osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ieee80211: Fix EAPOL dissector for Wi-SUN 

In section 6.5.2.3 ("PTK and GTK Installation Flow"), the Wi-SUN
specification says that the second message in 4 way handshake must have
these properties:

  Descriptor Type = 2
  Key Information:
      1. Key Descriptor Version = 2
      2. Key Type = 1 (Pairwise)
      3. Install = 0
      4. Key Ack = 0
      5. Key MIC = 1
      6. Secure = 0
      7. Error = 0
      8. Request = 0
      9. Encrypted Key Data = 0
      10. SMK Message = 0
      11. Reserved = 0
  Key Length = 0
  Key Replay Counter = see [IEEE802.11] section 11.6.2.
  Key Nonce = SUP generated SNonce
  EAPOL-Key IV = 0
  Key RSC = 0
  Key MIC = MIC(KCK, EAPOL) computed over the body of this EAPOL-Key frame
  with the Key MIC field first initialized to 0.
  Key Data Length = 0
  Key Data = none

Thus, until now, the message 2/4 of 4 way handshake was identified as
message 4/4.
This commit is contained in:
Jérôme Pouiller 2022-09-21 17:42:41 +02:00 committed by Alexis La Goutte
parent 0f296eb3f9
commit a1e2f3b3f5
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
epan/dissectors/packet-ieee80211.c
View File

@ -19554,6 +19554,15 @@ static conversation_t *find_wlan_conversation_pinfo(packet_info *pinfo)
return find_conversation_pinfo(pinfo, 0);
}
static gboolean determine_nonce_is_set(tvbuff_t *tvb) {
int offset;
for (offset = 12; offset < 12 + 32; offset++)
if (tvb_get_guint8(tvb, offset))
return TRUE;
return FALSE;
}
static guint16 determine_mic_len(packet_info *pinfo, gboolean assoc_frame,
gboolean *defaulted) {
guint16 eapol_key_mic_len = 16; /* Default MIC length */
@ -35715,6 +35724,7 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_
NULL
};
guint16 eapol_data_offset = 76; /* 92 - 16 */
gboolean has_nonce = determine_nonce_is_set(tvb);
gboolean defaulted_mic_len = FALSE;
guint16 eapol_key_mic_len = determine_mic_len(pinfo, FALSE, &defaulted_mic_len);
save_proto_data_value(pinfo, eapol_key_mic_len, MIC_LEN_KEY);
@ -35775,11 +35785,14 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_
use the Secure Bit and/or the Nonce, but there are implementations ignoring the spec.
The Secure Bit is incorrectly set on rekeys for Windows clients for Message 2 and the Nonce is non-zero
in Message 4 in Bug 11994 (Apple?) */
/* In Wi-SUN protocol, message 2 does not contains any data. However, all the implementations
* respect 802.11X, so Secure Bit is set only on message 2 and Nonce is set only on message 4
* (see section 6.5.2.3 of Wi-SUN specification) */
/* When using AES-SIV without plaintext (i.e. only for integrity), the ciphertext has length 16 */
/* With MLO message 4 will have 12 bytes of data */
if (((eapol_key_mic_len == 0) && (eapol_data_len > 16)) ||
((eapol_key_mic_len > 0) && (eapol_data_len != 0) &&
(eapol_data_len != 12))) {
((eapol_key_mic_len > 0) && (eapol_data_len == 0) && !(keyinfo & KEY_INFO_SECURE_MASK) && has_nonce) ||
((eapol_key_mic_len > 0) && (eapol_data_len != 0) && (eapol_data_len != 12))) {
ti = proto_tree_add_uint(tree, hf_wlan_rsna_eapol_wpa_keydes_msgnr, tvb, offset, 0, 2);
col_set_str(pinfo->cinfo, COL_INFO, "Key (Message 2 of 4)");