From: Jouni Malinen Date: Tue, 5 Mar 2019 15:18:11 +0000 (+0200) Subject: SAE: Enable only group 19 by default in AP mode X-Git-Tag: hostap_2_8~289 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=941bad5ef4db4dc6436f2d321d40abcb936ba7dd;p=thirdparty%2Fhostap.git SAE: Enable only group 19 by default in AP mode Change the AP mode default for SAE to enable only the group 19 instead of enabling all ECC groups that are supported by the used crypto library and the SAE implementations. The main reason for this is to avoid enabling groups that are not as strong as the mandatory-to-support group 19 (i.e., groups 25 and 26). In addition, this disables heavier groups by default. In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24 based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the MODP groups were already disabled by default and would have needed explicit configuration to be allowed. Signed-off-by: Jouni Malinen --- diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 57f0af7a0..7faac593f 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1574,12 +1574,16 @@ own_ip_addr=127.0.0.1 # Enabled SAE finite cyclic groups # SAE implementation are required to support group 19 (ECC group defined over a -# 256-bit prime order field). All groups that are supported by the -# implementation are enabled by default. This configuration parameter can be -# used to specify a limited set of allowed groups. The group values are listed -# in the IANA registry: +# 256-bit prime order field). This configuration parameter can be used to +# specify a set of allowed groups. If not included, only the mandatory group 19 +# is enabled. +# The group values are listed in the IANA registry: # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9 -#sae_groups=19 20 21 25 26 +# Note that groups 1, 2, 5, 22, 23, and 24 should not be used in production +# purposes due limited security (see RFC 8247). Groups that are not as strong as +# group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases +# since all implementations are required to support group 19. +#sae_groups=19 20 21 # Require MFP for all associations using SAE # This parameter can be used to enforce negotiation of MFP for all associations diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index d40ebad0e..63dcb111a 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -850,18 +850,21 @@ static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta) { struct sae_data *sae = sta->sae; int i, *groups = hapd->conf->sae_groups; + int default_groups[] = { 19, 0 }; if (sae->state != SAE_COMMITTED) return; wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group); - for (i = 0; groups && groups[i] > 0; i++) { + if (!groups) + groups = default_groups; + for (i = 0; groups[i] > 0; i++) { if (sae->group == groups[i]) break; } - if (!groups || groups[i] <= 0) { + if (groups[i] <= 0) { wpa_printf(MSG_DEBUG, "SAE: Previously selected group not found from the current configuration"); return; @@ -890,6 +893,11 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, { int resp = WLAN_STATUS_SUCCESS; struct wpabuf *data = NULL; + int *groups = hapd->conf->sae_groups; + int default_groups[] = { 19, 0 }; + + if (!groups) + groups = default_groups; #ifdef CONFIG_TESTING_OPTIONS if (hapd->conf->sae_reflection_attack && auth_transaction == 1) { @@ -955,8 +963,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, resp = WLAN_STATUS_UNSPECIFIED_FAILURE; goto reply; } - resp = sae_group_allowed(sta->sae, - hapd->conf->sae_groups, + resp = sae_group_allowed(sta->sae, groups, WPA_GET_LE16(pos)); if (resp != WLAN_STATUS_SUCCESS) { wpa_printf(MSG_ERROR, @@ -1025,7 +1032,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, ((const u8 *) mgmt) + len - mgmt->u.auth.variable, &token, - &token_len, hapd->conf->sae_groups); + &token_len, groups); if (resp == SAE_SILENTLY_DISCARD) { wpa_printf(MSG_DEBUG, "SAE: Drop commit message from " MACSTR " due to reflection attack",