WPA3-Personal: wpa_supplicant in AP mode issue
Yegor Yefremov
yegorslists at googlemail.com
Wed Apr 6 04:23:26 PDT 2022
Hi Masashi,
On Fri, Apr 1, 2022 at 1:47 AM Masashi Honma <masashi.honma at gmail.com> wrote:
>
> The configuration requires IEEE 802.11w.
>
> network={
> mode=2
> ssid="WPA3_AP"
> proto=RSN
> key_mgmt=SAE
> pairwise=CCMP
> group=CCMP
> ieee80211w=2 <--- here
> psk="xxxxxx"
> }
>
> But the Wi-Fi NIC does not support IEEE 802.11w.
>
> Wiphy phy0
> ...
> Supported Ciphers:
> * WEP40 (00-0f-ac:1)
> * WEP104 (00-0f-ac:5)
> * TKIP (00-0f-ac:2)
> * CCMP-128 (00-0f-ac:4)
> * CCMP-256 (00-0f-ac:10)
> * GCMP-128 (00-0f-ac:8)
> * GCMP-256 (00-0f-ac:9)
> ...
>
> Missing "CMAC (00-0f-ac:6)".
>
> By spec, WPA3 only AP requires IEEE 802.11w.
> So if you want to publish the AP to official place, you need to
> replace Wi-Fi NIC to IEEE 802.11w supporting one.
> Or, you only just for testing, "ieee80211w=0" will boot the AP.
Thanks for clarification. I could start AP with a Realtek chipset and
after updating the kernel to 5.17, I could even start a RaLink rt2800
dongle with CMAC cipher.
The only problem so far is the TI wl18xx chipset. The fw is already
CMAC capable but the driver not and it is orphaned :-(
Regards,
Yegor
> Regards,
> Masashi Honma.
>
> 2022年3月30日(水) 17:52 Yegor Yefremov <yegorslists at googlemail.com>:
> >
> > Hi,
> >
> > On Tue, Mar 29, 2022 at 11:46 AM Yegor Yefremov
> > <yegorslists at googlemail.com> wrote:
> > >
> > > I am trying to set up an AP using wpa_supplicant only. So far, I could
> > > find only configuration examples for hostapd as WPA3 AP. Is it
> > > possible to achieve this with wpa_supplicant?
> > >
> > > My system: Ubuntu 18.04.3
> > > Kernel: 4.15.0-91-generic
> > > wpa_supplicant (built from git): wpa_supplicant
> > > v2.11-devel-hostap_2_10-165-g1fb907a68
> > >
> > > My wpa_supplicant .config:
> > >
> > > CONFIG_DRIVER_NL80211=y
> > > CONFIG_LIBNL32=y
> > > CONFIG_DRIVER_WIRED=y
> > > CONFIG_DRIVER_MACSEC_LINUX=y
> > > CONFIG_IEEE8021X_EAPOL=y
> > > CONFIG_EAP_MD5=y
> > > CONFIG_EAP_MSCHAPV2=y
> > > CONFIG_EAP_TLS=y
> > > CONFIG_EAP_PEAP=y
> > > CONFIG_EAP_TTLS=y
> > > CONFIG_EAP_FAST=y
> > > CONFIG_EAP_GTC=y
> > > CONFIG_EAP_OTP=y
> > > CONFIG_EAP_PWD=y
> > > CONFIG_EAP_PAX=y
> > > CONFIG_EAP_LEAP=y
> > > CONFIG_EAP_SAKE=y
> > > CONFIG_EAP_GPSK=y
> > > CONFIG_EAP_GPSK_SHA256=y
> > > CONFIG_EAP_TNC=y
> > > CONFIG_WPS=y
> > > CONFIG_EAP_IKEV2=y
> > > CONFIG_MACSEC=y
> > > CONFIG_PKCS12=y
> > > CONFIG_SMARTCARD=y
> > > CONFIG_CTRL_IFACE=y
> > > CONFIG_SAE=y
> > > CONFIG_BACKEND=file
> > > CONFIG_CTRL_IFACE_DBUS_NEW=y
> > > CONFIG_CTRL_IFACE_DBUS_INTRO=y
> > > CONFIG_IEEE80211R=y
> > > CONFIG_DEBUG_FILE=y
> > > CONFIG_DEBUG_SYSLOG=y
> > > CONFIG_IEEE80211AC=y
> > > CONFIG_INTERWORKING=y
> > > CONFIG_HS20=y
> > > CONFIG_AP=y
> > > CONFIG_P2P=y
> > > CONFIG_TDLS=y
> > > CONFIG_WIFI_DISPLAY=y
> > > CONFIG_IBSS_RSN=y
> > > CONFIG_BGSCAN_SIMPLE=y
> > > CONFIG_OWE=y
> > > CONFIG_DPP=y
> > >
> > > wpa_supplicant.conf:
> > >
> > > ctrl_interface=/run/wpa_supplicant
> > > network={
> > > mode=2
> > > ssid="WPA3_AP"
> > > proto=RSN
> > > key_mgmt=SAE
> > > pairwise=CCMP
> > > group=CCMP
> > > ieee80211w=2
> > > psk="xxxxxx"
> > > }
> > >
> > > wpa_suplicant output with the error:
> > >
> > > WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
> > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3
> > > addr=0x55ca32fe92e0 key_idx=1 set_tx=1 seq_len=0 key_len=16
> > > key_flag=0x1a
