WPA3-Personal: wpa_supplicant in AP mode issue
Yegor Yefremov
yegorslists at googlemail.com
Wed Mar 30 01:49:23 PDT 2022
Hi,
On Tue, Mar 29, 2022 at 11:46 AM Yegor Yefremov
<yegorslists at googlemail.com> wrote:
>
> I am trying to set up an AP using wpa_supplicant only. So far, I could
> find only configuration examples for hostapd as WPA3 AP. Is it
> possible to achieve this with wpa_supplicant?
>
> My system: Ubuntu 18.04.3
> Kernel: 4.15.0-91-generic
> wpa_supplicant (built from git): wpa_supplicant
> v2.11-devel-hostap_2_10-165-g1fb907a68
>
> My wpa_supplicant .config:
>
> CONFIG_DRIVER_NL80211=y
> CONFIG_LIBNL32=y
> CONFIG_DRIVER_WIRED=y
> CONFIG_DRIVER_MACSEC_LINUX=y
> CONFIG_IEEE8021X_EAPOL=y
> CONFIG_EAP_MD5=y
> CONFIG_EAP_MSCHAPV2=y
> CONFIG_EAP_TLS=y
> CONFIG_EAP_PEAP=y
> CONFIG_EAP_TTLS=y
> CONFIG_EAP_FAST=y
> CONFIG_EAP_GTC=y
> CONFIG_EAP_OTP=y
> CONFIG_EAP_PWD=y
> CONFIG_EAP_PAX=y
> CONFIG_EAP_LEAP=y
> CONFIG_EAP_SAKE=y
> CONFIG_EAP_GPSK=y
> CONFIG_EAP_GPSK_SHA256=y
> CONFIG_EAP_TNC=y
> CONFIG_WPS=y
> CONFIG_EAP_IKEV2=y
> CONFIG_MACSEC=y
> CONFIG_PKCS12=y
> CONFIG_SMARTCARD=y
> CONFIG_CTRL_IFACE=y
> CONFIG_SAE=y
> CONFIG_BACKEND=file
> CONFIG_CTRL_IFACE_DBUS_NEW=y
> CONFIG_CTRL_IFACE_DBUS_INTRO=y
> CONFIG_IEEE80211R=y
> CONFIG_DEBUG_FILE=y
> CONFIG_DEBUG_SYSLOG=y
> CONFIG_IEEE80211AC=y
> CONFIG_INTERWORKING=y
> CONFIG_HS20=y
> CONFIG_AP=y
> CONFIG_P2P=y
> CONFIG_TDLS=y
> CONFIG_WIFI_DISPLAY=y
> CONFIG_IBSS_RSN=y
> CONFIG_BGSCAN_SIMPLE=y
> CONFIG_OWE=y
> CONFIG_DPP=y
>
> wpa_supplicant.conf:
>
> ctrl_interface=/run/wpa_supplicant
> network={
> mode=2
> ssid="WPA3_AP"
> proto=RSN
> key_mgmt=SAE
> pairwise=CCMP
> group=CCMP
> ieee80211w=2
> psk="xxxxxx"
> }
>
> wpa_suplicant output with the error:
>
> WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
> wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3
> addr=0x55ca32fe92e0 key_idx=1 set_tx=1 seq_len=0 key_len=16
> key_flag=0x1a
> nl80211: NEW_KEY
> nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> broadcast key
> nl80211: NL80211_CMD_SET_KEY - default key
> wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4
> addr=0x55ca32fe92e0 key_idx=4 set_tx=1 seq_len=0 key_len=16
> key_flag=0x1a
> nl80211: NEW_KEY
> nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
> broadcast key
> nl80211: set_key failed; err=-22 Invalid argument
> WPA: group state machine entering state FATAL_FAILURE
> wlx7cdd9044a583: Flushing old station entries
> nl80211: flush -> DEL_STATION wlx7cdd9044a583 (all)
> wlx7cdd9044a583: Deauthenticate all stations
> nl80211: send_mlme - da=ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0
> offchanok=0 wait_time=0 no_encrypt=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH)
> nlmode=3
> nl80211: send_mlme - Use bss->freq=2462
> nl80211: send_mlme -> send_frame_cmd
> nl80211: CMD_FRAME freq=2462 wait=0 no_cck=0 no_ack=0 offchanok=0
> CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 7c dd 90 44
> a5 83 7c dd 90 44 a5 83 00 00 03 00
> nl80211: Frame TX command accepted; cookie 0x104
> hostapd_free_hapd_data(wlx7cdd9044a583)
> Interface initialization failed
> wlx7cdd9044a583: interface state UNINITIALIZED->DISABLED
> wlx7cdd9044a583: AP-DISABLED
> wlx7cdd9044a583: Unable to setup interface.
> Failed to initialize AP interface
>
> WLAN capabilities:
>
> Wiphy phy0
> max # scan SSIDs: 4
> max scan IEs length: 2257 bytes
> max # sched scan SSIDs: 0
> max # match sets: 0
> max # scan plans: 1
> max scan plan interval: -1
> max scan plan iterations: 0
> Retry short long limit: 2
> Coverage class: 0 (up to 0m)
> Device supports RSN-IBSS.
