Successfully get WPA3 support for old hardware with a self-compiled OpenWrt snapshot source code

Ted · March 6, 2021, 9:08am

It seems the WPA3 is just a software feature rather than hardware related.

Tested with the snapshot source code (r16099), with very old hardware - FAST FW150U Ver 5.0 USB wireless card in AP mode, WPA3 encryption correctly activated and the client Samsung Galaxy S10+ connected successfully.

The FW150U is quite old device and it does not support WPA3 when it was released. Now, just with newly compiled OpenWRT with wpad-openssl selected, FW150U equipped with WPA3 feature in AP mode.

While compiling, select "wpad-openssl" in the menu Network > WirelessAPD.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r16099-cfa43f8119
 -----------------------------------------------------
root@OpenWrt:~# iwinfo
wlan0     ESSID: "OpenWrt"
          Access Point: 38:83:45:18:FB:29
          Mode: Master  Channel: 11 (2.462 GHz)
          Center Channel 1: 11 2: unknown
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: unknown
          Bit Rate: unknown
          Encryption: WPA3 SAE (CCMP)
          Type: nl80211  HW Mode(s): 802.11bgn
          Hardware: unknown [Generic MAC80211]
          TX power offset: unknown
          Frequency offset: unknown
          Supports VAPs: yes  PHY name: phy0

Performance comparison - WPA3 vs WPA2

Borromini · March 6, 2021, 9:36am

More important (and interesting) is what wireless driver your device actually uses. That's the most saucy tidbit and you're actually leaving that out.

Ted · March 6, 2021, 9:44am

The driver is "kmod-rt2800-usb".

[   47.968499] ieee80211 phy0: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected
[   48.001068] ieee80211 phy0: rt2x00_set_rf: Info - RF chipset 5370 detected
[   48.001525] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[   92.350817] ieee80211 phy0: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin'
[   92.351214] ieee80211 phy0: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.36

slh · March 6, 2021, 12:41pm

WPA3 is mostly a software question, but one of its mandatory features (IEEE 802.11w, which predates WPA3 but is now required for the first time) is not quite software only.

Driver, firmware and hardware need to work hand in hand to properly support it. In case of problems with WPA3 on your hardware, this is mostly the real reason. nl80211 based drivers can fall back to an IEEE 802.11w software implementation to quite some extent, but that usually implies having to disable hardware crypto acceleration of the wifi chipset altogether, which comes at a hefty performance penalty (especially on mips routers, where performance is marginal to begin with).

Around of october last year, these transparent fallbacks to software crypto (and a functional IEEE 802.11w implementation) have been implemented in the mainline kernel for a number of drivers (ath9k for the first draft-n chipsets (<=AR9160), b43, rt2x00 and others), earlier kernels and OpenWrt <=19.07.x don't support it on many wifi chipsets.

So yes, your rt2800_usb chipset needs to use the nl80211 based software encryption as well, with the performance penalty that incurrs.

Ted · March 7, 2021, 2:07am

It seems the WPA3's encryption are conducted on the 'router' rather than on the router's wireless card, in this case, there is no impact for x86_64 based routers as the CPU provides enough performance even it is fully software implementation.

I tested FW150U AP mode on vmware workstation virtual machines, there is no significante performance difference between WPA3 vs WPA2.