> > > nl80211: NEW_KEY
> > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> > > broadcast key
> > > nl80211: NL80211_CMD_SET_KEY - default key
> > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4
> > > addr=0x55ca32fe92e0 key_idx=4 set_tx=1 seq_len=0 key_len=16
> > > key_flag=0x1a
> > > nl80211: NEW_KEY
> > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> > > broadcast key
> > > nl80211: set_key failed; err=-22 Invalid argument
> > > WPA: group state machine entering state FATAL_FAILURE
> > > wlx7cdd9044a583: Flushing old station entries
> > > nl80211: flush -> DEL_STATION wlx7cdd9044a583 (all)
> > > wlx7cdd9044a583: Deauthenticate all stations
> > > nl80211: send_mlme - da=ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0
> > > offchanok=0 wait_time=0 no_encrypt=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH)
> > > nlmode=3
> > > nl80211: send_mlme - Use bss->freq=2462
> > > nl80211: send_mlme -> send_frame_cmd
> > > nl80211: CMD_FRAME freq=2462 wait=0 no_cck=0 no_ack=0 offchanok=0
> > > CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 7c dd 90 44
> > > a5 83 7c dd 90 44 a5 83 00 00 03 00
> > > nl80211: Frame TX command accepted; cookie 0x104
> > > hostapd_free_hapd_data(wlx7cdd9044a583)
> > > Interface initialization failed
> > > wlx7cdd9044a583: interface state UNINITIALIZED->DISABLED
> > > wlx7cdd9044a583: AP-DISABLED
> > > wlx7cdd9044a583: Unable to setup interface.
> > > Failed to initialize AP interface
> > >
> > > WLAN capabilities:
> > >
> > > Wiphy phy0
> > > max # scan SSIDs: 4
> > > max scan IEs length: 2257 bytes
> > > max # sched scan SSIDs: 0
> > > max # match sets: 0
> > > max # scan plans: 1
> > > max scan plan interval: -1
> > > max scan plan iterations: 0
> > > Retry short long limit: 2
> > > Coverage class: 0 (up to 0m)
> > > Device supports RSN-IBSS.
> > > Supported Ciphers:
> > > * WEP40 (00-0f-ac:1)
> > > * WEP104 (00-0f-ac:5)
> > > * TKIP (00-0f-ac:2)
> > > * CCMP-128 (00-0f-ac:4)
> > > * CCMP-256 (00-0f-ac:10)
> > > * GCMP-128 (00-0f-ac:8)
> > > * GCMP-256 (00-0f-ac:9)
> > > Available Antennas: TX 0 RX 0
> > > Supported interface modes:
> > > * IBSS
> > > * managed
> > > * AP
> > > * AP/VLAN
> > > * monitor
> > > * mesh point
> > > Band 1:
> > > Capabilities: 0x17e
> > > HT20/HT40
> > > SM Power Save disabled
> > > RX Greenfield
> > > RX HT20 SGI
> > > RX HT40 SGI
> > > RX STBC 1-stream
> > > Max AMSDU length: 3839 bytes
> > > No DSSS/CCK HT40
> > > Maximum RX AMPDU length 32767 bytes (exponent: 0x002)
> > > Minimum RX AMPDU time spacing: 2 usec (0x04)
> > > HT TX/RX MCS rate indexes supported: 0-7, 32
> > > Bitrates (non-HT):
> > > * 1.0 Mbps
> > > * 2.0 Mbps (short preamble supported)
> > > * 5.5 Mbps (short preamble supported)
> > > * 11.0 Mbps (short preamble supported)
> > > * 6.0 Mbps
> > > * 9.0 Mbps
> > > * 12.0 Mbps
> > > * 18.0 Mbps
> > > * 24.0 Mbps
> > > * 36.0 Mbps
> > > * 48.0 Mbps
> > > * 54.0 Mbps
> > > Frequencies:
> > > * 2412 MHz [1] (20.0 dBm)
> > > * 2417 MHz [2] (20.0 dBm)
> > > * 2422 MHz [3] (20.0 dBm)
> > > * 2427 MHz [4] (20.0 dBm)
> > > * 2432 MHz [5] (20.0 dBm)
> > > * 2437 MHz [6] (20.0 dBm)
> > > * 2442 MHz [7] (20.0 dBm)
> > > * 2447 MHz [8] (20.0 dBm)
> > > * 2452 MHz [9] (20.0 dBm)
> > > * 2457 MHz [10] (20.0 dBm)
> > > * 2462 MHz [11] (20.0 dBm)
> > > * 2467 MHz [12] (20.0 dBm) (no IR)
> > > * 2472 MHz [13] (20.0 dBm) (no IR)
> > > * 2484 MHz [14] (20.0 dBm) (no IR)
> > > Supported commands:
> > > * new_interface
> > > * set_interface
