iwlwifi GTK rekey is not working with WPA3 SAE encryption

iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

Hi Johannes,

My AP is configured as WPA3 SAE encrytption, and GTK rekey interval 30s. After enable WoWLan:

	iw phy0 wowlan enable disconnect

and put system to s2idle state:

	echo mem > /sys/power/state

I see in sniffer there is M1 frame from AP to station but didn;t see M2 response. AP retries for some times but finally kicked out station.

such issue is not seen after changing AP encryption to WPA2.

HW in use:

00:14.3 Network controller: Intel Corporation Ice Lake-LP PCH CNVi WiFi (rev 30)
        Subsystem: Rivet Networks Ice Lake-LP PCH CNVi WiFi
        Flags: bus master, fast devsel, latency 0, IRQ 16
        Memory at 603ebb4000 (64-bit, non-prefetchable) [size=16K]
        Capabilities: <access denied>
        Kernel driver in use: iwlwifi
        Kernel modules: iwlwifi

kernel is from https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/ and with version:

Linux xps13 5.19.0-rc8-wt-ath+ #4 SMP PREEMPT_DYNAMIC Tue Dec 26 17:02:03 CST 2023 x86_64 x86_64 x86_64 GNU/Linux


is this an known issue? or am I missing something?

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Johannes Berg]

> 
> HW in use:
> 
> 00:14.3 Network controller: Intel Corporation Ice Lake-LP PCH CNVi WiFi (rev 30)
>         Subsystem: Rivet Networks Ice Lake-LP PCH CNVi WiFi
> 

I guess with the issue you're describing, the interesting part would be
the precise _firmware_ version. There should be a line printed on driver
load (or firmware crash) with the exact git revision (and hardware type,
which would be easier than trying to map from the platform above.)

johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Kalle Valo]

Baochen Qiang <quic_bqiang@quicinc.com> writes:

> Hi Johannes,
>
> My AP is configured as WPA3 SAE encrytption, and GTK rekey interval 30s. After enable WoWLan:
>
> 	iw phy0 wowlan enable disconnect
>
> and put system to s2idle state:
>
> 	echo mem > /sys/power/state
>
> I see in sniffer there is M1 frame from AP to station but didn;t see
> M2 response. AP retries for some times but finally kicked out station.
>
> such issue is not seen after changing AP encryption to WPA2.
>
> HW in use:
>
> 00:14.3 Network controller: Intel Corporation Ice Lake-LP PCH CNVi WiFi (rev 30)
>         Subsystem: Rivet Networks Ice Lake-LP PCH CNVi WiFi
>         Flags: bus master, fast devsel, latency 0, IRQ 16
>         Memory at 603ebb4000 (64-bit, non-prefetchable) [size=16K]
>         Capabilities: <access denied>
>         Kernel driver in use: iwlwifi
>         Kernel modules: iwlwifi
>
> kernel is from https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/ and with version:
>
> Linux xps13 5.19.0-rc8-wt-ath+ #4 SMP PREEMPT_DYNAMIC Tue Dec 26 17:02:03 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
>
> is this an known issue? or am I missing something?

That kernel is over two years old, have your tried a recent kernel
version?

-- 
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

On 10/21/2024 2:53 PM, Johannes Berg wrote:
>>
>> HW in use:
>>
>> 00:14.3 Network controller: Intel Corporation Ice Lake-LP PCH CNVi WiFi (rev 30)
>>         Subsystem: Rivet Networks Ice Lake-LP PCH CNVi WiFi
>>
> 
> I guess with the issue you're describing, the interesting part would be
> the precise _firmware_ version. There should be a line printed on driver
> load (or firmware crash) with the exact git revision (and hardware type,
> which would be easier than trying to map from the platform above.)
> 
the version is:

