SAE: Enable only group 19 by default in AP mode

Change the AP mode default for SAE to enable only the group 19 instead
of enabling all ECC groups that are supported by the used crypto library
and the SAE implementations. The main reason for this is to avoid
enabling groups that are not as strong as the mandatory-to-support group
19 (i.e., groups 25 and 26). In addition, this disables heavier groups
by default.

In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24
based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the
MODP groups were already disabled by default and would have needed
explicit configuration to be allowed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-03-05 17:18:11 +02:00 committed by Jouni Malinen
parent c097f12c8f
commit 941bad5ef4
2 changed files with 21 additions and 10 deletions

View File

@ -1574,12 +1574,16 @@ own_ip_addr=127.0.0.1
# Enabled SAE finite cyclic groups # Enabled SAE finite cyclic groups
# SAE implementation are required to support group 19 (ECC group defined over a # SAE implementation are required to support group 19 (ECC group defined over a
# 256-bit prime order field). All groups that are supported by the # 256-bit prime order field). This configuration parameter can be used to
# implementation are enabled by default. This configuration parameter can be # specify a set of allowed groups. If not included, only the mandatory group 19
# used to specify a limited set of allowed groups. The group values are listed # is enabled.
# in the IANA registry: # The group values are listed in the IANA registry:
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
#sae_groups=19 20 21 25 26 # Note that groups 1, 2, 5, 22, 23, and 24 should not be used in production
# purposes due limited security (see RFC 8247). Groups that are not as strong as
# group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases
# since all implementations are required to support group 19.
#sae_groups=19 20 21
# Require MFP for all associations using SAE # Require MFP for all associations using SAE
# This parameter can be used to enforce negotiation of MFP for all associations # This parameter can be used to enforce negotiation of MFP for all associations

View File

@ -850,18 +850,21 @@ static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
{ {
struct sae_data *sae = sta->sae; struct sae_data *sae = sta->sae;
int i, *groups = hapd->conf->sae_groups; int i, *groups = hapd->conf->sae_groups;
int default_groups[] = { 19, 0 };
if (sae->state != SAE_COMMITTED) if (sae->state != SAE_COMMITTED)
return; return;
wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group); wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
for (i = 0; groups && groups[i] > 0; i++) { if (!groups)
groups = default_groups;
for (i = 0; groups[i] > 0; i++) {
if (sae->group == groups[i]) if (sae->group == groups[i])
break; break;
} }
if (!groups || groups[i] <= 0) { if (groups[i] <= 0) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Previously selected group not found from the current configuration"); "SAE: Previously selected group not found from the current configuration");
return; return;
@ -890,6 +893,11 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
{ {
int resp = WLAN_STATUS_SUCCESS; int resp = WLAN_STATUS_SUCCESS;
struct wpabuf *data = NULL; struct wpabuf *data = NULL;
int *groups = hapd->conf->sae_groups;
int default_groups[] = { 19, 0 };
if (!groups)
groups = default_groups;
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (hapd->conf->sae_reflection_attack && auth_transaction == 1) { if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
@ -955,8 +963,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
resp = WLAN_STATUS_UNSPECIFIED_FAILURE; resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto reply; goto reply;
} }
resp = sae_group_allowed(sta->sae, resp = sae_group_allowed(sta->sae, groups,
hapd->conf->sae_groups,
WPA_GET_LE16(pos)); WPA_GET_LE16(pos));
if (resp != WLAN_STATUS_SUCCESS) { if (resp != WLAN_STATUS_SUCCESS) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
@ -1025,7 +1032,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
((const u8 *) mgmt) + len - ((const u8 *) mgmt) + len -
mgmt->u.auth.variable, &token, mgmt->u.auth.variable, &token,
&token_len, hapd->conf->sae_groups); &token_len, groups);
if (resp == SAE_SILENTLY_DISCARD) { if (resp == SAE_SILENTLY_DISCARD) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SAE: Drop commit message from " MACSTR " due to reflection attack", "SAE: Drop commit message from " MACSTR " due to reflection attack",