> > > * new_key
> > > * start_ap
> > > * new_station
> > > * new_mpath
> > > * set_mesh_config
> > > * set_bss
> > > * authenticate
> > > * associate
> > > * deauthenticate
> > > * disassociate
> > > * join_ibss
> > > * join_mesh
> > > * set_tx_bitrate_mask
> > > * frame
> > > * frame_wait_cancel
> > > * set_wiphy_netns
> > > * set_channel
> > > * set_wds_peer
> > > * probe_client
> > > * set_noack_map
> > > * register_beacons
> > > * start_p2p_device
> > > * set_mcast_rate
> > > * connect
> > > * disconnect
> > > * set_qos_map
> > > * set_multicast_to_unicast
> > > Supported TX frame types:
> > > * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
> > > 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
> > > 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> > > Supported RX frame types:
> > > * IBSS: 0x40 0xb0 0xc0 0xd0
> > > * managed: 0x40 0xd0
> > > * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> > > * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> > > * mesh point: 0xb0 0xc0 0xd0
> > > * P2P-client: 0x40 0xd0
> > > * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> > > * P2P-device: 0x40 0xd0
> > > software interface modes (can always be added):
> > > * AP/VLAN
> > > * monitor
> > > valid interface combinations:
> > > * #{ AP, mesh point } <= 8,
> > > total <= 8, #channels <= 1
> > > HT Capability overrides:
> > > * MCS: ff ff ff ff ff ff ff ff ff ff
> > > * maximum A-MSDU length
> > > * supported channel width
> > > * short GI for 40 MHz
> > > * max A-MPDU length exponent
> > > * min MPDU start spacing
> > > Device supports TX status socket option.
> > > Device supports HT-IBSS.
> > > Device supports SAE with AUTHENTICATE command
> > > Device supports low priority scan.
> > > Device supports scan flush.
> > > Device supports AP scan.
> > > Device supports per-vif TX power setting
> > > Driver supports full state transitions for AP/GO clients
> > > Driver supports a userspace MPM
> > > Device supports configuring vdev MAC-addr on create.
> >
> > I have the same issue with hostapd:
> >
> > nl80211: Frame TX command accepted; cookie 0x10c
> > WPA: Start group state machine to set initial keys
> > WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
> > Get randomness: len=16 entropy=0
> > GTK - hexdump(len=16): [REMOVED]
> > Get randomness: len=16 entropy=0
> > IGTK - hexdump(len=16): [REMOVED]
> > WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
> > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3
> > addr=0x5582c5bc5b62 key_idx=1 set_tx=1 seq_len=0 key_len=16
> > key_flag=0x1a
> > nl80211: NEW_KEY
> > nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> > broadcast key
> > nl80211: NL80211_CMD_SET_KEY - default key
> > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4
> > addr=0x5582c5bc5b62 key_idx=4 set_tx=1 seq_len=0 key_len=16
> > key_flag=0x1a
> > nl80211: NEW_KEY
> > nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> > broadcast key
> > nl80211: set_key failed; err=-22 Invalid argument
> > WPA: group state machine entering state FATAL_FAILURE
> >
> > I'm using configuration from this article [1]. What am I missing?
> >
> > [1] https://community.silabs.com/s/article/wf-m-200-linux-wpa3-configuration?language=en_US
> >
> > Best regards,
> > Yegor
> >
> > _______________________________________________
> > Hostap mailing list
> > Hostap at lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/hostap
More information about the Hostap
mailing list