[1/2] package/wpa_supplicant: add Config.in option for WPA3

New wpa_supplicant v2.9 enables by default WPA3 features such as
SAE and DPP. Building those features requires openssl.

This patch adds Config.in option for WPA3 support in wpa_supplicant.
When this option is selected, libopenssl is also selected and WPA3
features OWE, SAE, DPP are enabled in wpa_supplicant configuration.
When this option is deselected, then all the above WPA3 options
are disabled.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
---
 package/wpa_supplicant/Config.in         |  7 +++++++
 package/wpa_supplicant/wpa_supplicant.mk | 12 ++++++++++++
 2 files changed, 19 insertions(+)

Sergey,

On Sun, Sep 8, 2019 at 10:14 AM Sergey Matyukevich <geomatsi@gmail.com> wrote:
>
> New wpa_supplicant v2.9 enables by default WPA3 features such as
> SAE and DPP. Building those features requires openssl.
>
> This patch adds Config.in option for WPA3 support in wpa_supplicant.
> When this option is selected, libopenssl is also selected and WPA3
> features OWE, SAE, DPP are enabled in wpa_supplicant configuration.
> When this option is deselected, then all the above WPA3 options
> are disabled.
>
> Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
> ---
>  package/wpa_supplicant/Config.in         |  7 +++++++
>  package/wpa_supplicant/wpa_supplicant.mk | 12 ++++++++++++
>  2 files changed, 19 insertions(+)
>
> diff --git a/package/wpa_supplicant/Config.in b/package/wpa_supplicant/Config.in
> index 1594b877c6..cba7fa07e1 100644
> --- a/package/wpa_supplicant/Config.in
> +++ b/package/wpa_supplicant/Config.in
> @@ -81,6 +81,13 @@ config BR2_PACKAGE_WPA_SUPPLICANT_WPS
>         help
>           Enable support for Wi-Fi Protected Setup (WPS).
>
> +config BR2_PACKAGE_WPA_SUPPLICANT_WPA3
> +       bool "Enable WPA3 support"
> +       select BR2_PACKAGE_OPENSSL
> +       select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
> +       help
> +         Enable WPA3 support including OWE, SAE, DPP
> +
>  config BR2_PACKAGE_WPA_SUPPLICANT_CLI
>         bool "Install wpa_cli binary"
>         help
> diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
> index 0a7a5072dc..283c006052 100644
> --- a/package/wpa_supplicant/wpa_supplicant.mk
> +++ b/package/wpa_supplicant/wpa_supplicant.mk
> @@ -88,6 +88,18 @@ ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPS),y)
>  WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WPS
>  endif
>
> +ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPA3),y)
> +WPA_SUPPLICANT_CONFIG_ENABLE += \
> +       CONFIG_DPP \
> +       CONFIG_SAE \
> +       CONFIG_OWE
> +else
> +WPA_SUPPLICANT_CONFIG_DISABLE += \
> +       CONFIG_DPP \
> +       CONFIG_SAE \
> +       CONFIG_OWE
> +endif

To test your else case with WPA3 disabled.  I took the following build
failure and applied your patch.
http://autobuild.buildroot.net/results/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/

Here's where the build now fails.  Looks like the sae related linking
issues are gone but dfs is still an issue.
/home/foobar/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-linux-gnu/8.3.0/../../../../aarch64-linux-gnu/bin/ld:
../src/ap/ieee802_11_vht.o: in function
`hostapd_eid_txpower_envelope':
ieee802_11_vht.c:(.text+0x2c8): undefined reference to `hostapd_is_dfs_required'

This can be resolved by adding the src/ap/dfs.o to the list of items
built, I'm just unsure of the right CONFIG option to set that or if it
is an actual Makefile miss when a recent feature was added.  It will
build successful it you enable the Buildroot
"BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT" option that adds the missing
objs.

