osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

ieee80211: Fix WPA1 decryption 

PTK key derivation algorithm for WPA1 uses SHA1 not MD5.
MD5 is used for MIC only.

To avoid regression also add a decrypt test for WPA1 with
GTK rekeying.

Change-Id: Iabcf40c2f74d5dbc1d72cba0718c77020d97f61f
Fixes: v3.1.0rc0-342-g9cf77ec5e1 ("ieee80211: Support decrypting WPA3-Personal / SAE captures")
Reviewed-on: https://code.wireshark.org/review/32691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This commit is contained in:
Mikael Kanstrup 2019-04-02 15:50:08 +02:00 committed by Alexis La Goutte
parent 6c3467945c
commit 4b814187ac
3 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
epan/crypt/dot11decrypt.c
View File

@ -2269,7 +2269,7 @@ Dot11DecryptDerivePtk(
sa->wpa.cipher = 2; /* TKIP */
ptk_len_bits = 512;
DerivePtk = Dot11DecryptRsnaPrfX;
algo = GCRY_MD_MD5;
algo = GCRY_MD_SHA1;
} else if (key_version == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) {
sa->wpa.cipher = 4; /* CCMP-128 */
ptk_len_bits = 384;
@ -2309,7 +2309,7 @@ Dot11DecryptRsnaPrfX(
UCHAR R[100];
INT offset=sizeof("Pairwise key expansion");
UCHAR output[80]; /* allow for sha1 overflow. */
int hash_len = (hash_algo == GCRY_MD_MD5) ? 16 : 20;
int hash_len = 20;
memset(R, 0, 100);

BIN
test/captures/wpa1-gtk-rekey.pcapng.gz Normal file
View File

Binary file not shown.

11
test/suite_decryption.py
View File

@ -101,6 +101,17 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
self.assertTrue(self.grepOutput('Who has 192.168.5.2'))
self.assertTrue(self.grepOutput('DHCP ACK'))
def test_80211_wpa1_gtk_rekey(self, cmd_tshark, capture_file):
'''Decode WPA1 with multiple GTK rekeys'''
# Included in git sources test/captures/wpa1-gtk-rekey.pcapng.gz
self.assertRun((cmd_tshark,
'-o', 'wlan.enable_decryption: TRUE',
'-r', capture_file('wpa1-gtk-rekey.pcapng.gz'),
'-Y', 'wlan.analysis.tk == "d0e57d224c1bb8806089d8c23154074c" || wlan.analysis.gtk == "6eaf63f4ad7997ced353723de3029f4d" || wlan.analysis.gtk == "fb42811bcb59b7845376246454fbdab7"',
))
self.assertTrue(self.grepOutput('DHCP Discover'))
self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 8)
@fixtures.mark_usefixtures('test_env')
@fixtures.uses_fixtures
class case_decrypt_dtls(subprocesstest.SubprocessTestCase):