No OWE transition mode element on hidden OWE network

Jouni Malinen j at w1.fi
Tue Oct 19 06:06:48 PDT 2021 

On Thu, Sep 09, 2021 at 04:09:02PM -0700, James Prestwood wrote:
> While playing around with OWE transition mode I noticed the hidden OWE
> network has no OWE transition mode element. The two network configs are
> attached.

That does not match what I see in my tests, i.e., I do see the OWE
Transition Mode element being added to Beacon frames from both BSSs.

> I figured it was a misconfiguration but then I found the following code
> in src/ap/ieee802_11_shared.c:
> 
> static int hostapd_eid_owe_trans_enabled(struct hostapd_data *hapd)
> {
> 	return hapd->conf->owe_transition_ssid_len > 0 &&
> 		!is_zero_ether_addr(hapd->conf->owe_transition_bssid);
> }
> 
> This is called prior to appending the OWE transition element so for the
> hidden SSID (where ssid_len < 0) it returns false and the IE is never
> built/appended.

I'm not sure what you mean with hidden SSID and ssid_len < 0 (I guess
you meant == 0 here).. That is a comparison on the
owe_transition_ssid_len, i.e., the length of the owe_transition_ssid
parameter in the BSS configuration. If there is OWE transition in place,
that entry needs to be set and needs to have the correct SSID of the
other BSS. In other words, owe_transition_ssid_len cannot be 0 in valid
configuration.

> Removing the SSID length check seems to fix this and I see the OWE
> transition element for the hidden OWE network. Attached is the patch to
> remove this length check.

That would be allowing an invalid configuration to be used. Valid
owe_transition_ssid needs to be present in the configuration.

And it actually is in the example configuration you attached:

> ssid=owe-hidden
> bssid=a6:44:ce:d8:61:6f
> channel=1
> ignore_broadcast_ssid=1
> ieee80211w=1
> 
> wpa=2
> wpa_key_mgmt=OWE
> rsn_pairwise=CCMP
> owe_transition_ssid="transition"
> owe_transition_bssid=fe:e1:de:ce:a5:ed

There is a non-empty owe_transition_ssid value here, so I don't see why
you would need to modify the check in hostapd_eid_owe_trans_enabled().

> channel=1
> ssid=transition
> bssid=fe:e1:de:ce:a5:ed
> owe_transition_ssid="owe-hidden"
> owe_transition_bssid=a6:44:ce:d8:61:6f

Similarly here, owe_transition_ssid is set.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list