From 3e9ce48d24242c891968f65ae5160e967e73cfa5 Mon Sep 17 00:00:00 2001
From: Mikael Kanstrup <mikael.kanstrup@sony.com>
Date: Sun, 22 Mar 2020 10:06:56 +0100
Subject: [PATCH] dot11decrypt: Fix decryption of MFP enabled connections

MFP enabled connections with SHA-256 key management (IEEE 802.11w) use
EAPOL key version == 3. This case was missing making decryption of such
connections fail. Allow key version 3 to handle these too.

Change-Id: If9e3fcc5c3bbfb46e82b39dfed5b2a74787a4f16
Reviewed-on: https://code.wireshark.org/review/36534
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/crypt/dot11decrypt.c            |  19 ++++++++++---------
 test/captures/wpa2-psk-mfp.pcapng.gz | Bin 0 -> 3128 bytes
 test/suite_decryption.py             |  13 +++++++++++++
 3 files changed, 23 insertions(+), 9 deletions(-)
 create mode 100644 test/captures/wpa2-psk-mfp.pcapng.gz

diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c
index a9cebf5d01..d0c63e2b7b 100644
--- a/epan/crypt/dot11decrypt.c
+++ b/epan/crypt/dot11decrypt.c
@@ -328,8 +328,8 @@ Dot11DecryptCopyKey(PDOT11DECRYPT_SEC_ASSOCIATION sa, PDOT11DECRYPT_KEY_ITEM key
         key->KeyData.Wpa.Cipher = sa->wpa.cipher;
         if (sa->wpa.key_ver==DOT11DECRYPT_WPA_KEY_VER_NOT_CCMP)
             key->KeyType=DOT11DECRYPT_KEY_TYPE_TKIP;
-        else if (sa->wpa.key_ver == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP ||
-                 sa->wpa.key_ver == 0)
+        else if (sa->wpa.key_ver == 0 || sa->wpa.key_ver == 3 ||
+                 sa->wpa.key_ver == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP)
         {
             switch (sa->wpa.cipher) {
                 case 1:
@@ -1587,8 +1587,11 @@ Dot11DecryptRsna4WHandshake(
                 }
                 memcpy(eapol, eapol_raw, tot_len);
 
-                if (eapol_parsed->key_version == 0) {
-                   /* PTK derivation is based on Authentication Key Management Type */
+                /* From IEEE 802.11-2016 12.7.2 EAPOL-Key frames */
+                if (eapol_parsed->key_version == 0 || eapol_parsed->key_version == 3 ||
+                    eapol_parsed->key_version == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP)
+                {
+                    /* PTK derivation is based on Authentication Key Management Type */
                     akm = eapol_parsed->akm;
                     cipher = eapol_parsed->cipher;
                     group_cipher = eapol_parsed->group_cipher;
@@ -1597,11 +1600,9 @@ Dot11DecryptRsna4WHandshake(
                     akm = 2;
                     cipher = 2;
                     group_cipher = 2;
-                } else if (eapol_parsed->key_version  == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) {
-                     /* CCMP-128 */
-                    akm = eapol_parsed->akm;
-                    cipher = eapol_parsed->cipher;
-                    group_cipher = eapol_parsed->group_cipher;
+                } else {
+                    DEBUG_PRINT_LINE("EAPOL key_version not supported", DEBUG_LEVEL_3);
+                    return DOT11DECRYPT_RET_NO_VALID_HANDSHAKE;
                 }
 
