forked from osmocom/wireshark
ieee80211: GCMP decryption support
Add support for decrypting GCMP/GCMP-256 encrypted IEEE 802.11 traffic Bug: 16197 Change-Id: I907d772665141c8be10a9f4a187bd76594c8d2e4 Reviewed-on: https://code.wireshark.org/review/36346 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
f3a9d9abed
commit
cf4c0552e7
|
@ -43,6 +43,7 @@ else()
|
||||||
list(APPEND CRYPT_FILES
|
list(APPEND CRYPT_FILES
|
||||||
dot11decrypt_ccmp.c
|
dot11decrypt_ccmp.c
|
||||||
dot11decrypt_util.c
|
dot11decrypt_util.c
|
||||||
|
dot11decrypt_gcmp.c
|
||||||
)
|
)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
|
|
@ -345,6 +345,12 @@ Dot11DecryptCopyKey(PDOT11DECRYPT_SEC_ASSOCIATION sa, PDOT11DECRYPT_KEY_ITEM key
|
||||||
case 5:
|
case 5:
|
||||||
key->KeyType = DOT11DECRYPT_KEY_TYPE_WEP_104;
|
key->KeyType = DOT11DECRYPT_KEY_TYPE_WEP_104;
|
||||||
break;
|
break;
|
||||||
|
case 8:
|
||||||
|
key->KeyType = DOT11DECRYPT_KEY_TYPE_GCMP;
|
||||||
|
break;
|
||||||
|
case 9:
|
||||||
|
key->KeyType = DOT11DECRYPT_KEY_TYPE_GCMP_256;
|
||||||
|
break;
|
||||||
case 10:
|
case 10:
|
||||||
key->KeyType = DOT11DECRYPT_KEY_TYPE_CCMP_256;
|
key->KeyType = DOT11DECRYPT_KEY_TYPE_CCMP_256;
|
||||||
break;
|
break;
|
||||||
|
@ -355,8 +361,6 @@ Dot11DecryptCopyKey(PDOT11DECRYPT_SEC_ASSOCIATION sa, PDOT11DECRYPT_KEY_ITEM key
|
||||||
case 3: Reserved
|
case 3: Reserved
|
||||||
case 6: BIP-CMAC-128
|
case 6: BIP-CMAC-128
|
||||||
case 7: Group addressed traffic not allowed
|
case 7: Group addressed traffic not allowed
|
||||||
case 8: GCMP-128
|
|
||||||
case 9: GCMP-256
|
|
||||||
case 11: BIP-GMAC-128
|
case 11: BIP-GMAC-128
|
||||||
case 12: BIP-GMAC-256
|
case 12: BIP-GMAC-256
|
||||||
case 13: BIP-CMAC-256 */
|
case 13: BIP-CMAC-256 */
|
||||||
|
@ -1204,6 +1208,24 @@ Dot11DecryptRsnaMng(
|
||||||
/* remove MIC and ICV from the end of packet */
|
/* remove MIC and ICV from the end of packet */
|
||||||
*decrypt_len -= DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV;
|
*decrypt_len -= DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV;
|
||||||
break;
|
break;
|
||||||
|
} else if (sa->wpa.cipher == 8 || sa->wpa.cipher == 9) {
|
||||||
|
DEBUG_PRINT_LINE("GCMP", DEBUG_LEVEL_3);
|
||||||
|
|
||||||
|
if (*decrypt_len < DOT11DECRYPT_GCMP_TRAILER) {
|
||||||
|
DEBUG_PRINT_LINE("Invalid decryption length", DEBUG_LEVEL_3);
|
||||||
|
g_free(try_data);
|
||||||
|
return DOT11DECRYPT_RET_UNSUCCESS;
|
||||||
|
}
|
||||||
|
ret = Dot11DecryptGcmpDecrypt(try_data, mac_header_len, (INT)*decrypt_len,
|
||||||
|
DOT11DECRYPT_GET_TK(sa->wpa.ptk, sa->wpa.akm),
|
||||||
|
Dot11DecryptGetTkLen(sa->wpa.cipher) / 8);
|
||||||
|
if (ret) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
DEBUG_PRINT_LINE("GCMP DECRYPTED!!!", DEBUG_LEVEL_3);
|
||||||
|
/* remove MIC from the end of packet */
|
||||||
|
*decrypt_len -= DOT11DECRYPT_GCMP_TRAILER;
|
||||||
|
break;
|
||||||
} else {
|
} else {
|
||||||
/* AES-CCMP -> HMAC-SHA1-128 is the EAPOL-Key MIC, AES wep_key wrap is the EAPOL-Key encryption algorithm */
|