Regards,
Matt

> > New wpa_supplicant v2.9 enables by default WPA3 features such as
> > SAE and DPP. Building those features requires openssl.
> >
> > This patch adds Config.in option for WPA3 support in wpa_supplicant.
> > When this option is selected, libopenssl is also selected and WPA3
> > features OWE, SAE, DPP are enabled in wpa_supplicant configuration.
> > When this option is deselected, then all the above WPA3 options
> > are disabled.

...

> To test your else case with WPA3 disabled.  I took the following build
> failure and applied your patch.
> http://autobuild.buildroot.net/results/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/
> 
> Here's where the build now fails.  Looks like the sae related linking
> issues are gone but dfs is still an issue.
> /home/foobar/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-linux-gnu/8.3.0/../../../../aarch64-linux-gnu/bin/ld:
> ../src/ap/ieee802_11_vht.o: in function
> `hostapd_eid_txpower_envelope':
> ieee802_11_vht.c:(.text+0x2c8): undefined reference to `hostapd_is_dfs_required'
> 
> This can be resolved by adding the src/ap/dfs.o to the list of items
> built, I'm just unsure of the right CONFIG option to set that or if it
> is an actual Makefile miss when a recent feature was added.  It will
> build successful it you enable the Buildroot
> "BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT" option that adds the missing
> objs.
> 
> Regards,
> Matt

Hi Matt,

Multiple wpa_supplicant build issues of this kind have been already
reported in the latest daily build results. This issue is reproduced
when BR2_PACKAGE_WPA_SUPPLICANT_NL80211 disabled. In this case
wpa_supplicant uses WEXT driver by default. However that
driver does not support AP mode.

On the other hand, wpa-supplicant v2.9 enables CONFIG_AP in defconfig.
This was not the case in v2.7, so wpa_supplicant.mk does not switch
off this option when BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT is disabled. 

I have a patch for this issue as well and plan to include into v2 after
I collect some feedback regarding WPA3 support.

In brief, the fix is going to be someting like this:

diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
index a518ecc217..1d582354f7 100644
--- a/package/wpa_supplicant/wpa_supplicant.mk
+++ b/package/wpa_supplicant/wpa_supplicant.mk
@@ -84,10 +84,16 @@ ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT),y)
 WPA_SUPPLICANT_CONFIG_ENABLE += \
 	CONFIG_AP \
 	CONFIG_P2P
+else
+WPA_SUPPLICANT_CONFIG_DISABLE += \
+	CONFIG_AP \
+	CONFIG_P2P
 endif
 
 ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY),y)
 WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WIFI_DISPLAY
+else
+WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_WIFI_DISPLAY
 endif
 
 ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING),y)


