ctagguk
Posts: 2
Joined: Sat Apr 06, 2019 8:42 pm

WPA3 and SAE

Sat Apr 06, 2019 8:48 pm

Has anyone looked/started to determine if its possible to enhance the wpa_supplicant and enable SAE? It looks like Ubuntu 18.04 has it in native and I can see some github projects (https://gist.github.com/est31/d92d17acb ... 38764cd791) dabbling in this area but wondered if there was someone doing the same with a Pi!

I would be interested to get involved and test whatever gets produced. Just enabled a WPA3 SSID on my AP but having nothing to connect to it :D

Thanks

Chris

fruitoftheloom
Posts: 20748
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: WPA3 and SAE

Sun Apr 07, 2019 8:14 am

ctagguk wrote:
Sat Apr 06, 2019 8:48 pm
Has anyone looked/started to determine if its possible to enhance the wpa_supplicant and enable SAE? It looks like Ubuntu 18.04 has it in native and I can see some github projects (https://gist.github.com/est31/d92d17acb ... 38764cd791) dabbling in this area but wondered if there was someone doing the same with a Pi!

I would be interested to get involved and test whatever gets produced. Just enabled a WPA3 SSID on my AP but having nothing to connect to it :D

Thanks

Chris

Any development to implement WPA3 would have to come from Cypress as they supply the Wireless Chipset. WPA3 was only announced less than a year ago !
Retired disgracefully.....

BennyE
Posts: 5
Joined: Sun Sep 16, 2018 11:30 am

Re: WPA3 and SAE

Sat May 18, 2019 9:51 am

I got it working, but it is a long and coffee intensive process. Output from my Access Point, Raspberry Pi and a packet capture available here: https://dokuwiki.alu4u.com/doku.php?id= ... spberry-pi

The Raspberry Pi Model 3 B+ onboard NIC is now owned/supported by Cypress, as previously highlighted here and they published patches for the 4.14.77 kernel that add a "SAE-offload" function to the brcmfmac / firmware package. This, in combination with a custom wpa_supplicant, will give you WPA3-Personal SAE with Protected Management Frames (PMF) that "usually" wouldn't be supported by the NIC due to the absence of HW support for 00-0f-ac:8 (AES-128-CMAC + SHA256) cipher. WPA3-Personal therefore requires support of this offload-helper.

ctagguk
Posts: 2
Joined: Sat Apr 06, 2019 8:42 pm

Re: WPA3 and SAE

Mon May 20, 2019 2:54 pm

Hi. I'd be really interested to see how you did that!

BennyE
Posts: 5
Joined: Sun Sep 16, 2018 11:30 am

Re: WPA3 and SAE

Tue May 21, 2019 7:43 pm

Hi,

I added all the steps to the page that I linked: https://dokuwiki.alu4u.com/doku.php?id= ... spberry-pi
This update happened yesterday only (due to limited time on my end) - apologies for the delay.

Benny

Return to “Advanced users”