| Message ID | 20220626152133.531981-1-schreibubi@gmail.com |
|---|---|
| State | Superseded |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | netifd: fix WPA3 enterprise ciphers | expand |
Hi Joerg, Where is this stated? If I check the following Cisco link, this is not constrained in this way on their products: https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/wpa3-dep-guide-og.html If I check the Wi-Fi alliance spec at https://www.wi-fi.org/file/wpa3-specification , this states the following, and a requirement for GCMP does not appear to be mentioned: 3 WPA3-Enterprise WPA3-Enterprise applies to enterprise network settings. 3.1 Modes of operation WPA3-Enterprise modes are defined as follows: • WPA3-Enterprise only mode • WPA3-Enterprise transition mode • WPA3-Enterprise 192-bit mode 3.2 WPA3-Enterprise only mode When operating in WPA3-Enterprise only mode: • An AP shall enable at least AKM suite selector 00-0F-AC:5 (IEEE 802.1X with SHA-256) in the BSS • A STA shall allow at least AKM suite selector 00-0F-AC:5 to be selected for an association • An AP shall not enable AKM suite selector: 00-0F-AC:1 (IEEE 802.1X with SHA-1) • A STA shall not allow AKM suite selector 00-0F-AC:1 to be selected for an association • An AP shall set MFPC to 1, MFPR to 1 • A STA shall set MFPC to 1, MFPR to 1 • A STA shall not enable WEP and TKIP 3.3 WPA3-Enterprise transition mode When operating in WPA3-Enterprise transition mode: • An AP shall enable at least AKM suite selectors 00-0F-AC:1 (IEEE 802.1X with SHA-1) and 00-0F-AC:5 (IEEE 802.1X with SHA-256) in the BSS • A STA shall allow at least AKM suite selectors 00-0F-AC:1 and 00-0F-AC:5 to be selected for an association • An AP shall set MFPC to 1, MFPR to 0 • A STA shall set MFPC to 1, MFPR to 0 3.4 Additional Requirements on WPA3-Enterprise modes The following additional requirements apply to all WPA3-Enterprise modes: 1. An AP shall not enable WPA version 1 on the same BSS with WPA3-Enterprise 2. An AP shall not enable WEP and TKIP on the same BSS as WPA3-Enterprise 3.5 WPA3-Enterprise 192-bit mode WPA3-Enterprise 192-bit mode is well suited for deployments in sensitive enterprise environments to further protect Wi- Fi® networks with higher security requirements such as government, defense, and industrial. When operating in WPA3-Enterprise 192-bit mode: 1. When WPA3-Enterprise 192-bit mode is used by an AP, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the AP). 2. When WPA3-Enterprise 192-bit mode is used by a STA, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the STA). 3. Permitted EAP cipher suites for use with WPA3-Enterprise 192-bit mode are: ▪ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE and ECDSA using the 384-bit prime modulus curve P-384 ▪ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ECDHE using the 384-bit prime modulus curve P-384 - RSA ≥ 3072-bit modulus ▪ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - RSA ≥ 3072-bit modulus - DHE ≥ 3072-bit modulus
[Resending due to previous response being rejected by the list due to being an HTML e-mail] Hi NIck, take a look at the Cisco link you have sent, there is an interoperability table at the end. GCMP with Suite B 1x is basically supported by none of the STA. If you use wpa3 as the encryption setting in OpenWRT, in the code we'll set auth_type=eap192, which in turn will set wpa_key_mgmt=WPA-EAP-SUITE-B-192 in hostapd.conf. So it enables Suite B with 192bit, which in turn requires wpa-cipher=GCMP-256. Aruba says something similar here: https://www.arubanetworks.com/techdocs/Instant_86_WebHelp/Content/instant-ug/authentication/wpa3.htm Best Regards, Joerg On Sun, Jun 26, 2022 at 8:39 PM Nick Lowe <nick.lowe@gmail.com> wrote: > > Hi Joerg, > > Where is this stated? > > If I check the following Cisco link, this is not constrained in this way on their products: > > https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9100ax-access-points/wpa3-dep-guide-og.html > > If I check the Wi-Fi alliance spec at https://www.wi-fi.org/file/wpa3-specification , this states the following, and a requirement for GCMP does not appear to be mentioned: > > 3 > WPA3-Enterprise > WPA3-Enterprise applies to enterprise network settings. > > 3.1 > Modes of operation > WPA3-Enterprise modes are defined as follows: > • WPA3-Enterprise only mode > • WPA3-Enterprise transition mode > • WPA3-Enterprise 192-bit mode > > 3.2 > WPA3-Enterprise only mode > When operating in WPA3-Enterprise only mode: > • An AP shall enable at least AKM suite selector 00-0F-AC:5 (IEEE 802.1X with SHA-256) in the BSS > • A STA shall allow at least AKM suite selector 00-0F-AC:5 to be selected for an association > • An AP shall not enable AKM suite selector: 00-0F-AC:1 (IEEE 802.1X with SHA-1) > • A STA shall not allow AKM suite selector 00-0F-AC:1 to be selected for an association > • An AP shall set MFPC to 1, MFPR to 1 > • A STA shall set