The debug log levels used in dot11decrypt are pretty much random.
Cleanup how the different levels are used and at the same time change
to standard wslog log levels.
With this change log levels are used as follows:
WARNING - Allocation failures or unexpected (but handled) errors.
DEBUG - Debug messages mainly related to key derivation.
NOISY - Debug messages related to packet decryption.
When building with GCC 10.2.0 and optimization level 3 some new
warnings turn up. Fix them.
./epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r0’:
../epan/crypt/dot11decrypt_util.c:308:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
308 | memcpy(pmk_r0_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../epan/crypt/dot11decrypt_util.c: In function ‘dot11decrypt_derive_pmk_r1’:
../epan/crypt/dot11decrypt_util.c:357:5: error: ‘sha256_res’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
357 | memcpy(pmk_r1_name, sha256_res, 16);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_add_if_filter_option’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
../wiretap/wtap_opttypes.c: In function ‘wtap_block_set_if_filter_option_value’:
../wiretap/wtap_opttypes.c:782:12: error: ‘*((void *)&filter_dest+8)’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
782 | return filter_dest;
| ^~~~~~~~~~~
Add partial support for decrypting captures with connections
established using FT BSS Transition (IEEE 802.11r).
FT BSS Transition decryption comes with the following limitations:
- Only FT-PSK is supported.
- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.
Break out the PRF and KDF functionality from the PMK to PTK
derivation functions and make them separate utility functions
implemented as defined in the IEEE 802.11 standard.
This change is done in preparation for supporting additional
AKMS where the key derivation functions can be reused to derive
other type of keys.
Instead of using a single memcpy which relies
upon struct members being in contiguous
memory, use three separate calls to memcpy.
This fixes Coverity 1460754.
Coverity Scan reports an out-of-bounds acccess on memcopy from addr1
of 802.11 mac header. This out-of-bounds access is a controlled access
knowing that addr2 and addr3 is located in memory right after addr1.
Type cast to a guint8 pointer to indicate that there's no fix length.
This should silent the Coverity Scan error reported.
Coverity CID 1460754
Change-Id: Ief2280f1b686deebf3aba74f19a5730c66d4d313
Reviewed-on: https://code.wireshark.org/review/36706
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
dot11decrypt_util.c:34:6: warning: no previous prototype for ‘dot11decrypt_construct_aad’ [-Wmissing-prototypes]
Change-Id: Ideda2d18de88aed9d3fd045a02ead6446b0dbfce
Reviewed-on: https://code.wireshark.org/review/36653
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The function to construct AAD is same for both CCMP and GCMP so move
it to a new internal utility c file for later use by both
implementations.
Change-Id: I8c8ffe0f492d5860e2bcd266b4d936383598b47e
Reviewed-on: https://code.wireshark.org/review/36358
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
