WPA 3 on (k)FreeBSD?

Andrej Shadura andrewsh at debian.org
Wed Apr 6 14:46:41 PDT 2022 

Hi,

On Wed, 6 Apr 2022, at 22:16, Jouni Malinen wrote:
> On Wed, Apr 06, 2022 at 02:09:10PM +0200, Andrej Shadura wrote:
>> Last week I noticed that wpa-supplicant on Debian/kFreeBSD hasn’t been successfully built for a couple of years (!). Part of that was the unavailability of Qt5 on kFreeBSD, but the key factor apparently was that I enabled WPA 3 features (OWE, SAE) and also mesh networking and FILS, which apparently depend on IEEE80211W which seems to be supported on Linux only. Eventually, I was able to get it to build, but I had to disable all of these features.
>> Is this a known issue, and is there a plan to get these features to work?
>
> Can you please provide some more details on what was failing to compile_
> Surely Qt5 would not having anything to do with wpa_supplicant build
> itself, but for wpa_gui (and even that should not require Qt5),

Yes, but that failure prevented the rest of the build from even starting :)

> so I'm
> mostly interested in the PMF (IEEE 802.11w) related issues (but that
> seems to be only on FreeBSD wishlist for features, so not much chance to
> do anything in wpa_supplicant before the kernel functionality is
> available).

I was wrong regarding .11w, apparently, and I misremembered my bug-hunting process. My current build has it enabled and builds without an issue.

> WPA3 itself requires PMF to be used, so for that, there needs to be PMF
> support in the driver. I'm not familiar with FreeBSD functionality in
> this area, so I cannot comment on the driver interface changes for this,
> but based on a quick web search, PMF seems to be only on FreeBSD
> wishlist for features, so not much chance to do anything in
> wpa_supplicant before the kernel functionality is available.
>
> OWE and SAE do not actually mandate use of PMF, so it should be possible
> to build and use those for testing purposes even without any PMF
> support. That said, SAE will require pretty low level driver
> functionality changes since it is done as part of the IEEE 802.11
> Authentication frame exchange which is something that driver_bsd.c does
> not seem to support and would likely require significant extensions in
> the kernel interface design. OWE might be easier to implement since it
> needs simpler addition and reporting of information elements with
> Association Request/Response frames.
>
> Mesh BSS (802.11s) support seems to be under development for FreeBSD. It
> requires significant kernel interface changes as well, so would be far
> from trivial to get working with wpa_supplicant, I'd assume.
>
> FILS authentication has similar constraints with SAE.

First I’ve got this:
https://buildd.debian.org/status/fetch.php?pkg=wpa&arch=kfreebsd-amd64&ver=2%3A2.10-4&stamp=1648914791&raw=0

> ./wpa_supplicant/mesh_mpm.c:286: undefined reference to `hostapd_eid_supp_rates'
> ./wpa_supplicant/mesh_mpm.c:865: undefined reference to `ieee802_11_mgmt'

In Linux builds these were apparently pulled because of NEED_AP_MLME=y which depends on CONFIG_DRIVER_NL80211.

After I disabled FILS, SAE and MESH, OWE was still causing issues:

https://buildd.debian.org/status/fetch.php?pkg=wpa&arch=kfreebsd-amd64&ver=2%3A2.10-6&stamp=1649079301&raw=0

It’s possible there’s just a missing dependency or a define guard, but since I know very little about these things, I was unable to identify the cause.

This is the config was able to successfully build again with: https://salsa.debian.org/debian/wpa/-/blob/debian/unstable/debian/config/wpasupplicant/kfreebsd

-- 
Cheers,
  Andrej

More information about the Hostap mailing list