/* AES-CCMP -> HMAC-SHA1-128 is the EAPOL-Key MIC, AES wep_key wrap is the EAPOL-Key encryption algorithm */
|
||||||
DEBUG_PRINT_LINE("CCMP", DEBUG_LEVEL_3);
|
DEBUG_PRINT_LINE("CCMP", DEBUG_LEVEL_3);
|
||||||
|
|
|
@ -0,0 +1,111 @@
|
||||||
|
/* dot11decrypt_gcmp.c
|
||||||
|
*
|
||||||
|
* Wireshark - Network traffic analyzer
|
||||||
|
* By Gerald Combs <gerald@wireshark.org>
|
||||||
|
* Copyright 1998 Gerald Combs
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
|
*/
|
||||||
|
|
||||||
|
/****************************************************************************/
|
||||||
|
/* File includes */
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#include "dot11decrypt_debug.h"
|
||||||
|
#include "dot11decrypt_int.h"
|
||||||
|
#include "dot11decrypt_system.h"
|
||||||
|
#include "dot11decrypt_util.h"
|
||||||
|
|
||||||
|
#include <glib.h>
|
||||||
|
#include <wsutil/wsgcrypt.h>
|
||||||
|
|
||||||
|
/****************************************************************************/
|
||||||
|
/* Internal definitions */
|
||||||
|
|
||||||
|
/****************************************************************************/
|
||||||
|
/* Internal macros */
|
||||||
|
|
||||||
|
#define READ_6(b0, b1, b2, b3, b4, b5) \
|
||||||
|
((((guint64)((guint16)((b4 << 0) | (b5 << 8)))) << 32) | \
|
||||||
|
((guint32)((b0 << 0) | (b1 << 8) | (b2 << 16) | (b3 << 24))))
|
||||||
|
|
||||||
|
/****************************************************************************/
|
||||||
|
/* Internal function prototypes declarations */
|
||||||
|
|
||||||
|
/****************************************************************************/
|
||||||
|
/* Function definitions */
|
||||||
|
|
||||||
|
/* From IEEE 802.11 2016 Chapter 12.5.5.3.4 Construct GCM nonce */
|
||||||
|
static void
|
||||||
|
gcmp_construct_nonce(
|
||||||
|
PDOT11DECRYPT_MAC_FRAME wh,
|
||||||
|
guint64 pn,
|
||||||
|
guint8 nonce[12])
|
||||||
|
{
|
||||||
|
/* Nonce: A2 | PN */
|
||||||
|
DOT11DECRYPT_ADDR_COPY(nonce, wh->addr2);
|
||||||
|
nonce[6] = (guint8)(pn >> 40);
|
||||||
|
nonce[7] = (guint8)(pn >> 32);
|
||||||
|
nonce[8] = (guint8)(pn >> 24);
|
||||||
|
nonce[9] = (guint8)(pn >> 16);
|
||||||
|
nonce[10] = (guint8)(pn >> 8);
|
||||||
|
nonce[11] = (guint8)(pn >> 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int Dot11DecryptGcmpDecrypt(
|
||||||
|
guint8 *m,
|
||||||
|
int mac_header_len,
|
||||||
|
int len,
|
||||||
|
guint8 *TK1,
|
||||||
|
int tk_len)
|
||||||
|
{
|
||||||
|
PDOT11DECRYPT_MAC_FRAME wh;
|
||||||
|
guint8 aad[30];
|
||||||
|
guint8 nonce[12];
|
||||||
|
guint8 mic[16];
|
||||||
|
ssize_t data_len;
|
||||||
|
size_t aad_len;
|
||||||
|
int z = mac_header_len;
|
||||||
|
gcry_cipher_hd_t handle;
|
||||||
|
guint64 pn;
|
||||||
|
guint8 *ivp = m + z;
|
||||||
|
|
||||||
|
wh = (PDOT11DECRYPT_MAC_FRAME )m;
|
||||||
|
data_len = len - (z + DOT11DECRYPT_GCMP_HEADER + sizeof(mic));
|
||||||
|
if (data_len < 1) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(mic, m + len - sizeof(mic), sizeof(mic));
|
||||||
|
pn = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]);