MFPC to 1, MFPR to 1 > • A STA shall not enable WEP and TKIP > > 3.3 > WPA3-Enterprise transition mode > When operating in WPA3-Enterprise transition mode: > • An AP shall enable at least AKM suite selectors 00-0F-AC:1 (IEEE 802.1X with SHA-1) and 00-0F-AC:5 (IEEE 802.1X with SHA-256) in the BSS > • A STA shall allow at least AKM suite selectors 00-0F-AC:1 and 00-0F-AC:5 to be selected for an association > • An AP shall set MFPC to 1, MFPR to 0 > • A STA shall set MFPC to 1, MFPR to 0 > > 3.4 > Additional Requirements on WPA3-Enterprise modes > The following additional requirements apply to all WPA3-Enterprise modes: > 1. An AP shall not enable WPA version 1 on the same BSS with WPA3-Enterprise > 2. An AP shall not enable WEP and TKIP on the same BSS as WPA3-Enterprise > > 3.5 > WPA3-Enterprise 192-bit mode > WPA3-Enterprise 192-bit mode is well suited for deployments in sensitive enterprise environments to further protect Wi- Fi® networks with higher security requirements such as government, defense, and industrial. > When operating in WPA3-Enterprise 192-bit mode: > 1. When WPA3-Enterprise 192-bit mode is used by an AP, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the AP). > 2. When WPA3-Enterprise 192-bit mode is used by a STA, PMF shall be set to required (MFPR bit in the RSN Capabilities field shall be set to 1 in the RSNE transmitted by the STA). > 3. Permitted EAP cipher suites for use with WPA3-Enterprise 192-bit mode are: > ▪ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 > - ECDHE and ECDSA using the 384-bit prime modulus curve P-384 > ▪ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > - ECDHE using the 384-bit prime modulus curve P-384 > - RSA ≥ 3072-bit modulus > ▪ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 > - RSA ≥ 3072-bit modulus - DHE ≥ 3072-bit modulus
On 6/26/22 17:21, Joerg Werner wrote: > WPA3 enterprise requires wpa_cipher to be GCMP-256, so if the user set > encryption to wpa3 or wpa3-mixed, then add GCMP-256. Also allow explicit > selection of GCMP-256 by adding gcmp256 at the end of the encryption > value. This code from hostapd looks like the driver has to support CCMP_256 or GCMP_256 to allow operation with SUITE_B_192: if (drv->capa.enc & (WPA_DRIVER_CAPA_ENC_CCMP_256 | WPA_DRIVER_CAPA_ENC_GCMP_256)) drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192; https://w1.fi/cgit/hostap/tree/src/drivers/driver_nl80211_capa.c#n1361 > > Signed-off-by: Joerg Werner <schreibubi@gmail.com> > --- > scripts/netifd-wireless.sh | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh > index 0e3293c..435a707 100644 > --- a/scripts/netifd-wireless.sh > +++ b/scripts/netifd-wireless.sh > @@ -221,6 +221,7 @@ wireless_vif_parse_encryption() { > *aes|*ccmp) wpa_cipher="CCMP";; > *tkip) wpa_cipher="TKIP";; > *gcmp) wpa_cipher="GCMP";; > + *gcmp256) wpa_cipher="GCMP-256";; > esac > > # 802.11n requires CCMP for WPA > @@ -246,7 +247,6 @@ wireless_vif_parse_encryption() { > wpa_cipher= > ;; > esac > - wpa_pairwise="$wpa_cipher" > > case "$encryption" in > owe*) > @@ -254,9 +254,11 @@ wireless_vif_parse_encryption() { > ;; > wpa3-mixed*) > auth_type=eap-eap192 > + wpa_cipher="${wpa_cipher} GCMP-256" > ;; > wpa3*) > auth_type=eap192 > + wpa_cipher="GCMP-256" Instead of setting it here I would prefer if wpa_cipher gets set to the wpa3 default earlier and can be overwritten if really wanted. I would prefer if you set it close to here the initial value is set depending on hwmode and someone could overwrite it with encryption setting. > ;; > psk3-mixed*|sae-mixed*) > auth_type=psk-sae > @@ -283,6 +285,7 @@ wireless_vif_parse_encryption() { > esac > ;; > esac > + wpa_pairwise="$wpa_cipher" > > case "$encryption" in > *osen*)
diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh index 0e3293c..435a707 100644 --- a/scripts/netifd-wireless.sh +++ b/scripts/netifd-wireless.sh @@ -221,6 +221,7 @@ wireless_vif_parse_encryption() { *aes|*ccmp) wpa_cipher="CCMP";; *tkip) wpa_cipher="TKIP";; *gcmp) wpa_cipher="GCMP";; + *gcmp256) wpa_cipher="GCMP-256";; esac # 802.11n requires CCMP for WPA @@ -246,7 +247,6 @@ wireless_vif_parse_encryption() { wpa_cipher= ;; esac - wpa_pairwise="$wpa_cipher" case "$encryption" in owe*) @@ -254,9 +254,11 @@ wireless_vif_parse_encryption() { ;; wpa3-mixed*) auth_type=eap-eap192 + wpa_cipher="${wpa_cipher} GCMP-256" ;; wpa3*) auth_type=eap192 + wpa_cipher="GCMP-256" ;; psk3-mixed*|sae-mixed*) auth_type=psk-sae @@ -283,6 +285,7 @@ wireless_vif_parse_encryption() { esac ;; esac + wpa_pairwise="$wpa_cipher" case "$encryption" in *osen*)
WPA3 enterprise requires wpa_cipher to be GCMP-256, so if the user set encryption to wpa3 or wpa3-mixed, then add GCMP-256. Also allow explicit selection of GCMP-256 by adding gcmp256 at the end of the encryption value. Signed-off-by: Joerg Werner <schreibubi@gmail.com> --- scripts/netifd-wireless.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)