ieee80211: Complete fixed size fields for SAE authentication

SAE authentication (used for mesh-point) introduced new non IE fields (aka fixed size fields) that require explicit parsing. The tricky part is that some of those fields don't have a fixed size... - 'scalar' and 'finite field element' size depend of the group used. Retrieve size of all groups supported by wpa_supplicant. - 'anti-clogging token' size is not specified. Bug: 14222 Change-Id: Id0aa8790c55b21b2797ba131de9e46c32519e2cc Reviewed-on: https://code.wireshark.org/review/24446 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-15 18:52:33 +01:00 · 2017-11-15 18:52:33 +01:00 · a398a9573d
parent 18d49f467d
commit a398a9573d
1 changed files with 200 additions and 2 deletions
--- a/epan/dissectors/packet-ieee80211.c
+++ b/epan/dissectors/packet-ieee80211.c
@ -3182,6 +3182,13 @@ static int hf_ieee80211_ff_bss_transition_candidate_list_entries = -1;
 static int hf_ieee80211_ff_sa_query_action_code = -1;
 static int hf_ieee80211_ff_transaction_id = -1;

+static int hf_ieee80211_ff_send_confirm = -1;
+static int hf_ieee80211_ff_anti_clogging_token = -1;
+static int hf_ieee80211_ff_scalar = -1;
+static int hf_ieee80211_ff_finite_field_element = -1;
+static int hf_ieee80211_ff_confirm = -1;
+static int hf_ieee80211_ff_finite_cyclic_group = -1;
+
 /* Vendor specific */
 static int hf_ieee80211_ff_marvell_action_type = -1;
 static int hf_ieee80211_ff_marvell_mesh_mgt_action_code = -1;
@ -8384,6 +8391,164 @@ add_ff_vht_action(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo _U_, int o
  return 1;
 }

+static guint
+get_ff_auth_sae_len(tvbuff_t *tvb)
+{
+  guint alg, seq, status_code;
+  alg = tvb_get_letohs(tvb, 0);
+
+  /* SAE authentication is alg 3 (cf auth_alg) */
+  if (alg != 3)
+    return 0;
+
+  seq = tvb_get_letohs(tvb, 2);
+  status_code = tvb_get_letohs(tvb, 4);
+
+  /* 82: Rejected with Suggested BSS Transition (cf ieee80211_status_code) */
+  if ((seq == 2) && (status_code == 82))
+    return 0;
+
+  /* everything is fixed size fields */
+  return tvb_reported_length_remaining(tvb, 6);
+}
+
+static void
+add_ff_auth_sae(proto_tree *tree, tvbuff_t *tvb)
+{
+  guint alg, seq, status_code, len;
+  alg = tvb_get_letohs(tvb, 0);
+
+  /* SAE authentication is alg 3 (cf auth_alg) */
+  if (alg != 3)
+    return;
+
+  seq = tvb_get_letohs(tvb, 2);
+  status_code = tvb_get_letohs(tvb, 4);
+
+  if (seq == 1)
+  {
+    /* 76: Authentication is rejected because an Anti-Clogging Token is required (cf ieee80211_status_code) */
+    if (status_code == 76)
+    {
+      proto_tree_add_item(tree, hf_ieee80211_ff_finite_cyclic_group, tvb, 6, 2,
+                          ENC_LITTLE_ENDIAN);
+      len = tvb_reported_length_remaining(tvb, 8);
+      proto_tree_add_item(tree, hf_ieee80211_ff_anti_clogging_token, tvb, 8, len,
+                          ENC_NA);
+    }
+    else if (status_code == 0)
+    {
+      guint group = tvb_get_letohs(tvb, 6);
+      guint sc_len, elt_len, offset;
+      proto_tree_add_item(tree, hf_ieee80211_ff_finite_cyclic_group, tvb, 6, 2,
+                          ENC_LITTLE_ENDIAN);
+      offset = 8;
+      len = tvb_reported_length_remaining(tvb, offset);
+      switch (group)
+      {
+        /* Diffie-Hellman groups */
+        case 1:
+          sc_len = elt_len = 96;
+          break;
+        case 2:
+          sc_len = elt_len = 128;
+          break;
+        case 5:
+          sc_len = elt_len = 192;
+          break;
+        case 14:
+          sc_len = elt_len = 256;
+          break;
+        case 15:
+          sc_len = elt_len = 384;
+          break;
+        case 16:
+          sc_len = elt_len = 512;
+          break;
+        case 17:
+          sc_len = elt_len = 768;
+          break;
+        case 18:
+          sc_len = elt_len = 1024;
+          break;
+        case 22:
+          sc_len = 20;
+          elt_len = 128;
+          break;
+        case 23:
+          sc_len = 28;
+          elt_len = 256;
+          break;
+        case 24:
+          sc_len = 32;
+          elt_len = 256;
+          break;
+        /* ECC groups */
+        case 19:
+        case 28:
+          sc_len = 32;
+          elt_len = 64;
+          break;
+        case 20:
+        case 29:
+          sc_len = 48;
+          elt_len = 96;
+          break;
+        case 21:
+          sc_len = 66;
+          elt_len = 132;
+          break;
+        case 25:
+          sc_len = 24;
+          elt_len = 48;
+          break;
+        case 26:
+          sc_len = 28;
+          elt_len = 56;
+          break;
+        case 30:
+          sc_len = 64;
+          elt_len = 128;
+          break;
+        default:
+          /* assume no anti-clogging token */
+          if (!(len % 3))
+          {
+            sc_len = len / 3;
+          }
+          else
+          {
+            sc_len = len / 2;
+          }
+          elt_len = len - sc_len;
+          break;
+      }
+
+      if ((sc_len + elt_len) < len)
+      {
+        len = len - (sc_len + elt_len);
+        proto_tree_add_item(tree, hf_ieee80211_ff_anti_clogging_token, tvb, offset,
+                            len, ENC_NA);
+        offset += len;
+      }
+      proto_tree_add_item(tree, hf_ieee80211_ff_scalar, tvb, offset,
+                          sc_len, ENC_NA);
+      offset += sc_len;
+      proto_tree_add_item(tree, hf_ieee80211_ff_finite_field_element, tvb, offset,
+                          elt_len, ENC_NA);
+    }
+  }
+  /* 82: Rejected with Suggested BSS Transition (cf ieee80211_status_code) */
+  else if ((seq == 2) && (status_code != 82))
+  {
+    proto_tree_add_item(tree, hf_ieee80211_ff_send_confirm, tvb, 6, 2,
+                        ENC_LITTLE_ENDIAN);
+    len = tvb_reported_length_remaining(tvb, 8);
+    proto_tree_add_item(tree, hf_ieee80211_ff_confirm, tvb, 8, len,
+                        ENC_NA);
+  };
+}
+
 static guint
 wnm_bss_trans_mgmt_query(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, int offset)
 {
@ -17368,11 +17533,14 @@ dissect_ieee80211_mgt(guint16 fcf, tvbuff_t *tvb, packet_info *pinfo, proto_tree
      break;