|
||||||
|
gcmp_construct_nonce(wh, pn, nonce);
|
||||||
|
dot11decrypt_construct_aad(wh, aad, &aad_len);
|
||||||
|
|
||||||
|
if (gcry_cipher_open(&handle, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_GCM, 0)) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (gcry_cipher_setkey(handle, TK1, tk_len)) {
|
||||||
|
goto err_out;
|
||||||
|
}
|
||||||
|
if (gcry_cipher_setiv(handle, nonce, sizeof(nonce))) {
|
||||||
|
goto err_out;
|
||||||
|
}
|
||||||
|
if (gcry_cipher_authenticate(handle, aad, aad_len)) {
|
||||||
|
goto err_out;
|
||||||
|
}
|
||||||
|
if (gcry_cipher_decrypt(handle, m + z + DOT11DECRYPT_GCMP_HEADER, data_len, NULL, 0)) {
|
||||||
|
goto err_out;
|
||||||
|
}
|
||||||
|
if (gcry_cipher_checktag(handle, mic, sizeof(mic))) {
|
||||||
|
goto err_out;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* TODO replay check (IEEE 802.11i-2004, pg. 62) */
|
||||||
|
/* TODO PN must be incremental (IEEE 802.11i-2004, pg. 62) */
|
||||||
|
|
||||||
|
gcry_cipher_close(handle);
|
||||||
|
return 0;
|
||||||
|
err_out:
|
||||||
|
gcry_cipher_close(handle);
|
||||||
|
return 1;
|
||||||
|
}
|
|
@ -15,6 +15,9 @@
|
||||||
#include "dot11decrypt_interop.h"
|
#include "dot11decrypt_interop.h"
|
||||||
#include "dot11decrypt_system.h"
|
#include "dot11decrypt_system.h"
|
||||||
|
|
||||||
|
#include "ws_attributes.h"
|
||||||
|
#include <wsutil/wsgcrypt.h>
|
||||||
|
|
||||||
/****************************************************************************/
|
/****************************************************************************/
|
||||||
|
|
||||||
/****************************************************************************/
|
/****************************************************************************/
|
||||||
|
@ -166,4 +169,38 @@ typedef struct _DOT11DECRYPT_MAC_FRAME_ADDR4_QOS {
|
||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
|
|
||||||
|
int Dot11DecryptCcmpDecrypt(
|
||||||
|
guint8 *m,
|
||||||
|
int mac_header_len,
|
||||||
|
int len,
|
||||||
|
guint8 *TK1,
|
||||||
|
int tk_len,
|
||||||
|
int mic_len);
|
||||||
|
|
||||||
|
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
||||||
|
int Dot11DecryptGcmpDecrypt(
|
||||||
|
guint8 *m,
|
||||||
|
int mac_header_len,
|
||||||
|
int len,
|
||||||
|
guint8 *TK1,
|
||||||
|
int tk_len);
|
||||||
|
#else
|
||||||
|
static inline int Dot11DecryptGcmpDecrypt(
|
||||||
|
guint8 *m _U_,
|
||||||
|
int mac_header_len _U_,
|
||||||
|
int len _U_,
|
||||||
|
guint8 *TK1 _U_,
|
||||||
|
int tk_len _U_)
|
||||||
|
{
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
INT Dot11DecryptTkipDecrypt(
|
||||||
|
UCHAR *tkip_mpdu,
|
||||||
|
size_t mpdu_len,
|
||||||
|
UCHAR TA[DOT11DECRYPT_MAC_LEN],
|
||||||
|
UCHAR TK[DOT11DECRYPT_TK_LEN])
|
||||||
|
;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -75,6 +75,9 @@
|
||||||
#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
|
#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
|
||||||
#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
|
