2007-01-12 00:54:13 +00:00
|
|
|
/* airpcap_debug.h
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2006 CACE Technologies, Davis (California)
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
2018-03-08 14:53:58 +00:00
|
|
|
* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only)
|
2007-01-12 00:54:13 +00:00
|
|
|
*/
|
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#ifndef _DOT11DECRYPT_DEBUG_H
|
|
|
|
|
#define _DOT11DECRYPT_DEBUG_H
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#include "dot11decrypt_interop.h"
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
/* #define DOT11DECRYPT_DEBUG 1 */
|
2016-07-28 19:26:19 +00:00
|
|
|
|
2019-04-23 11:50:40 +00:00
|
|
|
/* Debug level definition */
|
|
|
|
|
#define DEBUG_LEVEL_1 1
|
|
|
|
|
#define DEBUG_LEVEL_2 2
|
|
|
|
|
#define DEBUG_LEVEL_3 3
|
|
|
|
|
#define DEBUG_LEVEL_4 4
|
|
|
|
|
#define DEBUG_LEVEL_5 5
|
|
|
|
|
|
|
|
|
|
#define DEBUG_USED_LEVEL DEBUG_LEVEL_3
|
2006-12-05 21:06:09 +00:00
|
|
|
|
|
|
|
|
/******************************************************************************/
|
|
|
|
|
/* Debug section: internal function to print debug information */
|
|
|
|
|
/* */
|
2018-02-23 17:43:29 +00:00
|
|
|
#ifdef DOT11DECRYPT_DEBUG
|
2012-07-18 02:47:56 +00:00
|
|
|
#include <stdio.h>
|
2006-12-05 21:06:09 +00:00
|
|
|
#include <time.h>
|
|
|
|
|
|
2015-01-09 22:15:39 +00:00
|
|
|
#include <epan/to_str.h>
|
|
|
|
|
|
2016-07-26 13:27:07 +00:00
|
|
|
static inline void print_debug_line(const CHAR *function, const CHAR *msg, const INT level)
|
|
|
|
|
{
|
2019-04-23 11:50:40 +00:00
|
|
|
if (level <= DEBUG_USED_LEVEL)
|
2016-07-26 13:27:07 +00:00
|
|
|
g_warning("dbg(%d)|(%s) %s", level, function, msg);
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-23 11:50:40 +00:00
|
|
|
#define DEBUG_PRINT_LINE(msg, level) print_debug_line(G_STRFUNC , msg, level)
|
|
|
|
|
|
|
|
|
|
#ifdef _TRACE
|
|
|
|
|
#define DEBUG_TRACE_START() print_debug_line(G_STRFUNC, "Start!", DEBUG_USED_LEVEL)
|
|
|
|
|
#define DEBUG_TRACE_END() print_debug_line(G_STRFUNC, "End!", DEBUG_USED_LEVEL)
|
2006-12-05 21:06:09 +00:00
|
|
|
#else
|
2019-04-23 11:50:40 +00:00
|
|
|
#define DEBUG_TRACE_START()
|
|
|
|
|
#define DEBUG_TRACE_END()
|
2006-12-05 21:06:09 +00:00
|
|
|
#endif
|
|
|
|
|
|
2015-11-12 21:57:11 +00:00
|
|
|
static inline void DEBUG_DUMP(const char* x, const guint8* y, int z)
|
2015-01-09 22:15:39 +00:00
|
|
|
{
|
2015-11-12 21:57:11 +00:00
|
|
|
char* tmp_str = bytes_to_str(NULL, y, (z));
|
2015-01-09 22:15:39 +00:00
|
|
|
g_warning("%s: %s", x, tmp_str);
|
|
|
|
|
wmem_free(NULL, tmp_str);
|
|
|
|
|
}
|
Add WPA group key decryption from Brian Stormont, via bug 1420:
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
2008-07-30 22:32:21 +00:00
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#else /* !defined DOT11DECRYPT_DEBUG */
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2019-04-23 11:50:40 +00:00
|
|
|
#define DEBUG_TRACE_START()
|
|
|
|
|
#define DEBUG_TRACE_END()
|
|
|
|
|
#define DEBUG_PRINT_LINE(msg, level)
|
Add WPA group key decryption from Brian Stormont, via bug 1420:
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
2008-07-30 22:32:21 +00:00
|
|
|
#define DEBUG_DUMP(x,y,z)
|
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#endif /* ?defined DOT11DECRYPT_DEBUG */
|
2006-12-05 21:06:09 +00:00
|
|
|
|
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#endif /* ?defined _DOT11DECRYPT_DEBUG_H */
|