                 /* derive the PTK from the BSSID, STA MAC, PMK, SNonce, ANonce */
diff --git a/test/captures/wpa2-psk-mfp.pcapng.gz b/test/captures/wpa2-psk-mfp.pcapng.gz
new file mode 100644
index 0000000000000000000000000000000000000000..da445aec3657d6b424c1f0bc2360a7ac3308470d
GIT binary patch
literal 3128
zcmV-849D{yiwFp`fOlR119xy?GA(d(Yb|YNa4v9TVQ_9|0Hs(7I8@yqJ~PIyh(c0L
zWf{vb#$J{|Whp5XvhOC_G`2{MrDRvuPi5&Nds(vn`9u;$LX;)x-y*w6B;tRE`IzME
z-}8LudG5XMJ<qwn`@ZLW&z$ED)22;K#Q*?p1rZ(?bX}q}IFJFFF7CEYC|x0>nk&&3
zrLQf7#LJ>(WH6YMNVVf9kvJq)Oa`N_;e$kZ;oTjOdU}VX#IQmD&;U+w6z}434k;}r
zDTYByVbJ!rF1AFxH2?@83l4fX6Ra%>NR$DdXzS)+NpuuKN|Hw+QJ%|JqBRCBCn1lv
zm&8ceNJ`ks$YG`Bp~6rjb0zaU3LT{79t3~`MnG`z#$v>rU0t9aMrZ^hbY=Mk4?w9w
z2OSG5w}3rsaT~W>k$5kJdzX87fVc(#N~w*-#9Oogz&#mL!CR=`Z*`{N%j4jb3X7DH
zgEU(ZVAHBRG{M;p#t?8RES`m(n~w%YLyLexj|jsMSOiAH!U?k#lEj*apgPkvg9Gpr
z0L{Y!b}TJ{)dpLGikviHqefyt034YSu8$iWpMt|+FhG+IfFN|Js+j>RtoVv%vUWo%
z?aV@QnsN}9qtf1wdbUn`0oV^)Qw^tRx1d|$X1GD!P?qCA)kTQ^Q{BHSuAB)BE9mdK
zuc+!S$&fTFAY4IJ7k*%UU9cfv0-Xc`8nxadID(mz>=DHmo}YcGAwLaW(LA1P|Ktpb
z2?4a=FdV=E*nw>)PU!0CySaOKdY$w3Iq!SnBFWD`ppTwx&B{ZsDB2pSv>gnH(!34f
z+f>>#l-Fxx+i=eO7@+h4Sj}4GR^<G<FrB91gMnWpYK1>pM-7#ZTL<ekQy`o|rGrj;
zy^dh`MmhkX2RS)pUcr%Y8ek3wVUS`9^%vofn_?^CZn<a8v=i=OYOZvQXBe~_x`w<f
z<C`>#-Lj#YU$+|YbH=pJE@@UmxRQ#0zwuA}VH;(Pnm>#NoQK1hSKkF|yy4cZG?01o
z8|m6Mwzy==dUdRxz|3^efv*>hvx~S?{vX*tpMn$%`!ny<4>two<R|z8-e0A4HDlbc
zHEsTOtXi`Wo~6<Tv-mx4*nae;49?NC>J9wgdJ`HW-^JkU>=}Ige2o10(SBgaT&N)5
zP^a5`Pns*8Hz4lW)?HropZi2_jXqr@sWTwZwYbdoHpQTB+@h4NQ$~@O$??!8W|orf
z;{@?}CY9*f*80XuVcmY2Q<;f**1=_?Nvgx5Y|$B(%k!~5v#BIOt@W8j+5Mj9Y(IK#
z4yRf391i|vTcn@aKREV?wzQ%9=u=-Gd9aq*hZJA8Lj04SXB(zL_i4+0JAsG>18@*O
zRkF+<cryAS$o%O6Yp@Cc)Dl*<Gy))Rp#VwlPd}Zz?{t4=OqEkKgK&7$y%RI1r7dLv
zvuTXsW}f;-t-MA~A3yiJavjW2{M=vbsOHyNE2iU+;-HzCKc>fqQrpcds8My(IE1TU
zS077>D-D{X8Y^NR!7bx<*<olpx!z*QtKIj8GN0fz@4*g_-6Hqv*eCp25v>R1W+$FX
zl@B{4-ZEDYO*|GU@UX7JcPPglBTD*?MBuQ6{YgDclYYZkhPg)u9tI+P5yUL>x~&i7
z-*pXLe1p9tdzhepso@wK$)K^rUgcA#`P*|>h3ekc*H>38+zf8Hk++@q&LwZljyzVE
zr3axUc<Fme6`m}T+A{S~lJ?<VZG0FP*$0!QbqnJ2`ZkV{x2;gEEwX~IKRt2du#O(^
z{eGy$K!T7zQqpB=-Jlv)77)B!XI@xK!Z<FosYqh<edmY!(PJ{odVU<XY6ZcsJX%a#
zqa+q5-aIjUoF!b)8v-Yl-d`kG_Rs7X9a#2`>|r^Thnx4`j7@;<6R13-4YvKsLqxFZ
zj{#f@8JyywhCfL3H>uI<^DD|0zA5{O-8<;9>g2PV)zdj$F9F&=&6-mWfg)y@6L}`1
zY_dJ&9AQs}*(Y{q;H2;N+E1SkYF7L2U*0?T>x7kE%>6SHyz`nDzi%6e%?_)~uyPr8
z#>CFY3RjNgq>`i^%nN#$7Q#Zf{VRnJwH0;9-Oyz&Y_pIFHxM$Gnj7fVGh;Y5Y#LN^
z)(fBLkoTUkln<NB^dFrbhp|TId0Z`!YtJZXiJ6sl-;od}Wb^KfImz^K-!c7{{>`2p
zVcG2k4Yz|f=}1jKY7HmU`R#C$)E*9G<cT<n?UNN+N=qsZuD`%lU6!03-huMVF#j``
zKCz5I7&8sCpUybdJV-iuD*S5Jo&6?Nf5Z<zNGT`1sYc}O$<D-=N3wbIq+Zc6H|C$Z
zn4sEbilqA_8ksiED_hIo#<yKX60I{-kzBk-V_z{spV?(j{sDTg&tUPgUu55!seJ2`
zO^eNj?z5?U%MAJ1H?Z;A^Mf!G#kYOc5>d`OtwP<KcGVV|$`)G91Sv8p<VnRf`rgqM
z6<0i@!0DKItg4iSiMHoE>HCL>7l-wm$6n0u&KY|a2m4^&7E&E3GEyWq$m_!qGJPjt
zZ@dvwyPq>@WItlp<|X`vIbEYiw@=VF)@D?_AU43cVn)3Ao=IihxFonOBT&pMD6TLe
z-nyZGjx(3zi_1)L3N~b`iK*aVAvVXy_3jbJBi^GYflZ92RZXsULEI4jCF_FKYhxu;
z(CB>q*j8o9mkrLrjOj<_A1a}ID|HstE}QVkVyYXoweXcW)>%deaat@bliK)!h1zju
zjmwcm9-qS*YV1v_K78B~+I=s6j9Z|+rHAIvy9uz48SU<pbVluG(Gy!sgp5@b5Q45l
zgezxU`xJOzrwJPvMFc7}Y}+SXea%{gG1n+qcOomb{PMdz0sDYg%65@-`vAR!w5A*#
zBE^m6;jq9|bmJjc3s<?jc6_ZSp}lxfZ;FTO*WlTUBXR53U`O9?uR-#5h@g1M3HI_y
z6W{FI&q<8Lc__#wj1=uQykw^;ZQ}MvnBA6`rwy2@sZCOMxVzZzru5_X;NOuxw&ad*
zl?_W`YIc;tKb(j+>wC_D)kcqa6mlD1NHQ`~I9C&4w_`rNQIoE7JY9mR2`xLEe%`ey
zy}A-N{rP!%zJIlg70Z+7IR^ZN4I)o^Iz}_qUL+=@yU!oWl1AO$b@uvbZqP-iQ@)7~
z2R?0I=rZw1{E{%NcqKfXSl-h9^+>^c3&A;eKRb;;t>odZ+v0A!a~~!w_&+%<h<|mV
zA+%Xtb8gzmS3;1~so%MmJ%%nlD>`{xR6gH~i@>e_wUo6w>8grZLMctIeh+b+FL@!=
z_&qJhLvf?9JE-b1@wYiP3avWlUY;v9x!<VXBFG%?-0ClUjkiKgx}APHkFiclV1Zx5
zIg~fzsY1Em(mth#Aw*(y!kepa2ETk92oG84JlKQ_wq9L>!C=j|TaBOF?I3Ko+_SQO
z6E1j^{J4KJsBZKPSHK9_W<f^m^?R#38!o@dF*7$(ek^)3mVb)p6zV04o6atiN#O`D
z>uCc`I-RpAn!$T4SKd$N5l+RU`Tgg1M+iHDwfuDc&Etpstotok!B+wK6Luv(fq^ZD
zpDQMd4@GTvVj8VNM!}B8F%FfL^vX}EW}HbnVS2cfPMHzc6(DHzZJ7g^ODYwY>(*b|
z$=}N)DlS_tZp3B7EMrzmE_0D_g7ePpQs)n}jvHV<m#o}fJ7hSj0Q5zk6GGvsNCAW?
znl{mRO1%a#vBkD@ve@ZTeAXY2`Nr=}eRSiK{%`p*ul4+@U4Q0xctd_0&K0@TCJH~@
z!0R;aZ4)f?jb@i~Totu)xC)6b-zp-}jSsj8AHNm0SH>mE$F%XY%WnQ8)La}V#guQt
z<sx?P*03Iz<%jC-Rem)Te%m2_U#>)4NQQ7SRi>toWtRR<rdpZyQZn_|ctOpg%N>mr
zuJ3_MxGBy^NehnGEuOi()(o%r3$RA`oUwYytvOPe78s}$!E?$!?X}W`C*zC)_W|)^
zl~LcWJM7f)6-fUifj|9}nf7g9e)+6Qo6E}~%SqZp+j_9<%yebeGAq2vv*twMPv)3b
zFk1=(yg<#>!^Pc}=!PT^T|MzOwl+vBZ=}u2A2M*jusk+;7iTdI1%J(-Ek!`smr{!s
S!qkoYj{gCe)TK5=5&!_Hz81Rx