#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
|
||||||
|
|
||||||
|
#define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
|
||||||
|
#define DOT11DECRYPT_GCMP_TRAILER 16
|
||||||
|
|
||||||
#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
|
#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
|
||||||
#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
|
#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
|
||||||
|
|
||||||
|
@ -437,21 +440,6 @@ INT Dot11DecryptDestroyContext(
|
||||||
PDOT11DECRYPT_CONTEXT ctx)
|
PDOT11DECRYPT_CONTEXT ctx)
|
||||||
;
|
;
|
||||||
|
|
||||||
int Dot11DecryptCcmpDecrypt(
|
|
||||||
guint8 *m,
|
|
||||||
int mac_header_len,
|
|
||||||
int len,
|
|
||||||
guint8 *TK1,
|
|
||||||
int tk_len,
|
|
||||||
int mic_len);
|
|
||||||
|
|
||||||
extern INT Dot11DecryptTkipDecrypt(
|
|
||||||
UCHAR *tkip_mpdu,
|
|
||||||
size_t mpdu_len,
|
|
||||||
UCHAR TA[DOT11DECRYPT_MAC_LEN],
|
|
||||||
UCHAR TK[DOT11DECRYPT_TK_LEN])
|
|
||||||
;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -32,6 +32,8 @@
|
||||||
#define DOT11DECRYPT_KEY_TYPE_TKIP 6
|
#define DOT11DECRYPT_KEY_TYPE_TKIP 6
|
||||||
#define DOT11DECRYPT_KEY_TYPE_CCMP 7
|
#define DOT11DECRYPT_KEY_TYPE_CCMP 7
|
||||||
#define DOT11DECRYPT_KEY_TYPE_CCMP_256 8
|
#define DOT11DECRYPT_KEY_TYPE_CCMP_256 8
|
||||||
|
#define DOT11DECRYPT_KEY_TYPE_GCMP 9
|
||||||
|
#define DOT11DECRYPT_KEY_TYPE_GCMP_256 10
|
||||||
#define DOT11DECRYPT_KEY_TYPE_UNKNOWN -1
|
#define DOT11DECRYPT_KEY_TYPE_UNKNOWN -1
|
||||||
|
|
||||||
/* Decryption algorithms fields size definition (bytes) */
|
/* Decryption algorithms fields size definition (bytes) */
|
||||||
|
|
|
@ -24082,6 +24082,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
#define PROTECTION_ALG_TKIP DOT11DECRYPT_KEY_TYPE_TKIP
|
#define PROTECTION_ALG_TKIP DOT11DECRYPT_KEY_TYPE_TKIP
|
||||||
#define PROTECTION_ALG_CCMP DOT11DECRYPT_KEY_TYPE_CCMP
|
#define PROTECTION_ALG_CCMP DOT11DECRYPT_KEY_TYPE_CCMP
|
||||||
#define PROTECTION_ALG_CCMP_256 DOT11DECRYPT_KEY_TYPE_CCMP_256
|
#define PROTECTION_ALG_CCMP_256 DOT11DECRYPT_KEY_TYPE_CCMP_256
|
||||||
|
#define PROTECTION_ALG_GCMP DOT11DECRYPT_KEY_TYPE_GCMP
|
||||||
|
#define PROTECTION_ALG_GCMP_256 DOT11DECRYPT_KEY_TYPE_GCMP_256
|
||||||
#define PROTECTION_ALG_RSNA PROTECTION_ALG_CCMP | PROTECTION_ALG_TKIP
|
#define PROTECTION_ALG_RSNA PROTECTION_ALG_CCMP | PROTECTION_ALG_TKIP
|
||||||
#define IS_TKIP(tvb, hdr_len) (tvb_get_guint8(tvb, hdr_len + 1) == \
|
#define IS_TKIP(tvb, hdr_len) (tvb_get_guint8(tvb, hdr_len + 1) == \
|
||||||
((tvb_get_guint8(tvb, hdr_len) | 0x20) & 0x7f))
|
((tvb_get_guint8(tvb, hdr_len) | 0x20) & 0x7f))
|
||||||
|
@ -25227,6 +25229,9 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256)
|
else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256)
|
||||||
wep_tree = proto_tree_add_subtree(hdr_tree, tvb, hdr_len, 8,
|
wep_tree = proto_tree_add_subtree(hdr_tree, tvb, hdr_len, 8,
|
||||||
ett_wep_parameters, NULL, "CCMP parameters");
|
ett_wep_parameters, NULL, "CCMP parameters");
|
||||||
|
