Only pass the C files files to checkAPIs (to match cmake and to allow
checkAPIs to pass this directory).
Change-Id: I305aeaaf1882061bad166957ae83383a0f35dfb7
Reviewed-on: https://code.wireshark.org/review/18513
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Instead of checking for the boolean "FALSE", just set an empty string.
This avoids the need to check for WERROR_COMMON_FLAGS before using it.
The transformation is the same for all files, remove
"if (WERROR_COMMON_FLAGS)" and "endif()", reindent and add quotes (since
we have a string here and not a list).
Modelines have been added where missing.
Change-Id: I0ab05ae507c51fa77336d49a99a226399cc81b92
Reviewed-on: https://code.wireshark.org/review/17997
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Tested-by: Dario Lombardo <lomato@gmail.com>
Setting our compiler warning flags in CMAKE_C_FLAGS does not allow
using different flags per target.
Allow for that possibility by setting the internal WS_WARNINGS_{C,CXX}_FLAGS
and using the COMPILE_OPTIONS property to set them.
This change is just setting mechanism and there should be no difference
in generated warnings.
The check_X_compiler_flag cmake test is changed to test each flag individually.
We need a list, not a space separated string, and the aggregate test is not
significant.
Change-Id: I59fc5cd7e130c7a5e001c598e3df3e13f83a6a25
Reviewed-on: https://code.wireshark.org/review/17150
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Enable airpdcap debugging with explicitly with AIRPDCAP_DEBUG instead
of _DEBUG. _DEBUG might be defined automatically by Visual C++ depending
on your build type and the extra output breaks the decryption tests.
Change-Id: If6d918beb4d91233b07a3bc7b6f2f7e1849171f0
Reviewed-on: https://code.wireshark.org/review/16755
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
It saves a little on file pollution and the g_warning call isn't
bothered in the header file.
Change-Id: Ia9bdd96d9d93bbba6811769c4e6e1ed9124c2e5a
Reviewed-on: https://code.wireshark.org/review/16698
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Now that nmake build system has been removed they are not needed anymore.
Change-Id: I88075f955bb4349185859c1af4be22e53de5850f
Reviewed-on: https://code.wireshark.org/review/16050
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
A pointer to a EAPOL_RSN_KEY is set on the packet presuming the
whole EAPOL_RSN_KEY is there. That's not always the case for
fuzzed/malicious captures.
Bug: 11585
Change-Id: Ib94b8aceef444c7820e43b969596efdb8dbecccd
Reviewed-on: https://code.wireshark.org/review/15540
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bug: 12175
Change-Id: Iaf977ba48f8668bf8095800a115ff9a3472dd893
Reviewed-on: https://code.wireshark.org/review/15326
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
This generates a top level target, checkAPI, that is
excluded from the ALL build target, so must be run separately.
On Windows using a Visual Studio generator, call
msbuild /p:Configuration=RelWithDebInfo checkAPI.vcxproj
Change-Id: I44a57c564dcfc75499463b942436f4b920a82478
Reviewed-on: https://code.wireshark.org/review/14873
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Graham Bloice <graham.bloice@trihedral.com>
Smaller epan/CMakeLists.txt is easier to work with and this structure
is well suited to CMake. It should make it easier to manage and configure
each epan module differently if necessary.
Change-Id: Ia649db3b7dcd405aa43dbdba3288699d5e375229
Reviewed-on: https://code.wireshark.org/review/14068
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: João Valverde <j@v6e.pt>
Remove mostly obsolete aclocal macros. Make GTK build flags a strict superset
of GLib flags. Use GTK build variables for GTK GUI and GLib elsewhere. Add
dependency flags explicitly instead of using WS_CPPFLAGS.
Some minor improvements and fixes for missing/unnecessary variables (no impact
on our test builds).
Change-Id: I3e1f067a875f79d6516c1fa7af986f17a7a6b671
Reviewed-on: https://code.wireshark.org/review/14005
Reviewed-by: João Valverde <j@v6e.pt>
- When scanning for keys, check for TDLS action frames
(need to have TLDS response or confirm to derive the key)
- When deriving PTK, also check MIC to ensure the key has been correctly
computed.
- As SA is between two STAs (and not STA and AP), store highest MAC
address in sa.bssid, and the other one in sa.sta
=> Add new function (AirPDcapGetSaAddress) that will check for TDLS
case.
