Hi, Larry,
On Wed, 20 May 2020 at 21:56, Larry Finger <Larry.Finger@xxxxxxxxxxxx> wrote:
>
> A quick difference - this one supports 3 additional ciphers:
>
> vedder wpa_supplicant[376]: nl80211: Supported cipher 00-0f-ac:13
> vedder wpa_supplicant[376]: nl80211: Supported cipher 00-0f-ac:11
> vedder wpa_supplicant[376]: nl80211: Supported cipher 00-0f-ac:12
Well, yes, I wrote exactly that in the first email. :) But notice
there's another cypher missing from that list…
vedder wpa_supplicant[376]: nl80211: Supported cipher 00-0f-ac:6
… which is CMAC.
> The one with :13 is for BIP-CMAC-256, :11 is BIP-GMAC-128, and :12 is
> BIP-GMAC-256. I did not find a reference that says that these are needed for
> WPA3, but I am suspicious.
Actually, I've been digging around in my other machines, and I noticed
that an Intel card I have, which has no problems connecting to my WPA3
AP, supports a much narrower variety of cyphers. According to iw list,
its supported cyphers are:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* CMAC (00-0f-ac:6)
So, the only extra cypher it supports is CMAC. Digging around the web,
I found this [1] blog post, which does seem to imlpy CMAC is necessary
for the group cypher. Additionally, there's this line in the second
log I sent you (with the successful authentication):
vedder wpa_supplicant[376]: WPA: EAPOL-Key MIC using AES-CMAC
(AKM-defined - SAE)
My conclusion is that CMAC mode is required for WPA3 Personal. What
strikes me as odd is b43 not supporting any additional cyphers in
software crypto mode.
With that said, I'm going to try your patch, but I'm 95 % confident
the result will be the same.
Thanks,
Rui
[1] https://mrncciew.com/2019/11/29/wpa3-sae-mode/