Regards,
Sergey

Sergey,


On Mon, Sep 9, 2019 at 8:40 AM Sergey Matyukevich <geomatsi@gmail.com> wrote:
>
> > > New wpa_supplicant v2.9 enables by default WPA3 features such as
> > > SAE and DPP. Building those features requires openssl.
> > >
> > > This patch adds Config.in option for WPA3 support in wpa_supplicant.
> > > When this option is selected, libopenssl is also selected and WPA3
> > > features OWE, SAE, DPP are enabled in wpa_supplicant configuration.
> > > When this option is deselected, then all the above WPA3 options
> > > are disabled.
>
> ...
>
> > To test your else case with WPA3 disabled.  I took the following build
> > failure and applied your patch.
> > https://urldefense.proofpoint.com/v2/url?u=http-3A__autobuild.buildroot.net_results_c93c1f78429d022fd0f7b6db91eb860cc3d4d95b_&d=DwIBAg&c=ilBQI1lupc9Y65XwNblLtw&r=y1sOV0GV8NZUkffv7oCRxs2Sd3nOBS-NxDM3NY8lOgs&m=zFA1DlkhYoyevLNN9gzgwPS3XM5gYgozMRAV-mVe39E&s=yrl2vOP_D1Y4udJ8xxya0OT38uYMR--kjfJ5d4ISrg4&e=
> >
> > Here's where the build now fails.  Looks like the sae related linking
> > issues are gone but dfs is still an issue.
> > /home/foobar/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-linux-gnu/8.3.0/../../../../aarch64-linux-gnu/bin/ld:
> > ../src/ap/ieee802_11_vht.o: in function
> > `hostapd_eid_txpower_envelope':
> > ieee802_11_vht.c:(.text+0x2c8): undefined reference to `hostapd_is_dfs_required'
> >
> > This can be resolved by adding the src/ap/dfs.o to the list of items
> > built, I'm just unsure of the right CONFIG option to set that or if it
> > is an actual Makefile miss when a recent feature was added.  It will
> > build successful it you enable the Buildroot
> > "BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT" option that adds the missing
> > objs.
> >
> > Regards,
> > Matt
>
> Hi Matt,
>
> Multiple wpa_supplicant build issues of this kind have been already
> reported in the latest daily build results. This issue is reproduced
> when BR2_PACKAGE_WPA_SUPPLICANT_NL80211 disabled. In this case
> wpa_supplicant uses WEXT driver by default. However that
> driver does not support AP mode.
>
> On the other hand, wpa-supplicant v2.9 enables CONFIG_AP in defconfig.
> This was not the case in v2.7, so wpa_supplicant.mk does not switch
> off this option when BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT is disabled.
>
> I have a patch for this issue as well and plan to include into v2 after
> I collect some feedback regarding WPA3 support.
>
> In brief, the fix is going to be someting like this:
>
> diff --git a/package/wpa_supplicant/wpa_supplicant.mk b/package/wpa_supplicant/wpa_supplicant.mk
> index a518ecc217..1d582354f7 100644
> --- a/package/wpa_supplicant/wpa_supplicant.mk
> +++ b/package/wpa_supplicant/wpa_supplicant.mk
> @@ -84,10 +84,16 @@ ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT),y)
>  WPA_SUPPLICANT_CONFIG_ENABLE += \
>         CONFIG_AP \
>         CONFIG_P2P
> +else
> +WPA_SUPPLICANT_CONFIG_DISABLE += \
> +       CONFIG_AP \
> +       CONFIG_P2P
>  endif
>
>  ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY),y)
>  WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WIFI_DISPLAY
> +else
> +WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_WIFI_DISPLAY
>  endif
>

I've tested your informal fix above for the CONFIG_AP now being set by
default and needing to be disabled.  My build now passes.  CC me when
you send the patch and I'll add my tested by.

Matt

On 09/09/2019 15:21, Matthew Weber wrote:
[snip]
> Here's where the build now fails.  Looks like the sae related linking
> issues are gone but dfs is still an issue.
> /home/foobar/c93c1f78429d022fd0f7b6db91eb860cc3d4d95b/buildroot/output/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-linux-gnu/8.3.0/../../../../aarch64-linux-gnu/bin/ld:
> ../src/ap/ieee802_11_vht.o: in function

 This object file is only enabled under the CONFIG_AP condition...

> `hostapd_eid_txpower_envelope':
> ieee802_11_vht.c:(.text+0x2c8): undefined reference to `hostapd_is_dfs_required'
> 
> This can be resolved by adding the src/ap/dfs.o to the list of items

 ... and that one gets added if CONFIG_AP and CONFIG_DRIVER_NL80211 are enabled.


> built, I'm just unsure of the right CONFIG option to set that or if it
> is an actual Makefile miss when a recent feature was added.  It will
> build successful it you enable the Buildroot
> "BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT" option that adds the missing
> objs.

 ... so I'm surprised that this fixes it for you... I'd expect enabling the
NL80211 driver would fix it.

 Anyway, it definitely looks like a bug in the wpa_supplicant Makefile. I
checked on current master and it's still like that. And openrwrt is still at 2.7
so no fixes there either.

 Regards,
 Arnout

> 
> Regards,
> Matt
>