FS#65314 : [wpa_supplicant] Enable WPA 3 Enterprise and Fast Initial Link Setup

FS#65314 - [wpa_supplicant] Enable WPA 3 Enterprise and Fast Initial Link Setup

Attached to Project: Arch Linux
Opened by Szabolcs Sipos (labuwx) - Wednesday, 29 January 2020, 03:58 GMT
Last edited by Toolybird (Toolybird) - Monday, 02 January 2023, 01:18 GMT

Task Type	Feature Request
Category	Packages: Core
Status	Closed
Assigned To	Evangelos Foutras (foutrelis) Morten Linderud (Foxboron)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	6 Grzegorz (reset) (2022-12-09) J (Holzprozessor) (2022-12-09) Peter Fern (pdf) (2021-10-05) Andrej Podzimek (andrej) (2020-10-22) nl6720 (nl6720) (2020-06-22) Jade Auer (jadra) (2020-03-19)
Private	No

Details

Description:
WPA 3 got partially (SAE, OWE) enabled in v2:2.9-4. It would be great if the enterprise features were also enabled.
Fast Initial Link Setup (802.11ai) reduces connection setup time therefore it is another way to achieve fast roaming, besides Fast BSS Transition (802.11r).
AFAIK neither method works with WPA 3 Enterprise so one might choose to stick with WPA 2 but use a stronger hash algorithm for key derivation, such as SHA384.

Required build options:
# WPA 3 Enterprise
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# FILS (802.11ai)
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
# SHA384
CONFIG_SHA384=y

This task depends upon

Closed by Toolybird (Toolybird)
Monday, 02 January 2023, 01:18 GMT
Reason for closing: Fixed
Additional comments about closing: wpa_supplicant 2:2.10-8

Comment by loqs (loqs) - Wednesday, 29 January 2020, 05:02 GMT

CONFIG_FILS was one of the issues of ~~FS#61119~~ see also https://bbs.archlinux.org/viewtopic.php?id=244079

Comment by J (Holzprozessor) - Friday, 09 December 2022, 13:02 GMT

Can this bug be re-evaluated? I would very much like Arch Linux to support WPA3-Enterprise as well as the 192 bit mode.

Other distributions do support this already.

Comment by loqs (loqs) - Friday, 09 December 2022, 19:06 GMT

CONFIG_FILS issues with broadcom should have been fixed in ~~FS#73495~~ . If you apply the attached diff is that enough? It does not enable CONFIG_SHA384 as that is enabled by CONFIG_SUITEB192 and CONFIG_OWE which also enables CONFIG_SHA512 so SAE finite cyclic groups 19, 20 and 21 should be supported.

PKGBUILD.diff (1.4 KiB)

Comment by J (Holzprozessor) - Thursday, 15 December 2022, 19:50 GMT

I have some trouble building wpa_supplicant on my machine, your changes should be enough to make it work. Can you build a version with your changes for the Testing repository?

Comment by loqs (loqs) - Thursday, 15 December 2022, 21:42 GMT

It is covered in https://wiki.archlinux.org/title/Arch_Build_System and https://wiki.archlinux.org/title/Makepkg
Assuming you have the base-devel group plus git installed
git clone https://github.com/archlinux/svntogit-community.git --single-branch --branch 'packages/wpa_supplicant' wpa_supplicant # Obtain PKGBUILD
cd wpa_supplicant/trunk/
curl -o PKGBUILD.diff https://bugs.archlinux.org/task/65314?getfile=22127 # Obtain patch
git apply PKGBUILD.diff # Apply patch
makepkg -rsi # Build then install package.

Comment by J (Holzprozessor) - Friday, 16 December 2022, 10:47 GMT

Thank you! :) I was able to build it and I can confirm that it works perfectly fine with with key_mgmt=FT-EAP-SHA384 WPA-EAP-SUITE-B-192, which is what I wanted.

Comment by Jan Alexander Steffens (heftig) - Monday, 02 January 2023, 01:03 GMT

This should be implemented in wpa_supplicant 2:2.10-8

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#65314 - [wpa_supplicant] Enable WPA 3 Enterprise and Fast Initial Link Setup

Details

Loading...