ieee80211: Support decrypting OWE captures

Add support for decryping OWE (Opportunistic Wireless Encryption) captures. Ping-Bug: 15621 Change-Id: I223fd0cd96260408bce2b5d7661f216c351da8a8 Reviewed-on: https://code.wireshark.org/review/32524 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-03-22 17:10:35 +01:00 · 2019-03-22 17:10:35 +01:00 · 94461234f9
parent 8cdc958426
commit 94461234f9
4 changed files with 17 additions and 1 deletions
--- a/epan/crypt/dot11decrypt.c
+++ b/epan/crypt/dot11decrypt.c
@ -1811,6 +1811,7 @@ Dot11DecryptGetIntegrityAlgoFromAkm(int akm, int *algo, gboolean *hmac)
            break;
 #endif
        case 11:
+        case 18:
            *algo = GCRY_MD_SHA256;
            *hmac = TRUE;
            break;
@ -1836,7 +1837,7 @@ Dot11DecryptRsnaMicCheck(
    int akm)
 {
    UCHAR mic[DOT11DECRYPT_WPA_MICKEY_LEN];
-    UCHAR c_mic[HASH_SHA1_LENGTH] = { 0 };  /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */
+    UCHAR c_mic[32] = { 0 };  /* MIC 16 byte, though HMAC-SHA256 algo need 32 bytes buffer */
    int algo = -1;
    gboolean hmac = TRUE;

@ -2165,6 +2166,7 @@ static int Dot11DecryptGetPtkLen(int akm, int cipher)
        case 6:
        case 8:
        case 11:
+        case 18:
            /* KCK len + KEK len + TK len */
            ptk_len = 128 + 128 + Dot11DecryptGetTkLen(cipher);
            break;
@ -2201,6 +2203,7 @@ Dot11DecryptGetDeriveFuncFromAkm(int akm)
        case 11:
        case 12:
        case 13:
+        case 18:
            func = Dot11DecryptRsnaKdfX;
            break;
        default:
@ -2229,6 +2232,7 @@ Dot11DecryptGetDeriveAlgoFromAkm(int akm)
        case 9:
        case 10:
        case 11:
+        case 18:
            algo = GCRY_MD_SHA256;
            break;
        case 12:
--- a/test/captures/owe.pcapng.gz
+++ b/test/captures/owe.pcapng.gz
--- a/test/config/80211_keys.tmpl
+++ b/test/config/80211_keys.tmpl
@ -6,3 +6,4 @@
 "wpa-psk","79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a"
 "wpa-psk","23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162"
 "wpa-psk","ecbfe709d6151eaba6a4fd9cba94fbb570c1fc4c15506fad3185b4a0a0cfda9a"
+"wpa-psk","a4b0b2efa7f77d1006eccf1a814b62125c15fac5c137d9cdff8c75c43194268f"
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@ -90,6 +90,17 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
        self.assertTrue(self.grepOutput('Who has 192.168.5.18'))
        self.assertTrue(self.grepOutput('DHCP ACK'))

+    def test_80211_owe(self, cmd_tshark, capture_file):
+        '''IEEE 802.11 decode OWE'''
+        # Included in git sources test/captures/owe.pcapng.gz
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('owe.pcapng.gz'),
+                '-Y', 'wlan.analysis.tk == 10f3deccc00d5c8f629fba7a0fff34aa || wlan.analysis.gtk == 016b04ae9e6050bcc1f940dda9ffff2b',
+                ))
+        self.assertTrue(self.grepOutput('Who has 192.168.5.2'))
+        self.assertTrue(self.grepOutput('DHCP ACK'))
+
@fixtures.mark_usefixtures('test_env')
@fixtures.uses_fixtures
 class case_decrypt_dtls(subprocesstest.SubprocessTestCase):