The sha1 function outputs a multiple of 20 bytes while the ptk buffer
has only a size of 64 bytes. Follow the hint in 802.11i-2004, page 164
and use an output buffer of 80 octets.
Noticed when running Wireshark with ASAN, on exit it would try to free a
"next" pointer which was filled with sha1 garbage. It probably got
triggered via 3f8fbb7349 which made
AirPDcap responsible for managing its own memory.
Bug: 10849
Change-Id: I10c1b9c2e224e5571d746c01fc389f86d25994a1
Reviewed-on: https://code.wireshark.org/review/7645
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Tested-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(The other calls are just wrapped in macros)
Change-Id: I6a029dddf7742ba95510ec24cec30553461e48c6
Reviewed-on: https://code.wireshark.org/review/6558
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Most of the remaining ep_ uses are grouped with specific functionality.
Change-Id: I8fa64a17acc6bcdcf6891b2d28715ac0c58f1a4a
Reviewed-on: https://code.wireshark.org/review/6484
Reviewed-by: Michael Mann <mmann78@netscape.net>
A little bit of guess work is involved as the group key can use a
different cipher to the pairwise key, and we are trying to do this
purely based on the EAPOL messages with no prior knowledge of the
associate request. We try to guess the cipher based on the lengths.
Bug:8734
Change-Id: I4c456b45939c00a9d1122406891f704fa037349c
Reviewed-on: https://code.wireshark.org/review/3183
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
(Copyright or info about file...)
Change-Id: I90ba8b1c3ec8406b0c3365a69a8555837fc4bbb1
Reviewed-on: https://code.wireshark.org/review/515
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
obvious that the returned string is ephemeral, and opens up the original names
in the API for versions that take a wmem pool (and thus can work in any scope).
svn path=/trunk/; revision=54249
airpdcap.c:470:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
airpdcap.c:611:18: error: declaration of 'address' shadows a global declaration [-Werror=shadow]
svn path=/trunk/; revision=53216
airpdcap.c:131:11: error: parameter 'password' not found in the function declaration [-Werror,-Wdocumentation]
* @param password [IN] pointer to a password (sequence of between 8 and
^~~~~~~~
airpdcap.c:154:11: error: parameter 'password' not found in the function declaration [-Werror,-Wdocumentation]
* @param password [IN] pointer to a password (sequence of between 8 and
^~~~~~~~
svn path=/trunk/; revision=51254
Needed to convert use of old IEEE802.11 preference strings to UAT. Since UAT is self-contained within its own file, the entire preference file doesn't need to be rewritten/saved when UAT values are changed.
svn path=/trunk/; revision=48308
airpdcap: For FromDS and ToDS both set use magic
All 802.11 data frames on the AMP link shall be sent with ToDS and FromDS
bits in the Frame Control field both set to one. Currently for this packets
we get different associations for the same EAPOL sequence since addr2 and
addr1 change.
svn path=/trunk/; revision=45923
Add 802.11 AMP LLC/SNAP header
Add LLC/SNAP header specified in BLUETOOTH SPECIFICATION Version 4.0 [Vol 5]
802.11 Protocol Adaptation Layer Functional Specification.
The SNAP header composed of the OUI of the Bluetooth SIG and the protocol
identifier given in spec mentioned shall be used to distinguish AMP 4-way handshake
messages from external security traffic. Decode this traffic as 802.1X authentication.
Part of
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7633
svn path=/trunk/; revision=45920
In order to compile the whole project with -DG_DISABLE_DEPRECATED
the mate plugin needs to replace its usage of GMemChunk.
All other places should be clean.
svn path=/trunk/; revision=38392
Removed "key prefix" need within GUI so it's a little more intuitive (because
that's what this bug is complaining about). Slight backwards compatibility
issue with UAT (because key prefix was in previous keys), but all development
(including fix for BUG 1123 that created UAT) has just been on SVN and not
released.
Also adjusted AirPCap (airpcap_loader.c) to account for the lack of "key
prefix".
Addressed some memory leaks/excess string creation.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5985
svn path=/trunk/; revision=37888
I'm reasonably sure that I introduced this bug and I apologize for the problems
with my previous patch. The problem is that I did not use all of the seen
keys, I used all except the first key, which in a case of one key is none.
The attached patch fixes the error.
svn path=/trunk/; revision=29843
Airpdcap does not allow for more than one key to be stored for a pair of nodes.
This means that when a device associates more than once the previous keys are
lost. This is ok for the first pass as the newest key is all that is needed
but when the user tries to click on a packet, to get the tree, which used a
previous key all that is seen is the encrypted data. The attached patch stores
previous associations in a linked list and will try all known keys before
decided the packet can't be decrypted. The list of keys is garbage collected
when a new capture is started.
svn path=/trunk/; revision=28449
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
still declared by <string.h> on some platforms (at least the way we
compile, with all sorts of non-ANSI C/non-POSIX stuff added).
svn path=/trunk/; revision=25551
- Change ugly GLIB version checking statements to GLIB_CHECK_VERSION
- Remove ws_strsplit files because we no longer need to borrow GLIB2's
g_strsplit code for the no longer supported GLIB1 builds
svn path=/trunk/; revision=24829
and call AirPDcapInitContext() where we were previously calling
AirPDcapCleanKeys(). If we're resetting our keys, we should reset our
SA list and other associated data as well.
svn path=/trunk/; revision=24562
Peter Wu