From: Denis Kenzior <denkenz@gmail.com>
To: James Prestwood <prestwoj@gmail.com>, iwd@lists.linux.dev
Subject: Re: [PATCH v2 12/15] doc: PKEX support for DPP
Date: Sun, 29 Oct 2023 17:27:44 -0500 [thread overview]
Message-ID: <35ca1bec-2ccb-4e23-8b98-f6dffa4675ac@gmail.com> (raw)
In-Reply-To: <20231026202657.183591-13-prestwoj@gmail.com>
Hi James,
On 10/26/23 15:26, James Prestwood wrote:
> PKEX is part of the WFA EasyConnect specification and is
> an additional boostrapping method (like QR codes) for
> exchanging public keys between a configurator and enrollee.
>
> PKEX operates over wifi and requires a key/code be exchanged
> prior to the protocol. The key is used to encrypt the exchange
> of the boostrapping information, then DPP authentication is
> started immediately aftewards.
>
> This can be useful for devices which don't have the ability to
> scan a QR code, or even as a more convenient way to share
> wireless credentials if the PSK is very secure (i.e. not a
> human readable string).
>
> PKEX would be used via the three DBus APIs on a new interface
> SharedCodeDeviceProvisioning.
>
> ConfigureEnrollee(a{sv}) will start a configurator with a
> static shared code (optionally identifier) passed in with the
> dictionary key.
>
> StartConfigurator(object agent_path) will start listening and
> wait for an Enrollee to send a PKEX exchange request. Once
> received the configurator will call out to an agent
> (distinguished by 'agent_path') and request the code using the
> identifier sent by the enrollee. If no identifier was sent the
> protocol will fail. This method allows for configuring one of
> several enrollees, assuming the agent has the ability to
> look up the identifier.
>
> StartEnrollee(a{sv}) will start a PKEX enrollee. Enrollees will
> begin iterating a channel list sending out PKEX exchange
> requests and waiting for a configurator to respond.
>
> After the PKEX protocol is finished, DPP bootstrapping keys have
> been exchanged and DPP Authentication will start, followed by
> configuration.
> ---
> doc/device-provisioning-api.txt | 67 +++++++++++++++++++++++++++++++++
> 1 file changed, 67 insertions(+)
>
Okay, though much of this should be in the API doc itself.
> diff --git a/doc/device-provisioning-api.txt b/doc/device-provisioning-api.txt
> index ac204f46..02856571 100644
> --- a/doc/device-provisioning-api.txt
> +++ b/doc/device-provisioning-api.txt
> @@ -71,3 +71,70 @@ Properties boolean Started [readonly]
>
> Indicates the DPP URI. This property is only available
> when Started is true.
> +
> +
> +Interface net.connman.iwd.SharedCodeDeviceProvisioning [Experimental]
> +Object path /net/connman/iwd/{phy0,phy1,...}/{1,2,...}
> +
> + ConfigureEnrollee(a{sv})
> + Starts a DPP configurator using a shared code (and
> + optionally identifier) set in the dictionary argument.
> + Valid dictionary keys are:
> +
> + {
> + Code: <The shared code to use>
> + Identifier: <Optional identifier>
> + }
You really need to specify the types of the entries. Since you repeat this at
least twice, this may need to be a separate section.
> +
> + As with the DeviceProvisioning interface, configurators
> + must be currently connected to start.
> +
> + Possible errors: net.connman.iwd.Busy
> + net.connman.iwd.NotConnected
> + net.connman.InvalidArguments
> +
> + StartConfigurator(object agent_path)
> + Start a shared code configurator using an agent to
> + obtain the shared code. This method is meant for an
> + automated use case where a configurator is capable of
> + configuring multiple enrollees, and distinguishing
> + between them by their identifier.
> +
> + After starting the configurator will listen on channel.
> + Upon receiving an enrollees initial request it will
> + make an agent call (on 'agent_path') to obtain the
> + code associated with the enrollee.
> +
> + As with the DeviceProvisioning interface, configurators
> + must be currently connected to start.
> +
> + Possible errors: net.connman.iwd.Busy
> + net.connman.iwd.NotConnected
> + net.connman.iwd.InvalidArguments
Where is the agent documentation?
> +
> + StartEnrollee(a{sv})
> + Start a shared code enrollee using the Code and
> + optionally identifier passed in the dictionary argument.
> + As with the configurator, valid dictionary keys are:
> +
> + {
> + Code: <The shared code to use>
> + Identifier: <Optional identifier>
> + }
> +
> + As with the DeviceProvisioning interface, enrollees
> + must be disconnected in order to start.
> +
> + Possible errors: net.connman.iwd.Busy
> + net.connman.iwd.InvalidArguments
> +
> +Properties boolean Started [readonly]
> +
> + True if shared code device provisioning is currently
> + active. (configurator or enrollee is started)
> +
> + string Role [readonly, optional]
> +
> + Indicates the DPP role. Possible values are "enrollee"
> + or "configurator". This property is only available when
> + Started is true.
Regards,
-Denis
next prev parent reply other threads:[~2023-10-29 22:27 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 20:26 [PATCH v2 00/15] DPP PKEX Changes James Prestwood
2023-10-26 20:26 ` [PATCH v2 01/15] station: add station_get_autoconnect James Prestwood
2023-10-26 20:26 ` [PATCH v2 02/15] dpp: remove connect/scanning and resume periodic scans after DPP James Prestwood
2023-10-29 22:04 ` Denis Kenzior
2023-10-30 11:35 ` James Prestwood
2023-10-26 20:26 ` [PATCH v2 03/15] dpp: check configurator role in config request frame James Prestwood
2023-10-29 22:07 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 04/15] dpp: make the protocol timeout more flexible James Prestwood
2023-10-26 20:26 ` [PATCH v2 05/15] dpp: fix config request header check James Prestwood
2023-10-26 21:53 ` James Prestwood
2023-10-26 20:26 ` [PATCH v2 06/15] dpp-util: add crypto for PKEX James Prestwood
2023-10-29 22:22 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 07/15] dpp: support mutual authentication James Prestwood
2023-10-26 20:26 ` [PATCH v2 08/15] unit: make test-dpp key derivation test more extendable James Prestwood
2023-10-26 20:26 ` [PATCH v2 09/15] unit: add DPP test for mutual authentication James Prestwood
2023-10-26 20:26 ` [PATCH v2 10/15] unit: add PKEX DPP tests James Prestwood
2023-10-26 20:26 ` [PATCH v2 11/15] dpp: allow enrollee to be authentication initiator James Prestwood
2023-10-26 20:26 ` [PATCH v2 12/15] doc: PKEX support for DPP James Prestwood
2023-10-29 22:27 ` Denis Kenzior [this message]
2023-10-30 11:56 ` James Prestwood
2023-10-30 14:40 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 13/15] dbus: add SharedCodeDeviceProvisioning interface definition James Prestwood
2023-10-29 22:29 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 14/15] dpp: initial version of PKEX enrollee support James Prestwood
2023-10-26 20:26 ` [PATCH v2 15/15] dpp: initial version of PKEX configurator support James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=35ca1bec-2ccb-4e23-8b98-f6dffa4675ac@gmail.com \
--to=denkenz@gmail.com \
--cc=iwd@lists.linux.dev \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.