GCMP and other unknown ciphers

GCMP and other unknown ciphers

[Emil Velikov]

Greetings team,

Recently we've noticed that IWD fails to connect to WPA2-PSK networks
whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
amongst others.

Was my analysis correct - is GCMP supported? Are there any plans on doing so?

Somewhat relatedly - is there a configuration knob that one can switch
and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
case, we can opt for CCMP for example.

Thanks in advance,
Emil

Re: GCMP and other unknown ciphers

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 897 bytes --]

Hi Emil,

On 10/6/22 08:22, Emil Velikov wrote:
> Greetings team,
> 
> Recently we've noticed that IWD fails to connect to WPA2-PSK networks
> whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
> it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
> amongst others.

We do not support or select GCMP.  But I'm not sure why this would prevent a 
connection?  We would always select CCMP instead.  See wiphy_select_cipher().

Hmm... maybe we reject GCMP at a lower layer...?  Try the attached patch?

> 
> Was my analysis correct - is GCMP supported? Are there any plans on doing so?

No real plans, patches are always welcome.

> 
> Somewhat relatedly - is there a configuration knob that one can switch
> and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
> case, we can opt for CCMP for example.
> 

This should already happen.

Regards,
-Denis

[-- Attachment #2: 0001-ie-Skip-unknown-pairwise-ciphers.patch --]
[-- Type: text/x-patch, Size: 1627 bytes --]

From 155867e0acbb7ab656676dec666a1b75e25e90e6 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Thu, 6 Oct 2022 09:30:17 -0500
Subject: [PATCH] ie: Skip unknown pairwise ciphers

---
 src/ie.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/ie.c b/src/ie.c
index 070454ef4f8f..13e921dac5bc 100644
--- a/src/ie.c
+++ b/src/ie.c
@@ -589,15 +589,14 @@ static bool ie_parse_group_cipher(const uint8_t *data,
 	return true;
 }
 
-static bool ie_parse_pairwise_cipher(const uint8_t *data,
+static int ie_parse_pairwise_cipher(const uint8_t *data,
 					enum ie_rsn_cipher_suite *out)
 {
 	enum ie_rsn_cipher_suite tmp;
-
 	bool r = ie_parse_cipher_suite(data, &tmp);
 
 	if (!r)
-		return r;
+		return -ENOENT;
 
 	switch (tmp) {
 	case IE_RSN_CIPHER_SUITE_CCMP:
@@ -607,11 +606,11 @@ static bool ie_parse_pairwise_cipher(const uint8_t *data,
 	case IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER:
 		break;
 	default:
-		return false;
+		return -ERANGE;
 	}
 
 	*out = tmp;
-	return true;
+	return 0;
 }
 
 static bool ie_parse_group_management_cipher(const uint8_t *data,
@@ -682,9 +681,12 @@ static int parse_ciphers(const uint8_t *data, size_t len,
 	/* Parse Pairwise Cipher Suite List field */
 	for (i = 0, out_info->pairwise_ciphers = 0; i < count; i++) {
 		enum ie_rsn_cipher_suite suite;
+		int r = ie_parse_pairwise_cipher(data + i * 4, &suite);
 
-		if (!ie_parse_pairwise_cipher(data + i * 4, &suite))
-			return -ERANGE;
+		if (r == -ENOENT) /* Skip unknown */
+			continue;
+		else if (r < 0)
+			return r;
 
 		out_info->pairwise_ciphers |= suite;
 	}
-- 
2.35.1

Re: GCMP and other unknown ciphers

[Emil Velikov]

Hi Denis,

Sorry for the late reply - been busy with some non-computer stuff.

On Thu, 6 Oct 2022 at 15:34, Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Emil,
>
> On 10/6/22 08:22, Emil Velikov wrote:
> > Greetings team,
> >
> > Recently we've noticed that IWD fails to connect to WPA2-PSK networks
> > whenever GCMP+CCMP cipher is used. Browsing through the IWD code-base
> > it appears that it lacks support for GCMP, GCMP-256 and CCMP-256
> > amongst others.
>
> We do not support or select GCMP. But I'm not sure why this would prevent a
> connection?  We would always select CCMP instead.  See wiphy_select_cipher().
>
> Hmm... maybe we reject GCMP at a lower layer...?  Try the attached patch?
>

Now that I've got the hardware at hand, it looks like iwd does not
list the network at all. I will try your patch and report shortly.

Details:
 - Nighthawk X10 running dd-wrt
 - WPA2 Personal (without SHA256)
 - CCMP-128(AES) + GCMP

> >
> > Was my analysis correct - is GCMP supported? Are there any plans on doing so?
>
> No real plans, patches are always welcome.
>
Do you have a rough estimate of how much work that might be -  are we
talking about weeks or months? How does one get access to the 802.11
spec these days?

> >
> > Somewhat relatedly - is there a configuration knob that one can switch
> > and let IWD fall-back to the other supported ciphers? In the GCMP+CCMP
> > case, we can opt for CCMP for example.
> >
>
> This should already happen.
>
That was my assumption as well, yet empirically it does not.

Thanks again
Emil

Re: GCMP and other unknown ciphers

[Denis Kenzior]

Hi Emil,


>>>
>>> Was my analysis correct - is GCMP supported? Are there any plans on doing so?
>>
>> No real plans, patches are always welcome.
>>
> Do you have a rough estimate of how much work that might be -  are we
> talking about weeks or months? How does one get access to the 802.11
> spec these days?
> 

There is a patchset on the mailing list that implements all ciphers listed in 
802.11, including GCMP.  Only tested in a synthetic environment since none of my 
commercial APs seem to support anything besides TKIP/CCMP.

As far as obtaining 802.11 spec, you would probably need to purchase it from IEEE.

Regards,
-Denis

Re: GCMP and other unknown ciphers

[Emil Velikov]

On Tue, 25 Oct 2022 at 16:32, Denis Kenzior <denkenz@gmail.com> wrote:
>
> Hi Emil,
>
>
> >>>
> >>> Was my analysis correct - is GCMP supported? Are there any plans on doing so?
> >>
> >> No real plans, patches are always welcome.
> >>
> > Do you have a rough estimate of how much work that might be -  are we
> > talking about weeks or months? How does one get access to the 802.11
> > spec these days?
> >
>
> There is a patchset on the mailing list that implements all ciphers listed in
> 802.11, including GCMP.  Only tested in a synthetic environment since none of my
> commercial APs seem to support anything besides TKIP/CCMP.
>
I've tested it against a Netgear Nighthawk X10 with the following combinations:

WPA2 Personal (without SHA256)
 - CCMP-128 (AES) + GCMP
 - CCMP-256 only
 - GCMP-256 only

All of the above are working like a charm. I haven't tried any
Enterprise combinations due to some unrelated hiccups on my test rig.

Huge thanks for the amazing help
Emil