- Add test in decryption suite
Bug: 11312
Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9
Reviewed-on: https://code.wireshark.org/review/13664
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
GNU coding standards recommend against it and automake is designed
around it.
This allows overriding the global build flags using AM_CFLAGS, etc.,
or per object flags, something that is difficult or impossible currently
because of automake precedence rules.
Change-Id: I3f1ea12e560af5a46b2f04b342b1882bbf123f12
Reviewed-on: https://code.wireshark.org/review/13455
Petri-Dish: João Valverde <j@v6e.pt>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: João Valverde <j@v6e.pt>
Use eapol key data length to differentiate between #2 and #4.
This should work around ieee802.11 client implementation errors.
Windows is setting the Secure Bit on #2 when rekeying and Bug 11994
has a sample capture with the Nonce set in #4 and are so both
violating the spec.
Bug: 11994
Change-Id: Ia9e9c68d08dae042cfa7fd9517892db211b0a00f
Reviewed-on: https://code.wireshark.org/review/13299
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
- When parsing key data for GTK, check both the IE ID (0xdd) and OUI-type (00-0F-AC 1)
as key data may contains more that one IE with ID (0xdd) and GTK KDE is not always the first one
- Determine key type (TKIP/CCMP) based on actual key length and not size of the whole key_data part
- Remove arbitrary limit on size of key_data
Bug: 11973
Change-Id: I8f71fe970c07a092131eada2be3936c12a61cdd5
Reviewed-on: https://code.wireshark.org/review/13182
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Enable decryption of Protected Management Frames by:
- Authorizing decryption for robust management frame (i.e. management
frame that may be encrypted): deauth, disassoc and action
(Note: Assume all action frames are robust even if it is not the case)
- Updating initialization of Additional Authentication Data (AAD)
(don't filter-out subtype) and construct nonce (set mgmt flag) for
management frames
Bug: 11995
Change-Id: I7c34a021e4c49111b85d217c9272d24d0e29ecb2
Reviewed-on: https://code.wireshark.org/review/13232
Reviewed-by: Michael Mann <mmann78@netscape.net>
It doesn't need to exist after AirPDcapDecryptWPABroadcastKey() returns.
Change-Id: Ifaf08dfb285be3cf54429f7b77d44565962d4450
Reviewed-on: https://code.wireshark.org/review/12808
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It doesn't need to persist after the function returns.
Change-Id: Ic601a6ef6a0aa0f22f9c8b9a1c586cec95093f27
Reviewed-on: https://code.wireshark.org/review/12805
Reviewed-by: Guy Harris <guy@alum.mit.edu>
at the moment, AirPDcapDecryptWPABroadcastKey() does not free the buffer
allocated by AES_unwrap() if there's an error while parsing the returned data
this could be fixed by adding more g_free() calls or by using wmem
memory
Change-Id: I332968da2186fbd17cbb7708082fa701dcab668e
Reviewed-on: https://code.wireshark.org/review/12744
Reviewed-by: Michael Mann <mmann78@netscape.net>
return an error if our key is shorter than the key type required for the
encryption method we detected
this check prevents an out-of-bounds memory access when the key is copied
Bug: 11826
Change-Id: Ic779b5d87aa97a3b2d2b2c92ce12d0fff4a85adc
Reviewed-on: https://code.wireshark.org/review/12743
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
to make sure that AirPDcapDecryptWPABroadcastKey() does not leak memory
when it returns an error
Change-Id: I01dc8dc0d6cc1e72e9784a262e35e24844e35dbc
Reviewed-on: https://code.wireshark.org/review/12745
Reviewed-by: Michael Mann <mmann78@netscape.net>
for cipher_len==56, some bytes of the output array are not written
An alternative approach would be to add a check for cipher_len.
I understand from RFC 3394 that the AES key wrap algorithm works on
multiples of 64bits and has no upper limit, we couldn't easily reject 56
bytes cipher_len.