Oct 21 17:50:17 xps13 kernel: [  153.733492] Intel(R) Wireless WiFi driver for Linux
Oct 21 17:50:17 xps13 kernel: [  153.741608] iwlwifi 0000:00:14.3: Detected crf-id 0x3617, cnv-id 0x2000300 wfpm id 0x80000000
Oct 21 17:50:17 xps13 kernel: [  153.741637] iwlwifi 0000:00:14.3: PCI dev 34f0/1651, rev=0x332, rfid=0x10a100
Oct 21 17:50:17 xps13 kernel: [  153.741641] iwlwifi 0000:00:14.3: Detected Intel(R) Wi-Fi 6 AX203
Oct 21 17:50:17 xps13 kernel: [  153.754977] iwlwifi 0000:00:14.3: TLV_FW_FSEQ_VERSION: FSEQ Version: 89.3.35.37
Oct 21 17:50:17 xps13 kernel: [  153.758773] iwlwifi 0000:00:14.3: loaded firmware version 77.0b4c06ad.0 Qu-c0-hr-b0-77.ucode op_mode iwlmvm
Oct 21 17:50:18 xps13 kernel: [  154.006138] iwlwifi 0000:00:14.3: Detected RF HR B3, rfid=0x10a100
Oct 21 17:50:18 xps13 kernel: [  154.072512] iwlwifi 0000:00:14.3: base HW address: 0c:dd:24:6a:0e:2d
Oct 21 17:50:18 xps13 kernel: [  154.421002] iwlwifi 0000:00:14.3: Registered PHC clock: iwlwifi-PTP, with index: 0


> johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

On 10/21/2024 3:27 PM, Kalle Valo wrote:
> Baochen Qiang <quic_bqiang@quicinc.com> writes:
> 
>> Hi Johannes,
>>
>> My AP is configured as WPA3 SAE encrytption, and GTK rekey interval 30s. After enable WoWLan:
>>
>> 	iw phy0 wowlan enable disconnect
>>
>> and put system to s2idle state:
>>
>> 	echo mem > /sys/power/state
>>
>> I see in sniffer there is M1 frame from AP to station but didn;t see
>> M2 response. AP retries for some times but finally kicked out station.
>>
>> such issue is not seen after changing AP encryption to WPA2.
>>
>> HW in use:
>>
>> 00:14.3 Network controller: Intel Corporation Ice Lake-LP PCH CNVi WiFi (rev 30)
>>         Subsystem: Rivet Networks Ice Lake-LP PCH CNVi WiFi
>>         Flags: bus master, fast devsel, latency 0, IRQ 16
>>         Memory at 603ebb4000 (64-bit, non-prefetchable) [size=16K]
>>         Capabilities: <access denied>
>>         Kernel driver in use: iwlwifi
>>         Kernel modules: iwlwifi
>>
>> kernel is from https://git.kernel.org/pub/scm/linux/kernel/git/ath/ath.git/ and with version:
>>
>> Linux xps13 5.19.0-rc8-wt-ath+ #4 SMP PREEMPT_DYNAMIC Tue Dec 26 17:02:03 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
>>
>> is this an known issue? or am I missing something?
> 
> That kernel is over two years old, have your tried a recent kernel
> version?
previously I just used an existing kernel and tried. just upgraded to the latest Linus's tree, but same issue.

Linux xps13 6.12.0-rc4 #3 SMP PREEMPT_DYNAMIC Mon Oct 21 17:43:05 CST 2024 x86_64 x86_64 x86_64 GNU/Linux

> 

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Johannes Berg]

On Mon, 2024-10-21 at 18:05 +0800, Baochen Qiang wrote:
> 
> Oct 21 17:50:17 xps13 kernel: [  153.758773] iwlwifi 0000:00:14.3: loaded firmware version 77.0b4c06ad.0 Qu-c0-hr-b0-77.ucode op_mode iwlmvm

Huh, I'm surprised you have that version :)

Hm. Support for SAE AKMs should've been backported, so that's a bit odd.
What's the AKM in use, ciphers, etc.?

johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

On 10/21/2024 6:17 PM, Johannes Berg wrote:
> On Mon, 2024-10-21 at 18:05 +0800, Baochen Qiang wrote:
>>
>> Oct 21 17:50:17 xps13 kernel: [  153.758773] iwlwifi 0000:00:14.3: loaded firmware version 77.0b4c06ad.0 Qu-c0-hr-b0-77.ucode op_mode iwlmvm
> 
> Huh, I'm surprised you have that version :)
i just upgrade to the latest linux-firmware repo :)

