ieee80211: Fix EAPOL dissector for Wi-SUN
In section 6.5.2.3 ("PTK and GTK Installation Flow"), the Wi-SUN specification says that the second message in 4 way handshake must have these properties: Descriptor Type = 2 Key Information: 1. Key Descriptor Version = 2 2. Key Type = 1 (Pairwise) 3. Install = 0 4. Key Ack = 0 5. Key MIC = 1 6. Secure = 0 7. Error = 0 8. Request = 0 9. Encrypted Key Data = 0 10. SMK Message = 0 11. Reserved = 0 Key Length = 0 Key Replay Counter = see [IEEE802.11] section 11.6.2. Key Nonce = SUP generated SNonce EAPOL-Key IV = 0 Key RSC = 0 Key MIC = MIC(KCK, EAPOL) computed over the body of this EAPOL-Key frame with the Key MIC field first initialized to 0. Key Data Length = 0 Key Data = none Thus, until now, the message 2/4 of 4 way handshake was identified as message 4/4.
This commit is contained in:
parent
0f296eb3f9
commit
a1e2f3b3f5
|
@ -19554,6 +19554,15 @@ static conversation_t *find_wlan_conversation_pinfo(packet_info *pinfo)
|
|||
return find_conversation_pinfo(pinfo, 0);
|
||||
}
|
||||
|
||||
static gboolean determine_nonce_is_set(tvbuff_t *tvb) {
|
||||
int offset;
|
||||
|
||||
for (offset = 12; offset < 12 + 32; offset++)
|
||||
if (tvb_get_guint8(tvb, offset))
|
||||
return TRUE;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
static guint16 determine_mic_len(packet_info *pinfo, gboolean assoc_frame,
|
||||
gboolean *defaulted) {
|
||||
guint16 eapol_key_mic_len = 16; /* Default MIC length */
|
||||
|
@ -35715,6 +35724,7 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_
|
|||
NULL
|
||||
};
|
||||
guint16 eapol_data_offset = 76; /* 92 - 16 */
|
||||
gboolean has_nonce = determine_nonce_is_set(tvb);
|
||||
gboolean defaulted_mic_len = FALSE;
|
||||
guint16 eapol_key_mic_len = determine_mic_len(pinfo, FALSE, &defaulted_mic_len);
|
||||
save_proto_data_value(pinfo, eapol_key_mic_len, MIC_LEN_KEY);
|
||||
|
@ -35775,11 +35785,14 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_
|
|||
use the Secure Bit and/or the Nonce, but there are implementations ignoring the spec.
|
||||
The Secure Bit is incorrectly set on rekeys for Windows clients for Message 2 and the Nonce is non-zero
|
||||
in Message 4 in Bug 11994 (Apple?) */
|
||||
/* In Wi-SUN protocol, message 2 does not contains any data. However, all the implementations
|
||||
* respect 802.11X, so Secure Bit is set only on message 2 and Nonce is set only on message 4
|
||||
* (see section 6.5.2.3 of Wi-SUN specification) */
|
||||
/* When using AES-SIV without plaintext (i.e. only for integrity), the ciphertext has length 16 */
|
||||
/* With MLO message 4 will have 12 bytes of data */
|
||||
if (((eapol_key_mic_len == 0) && (eapol_data_len > 16)) ||
|
||||
((eapol_key_mic_len > 0) && (eapol_data_len != 0) &&
|
||||
(eapol_data_len != 12))) {
|
||||
((eapol_key_mic_len > 0) && (eapol_data_len == 0) && !(keyinfo & KEY_INFO_SECURE_MASK) && has_nonce) ||
|
||||
((eapol_key_mic_len > 0) && (eapol_data_len != 0) && (eapol_data_len != 12))) {
|
||||
ti = proto_tree_add_uint(tree, hf_wlan_rsna_eapol_wpa_keydes_msgnr, tvb, offset, 0, 2);
|
||||
|
||||
col_set_str(pinfo->cinfo, COL_INFO, "Key (Message 2 of 4)");
|
||||
|
|
Loading…
Reference in New Issue