WPA decryption fix from Greg Schwendimann via bug 3890:
I'm reasonably sure that I introduced this bug and I apologize for the problems with my previous patch. The problem is that I did not use all of the seen keys, I used all except the first key, which in a case of one key is none. The attached patch fixes the error. svn path=/trunk/; revision=29843
This commit is contained in:
parent
037f83cb88
commit
22dcdd3f9a
|
@ -1009,7 +1009,7 @@ AirPDcapRsnaMng(
|
|||
try_data=ep_alloc(*decrypt_len);
|
||||
|
||||
/* start of loop added by GCS */
|
||||
for(/* sa */; sa != NULL && ret_value == 1 ;sa=sa->next) {
|
||||
for(/* sa */; sa != NULL ;sa=sa->next) {
|
||||
|
||||
/* copy the encrypted data into a temp buffer */
|
||||
memcpy(try_data, decrypt_data, *decrypt_len);
|
||||
|
@ -1017,7 +1017,6 @@ AirPDcapRsnaMng(
|
|||
if (sa->wpa.key_ver==1) {
|
||||
/* CCMP -> HMAC-MD5 is the EAPOL-Key MIC, RC4 is the EAPOL-Key encryption algorithm */
|
||||
AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapRsnaMng", "TKIP", AIRPDCAP_DEBUG_LEVEL_3);
|
||||
|
||||
DEBUG_DUMP("ptk", sa->wpa.ptk, 64);
|
||||
DEBUG_DUMP("ptk portion used", AIRPDCAP_GET_TK(sa->wpa.ptk), 16);
|
||||
|
||||
|
@ -1030,6 +1029,7 @@ AirPDcapRsnaMng(
|
|||
AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapRsnaMng", "TKIP DECRYPTED!!!", AIRPDCAP_DEBUG_LEVEL_3);
|
||||
/* remove MIC (8bytes) and ICV (4bytes) from the end of packet */
|
||||
*decrypt_len-=12;
|
||||
break;
|
||||
} else {
|
||||
/* AES-CCMP -> HMAC-SHA1-128 is the EAPOL-Key MIC, AES wep_key wrap is the EAPOL-Key encryption algorithm */
|
||||
AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapRsnaMng", "CCMP", AIRPDCAP_DEBUG_LEVEL_3);
|
||||
|
@ -1041,11 +1041,12 @@ AirPDcapRsnaMng(
|
|||
AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapRsnaMng", "CCMP DECRYPTED!!!", AIRPDCAP_DEBUG_LEVEL_3);
|
||||
/* remove MIC (8bytes) from the end of packet */
|
||||
*decrypt_len-=8;
|
||||
break;
|
||||
}
|
||||
}
|
||||
/* end of loop */
|
||||
|
||||
/* non of the keys workd */
|
||||
/* none of the keys worked */
|
||||
if(sa == NULL)
|
||||
return ret_value;
|
||||
|
||||
|
|
Loading…
Reference in New Issue