    case MGT_AUTHENTICATION:
-      fixed_tree = get_fixed_parameter_tree(mgt_tree, tvb, 0, 6);
+      offset = 6;  /* Size of fixed fields */
+      offset += get_ff_auth_sae_len(tvb);
+
+      fixed_tree = get_fixed_parameter_tree(mgt_tree, tvb, 0, offset);
      add_ff_auth_alg(fixed_tree, tvb, pinfo, 0);
      add_ff_auth_trans_seq(fixed_tree, tvb, pinfo, 2);
      add_ff_status_code(fixed_tree, tvb, pinfo, 4);
-      offset = 6;  /* Size of fixed fields */
+      add_ff_auth_sae(fixed_tree, tvb);

      tagged_parameter_tree_len =
        tvb_reported_length_remaining(tvb, offset);
@ -23416,6 +23584,36 @@ proto_register_ieee80211(void)
      FT_UINT16, BASE_HEX, NULL, 0,
      NULL, HFILL }},

+    {&hf_ieee80211_ff_send_confirm,
+     {"Send-Confirm", "wlan.fixed.send_confirm",
+      FT_UINT16, BASE_DEC, NULL, 0,
+      NULL, HFILL }},
+
+    {&hf_ieee80211_ff_anti_clogging_token,
+     {"Anti-Clogging Token", "wlan.fixed.anti_clogging_token",
+      FT_BYTES, BASE_NONE, NULL, 0,
+      NULL, HFILL }},
+
+    {&hf_ieee80211_ff_scalar,
+     {"Scalar", "wlan.fixed.scalar",
+      FT_BYTES, BASE_NONE, NULL, 0,
+      NULL, HFILL }},
+
+    {&hf_ieee80211_ff_finite_field_element,
+     {"Finite Field Element", "wlan.fixed.finite_field_element",
+      FT_BYTES, BASE_NONE, NULL, 0,
+      NULL, HFILL }},
+
+    {&hf_ieee80211_ff_confirm,
+     {"Confirm", "wlan.fixed.confirm",
+      FT_BYTES, BASE_NONE, NULL, 0,
+      NULL, HFILL }},
+
+    {&hf_ieee80211_ff_finite_cyclic_group,
+     {"Group Id", "wlan.fixed.finite_cyclic_group",
+      FT_UINT16, BASE_DEC, NULL, 0,
+      NULL, HFILL }},
+
    {&hf_ieee80211_anqp_wfa_subtype,
     {"WFA Subtype", "wlan.anqp.wfa.subtype",
      FT_UINT8, BASE_DEC, VALS(wfa_subtype_vals), 0, NULL, HFILL }},