3p+HC1/mg3m9Yxb9oD6z1WaD3msMOs=;; 1 > dpp_auth_init peer=1 conf=ap-dpp ssid=74657374 configurator=1 OK <3>DPP-TX dst=02:00:00:00:00:00 freq=2437 type=0 <3>DPP-TX-STATUS dst=02:00:00:00:00:00 freq=2437 result=SUCCESS <3>DPP-RX src=02:00:00:00:00:00 freq=2437 type=1 <3>DPP-AUTH-DIRECTION mutual=0 <3>DPP-TX dst=02:00:00:00:00:00 freq=2437 type=2 <3>DPP-TX-STATUS dst=02:00:00:00:00:00 freq=2437 result=SUCCESS <3>DPP-AUTH-SUCCESS init=1 <3>DPP-CONF-REQ-RX src=02:00:00:00:00:00 <3>DPP-CONF-SENT
hostapd_cli logs ; Step 9
> set dpp_connector eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJBeEhqSlpMaW9oZmRWem9WR01SUzM1aGlnWkFVYWtoRXRKOUJCM29hMjFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwTHg0aEhvWVg4VExHRkJzZzF0MGt0bEk5OGQ2bzN3aUZGdTNRT0xWU2JNIiwieSI6IlFodDhaM2IxVEpLbFdnZUlyTVotVzk1MjdnVG5FSFFsS3FlVGhjRWZ0b1EifX0.JAcBI2qyqo976NsiznuJU6_VRYQ16uBEtOXuD6MAyquBwojg0hvo9vFjRetIJjfdSHP97BNdoYXiQL2xJk8jxQ OK > set dpp_csign 3059301306072a8648ce3d020106082a8648ce3d030107034200042878f1ff8200bf5f6984fad582b6acca880bda91b23bb37dee4ce6856b0d76b27f0229bd183df8e80c6f22aa19f644f9af1f71418ec712056ac5da8a72b8806b OK > set dpp_netaccesskey 307702010104202e2d484656fd3e62c1b08b725d9031fe1e6de6d0ac3e9acea394e4978ab23d8fa00a06082a8648ce3d030107a14403420004d0bc78847a185fc4cb18506c835b7492d948f7c77aa37c22145bb740e2d549b3421b7c6776f54c92a55a0788acc67e5bde76ee04e71074252aa79385c11fb684 OK > <3>DPP-RX src=02:00:00:00:00:00 freq=2437 type=5 <3>DPP-TX dst=02:00:00:00:00:00 freq=2437 type=6 status=0 <3>DPP-TX-STATUS dst=02:00:00:00:00:00 result=SUCCESS <3>AP-STA-CONNECTED 02:00:00:00:00:00
wpa_cli logs ; Step 10
> save_config OK > list_networks network id / ssid / bssid / flags 0 test any > enable_network 0 OK <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>DPP-TX dst=02:00:00:00:00:00 freq=2437 type=5 <3>DPP-TX-STATUS dst=02:00:00:00:00:00 freq=2437 result=SUCCESS <3>DPP-RX src=02:00:00:00:00:00 freq=2437 type=6 <3>PMKSA-CACHE-ADDED 02:00:00:00:00:00 0 <3>DPP-INTRO peer=02:00:00:00:00:00 status=0 <3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test' freq=2437 MHz) <3>Trying to associate with 02:00:00:00:00:00 (SSID='test' freq=2437 MHz) <3>Associated with 02:00:00:00:00:00 <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>WPA: Key negotiation completed with 02:00:00:00:00:00 [PTK=CCMP GTK=CCMP] <3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:00:00 completed [id=0 id_str=]
Run data traffic
Steps |
AP |
Station |
---|---|---|
Step 1 : Assign IP address |
$ ifconfig wlan0 192.168.3.1 up
|
$ ifconfig wlan1 192.168.3.10 up
|
Step 2 : Check IP address |
$ ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255
ether 02:00:00:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 61 bytes 11085 (11.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 130 bytes 25688 (25.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
$ ifconfig wlan1
wlan1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.10 netmask 255.255.255.0 broadcast 192.168.3.255
ether 02:00:00:00:01:00 txqueuelen 1000 (Ethernet)
RX packets 73 bytes 13119 (13.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65 bytes 13111 (13.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
Step 3 : Check ping |
$ ping 192.168.3.10
PING 192.168.3.10 (192.168.3.10) 56(84) bytes of data.
64 bytes from 192.168.3.10: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 192.168.3.10: icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from 192.168.3.10: icmp_seq=3 ttl=64 time=0.094 ms
64 bytes from 192.168.3.10: icmp_seq=4 ttl=64 time=0.105 ms
64 bytes from 192.168.3.10: icmp_seq=5 ttl=64 time=0.094 ms
|
$ ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data.
64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=0.121 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=0.091 ms
64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=0.090 ms
64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=0.097 ms
64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=0.243 ms
|
Step 4 : Run iperf TCP DL |
$ iperf -c 192.168.3.10 -i 1 -t 5
|
$ iperf -s -i 1
|
Step 5 : Run iperf TCP UL |
$ iperf -s -i 1
|
$ iperf -c 192.168.3.1 -i 1 -t 5
|
Step 6 : Run iperf UDP DL |
$ iperf -c 192.168.3.10 -u -b 1000M -i 1 -t 5
|
$ iperf -s -u -i 1
|
Step 7 : Run iperf UDP UL |
$ iperf -s -u -i 1
|
$ iperf -c 192.168.3.1 -u -b 1000M -i 1 -t 5
|