> 
> Hm. Support for SAE AKMs should've been backported, so that's a bit odd.
> What's the AKM in use, ciphers, etc.?
i am not familiar with 802.11 security, guessing it is SAE & CCMP?

here is M2 in 4-way handshake:

802.1X Authentication
    Version: 802.1X-2001 (1)
    Type: Key (3)
    Length: 126
    Key Descriptor Type: EAPOL RSN Key (2)
    [Message number: 2]
    Key Information: 0x0108
        .... .... .... .000 = Key Descriptor Version: Unknown (0)
        .... .... .... 1... = Key Type: Pairwise Key
        .... .... ..00 .... = Key Index: 0
        .... .... .0.. .... = Install: Not set
        .... .... 0... .... = Key ACK: Not set
        .... ...1 .... .... = Key MIC: Set
        .... ..0. .... .... = Secure: Not set
        .... .0.. .... .... = Error: Not set
        .... 0... .... .... = Request: Not set
        ...0 .... .... .... = Encrypted Key Data: Not set
        ..0. .... .... .... = SMK Message: Not set
    Key Length: 0
    Replay Counter: 1
    WPA Key Nonce: c10f804544a44114c39ae7044839aab67c82be3ca1a1816641bc98bed35d0271
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: 0000000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 183a4a5e17e821561cfc0088ee6729c0
    WPA Key Data Length: 31
    WPA Key Data: 301a0100000fac040100000fac040100000fac0880000000000fac06f40120
        Tag: RSN Information
            Tag Number: RSN Information (48)
            Tag length: 26
            RSN Version: 1
            Group Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
                Group Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
                Group Cipher Suite type: AES (CCM) (4)
            Pairwise Cipher Suite Count: 1
            Pairwise Cipher Suite List 00:0f:ac (Ieee 802.11) AES (CCM)
                Pairwise Cipher Suite: 00:0f:ac (Ieee 802.11) AES (CCM)
                    Pairwise Cipher Suite OUI: 00:0f:ac (Ieee 802.11)
                    Pairwise Cipher Suite type: AES (CCM) (4)
            Auth Key Management (AKM) Suite Count: 1
            Auth Key Management (AKM) List 00:0f:ac (Ieee 802.11) SAE (SHA256)
                Auth Key Management (AKM) Suite: 00:0f:ac (Ieee 802.11) SAE (SHA256)
            RSN Capabilities: 0x0080
                .... .... .... ...0 = RSN Pre-Auth capabilities: Transmitter does not support pre-authentication
                .... .... .... ..0. = RSN No Pairwise capabilities: Transmitter can support WEP default key 0 simultaneously with Pairwise key
                .... .... .... 00.. = RSN PTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
                .... .... ..00 .... = RSN GTKSA Replay Counter capabilities: 1 replay counter per PTKSA/GTKSA/STAKeySA (0x0)
                .... .... .0.. .... = Management Frame Protection Required: False
                .... .... 1... .... = Management Frame Protection Capable: True
                .... ...0 .... .... = Joint Multi-band RSNA: False
                .... ..0. .... .... = PeerKey Enabled: False
                ..0. .... .... .... = Extended Key ID for Individually Addressed Frames: Not supported
                .0.. .... .... .... = OCVC: False
            PMKID Count: 0
            PMKID List
            Group Management Cipher Suite: 00:0f:ac (Ieee 802.11) BIP (128)
        Tag: RSN eXtension (1 octet)

> 
> johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Johannes Berg]

On Mon, 2024-10-21 at 18:35 +0800, Baochen Qiang wrote:
> > > 
> > > Oct 21 17:50:17 xps13 kernel: [  153.758773] iwlwifi 0000:00:14.3: loaded firmware version 77.0b4c06ad.0 Qu-c0-hr-b0-77.ucode op_mode iwlmvm
> > 
> > Huh, I'm surprised you have that version :)
> i just upgrade to the latest linux-firmware repo :)

Oh, didn't realize that was released there already.

