Hi Masashi, On Fri, Apr 1, 2022 at 1:47 AM Masashi Honma <masashi.honma@xxxxxxxxx> wrote: > > The configuration requires IEEE 802.11w. > > network={ > mode=2 > ssid="WPA3_AP" > proto=RSN > key_mgmt=SAE > pairwise=CCMP > group=CCMP > ieee80211w=2 <--- here > psk="xxxxxx" > } > > But the Wi-Fi NIC does not support IEEE 802.11w. > > Wiphy phy0 > ... > Supported Ciphers: > * WEP40 (00-0f-ac:1) > * WEP104 (00-0f-ac:5) > * TKIP (00-0f-ac:2) > * CCMP-128 (00-0f-ac:4) > * CCMP-256 (00-0f-ac:10) > * GCMP-128 (00-0f-ac:8) > * GCMP-256 (00-0f-ac:9) > ... > > Missing "CMAC (00-0f-ac:6)". > > By spec, WPA3 only AP requires IEEE 802.11w. > So if you want to publish the AP to official place, you need to > replace Wi-Fi NIC to IEEE 802.11w supporting one. > Or, you only just for testing, "ieee80211w=0" will boot the AP. Thanks for clarification. I could start AP with a Realtek chipset and after updating the kernel to 5.17, I could even start a RaLink rt2800 dongle with CMAC cipher. The only problem so far is the TI wl18xx chipset. The fw is already CMAC capable but the driver not and it is orphaned :-( Regards, Yegor > Regards, > Masashi Honma. > > 2022年3月30日(水) 17:52 Yegor Yefremov <yegorslists@xxxxxxxxxxxxxx>: > > > > Hi, > > > > On Tue, Mar 29, 2022 at 11:46 AM Yegor Yefremov > > <yegorslists@xxxxxxxxxxxxxx> wrote: > > > > > > I am trying to set up an AP using wpa_supplicant only. So far, I could > > > find only configuration examples for hostapd as WPA3 AP. Is it > > > possible to achieve this with wpa_supplicant? > > > > > > My system: Ubuntu 18.04.3 > > > Kernel: 4.15.0-91-generic > > > wpa_supplicant (built from git): wpa_supplicant > > > v2.11-devel-hostap_2_10-165-g1fb907a68 > > > > > > My wpa_supplicant .config: > > > > > > CONFIG_DRIVER_NL80211=y > > > CONFIG_LIBNL32=y > > > CONFIG_DRIVER_WIRED=y > > > CONFIG_DRIVER_MACSEC_LINUX=y > > > CONFIG_IEEE8021X_EAPOL=y > > > CONFIG_EAP_MD5=y > > > CONFIG_EAP_MSCHAPV2=y > > > CONFIG_EAP_TLS=y > > > CONFIG_EAP_PEAP=y > > > CONFIG_EAP_TTLS=y > > > CONFIG_EAP_FAST=y > > > CONFIG_EAP_GTC=y > > > CONFIG_EAP_OTP=y > > > CONFIG_EAP_PWD=y > > > CONFIG_EAP_PAX=y > > > CONFIG_EAP_LEAP=y > > > CONFIG_EAP_SAKE=y > > > CONFIG_EAP_GPSK=y > > > CONFIG_EAP_GPSK_SHA256=y > > > CONFIG_EAP_TNC=y > > > CONFIG_WPS=y > > > CONFIG_EAP_IKEV2=y > > > CONFIG_MACSEC=y > > > CONFIG_PKCS12=y > > > CONFIG_SMARTCARD=y > > > CONFIG_CTRL_IFACE=y > > > CONFIG_SAE=y > > > CONFIG_BACKEND=file > > > CONFIG_CTRL_IFACE_DBUS_NEW=y > > > CONFIG_CTRL_IFACE_DBUS_INTRO=y > > > CONFIG_IEEE80211R=y > > > CONFIG_DEBUG_FILE=y > > > CONFIG_DEBUG_SYSLOG=y > > > CONFIG_IEEE80211AC=y > > > CONFIG_INTERWORKING=y > > > CONFIG_HS20=y > > > CONFIG_AP=y > > > CONFIG_P2P=y > > > CONFIG_TDLS=y > > > CONFIG_WIFI_DISPLAY=y > > > CONFIG_IBSS_RSN=y > > > CONFIG_BGSCAN_SIMPLE=y > > > CONFIG_OWE=y > > > CONFIG_DPP=y > > > > > > wpa_supplicant.conf: > > > > > > ctrl_interface=/run/wpa_supplicant > > > network={ > > > mode=2 > > > ssid="WPA3_AP" > > > proto=RSN > > > key_mgmt=SAE > > > pairwise=CCMP > > > group=CCMP > > > ieee80211w=2 > > > psk="xxxxxx" > > > } > > > > > > wpa_suplicant output with the error: > > > > > > WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0) > > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3 > > > addr=0x55ca32fe92e0 key_idx=1 set_tx=1 seq_len=0 key_len=16 > > > key_flag=0x1a > > > nl80211: NEW_KEY > > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED] > > > broadcast key > > > nl80211: NL80211_CMD_SET_KEY - default key > > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4 > > > addr=0x55ca32fe92e0 key_idx=4 set_tx=1 seq_len=0 key_len=16 > > > key_flag=0x1a > > > nl80211: NEW_KEY > > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED] > > > broadcast key > > > nl80211: set_key failed; err=-22 Invalid argument > > > WPA: group state machine entering state FATAL_FAILURE > > > wlx7cdd9044a583: Flushing old station entries > > > nl80211: flush -> DEL_STATION wlx7cdd9044a583 (all) > > > wlx7cdd9044a583: Deauthenticate all stations > > > nl80211: send_mlme - da=ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 > > > offchanok=0 wait_time=0 no_encrypt=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) > > > nlmode=3 > > > nl80211: send_mlme - Use bss->freq=2462 > > > nl80211: send_mlme -> send_frame_cmd > > > nl80211: CMD_FRAME freq=2462 wait=0 no_cck=0 no_ack=0 offchanok=0 > > > CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 7c dd 90 44 > > > a5 83 7c dd 90 44 a5 83 00 00 03 00 > > > nl80211: Frame TX command accepted; cookie 0x104 > > > hostapd_free_hapd_data(wlx7cdd9044a583) > > > Interface initialization failed > > > wlx7cdd9044a583: interface state UNINITIALIZED->DISABLED > > > wlx7cdd9044a583: AP-DISABLED > > > wlx7cdd9044a583: Unable to setup interface. > > > Failed to initialize AP interface > > > > > > WLAN capabilities: > > > > > > Wiphy phy0 > > > max # scan SSIDs: 4 > > > max scan IEs length: 2257 bytes > > > max # sched scan SSIDs: 0 > > > max # match sets: 0 > > > max # scan plans: 1 > > > max scan plan interval: -1 > > > max scan plan iterations: 0 > > > Retry short long limit: 2 > > > Coverage class: 0 (up to 0m) > > > Device supports RSN-IBSS. > > > Supported Ciphers: > > > * WEP40 (00-0f-ac:1) > > > * WEP104 (00-0f-ac:5) > > > * TKIP (00-0f-ac:2) > > > * CCMP-128 (00-0f-ac:4) > > > * CCMP-256 (00-0f-ac:10) > > > * GCMP-128 (00-0f-ac:8) > > > * GCMP-256 (00-0f-ac:9) > > > Available Antennas: TX 0 RX 0 > > > Supported interface modes: > > > * IBSS > > > * managed > > > * AP > > > * AP/VLAN > > > * monitor > > > * mesh point > > > Band 1: > > > Capabilities: 0x17e > > > HT20/HT40 > > > SM Power Save disabled > > > RX Greenfield > > > RX HT20 SGI > > > RX HT40 SGI > > > RX STBC 1-stream > > > Max AMSDU length: 3839 bytes > > > No DSSS/CCK HT40 > > > Maximum RX AMPDU length 32767 bytes (exponent: 0x002) > > > Minimum RX AMPDU time spacing: 2 usec (0x04) > > > HT TX/RX MCS rate indexes supported: 0-7, 32 > > > Bitrates (non-HT): > > > * 1.0 Mbps > > > * 2.0 Mbps (short preamble supported) > > > * 5.5 Mbps (short preamble supported) > > > * 11.0 Mbps (short preamble supported) > > > * 6.0 Mbps > > > * 9.0 Mbps > > > * 12.0 Mbps > > > * 18.0 Mbps > > > * 24.0 Mbps > > > * 36.0 Mbps > > > * 48.0 Mbps > > > * 54.0 Mbps > > > Frequencies: > > > * 2412 MHz [1] (20.0 dBm) > > > * 2417 MHz [2] (20.0 dBm) > > > * 2422 MHz [3] (20.0 dBm) > > > * 2427 MHz [4] (20.0 dBm) > > > * 2432 MHz [5] (20.0 dBm) > > > * 2437 MHz [6] (20.0 dBm) > > > * 2442 MHz [7] (20.0 dBm) > > > * 2447 MHz [8] (20.0 dBm) > > > * 2452 MHz [9] (20.0 dBm) > > > * 2457 MHz [10] (20.0 dBm) > > > * 2462 MHz [11] (20.0 dBm) > > > * 2467 MHz [12] (20.0 dBm) (no IR) > > > * 2472 MHz [13] (20.0 dBm) (no IR) > > > * 2484 MHz [14] (20.0 dBm) (no IR) > > > Supported commands: > > > * new_interface > > > * set_interface > > > * new_key > > > * start_ap > > > * new_station > > > * new_mpath > > > * set_mesh_config > > > * set_bss > > > * authenticate > > > * associate > > > * deauthenticate > > > * disassociate > > > * join_ibss > > > * join_mesh > > > * set_tx_bitrate_mask > > > * frame > > > * frame_wait_cancel > > > * set_wiphy_netns > > > * set_channel > > > * set_wds_peer > > > * probe_client > > > * set_noack_map > > > * register_beacons > > > * start_p2p_device > > > * set_mcast_rate > > > * connect > > > * disconnect > > > * set_qos_map > > > * set_multicast_to_unicast > > > Supported TX frame types: > > > * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 > > > 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 > > > 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 > > > 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0 > > > Supported RX frame types: > > > * IBSS: 0x40 0xb0 0xc0 0xd0 > > > * managed: 0x40 0xd0 > > > * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 > > > * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 > > > * mesh point: 0xb0 0xc0 0xd0 > > > * P2P-client: 0x40 0xd0 > > > * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0 > > > * P2P-device: 0x40 0xd0 > > > software interface modes (can always be added): > > > * AP/VLAN > > > * monitor > > > valid interface combinations: > > > * #{ AP, mesh point } <= 8, > > > total <= 8, #channels <= 1 > > > HT Capability overrides: > > > * MCS: ff ff ff ff ff ff ff ff ff ff > > > * maximum A-MSDU length > > > * supported channel width > > > * short GI for 40 MHz > > > * max A-MPDU length exponent > > > * min MPDU start spacing > > > Device supports TX status socket option. > > > Device supports HT-IBSS. > > > Device supports SAE with AUTHENTICATE command > > > Device supports low priority scan. > > > Device supports scan flush. > > > Device supports AP scan. > > > Device supports per-vif TX power setting > > > Driver supports full state transitions for AP/GO clients > > > Driver supports a userspace MPM > > > Device supports configuring vdev MAC-addr on create. > > > > I have the same issue with hostapd: > > > > nl80211: Frame TX command accepted; cookie 0x10c > > WPA: Start group state machine to set initial keys > > WPA: group state machine entering state GTK_INIT (VLAN-ID 0) > > Get randomness: len=16 entropy=0 > > GTK - hexdump(len=16): [REMOVED] > > Get randomness: len=16 entropy=0 > > IGTK - hexdump(len=16): [REMOVED] > > WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0) > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=3 > > addr=0x5582c5bc5b62 key_idx=1 set_tx=1 seq_len=0 key_len=16 > > key_flag=0x1a > > nl80211: NEW_KEY > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED] > > broadcast key > > nl80211: NL80211_CMD_SET_KEY - default key > > wpa_driver_nl80211_set_key: ifindex=6 (wlx7cdd9044a583) alg=4 > > addr=0x5582c5bc5b62 key_idx=4 set_tx=1 seq_len=0 key_len=16 > > key_flag=0x1a > > nl80211: NEW_KEY > > nl80211: KEY_DATA - hexdump(len=16): [REMOVED] > > broadcast key > > nl80211: set_key failed; err=-22 Invalid argument > > WPA: group state machine entering state FATAL_FAILURE > > > > I'm using configuration from this article [1]. What am I missing? > > > > [1] https://community.silabs.com/s/article/wf-m-200-linux-wpa3-configuration?language=en_US > > > > Best regards, > > Yegor > > > > _______________________________________________ > > Hostap mailing list > > Hostap@xxxxxxxxxxxxxxxxxxx > > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap