From f7d76813869255491eb76bab4a3f0a7c21a2dc54 Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef Date: Sat, 19 Dec 2020 00:30:29 +0400 Subject: [PATCH] fragattack: support SAE with hash-to-element method --- research/README.md | 9 +++++++++ research/client.conf | 21 ++++++++++++++------- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/research/README.md b/research/README.md index de9e9b1b9..ea3ae5e7a 100644 --- a/research/README.md +++ b/research/README.md @@ -1012,3 +1012,12 @@ seems this should work with all already supported dongles. Note that I haven't tested this in detail: my assumption has been that whether a device is operating in WPA2 or WPA3 mode won't impact test results. +The provided `client.conf` by default enables both the hunting-and-pecking method and +the hash-to-element method. To set up an AP that supports hash-to-element (and thereby +test the latest WPA3/SAE clients) you can modify `hostapd.conf` and set the parameter: + + sae_pwe=2 + +By setting this value the AP will accept both the hunting-and-pecking method and +the hash-to-element method. + diff --git a/research/client.conf b/research/client.conf index 78359f4a8..8ba01fbd7 100644 --- a/research/client.conf +++ b/research/client.conf @@ -1,22 +1,29 @@ ctrl_interface=wpaspy_ctrl -# Simple home network +# WPA3/SAE: support both hunting-and-pecking loop and hash-to-element +sae_pwe=2 + +# WPA2 home network network={ ssid="testnetwork" psk="abcdefgh" - disable_ht=1 pairwise=CCMP #group=CCMP - # Enable these to test WPA3/SAE APs - #key_mgmt=SAE - #ieee80211w=1 - # Might be useful in very noisy environments #disable_ht=1 } +# WPA3 home network +network={ + ssid="test-wpa3" + psk="abcdefgh" + + ieee80211w=1 + key_mgmt=SAE +} + # Enterprise network network={ ssid="peaptest" @@ -31,7 +38,7 @@ network={ #group=CCMP } -# EAP-PWD with dynamic WEP keys +# EAP-PWD with dynamic WEP keys (for research purposes) network={ ssid="weptests" key_mgmt=IEEE8021X