On 2/27/20 01:06, Jouni Malinen wrote:
On Wed, Feb 26, 2020 at 02:34:20PM -0800, Isaac Konikoff wrote:
Is there a FT-EAP mode with WPA-EAP-SUITE-B or WPA-EAP-SUITE-B-192?
Not in WPA3. The AKM suite selector 00-0F-AC:13 (i.e., FT-EAP-SHA384 in
hostapd and wpa_supplicant configuration) is quite similar to that as
far as the IEEE 802.11 standard is concerned since it does place similar
constraints on used algorithms and cipher suites. However, it does not
strictly speaking mandate same Suite B profile to be used for EAP at
least in the current standard.
Ok, related to this I'm also trying to test FT-SAE with owe_transition
if this is the correct interpretation of "Fast BSS Transition for
WPA3-Personal transition mode."
open ap partial config:
ssid=ft-open
bssid=04:f0:21:a6:73:44
owe_transition_bssid=04:f0:21:2d:29:44
owe_transition_ssid="bridged-APft"
ft-sae ap1 partial config:
ssid=bridged-APft
bssid=04:f0:21:2d:29:44
ieee80211w=2
wpa_key_mgmt=FT-SAE
ft_over_ds=1
nas_identifier=04f0212d2944
mobility_domain=4ab4
r0_key_lifetime=10000
r1_key_holder=04f0212d2944
reassociation_deadline=1000
pmk_r1_push=1
r0kh=00:0e:8e:63:e8:b5 000e8e63e8b5 00000000000000000000000000000000
r1kh=00:0e:8e:63:e8:b5 00:0e:8e:63:e8:b5 00000000000000000000000000000001
owe_transition_bssid=04:f0:21:a6:73:44
owe_transition_ssid="ft-open"
supplicant config for MAC 00:0e:8e:d1:5b:71
network={
ssid="ft-open"
disable_ht=0
disable_vht=1
ieee80211w=2
disable_ht40=0
disable_sgi=0
disable_max_amsdu=-1
ampdu_factor=-1
ampdu_density=-1
proto=RSN
key_mgmt=FT-SAE
sae_password="hello123"
ocsp=0
pairwise=TKIP CCMP
group=TKIP CCMP
proactive_key_caching=0
}
The supplicant is directed to connect to the ft-sae ap, but gets stuck
after eapol 2 of 4 and then starts over.
04:f0:21:2d:29:44 00:0e:8e:d1:5b:71 Association Response, SN=1083, FN=0,
Flags=........
04:f0:21:2d:29:44 00:0e:8e:d1:5b:71 Key (Message 1 of 4)
00:0e:8e:d1:5b:71 04:f0:21:2d:29:44 Key (Message 2 of 4)
Acknowledgement, Flags=........
04:f0:21:2d:29:44 00:0e:8e:d1:5b:71 Key (Message 1 of 4)
00:0e:8e:d1:5b:71 04:f0:21:2d:29:44 Key (Message 2 of 4)
Acknowledgement, Flags=........
04:f0:21:2d:29:44 00:0e:8e:d1:5b:71 Key (Message 1 of 4)
00:0e:8e:d1:5b:71 04:f0:21:2d:29:44 Key (Message 2 of 4)
The other mode I would like to test if supported is FT-EAP-SHA384 with
and without owe_transition if those are the correct interpretations of
"Fast BSS Transition for WPA3-Enterprise transition mode" and "Fast BSS
Transition for WPA3-Enterprise only mode."
Am I interpreting the modes correctly or is owe_transition mode only
intended for non-FT setups?
Thanks for your help!
Isaac
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