> > Hm. Support for SAE AKMs should've been backported, so that's a bit odd.
> > What's the AKM in use, ciphers, etc.?
> i am not familiar with 802.11 security, guessing it is SAE & CCMP?
> 
> here is M2 in 4-way handshake:
> 

Can you also capture the rekeying M1?

johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

On 10/21/2024 6:45 PM, Johannes Berg wrote:
> On Mon, 2024-10-21 at 18:35 +0800, Baochen Qiang wrote:
>>>>
>>>> Oct 21 17:50:17 xps13 kernel: [  153.758773] iwlwifi 0000:00:14.3: loaded firmware version 77.0b4c06ad.0 Qu-c0-hr-b0-77.ucode op_mode iwlmvm
>>>
>>> Huh, I'm surprised you have that version :)
>> i just upgrade to the latest linux-firmware repo :)
> 
> Oh, didn't realize that was released there already.
> 
>>> Hm. Support for SAE AKMs should've been backported, so that's a bit odd.
>>> What's the AKM in use, ciphers, etc.?
>> i am not familiar with 802.11 security, guessing it is SAE & CCMP?
>>
>> here is M2 in 4-way handshake:
>>
> 
> Can you also capture the rekeying M1?
this is rekey M1:

802.1X Authentication
    Version: 802.1X-2004 (2)
    Type: Key (3)
    Length: 159
    Key Descriptor Type: EAPOL RSN Key (2)
    [Message number: 1]
    Key Information: 0x1380
        .... .... .... .000 = Key Descriptor Version: Unknown (0)
        .... .... .... 0... = Key Type: Group Key
        .... .... ..00 .... = Key Index: 0
        .... .... .0.. .... = Install: Not set
        .... .... 1... .... = Key ACK: Set
        .... ...1 .... .... = Key MIC: Set
        .... ..1. .... .... = Secure: Set
        .... .0.. .... .... = Error: Not set
        .... 0... .... .... = Request: Not set
        ...1 .... .... .... = Encrypted Key Data: Set
        ..0. .... .... .... = SMK Message: Not set
    Key Length: 0
    Replay Counter: 5
    WPA Key Nonce: 0000000000000000000000000000000000000000000000000000000000000000
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: 0000000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 8ea97cf0e8547fdaa82432f8fc0ea23b
    WPA Key Data Length: 64
    WPA Key Data: ac3e43897dfc934f8f84d58e6fa5bd6c26ae666a29892de0a30d43c7dc7a063ac6b5884718d8945274c0df6559e48c861efec804b5be920bd5550c43b0889ea0


> 
> johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Johannes Berg]

On Mon, 2024-10-21 at 18:48 +0800, Baochen Qiang wrote:
> 
> 802.1X Authentication
> 
>     WPA Key Data Length: 64
>     WPA Key Data: ac3e43897dfc934f8f84d58e6fa5bd6c26ae666a29892de0a30d43c7dc7a063ac6b5884718d8945274c0df6559e48c861efec804b5be920bd5550c43b0889ea0

Yeah, OK, never mind, we'd need to decrypt that with the KEK.

Not sure how to debug this. I'd think we have tests for this, but I
guess I'd have to check if they run on this device/fw.

johannes

Re: iwlwifi GTK rekey is not working with WPA3 SAE encryption

[Baochen Qiang]

On 10/21/2024 6:50 PM, Johannes Berg wrote:
> On Mon, 2024-10-21 at 18:48 +0800, Baochen Qiang wrote:
>>
>> 802.1X Authentication
>>
>>     WPA Key Data Length: 64
>>     WPA Key Data: ac3e43897dfc934f8f84d58e6fa5bd6c26ae666a29892de0a30d43c7dc7a063ac6b5884718d8945274c0df6559e48c861efec804b5be920bd5550c43b0889ea0
> 
> Yeah, OK, never mind, we'd need to decrypt that with the KEK.
> 
> Not sure how to debug this. I'd think we have tests for this, but I
> guess I'd have to check if they run on this device/fw.
Ah, great Johannes. thanks for looking into this.

> 
> johannes