literal 0
HcmV?d00001

diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index be6403f879..5afac4e049 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -65,6 +65,19 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
                 ))
         self.assertEqual(self.countOutput('802.11.*SN=.*FN=.*Flags='), 3)
 
+    def test_80211_wpa2_psk_mfp(self, cmd_tshark, capture_file, features):
+        '''IEEE 802.11 decode WPA2 PSK with MFP enabled (802.11w)'''
+        # Included in git sources test/captures/wpa2-psk-mfp.pcapng.gz
+        if not features.have_libgcrypt16:
+            self.skipTest('Requires GCrypt 1.6 or later.')
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('wpa2-psk-mfp.pcapng.gz'),
+                '-Y', 'wlan.analysis.tk == 4e30e8c019bea43ea5262b10853b818d || wlan.analysis.gtk == 70cdbf2e5bc0ca22e53930818a5d80e4',
+                ))
+        self.assertTrue(self.grepOutput('Who has 192.168.5.5'))   # Verifies GTK is correct
+        self.assertTrue(self.grepOutput('DHCP Request'))          # Verifies TK is correct
+        self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct
 
     def test_80211_wpa_tdls(self, cmd_tshark, capture_file, features):
         '''WPA decode traffic in a TDLS (Tunneled Direct-Link Setup) session (802.11z)'''