Next Connman version and OWE support?

Next Connman version and OWE support?

[Lars George]

Hello everybody,

First of all thanks for the great work with Connman.

I saw that Connman now also supports SAE (WPA3), but this is currently only available in the master branch. Are there any plans of releasing the current changes in the near future?

It would also be great if OWE (Opportunistic Wireless Encryption) would be supported at some point. Connman would need to identify it as ‘none’ type security and when connecting the key_mgmt=OWE is needed (at least when using wpa_supplicant). The information about this can be found in the Information Element data of the BSS in the AKM Suite List (see IEEE Std 802.11 chapter 9.4.2.25 RSNE). OWE has suite type 18.

When parsing the Information Element is already implemented in Connman (I am not yet familiar with the code) the usage of the IEEE80211w could also be read from it. The Management Frame Protection Required (IEEE80211w=2) and Management Frame Protection Capable can be found in the RSN capabilities (9.4.2.25.4 RSN capabilities - Bits 6 and 7). Currently this is only hard coded set within Connman when connecting to WPA3-SAE as this is required there and needs to be optional (IEEE80211w=1) for the transition mode.

Kind regards
Lars

biotronik.com<https://www.biotronik.com>
Follow us on Twitter<https://twitter.com/biotronik_news> and LinkedIn<https://www.linkedin.com/company/biotronik>

[Logo]
________________________________

BIOTRONIK SE & Co. KG
Woermannkehre 1, 12359 Berlin, Germany
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501

Vertreten durch ihre Komplementärin:
BIOTRONIK MT SE
Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 118866 B
Geschäftsführende Direktoren: Prof. Dr. Hanns-Peter Knaebel (Vorsitzender), Dr. Daniel Bühler, Dr. Thomas Kraft, Stephan Schulz-Gohritz
________________________________

This e-mail and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this e-mail, please notify the sender immediately and delete the document.

Re: Next Connman version and OWE support?

[Marcel Holtmann]

Hi Lars,

> First of all thanks for the great work with Connman.
> 
> I saw that Connman now also supports SAE (WPA3), but this is currently only available in the master branch. Are there any plans of releasing the current changes in the near future?
> 
> It would also be great if OWE (Opportunistic Wireless Encryption) would be supported at some point. Connman would need to identify it as ‘none’ type security and when connecting the key_mgmt=OWE is needed (at least when using wpa_supplicant). The information about this can be found in the Information Element data of the BSS in the AKM Suite List (see IEEE Std 802.11 chapter 9.4.2.25 RSNE). OWE has suite type 18.
> 
> When parsing the Information Element is already implemented in Connman (I am not yet familiar with the code) the usage of the IEEE80211w could also be read from it. The Management Frame Protection Required (IEEE80211w=2) and Management Frame Protection Capable can be found in the RSN capabilities (9.4.2.25.4 RSN capabilities - Bits 6 and 7). Currently this is only hard coded set within Connman when connecting to WPA3-SAE as this is required there and needs to be optional (IEEE80211w=1) for the transition mode.

frankly, I think you are better served switching to iwd as backend and ditching wpa_supplicant. I doubt that it makes sense to copy the logic of OWE and OWE transition mode to ConnMan. I think it will be really complicated for OWE transition mode and a big mess. The wpa_supplicant APIs are not really meant for this kind of handling. And in iwd you have this all handled internally. No extra work needed.

Regards

Marcel