Does WPA3 support depend on hardware, software or both?

Question

I upgraded my router's firmware to OpenWrt 21.02 which introduces WPA3 support. In theory, this should work for me, running Ubuntu 20.04, as support for WPA3 was added in 19.10

My experience is awful about that. Devices (tablets, phones, laptops) can't establish connection, except when I switch encryption to WPA2.

WPA3 does not work. My Ubuntu based laptops can see the WPA3 network SSID, but connection is unsuccessful. My Android devices can't even see SSID. I wonder if any of the hardware (network cards) is obsolete.

Does WPA3 support require hardware support, or does it purely depend on software, and could be resolved in future Ubuntu updates?

Answer 1

WPA3 support is purely based on software. There is no dedicated hardware required to run either WPA version.

Consider the following announcement, and specifically the quote from Cisco:

Cisco is in full support of Wi-Fi Alliance’s continual focus on security evolution to WPA3. The WPA3 program will bring much needed upgrades to wireless security protecting all levels of customers from consumer to enterprise/government. Cisco is committed to integrating WPA3 features into our Aironet Access Points and Wireless Controllers via a firmware upgrade so that our existing and new customers can take advantage of the capabilities offered by WPA3. - Greg Dorai, Vice President Cisco WLAN, Cisco

This clearly states that WPA3 support for proprietary devices can be added with a firmware upgrade - which is purely software, and not a hardware feature.

But of course, the hardware vendor has to release such a firmware update, before you can connect with WPA3 from your Ubuntu PC (or any other device).

Answer 2

Delete old WPA2 connections in Ubuntu and connect again using your password.

Probably you configured Openwrt a wrong way.

Also there is WPA2/WPA3 option in Openwrt.

I can confirm that WPA3 works on old routers with e.g. AR922X wireless chips and also it does work on really old hardware Ubuntu clients.

The encryption part is done by openssl or wolfssl, so I don't see how hardware may stop it.

Answer 3

Both. Ubuntu does depend on certain properties of the NIC hardware (and their, possibly loadable, firmware), though they do not specifically need to advertise support for WPA3. There are known examples of otherwise compatible older hardware that won't work. Such can be identified by inquiring capabilities from the driver, which will lack MFP support:

sudo find /sys/kernel/debug/ieee80211/ -name hwflags  -exec \
 sh -c "grep -q MFP_CAPABLE '{}' && echo '# OK: {}' || echo '# MISSING SUPPORT: {}'" ';'
# MISSING SUPPORT: /sys/kernel/debug/ieee80211/phy0/hwflags
# OK: /sys/kernel/debug/ieee80211/phy1/hwflags
# OK: /sys/kernel/debug/ieee80211/phy2/hwflags

My working theory is that the entire iwldvm driver is affected, so Intel cards with names like Advanced-N 6205 or 6200AGN can not be used in WPA3 networks, even when running modern Ubuntu version. This may or may not be a physical lack of feature or defect in the NICs. If it is a software issue, it is not one likely to be solvable, as Intel has not provided firmware updates beyond 2010. In any case, they are said to break kernel features that could otherwise make up for their lack in crypto hardware-acceleration.