diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c index fe0d2593df..5395db9638 100644 --- a/epan/crypt/dot11decrypt.c +++ b/epan/crypt/dot11decrypt.c @@ -2269,7 +2269,7 @@ Dot11DecryptDerivePtk( sa->wpa.cipher = 2; /* TKIP */ ptk_len_bits = 512; DerivePtk = Dot11DecryptRsnaPrfX; - algo = GCRY_MD_MD5; + algo = GCRY_MD_SHA1; } else if (key_version == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) { sa->wpa.cipher = 4; /* CCMP-128 */ ptk_len_bits = 384; @@ -2309,7 +2309,7 @@ Dot11DecryptRsnaPrfX( UCHAR R[100]; INT offset=sizeof("Pairwise key expansion"); UCHAR output[80]; /* allow for sha1 overflow. */ - int hash_len = (hash_algo == GCRY_MD_MD5) ? 16 : 20; + int hash_len = 20; memset(R, 0, 100); diff --git a/test/captures/wpa1-gtk-rekey.pcapng.gz b/test/captures/wpa1-gtk-rekey.pcapng.gz new file mode 100644 index 0000000000..88e4c067a8 Binary files /dev/null and b/test/captures/wpa1-gtk-rekey.pcapng.gz differ diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 754c9bffc6..68f189588a 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -101,6 +101,17 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase): self.assertTrue(self.grepOutput('Who has 192.168.5.2')) self.assertTrue(self.grepOutput('DHCP ACK')) + def test_80211_wpa1_gtk_rekey(self, cmd_tshark, capture_file): + '''Decode WPA1 with multiple GTK rekeys''' + # Included in git sources test/captures/wpa1-gtk-rekey.pcapng.gz + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa1-gtk-rekey.pcapng.gz'), + '-Y', 'wlan.analysis.tk == "d0e57d224c1bb8806089d8c23154074c" || wlan.analysis.gtk == "6eaf63f4ad7997ced353723de3029f4d" || wlan.analysis.gtk == "fb42811bcb59b7845376246454fbdab7"', + )) + self.assertTrue(self.grepOutput('DHCP Discover')) + self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 8) + @fixtures.mark_usefixtures('test_env') @fixtures.uses_fixtures class case_decrypt_dtls(subprocesstest.SubprocessTestCase):