* GCMP and other unknown ciphers
@ 2022-10-06 13:22 Emil Velikov
2022-10-06 14:34 ` Denis Kenzior
0 siblings, 1 reply; 5+ messages in thread
From: Emil Velikov @ 2022-10-06 13:22 UTC (permalink / raw)
To: iwd
Greetings team,
Recently we've noticed that IWD fails to connect to WPA2-PSK networks
whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
amongst others.
Was my analysis correct - is GCMP supported? Are there any plans on doing so?
Somewhat relatedly - is there a configuration knob that one can switch
and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
case, we can opt for CCMP for example.
Thanks in advance,
Emil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GCMP and other unknown ciphers
2022-10-06 13:22 GCMP and other unknown ciphers Emil Velikov
@ 2022-10-06 14:34 ` Denis Kenzior
2022-10-25 14:27 ` Emil Velikov
0 siblings, 1 reply; 5+ messages in thread
From: Denis Kenzior @ 2022-10-06 14:34 UTC (permalink / raw)
To: Emil Velikov, iwd
[-- Attachment #1: Type: text/plain, Size: 897 bytes --]
Hi Emil,
On 10/6/22 08:22, Emil Velikov wrote:
> Greetings team,
>
> Recently we've noticed that IWD fails to connect to WPA2-PSK networks
> whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
> it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
> amongst others.
We do not support or select GCMP. But I'm not sure why this would prevent a
connection? We would always select CCMP instead. See wiphy_select_cipher().
Hmm... maybe we reject GCMP at a lower layer...? Try the attached patch?
>
> Was my analysis correct - is GCMP supported? Are there any plans on doing so?
No real plans, patches are always welcome.
>
> Somewhat relatedly - is there a configuration knob that one can switch
> and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
> case, we can opt for CCMP for example.
>
This should already happen.
Regards,
-Denis
[-- Attachment #2: 0001-ie-Skip-unknown-pairwise-ciphers.patch --]
[-- Type: text/x-patch, Size: 1627 bytes --]
From 155867e0acbb7ab656676dec666a1b75e25e90e6 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Thu, 6 Oct 2022 09:30:17 -0500
Subject: [PATCH] ie: Skip unknown pairwise ciphers
---
src/ie.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/src/ie.c b/src/ie.c
index 070454ef4f8f..13e921dac5bc 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -589,15 +589,14 @@ static bool ie_parse_group_cipher(const uint8_t *data,
return true;
}
-static bool ie_parse_pairwise_cipher(const uint8_t *data,
+static int ie_parse_pairwise_cipher(const uint8_t *data,
enum ie_rsn_cipher_suite *out)
{
enum ie_rsn_cipher_suite tmp;
-
bool r = ie_parse_cipher_suite(data, &tmp);
if (!r)
- return r;
+ return -ENOENT;
switch (tmp) {
case IE_RSN_CIPHER_SUITE_CCMP:
@@ -607,11 +606,11 @@ static bool ie_parse_pairwise_cipher(const uint8_t *data,
case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
break;
default:
- return false;
+ return -ERANGE;
}
*out = tmp;
- return true;
+ return 0;
}
static bool ie_parse_group_management_cipher(const uint8_t *data,
@@ -682,9 +681,12 @@ static int parse_ciphers(const uint8_t *data, size_t len,
/* Parse Pairwise Cipher Suite List field */
for (i = 0, out_info->pairwise_ciphers = 0; i < count; i++) {
enum ie_rsn_cipher_suite suite;
+ int r = ie_parse_pairwise_cipher(data + i * 4, &suite);
- if (!ie_parse_pairwise_cipher(data + i * 4, &suite))
- return -ERANGE;
+ if (r == -ENOENT) /* Skip unknown */
+ continue;
+ else if (r < 0)
+ return r;
out_info->pairwise_ciphers |= suite;
}
--
2.35.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: GCMP and other unknown ciphers
2022-10-06 14:34 ` Denis Kenzior
@ 2022-10-25 14:27 ` Emil Velikov
2022-10-25 15:31 ` Denis Kenzior
0 siblings, 1 reply; 5+ messages in thread
From: Emil Velikov @ 2022-10-25 14:27 UTC (permalink / raw)
To: Denis Kenzior; +Cc: iwd
Hi Denis,
Sorry for the late reply - been busy with some non-computer stuff.