else if (algorithm == PROTECTION_ALG_GCMP || algorithm == PROTECTION_ALG_GCMP_256)
|
||||||
|
wep_tree = proto_tree_add_subtree(hdr_tree, tvb, hdr_len, 8,
|
||||||
|
ett_wep_parameters, NULL, "GCMP parameters");
|
||||||
else {
|
else {
|
||||||
if (IS_TKIP(tvb, hdr_len)) {
|
if (IS_TKIP(tvb, hdr_len)) {
|
||||||
algorithm=PROTECTION_ALG_TKIP;
|
algorithm=PROTECTION_ALG_TKIP;
|
||||||
|
@ -25249,7 +25254,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
tvb_get_guint8(tvb, hdr_len + 2));
|
tvb_get_guint8(tvb, hdr_len + 2));
|
||||||
proto_tree_add_string(wep_tree, hf_ieee80211_tkip_extiv, tvb, hdr_len,
|
proto_tree_add_string(wep_tree, hf_ieee80211_tkip_extiv, tvb, hdr_len,
|
||||||
EXTIV_LEN, out_buff);
|
EXTIV_LEN, out_buff);
|
||||||
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256) {
|
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256 ||
|
||||||
|
algorithm == PROTECTION_ALG_GCMP || algorithm == PROTECTION_ALG_GCMP_256) {
|
||||||
g_snprintf(out_buff, SHORT_STR, "0x%08X%02X%02X",
|
g_snprintf(out_buff, SHORT_STR, "0x%08X%02X%02X",
|
||||||
tvb_get_letohl(tvb, hdr_len + 4),
|
tvb_get_letohl(tvb, hdr_len + 4),
|
||||||
tvb_get_guint8(tvb, hdr_len + 1),
|
tvb_get_guint8(tvb, hdr_len + 1),
|
||||||
|
@ -25395,6 +25401,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
g_strlcpy(wlan_stats.protection, "TKIP", MAX_PROTECT_LEN);
|
g_strlcpy(wlan_stats.protection, "TKIP", MAX_PROTECT_LEN);
|
||||||
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256) {
|
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256) {
|
||||||
g_strlcpy(wlan_stats.protection, "CCMP", MAX_PROTECT_LEN);
|
g_strlcpy(wlan_stats.protection, "CCMP", MAX_PROTECT_LEN);
|
||||||
|
} else if (algorithm == PROTECTION_ALG_GCMP || algorithm == PROTECTION_ALG_GCMP_256) {
|
||||||
|
g_strlcpy(wlan_stats.protection, "GCMP", MAX_PROTECT_LEN);
|
||||||
} else {
|
} else {
|
||||||
g_strlcpy(wlan_stats.protection, "Unknown", MAX_PROTECT_LEN);
|
g_strlcpy(wlan_stats.protection, "Unknown", MAX_PROTECT_LEN);
|
||||||
}
|
}
|
||||||
|
@ -25437,6 +25445,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
|
||||||
add_new_data_source(pinfo, next_tvb, "Decrypted WEP data");
|
add_new_data_source(pinfo, next_tvb, "Decrypted WEP data");
|
||||||
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256) {
|
} else if (algorithm == PROTECTION_ALG_CCMP || algorithm == PROTECTION_ALG_CCMP_256) {
|
||||||
add_new_data_source(pinfo, next_tvb, "Decrypted CCMP data");
|
add_new_data_source(pinfo, next_tvb, "Decrypted CCMP data");
|
||||||
|
} else if (algorithm == PROTECTION_ALG_GCMP || algorithm == PROTECTION_ALG_GCMP_256) {
|
||||||
|
add_new_data_source(pinfo, next_tvb, "Decrypted GCMP data");
|
||||||
} else if (algorithm==PROTECTION_ALG_TKIP) {
|
} else if (algorithm==PROTECTION_ALG_TKIP) {
|
||||||
add_new_data_source(pinfo, next_tvb, "Decrypted TKIP data");
|
add_new_data_source(pinfo, next_tvb, "Decrypted TKIP data");
|
||||||
}
|
}
|
||||||
|
@ -26453,6 +26463,11 @@ try_decrypt(tvbuff_t *tvb, packet_info *pinfo, guint offset, guint len,
|
||||||
*sec_header = DOT11DECRYPT_RSNA_HEADER;