Bug: 11527
Change-Id: Ie82357bbe5512de391813dd55098df7a16bda9ae
Reviewed-on: https://code.wireshark.org/review/12741
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
- Updated AirPDcapPacketProcess function description
- Try to return better error codes
- Remove broken/useless return of keys from AirPDcapRsna4WHandshake
Change-Id: I1e4e0a76f6d1307e11c0466f17935dd7030561e1
Reviewed-on: https://code.wireshark.org/review/12033
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I0d0c1a3dde14d9817aef28352081dfbfbac6c9fb
Reviewed-on: https://code.wireshark.org/review/11774
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
CMake's Visual C++ generator creates projects that compile with the
Debug configuration by default, which defines _DEBUG. Fix DEBUG_DUMP's
declaration so that we compile in that case.
While we're here note that the "airpd" prefix isn't limited to AirPcap,
so we might want to change it accordingly.
Change-Id: I5476f28c63020f0f66ee9128731bc4b3dc720765
Reviewed-on: https://code.wireshark.org/review/11787
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Do not leak the key and SSID. Note that there are still some leaks in
the GTK UI related to get_wireshark_keys(), but I did not track them
down.
Caught by LeakSanitizer.
Change-Id: I639166e6ea457605d6ae0ebd58e56d7594a7b7db
Reviewed-on: https://code.wireshark.org/review/10860
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Using memcpy with overlapping buffers is not safe; use memmove instead
Bug: 11549
Change-Id: I8e15eb0af38d325a5e67e8748008126ac5994588
Reviewed-on: https://code.wireshark.org/review/10652
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AirPDCapPacketProcess() really does two different things; some of the
stuff it does in both code paths only needs to be done in one code path.
Make it so.
Change-Id: Idb231d729150781f323e88ed375c983a3afd2577
Reviewed-on: https://code.wireshark.org/review/10439
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AES keys must be at least 128 bits; AES_unwrap returns a null pointer if
handed a too-short key, and we then just dereference that null pointer
and crash. Just give up with a too-short key.
Bug: 11507
Change-Id: Id1cf0a43c608597a11ff9df40f3654e6ff30619d
Reviewed-on: https://code.wireshark.org/review/10422
Reviewed-by: Guy Harris <guy@alum.mit.edu>
AirPDcapStoreSa() was assuming that ctx->first_free_index would always
be within the ctx->sa array; nothing guarantees that. Fail if it's past
the end of the array; that means there *are* no free indices.
Change-Id: I73145ea3f3dda1b3800a41fa3a2b01ac344dcbfc
Reviewed-on: https://code.wireshark.org/review/9634
Reviewed-by: Guy Harris <guy@alum.mit.edu>
A call of the 'memcpy' function will lead to the '& tmp_key' buffer becoming out of range.
Change-Id: I615a6c3e0dab8cfc2d240b6b39cff387e0689f35
Reviewed-on: https://code.wireshark.org/review/8796
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
While we are at it, put back some debug logs that were removed in g1439eb6 (otherwise msgbuf is no more initialized)
Change-Id: Ie34c4f2e638bc3ee77a0565446de37a15385dc0d
Reviewed-on: https://code.wireshark.org/review/8389
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
In AirPDcapRsnaPwd2PskStep(), digest[] holds an SSID plus 4 bytes of
count, so the size is MAX_SSID_LENGTH plus 4, and digest1[] holds an
SHA-1 digest, so the size is SHA1_DIGEST_LEN.
That makes it a bit clearer why those are the sizes.
Change-Id: I58ed6643f57675375f7f369470d600382323315f
Reviewed-on: https://code.wireshark.org/review/8387
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Have it allocate the buffer for the unwrapped key and return a pointer
to it, rather than having it be handed a buffer for that key.
That makes it a bit easier to validate, in AES_unwrap, that we don't
write past the end of the buffer.
Change-Id: Id02852c23054b3ed33eeeb383e7aa6cf12d02ed9
Reviewed-on: https://code.wireshark.org/review/8371
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Hopefully that'll make it a little easier to make sure that we're not
overflowing arrays.
Change-Id: I770df045ef9a45fd486c1271ea424b3334bb39d2
Reviewed-on: https://code.wireshark.org/review/8370
Reviewed-by: Guy Harris <guy@alum.mit.edu>
g1439eb6 changed AIRPDCAP_WPA_PSK_LEN from 64 bytes to 32 bytes, leading to a stack corruption in AirPDcapRsnaPwd2Psk() function
Change-Id: Ibf51f6749715055cd84906a144214ed44c85256b
Reviewed-on: https://code.wireshark.org/review/8358
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.
Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb7349 which made
AirPDcap responsible for managing its own memory.
Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Jeff Morriss