No OWE transition mode element on hidden OWE network

James Prestwood prestwoj at gmail.com
Tue Oct 19 11:49:50 PDT 2021


Hi Jouni,

On Tue, 2021-10-19 at 16:06 +0300, Jouni Malinen wrote:
> On Thu, Sep 09, 2021 at 04:09:02PM -0700, James Prestwood wrote:
> > While playing around with OWE transition mode I noticed the hidden
> > OWE
> > network has no OWE transition mode element. The two network configs
> > are
> > attached.
> 
> That does not match what I see in my tests, i.e., I do see the OWE
> Transition Mode element being added to Beacon frames from both BSSs.
> 
> > I figured it was a misconfiguration but then I found the following
> > code
> > in src/ap/ieee802_11_shared.c:
> > 
> > static int hostapd_eid_owe_trans_enabled(struct hostapd_data *hapd)
> > {
> >         return hapd->conf->owe_transition_ssid_len > 0 &&
> >                 !is_zero_ether_addr(hapd->conf-
> > >owe_transition_bssid);
> > }
> > 
> > This is called prior to appending the OWE transition element so for
> > the
> > hidden SSID (where ssid_len < 0) it returns false and the IE is
> > never
> > built/appended.
> 
> I'm not sure what you mean with hidden SSID and ssid_len < 0 (I guess
> you meant == 0 here).. That is a comparison on the
> owe_transition_ssid_len, i.e., the length of the owe_transition_ssid
> parameter in the BSS configuration. If there is OWE transition in
> place,
> that entry needs to be set and needs to have the correct SSID of the
> other BSS. In other words, owe_transition_ssid_len cannot be 0 in
> valid
> configuration.
> 
> > Removing the SSID length check seems to fix this and I see the OWE
> > transition element for the hidden OWE network. Attached is the
> > patch to
> > remove this length check.
> 
> That would be allowing an invalid configuration to be used. Valid
> owe_transition_ssid needs to be present in the configuration.
> 
> And it actually is in the example configuration you attached:
> 
> > ssid=owe-hidden
> > bssid=a6:44:ce:d8:61:6f
> > channel=1
> > ignore_broadcast_ssid=1
> > ieee80211w=1
> > 
> > wpa=2
> > wpa_key_mgmt=OWE
> > rsn_pairwise=CCMP
> > owe_transition_ssid="transition"
> > owe_transition_bssid=fe:e1:de:ce:a5:ed
> 
> There is a non-empty owe_transition_ssid value here, so I don't see
> why
> you would need to modify the check in
> hostapd_eid_owe_trans_enabled().
> 
> > channel=1
> > ssid=transition
> > bssid=fe:e1:de:ce:a5:ed
> > owe_transition_ssid="owe-hidden"
> > owe_transition_bssid=a6:44:ce:d8:61:6f
> 
> Similarly here, owe_transition_ssid is set.

Thanks for the reply. I'm not sure exactly what behavior I was seeing
before because I retested this and indeed it works as I would expect
and as you explained. We went as far as writing all our tests with
vendor_elements because "it didn't work". Anyways, thank you and sorry
for the noise.

- James





More information about the Hostap mailing list