aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-03-05 15:23:58 (GMT)
committerJouni Malinen <j@w1.fi>2019-03-05 15:23:58 (GMT)
commita9fe13035eeb97fc8f2b1fd38219054a10c26bba (patch)
treedd2950c2db8b4604d883d4d339f44aa1f95dce35 /wpa_supplicant
parent941bad5ef4db4dc6436f2d321d40abcb936ba7dd (diff)
downloadhostap-a9fe13035eeb97fc8f2b1fd38219054a10c26bba.zip
hostap-a9fe13035eeb97fc8f2b1fd38219054a10c26bba.tar.gz
hostap-a9fe13035eeb97fc8f2b1fd38219054a10c26bba.tar.bz2
SAE: Enable only groups 19, 20, and 21 in station mode
Remove groups 25 (192-bit Random ECP Group) and 26 (224-bit Random ECP Group) from the default SAE groups in station mode since those groups are not as strong as the mandatory group 19 (NIST P-256). In addition, add a warning about MODP groups 1, 2, 5, 22, 23, and 24 based on "MUST NOT" or "SHOULD NOT" categorization in RFC 8247. All the MODP groups were already disabled by default and would have needed explicit configuration to be allowed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/sme.c4
-rw-r--r--wpa_supplicant/wpa_supplicant.conf13
2 files changed, 11 insertions, 6 deletions
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index ba22a93..c22ddba 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -57,7 +57,7 @@ static int index_within_array(const int *array, int idx)
static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
{
int *groups = wpa_s->conf->sae_groups;
- int default_groups[] = { 19, 20, 21, 25, 26, 0 };
+ int default_groups[] = { 19, 20, 21, 0 };
if (!groups || groups[0] <= 0)
groups = default_groups;
@@ -1037,7 +1037,7 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
wpa_s->sme.sae.state == SAE_COMMITTED &&
(external || wpa_s->current_bss) && wpa_s->current_ssid) {
- int default_groups[] = { 19, 20, 21, 25, 26, 0 };
+ int default_groups[] = { 19, 20, 21, 0 };
u16 group;
groups = wpa_s->conf->sae_groups;
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 1bd43b2..d0be937 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -377,11 +377,16 @@ fast_reauth=1
# Enabled SAE finite cyclic groups in preference order
# By default (if this parameter is not set), the mandatory group 19 (ECC group
-# defined over a 256-bit prime order field) is preferred, but other groups are
-# also enabled. If this parameter is set, the groups will be tried in the
-# indicated order. The group values are listed in the IANA registry:
+# defined over a 256-bit prime order field, NIST P-256) is preferred and groups
+# 20 (NIST P-384) and 21 (NIST P-521) are also enabled. If this parameter is
+# set, the groups will be tried in the indicated order.
+# The group values are listed in the IANA registry:
# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9
-#sae_groups=21 20 19 26 25
+# Note that groups 1, 2, 5, 22, 23, and 24 should not be used in production
+# purposes due limited security (see RFC 8247). Groups that are not as strong as
+# group 19 (ECC, NIST P-256) are unlikely to be useful for production use cases
+# since all implementations are required to support group 19.
+#sae_groups=19 20 21
# Default value for DTIM period (if not overridden in network block)
#dtim_period=2