> Supported Ciphers:
> * WEP40 (00-0f-ac:1)
> * WEP104 (00-0f-ac:5)
> * TKIP (00-0f-ac:2)
> * CCMP-128 (00-0f-ac:4)
> * CCMP-256 (00-0f-ac:10)
> * GCMP-128 (00-0f-ac:8)
> * GCMP-256 (00-0f-ac:9)
> Available Antennas: TX 0 RX 0
> Supported interface modes:
> * IBSS
> * managed
> * AP
> * AP/VLAN
> * monitor
> * mesh point
> Band 1:
> Capabilities: 0x17e
> HT20/HT40
> SM Power Save disabled
> RX Greenfield
> RX HT20 SGI
> RX HT40 SGI
> RX STBC 1-stream
> Max AMSDU length: 3839 bytes
> No DSSS/CCK HT40
> Maximum RX AMPDU length 32767 bytes (exponent: 0x002)
> Minimum RX AMPDU time spacing: 2 usec (0x04)
> HT TX/RX MCS rate indexes supported: 0-7, 32
> Bitrates (non-HT):
> * 1.0 Mbps
> * 2.0 Mbps (short preamble supported)
> * 5.5 Mbps (short preamble supported)
> * 11.0 Mbps (short preamble supported)
> * 6.0 Mbps
> * 9.0 Mbps
> * 12.0 Mbps
> * 18.0 Mbps
> * 24.0 Mbps
> * 36.0 Mbps
> * 48.0 Mbps
> * 54.0 Mbps
> Frequencies:
> * 2412 MHz [1] (20.0 dBm)
> * 2417 MHz [2] (20.0 dBm)
> * 2422 MHz [3] (20.0 dBm)
> * 2427 MHz [4] (20.0 dBm)
> * 2432 MHz [5] (20.0 dBm)
> * 2437 MHz [6] (20.0 dBm)
> * 2442 MHz [7] (20.0 dBm)
> * 2447 MHz [8] (20.0 dBm)
> * 2452 MHz [9] (20.0 dBm)
> * 2457 MHz [10] (20.0 dBm)
> * 2462 MHz [11] (20.0 dBm)
> * 2467 MHz [12] (20.0 dBm) (no IR)
> * 2472 MHz [13] (20.0 dBm) (no IR)
> * 2484 MHz [14] (20.0 dBm) (no IR)
> Supported commands:
> * new_interface
> * set_interface
> * new_key
> * start_ap
> * new_station
> * new_mpath
> * set_mesh_config
> * set_bss
> * authenticate
> * associate
> * deauthenticate
> * disassociate
> * join_ibss
> * join_mesh
> * set_tx_bitrate_mask
> * frame
> * frame_wait_cancel
> * set_wiphy_netns
> * set_channel
> * set_wds_peer
> * probe_client
> * set_noack_map
> * register_beacons
> * start_p2p_device
> * set_mcast_rate
> * connect
> * disconnect
> * set_qos_map
> * set_multicast_to_unicast
> Supported TX frame types:
> * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
> 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
> 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
> 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
> Supported RX frame types:
> * IBSS: 0x40 0xb0 0xc0 0xd0
> * managed: 0x40 0xd0
> * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> * mesh point: 0xb0 0xc0 0xd0
> * P2P-client: 0x40 0xd0
> * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
> * P2P-device: 0x40 0xd0
> software interface modes (can always be added):
> * AP/VLAN
> * monitor
> valid interface combinations:
> * #{ AP, mesh point } <= 8,
> total <= 8, #channels <= 1
> HT Capability overrides:
> * MCS: ff ff ff ff ff ff ff ff ff ff
> * maximum A-MSDU length
> * supported channel width
> * short GI for 40 MHz
> * max A-MPDU length exponent
> * min MPDU start spacing
> Device supports TX status socket option.
> Device supports HT-IBSS.
> Device supports SAE with AUTHENTICATE command
> Device supports low priority scan.
> Device supports scan flush.
> Device supports AP scan.
> Device supports per-vif TX power setting
> Driver supports full state transitions for AP/GO clients
> Driver supports a userspace MPM
> Device supports configuring vdev MAC-addr on create.
I have the same issue with hostapd:
nl80211: Frame TX command accepted; cookie 0x10c
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
Get randomness: len=16 entropy=0
GTK - hexdump(len=16): [REMOVED]
Get randomness: len=16 entropy=0
IGTK - hexdump(len=16): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3
addr=0x5582c5bc5b62 key_idx=1 set_tx=1 seq_len=0 key_len=16
key_flag=0x1a
nl80211: NEW_KEY
nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
broadcast key
nl80211: NL80211_CMD_SET_KEY - default key
wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4
addr=0x5582c5bc5b62 key_idx=4 set_tx=1 seq_len=0 key_len=16
key_flag=0x1a
nl80211: NEW_KEY
nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
broadcast key
nl80211: set_key failed; err=-22 Invalid argument
WPA: group state machine entering state FATAL_FAILURE
I'm using configuration from this article [1]. What am I missing?
[1] https://community.silabs.com/s/article/wf-m-200-linux-wpa3-configuration?language=en_US
Best regards,
Yegor
More information about the Hostap
mailing list