From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH v2 12/15] doc: PKEX support for DPP
Date: Thu, 26 Oct 2023 13:26:54 -0700 [thread overview]
Message-ID: <20231026202657.183591-13-prestwoj@gmail.com> (raw)
In-Reply-To: <20231026202657.183591-1-prestwoj@gmail.com>
PKEX is part of the WFA EasyConnect specification and is
an additional boostrapping method (like QR codes) for
exchanging public keys between a configurator and enrollee.
PKEX operates over wifi and requires a key/code be exchanged
prior to the protocol. The key is used to encrypt the exchange
of the boostrapping information, then DPP authentication is
started immediately aftewards.
This can be useful for devices which don't have the ability to
scan a QR code, or even as a more convenient way to share
wireless credentials if the PSK is very secure (i.e. not a
human readable string).
PKEX would be used via the three DBus APIs on a new interface
SharedCodeDeviceProvisioning.
ConfigureEnrollee(a{sv}) will start a configurator with a
static shared code (optionally identifier) passed in with the
dictionary key.
StartConfigurator(object agent_path) will start listening and
wait for an Enrollee to send a PKEX exchange request. Once
received the configurator will call out to an agent
(distinguished by 'agent_path') and request the code using the
identifier sent by the enrollee. If no identifier was sent the
protocol will fail. This method allows for configuring one of
several enrollees, assuming the agent has the ability to
look up the identifier.
StartEnrollee(a{sv}) will start a PKEX enrollee. Enrollees will
begin iterating a channel list sending out PKEX exchange
requests and waiting for a configurator to respond.
After the PKEX protocol is finished, DPP bootstrapping keys have
been exchanged and DPP Authentication will start, followed by
configuration.
---
doc/device-provisioning-api.txt | 67 +++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
diff --git a/doc/device-provisioning-api.txt b/doc/device-provisioning-api.txt
index ac204f46..02856571 100644
--- a/doc/device-provisioning-api.txt
+++ b/doc/device-provisioning-api.txt
@@ -71,3 +71,70 @@ Properties boolean Started [readonly]
Indicates the DPP URI. This property is only available
when Started is true.
+
+
+Interface net.connman.iwd.SharedCodeDeviceProvisioning [Experimental]
+Object path /net/connman/iwd/{phy0,phy1,...}/{1,2,...}
+
+ ConfigureEnrollee(a{sv})
+ Starts a DPP configurator using a shared code (and
+ optionally identifier) set in the dictionary argument.
+ Valid dictionary keys are:
+
+ {
+ Code: <The shared code to use>
+ Identifier: <Optional identifier>
+ }
+
+ As with the DeviceProvisioning interface, configurators
+ must be currently connected to start.
+
+ Possible errors: net.connman.iwd.Busy
+ net.connman.iwd.NotConnected
+ net.connman.InvalidArguments
+
+ StartConfigurator(object agent_path)
+ Start a shared code configurator using an agent to
+ obtain the shared code. This method is meant for an
+ automated use case where a configurator is capable of
+ configuring multiple enrollees, and distinguishing
+ between them by their identifier.
+
+ After starting the configurator will listen on channel.
+ Upon receiving an enrollees initial request it will
+ make an agent call (on 'agent_path') to obtain the
+ code associated with the enrollee.
+
+ As with the DeviceProvisioning interface, configurators
+ must be currently connected to start.
+
+ Possible errors: net.connman.iwd.Busy
+ net.connman.iwd.NotConnected
+ net.connman.iwd.InvalidArguments
+
+ StartEnrollee(a{sv})
+ Start a shared code enrollee using the Code and
+ optionally identifier passed in the dictionary argument.
+ As with the configurator, valid dictionary keys are:
+
+ {
+ Code: <The shared code to use>
+ Identifier: <Optional identifier>
+ }
+
+ As with the DeviceProvisioning interface, enrollees
+ must be disconnected in order to start.
+
+ Possible errors: net.connman.iwd.Busy
+ net.connman.iwd.InvalidArguments
+
+Properties boolean Started [readonly]
+
+ True if shared code device provisioning is currently
+ active. (configurator or enrollee is started)
+
+ string Role [readonly, optional]
+
+ Indicates the DPP role. Possible values are "enrollee"
+ or "configurator". This property is only available when
+ Started is true.
--
2.25.1
next prev parent reply other threads:[~2023-10-26 20:27 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-26 20:26 [PATCH v2 00/15] DPP PKEX Changes James Prestwood
2023-10-26 20:26 ` [PATCH v2 01/15] station: add station_get_autoconnect James Prestwood
2023-10-26 20:26 ` [PATCH v2 02/15] dpp: remove connect/scanning and resume periodic scans after DPP James Prestwood
2023-10-29 22:04 ` Denis Kenzior
2023-10-30 11:35 ` James Prestwood
2023-10-26 20:26 ` [PATCH v2 03/15] dpp: check configurator role in config request frame James Prestwood
2023-10-29 22:07 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 04/15] dpp: make the protocol timeout more flexible James Prestwood
2023-10-26 20:26 ` [PATCH v2 05/15] dpp: fix config request header check James Prestwood
2023-10-26 21:53 ` James Prestwood
2023-10-26 20:26 ` [PATCH v2 06/15] dpp-util: add crypto for PKEX James Prestwood
2023-10-29 22:22 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 07/15] dpp: support mutual authentication James Prestwood
2023-10-26 20:26 ` [PATCH v2 08/15] unit: make test-dpp key derivation test more extendable James Prestwood
2023-10-26 20:26 ` [PATCH v2 09/15] unit: add DPP test for mutual authentication James Prestwood
2023-10-26 20:26 ` [PATCH v2 10/15] unit: add PKEX DPP tests James Prestwood
2023-10-26 20:26 ` [PATCH v2 11/15] dpp: allow enrollee to be authentication initiator James Prestwood
2023-10-26 20:26 ` James Prestwood [this message]
2023-10-29 22:27 ` [PATCH v2 12/15] doc: PKEX support for DPP Denis Kenzior
2023-10-30 11:56 ` James Prestwood
2023-10-30 14:40 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 13/15] dbus: add SharedCodeDeviceProvisioning interface definition James Prestwood
2023-10-29 22:29 ` Denis Kenzior
2023-10-26 20:26 ` [PATCH v2 14/15] dpp: initial version of PKEX enrollee support James Prestwood
2023-10-26 20:26 ` [PATCH v2 15/15] dpp: initial version of PKEX configurator support James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231026202657.183591-13-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox