WPA 3 on (k)FreeBSD?

Jouni Malinen j at w1.fi
Wed Apr 6 13:16:15 PDT 2022 

On Wed, Apr 06, 2022 at 02:09:10PM +0200, Andrej Shadura wrote:
> Last week I noticed that wpa-supplicant on Debian/kFreeBSD hasn’t been successfully built for a couple of years (!). Part of that was the unavailability of Qt5 on kFreeBSD, but the key factor apparently was that I enabled WPA 3 features (OWE, SAE) and also mesh networking and FILS, which apparently depend on IEEE80211W which seems to be supported on Linux only. Eventually, I was able to get it to build, but I had to disable all of these features.
> Is this a known issue, and is there a plan to get these features to work?

Can you please provide some more details on what was failing to compile_
Surely Qt5 would not having anything to do with wpa_supplicant build
itself, but for wpa_gui (and even that should not require Qt5), so I'm
mostly interested in the PMF (IEEE 802.11w) related issues (but that
seems to be only on FreeBSD wishlist for features, so not much chance to
do anything in wpa_supplicant before the kernel functionality is
available).

WPA3 itself requires PMF to be used, so for that, there needs to be PMF
support in the driver. I'm not familiar with FreeBSD functionality in
this area, so I cannot comment on the driver interface changes for this,
but based on a quick web search, PMF seems to be only on FreeBSD
wishlist for features, so not much chance to do anything in
wpa_supplicant before the kernel functionality is available.

OWE and SAE do not actually mandate use of PMF, so it should be possible
to build and use those for testing purposes even without any PMF
support. That said, SAE will require pretty low level driver
functionality changes since it is done as part of the IEEE 802.11
Authentication frame exchange which is something that driver_bsd.c does
not seem to support and would likely require significant extensions in
the kernel interface design. OWE might be easier to implement since it
needs simpler addition and reporting of information elements with
Association Request/Response frames.

Mesh BSS (802.11s) support seems to be under development for FreeBSD. It
requires significant kernel interface changes as well, so would be far
from trivial to get working with wpa_supplicant, I'd assume.

FILS authentication has similar constraints with SAE.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list