FS#65314 - [wpa_supplicant] Enable WPA 3 Enterprise and Fast Initial Link Setup

Attached to Project: Arch Linux
Opened by Szabolcs Sipos (labuwx) - Wednesday, 29 January 2020, 03:58 GMT
Last edited by Toolybird (Toolybird) - Monday, 02 January 2023, 01:18 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Evangelos Foutras (foutrelis)
Morten Linderud (Foxboron)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 6
Private No


WPA 3 got partially (SAE, OWE) enabled in v2:2.9-4. It would be great if the enterprise features were also enabled.
Fast Initial Link Setup (802.11ai) reduces connection setup time therefore it is another way to achieve fast roaming, besides Fast BSS Transition (802.11r).
AFAIK neither method works with WPA 3 Enterprise so one might choose to stick with WPA 2 but use a stronger hash algorithm for key derivation, such as SHA384.

Required build options:
# WPA 3 Enterprise
# FILS (802.11ai)
# SHA384
This task depends upon

Closed by  Toolybird (Toolybird)
Monday, 02 January 2023, 01:18 GMT
Reason for closing:  Fixed
Additional comments about closing:  wpa_supplicant 2:2.10-8
Comment by loqs (loqs) - Wednesday, 29 January 2020, 05:02 GMT
CONFIG_FILS was one of the issues of  FS#61119  see also https://bbs.archlinux.org/viewtopic.php?id=244079
Comment by J (Holzprozessor) - Friday, 09 December 2022, 13:02 GMT
Can this bug be re-evaluated? I would very much like Arch Linux to support WPA3-Enterprise as well as the 192 bit mode.

Other distributions do support this already.
Comment by loqs (loqs) - Friday, 09 December 2022, 19:06 GMT
CONFIG_FILS issues with broadcom should have been fixed in  FS#73495 . If you apply the attached diff is that enough? It does not enable CONFIG_SHA384 as that is enabled by CONFIG_SUITEB192 and CONFIG_OWE which also enables CONFIG_SHA512 so SAE finite cyclic groups 19, 20 and 21 should be supported.
Comment by J (Holzprozessor) - Thursday, 15 December 2022, 19:50 GMT
I have some trouble building wpa_supplicant on my machine, your changes should be enough to make it work. Can you build a version with your changes for the Testing repository?
Comment by loqs (loqs) - Thursday, 15 December 2022, 21:42 GMT
It is covered in https://wiki.archlinux.org/title/Arch_Build_System and https://wiki.archlinux.org/title/Makepkg
Assuming you have the base-devel group plus git installed
git clone https://github.com/archlinux/svntogit-community.git --single-branch --branch 'packages/wpa_supplicant' wpa_supplicant # Obtain PKGBUILD
cd wpa_supplicant/trunk/
curl -o PKGBUILD.diff https://bugs.archlinux.org/task/65314?getfile=22127 # Obtain patch
git apply PKGBUILD.diff # Apply patch
makepkg -rsi # Build then install package.
Comment by J (Holzprozessor) - Friday, 16 December 2022, 10:47 GMT
Thank you! :) I was able to build it and I can confirm that it works perfectly fine with with key_mgmt=FT-EAP-SHA384 WPA-EAP-SUITE-B-192, which is what I wanted.
Comment by Jan Alexander Steffens (heftig) - Monday, 02 January 2023, 01:03 GMT
This should be implemented in wpa_supplicant 2:2.10-8