On Thu, 6 Oct 2022 at 15:34, Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Emil,
>
> On 10/6/22 08:22, Emil Velikov wrote:
> > Greetings team,
> >
> > Recently we've noticed that IWD fails to connect to WPA2-PSK networks
> > whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
> > it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
> > amongst others.
>
> We do not support or select GCMP. But I'm not sure why this would prevent a
> connection? We would always select CCMP instead. See wiphy_select_cipher().
>
> Hmm... maybe we reject GCMP at a lower layer...? Try the attached patch?
>
Now that I've got the hardware at hand, it looks like iwd does not
list the network at all. I will try your patch and report shortly.
Details:
- Nighthawk X10 running dd-wrt
- WPA2 Personal (without SHA256)
- CCMP-128(AES) + GCMP
> >
> > Was my analysis correct - is GCMP supported? Are there any plans on doing so?
>
> No real plans, patches are always welcome.
>
Do you have a rough estimate of how much work that might be - are we
talking about weeks or months? How does one get access to the 802.11
spec these days?
> >
> > Somewhat relatedly - is there a configuration knob that one can switch
> > and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
> > case, we can opt for CCMP for example.
> >
>
> This should already happen.
>
That was my assumption as well, yet empirically it does not.
Thanks again
Emil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GCMP and other unknown ciphers
2022-10-25 14:27 ` Emil Velikov
@ 2022-10-25 15:31 ` Denis Kenzior
2022-11-07 15:53 ` Emil Velikov
0 siblings, 1 reply; 5+ messages in thread
From: Denis Kenzior @ 2022-10-25 15:31 UTC (permalink / raw)
To: Emil Velikov; +Cc: iwd
Hi Emil,
>>>
>>> Was my analysis correct - is GCMP supported? Are there any plans on doing so?
>>
>> No real plans, patches are always welcome.
>>
> Do you have a rough estimate of how much work that might be - are we
> talking about weeks or months? How does one get access to the 802.11
> spec these days?
>
There is a patchset on the mailing list that implements all ciphers listed in
802.11, including GCMP. Only tested in a synthetic environment since none of my
commercial APs seem to support anything besides TKIP/CCMP.
As far as obtaining 802.11 spec, you would probably need to purchase it from IEEE.
Regards,
-Denis
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GCMP and other unknown ciphers
2022-10-25 15:31 ` Denis Kenzior
@ 2022-11-07 15:53 ` Emil Velikov
0 siblings, 0 replies; 5+ messages in thread
From: Emil Velikov @ 2022-11-07 15:53 UTC (permalink / raw)
To: Denis Kenzior; +Cc: iwd
On Tue, 25 Oct 2022 at 16:32, Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Emil,
>
>
> >>>
> >>> Was my analysis correct - is GCMP supported? Are there any plans on doing so?
> >>
> >> No real plans, patches are always welcome.
> >>
> > Do you have a rough estimate of how much work that might be - are we
> > talking about weeks or months? How does one get access to the 802.11
> > spec these days?
> >
>
> There is a patchset on the mailing list that implements all ciphers listed in
> 802.11, including GCMP. Only tested in a synthetic environment since none of my
> commercial APs seem to support anything besides TKIP/CCMP.
>
I've tested it against a Netgear Nighthawk X10 with the following combinations:
WPA2 Personal (without SHA256)
- CCMP-128 (AES) + GCMP
- CCMP-256 only
- GCMP-256 only
All of the above are working like a charm. I haven't tried any
Enterprise combinations due to some unrelated hiccups on my test rig.
Huge thanks for the amazing help
Emil
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-11-07 15:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-06 13:22 GCMP and other unknown ciphers Emil Velikov
2022-10-06 14:34 ` Denis Kenzior
2022-10-25 14:27 ` Emil Velikov
2022-10-25 15:31 ` Denis Kenzior
2022-11-07 15:53 ` Emil Velikov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).