|
*sec_header = DOT11DECRYPT_RSNA_HEADER;
|
||||||
*sec_trailer = DOT11DECRYPT_CCMP_256_TRAILER;
|
*sec_trailer = DOT11DECRYPT_CCMP_256_TRAILER;
|
||||||
break;
|
break;
|
||||||
|
case DOT11DECRYPT_KEY_TYPE_GCMP:
|
||||||
|
case DOT11DECRYPT_KEY_TYPE_GCMP_256:
|
||||||
|
*sec_header = DOT11DECRYPT_RSNA_HEADER;
|
||||||
|
*sec_trailer = DOT11DECRYPT_GCMP_TRAILER;
|
||||||
|
break;
|
||||||
case DOT11DECRYPT_KEY_TYPE_TKIP:
|
case DOT11DECRYPT_KEY_TYPE_TKIP:
|
||||||
*sec_header=DOT11DECRYPT_RSNA_HEADER;
|
*sec_header=DOT11DECRYPT_RSNA_HEADER;
|
||||||
*sec_trailer=DOT11DECRYPT_TKIP_TRAILER;
|
*sec_trailer=DOT11DECRYPT_TKIP_TRAILER;
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -171,6 +171,34 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
|
||||||
self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct
|
self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct
|
||||||
self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct
|
self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct
|
||||||
|
|
||||||
|
def test_80211_wpa_gcmp(self, cmd_tshark, capture_file, features):
|
||||||
|
'''IEEE 802.11 decode GCMP'''
|
||||||
|
# Included in git sources test/captures/wpa-gcmp.pcapng.gz
|
||||||
|
if not features.have_libgcrypt16:
|
||||||
|
self.skipTest('Requires GCrypt 1.6 or later.')
|
||||||
|
self.assertRun((cmd_tshark,
|
||||||
|
'-o', 'wlan.enable_decryption: TRUE',
|
||||||
|
'-r', capture_file('wpa-gcmp.pcapng.gz'),
|
||||||
|
'-Y', 'wlan.analysis.tk == 755a9c1c9e605d5ff62849e4a17a935c || wlan.analysis.gtk == 7ff30f7a8dd67950eaaf2f20a869a62d',
|
||||||
|
))
|
||||||
|
self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK is correct
|
||||||
|
self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct
|
||||||
|
self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct
|
||||||
|
|
||||||
|
def test_80211_wpa_gcmp_256(self, cmd_tshark, capture_file, features):
|
||||||
|
'''IEEE 802.11 decode GCMP-256'''
|
||||||
|
# Included in git sources test/captures/wpa-gcmp-256.pcapng.gz
|
||||||
|
if not features.have_libgcrypt16:
|
||||||
|
self.skipTest('Requires GCrypt 1.6 or later.')
|
||||||
|
self.assertRun((cmd_tshark,
|
||||||
|
'-o', 'wlan.enable_decryption: TRUE',
|
||||||
|
'-r', capture_file('wpa-gcmp-256.pcapng.gz'),
|
||||||
|
'-Y', 'wlan.analysis.tk == b3dc2ff2d88d0d34c1ddc421cea17f304af3c46acbbe7b6d808b6ebf1b98ec38 || wlan.analysis.gtk == a745ee2313f86515a155c4cb044bc148ae234b9c72707f772b69c2fede3e4016',
|
||||||
|
))
|
||||||
|
self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK is correct
|
||||||
|
self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct
|
||||||
|
self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct
|
||||||
|
|
||||||
@fixtures.mark_usefixtures('test_env')
|
@fixtures.mark_usefixtures('test_env')
|
||||||
@fixtures.uses_fixtures
|
@fixtures.uses_fixtures
|
||||||
class case_decrypt_dtls(subprocesstest.SubprocessTestCase):
|
class case_decrypt_dtls(subprocesstest.SubprocessTestCase):
|
||||||
|
|
Loading…
Reference in New Issue