wireshark

Commit Graph

Author	SHA1	Message	Date
deagol	1439eb6778	IEEE 802.11: 802.1X (WPA-EAP) rekeying support This patch extends the existing decryption support for WPA to also handle rekeys by checking each decrypted packet for a 4-way-handshake. Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise (WPA-EAP). For decrypting WPA-EAP secured packets the user must provide all used PMK's of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark via the existing interface. (The capture must have all 4-way-handshakes included also, starting with the first unencrypted one.) Every decrypted unicast packet will habe the used PMK and TK shown in the CCMP/TKIP section below the key index in the GUI. Group packets will display the GTK instead. Additionally this fixes a small issue with group rekey handling, so every packet can be selected in the GUI in random order, removing the need to manually find the correct group keying packets prior to that. It was tested primary with WPA-CCMP, but TKIP is also working. One section in the code touch bluetooth 802.1X support. It should do exactly the same, but will now also examine all decypted packets for rekeys. Ping-Bug: 11172 Change-Id: I19d055581fce6268df888da63485a48326046748 Reviewed-on: https://code.wireshark.org/review/8268 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>	2015-05-08 04:27:49 +00:00
Guy Harris	435e7c6106	Move the AirPcap stuff into caputils. Change-Id: I64b45dad36a3ec491aeb9de3439b4fe19b46f9d8 Reviewed-on: https://code.wireshark.org/review/3308 Reviewed-by: Guy Harris <guy@alum.mit.edu>	2014-08-01 00:30:03 +00:00

Author

SHA1

Message

Date

deagol

1439eb6778

IEEE 802.11: 802.1X (WPA-EAP) rekeying support

This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.

Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).

For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)

Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.

Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.

It was tested primary with WPA-CCMP, but TKIP is also working.

One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.

Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

2015-05-08 04:27:49 +00:00

Guy Harris

435e7c6106

Move the AirPcap stuff into caputils.

Change-Id: I64b45dad36a3ec491aeb9de3439b4fe19b46f9d8
Reviewed-on: https://code.wireshark.org/review/3308
Reviewed-by: Guy Harris <guy@alum.mit.edu>

2014-08-01 00:30:03 +00:00

2 Commits