Ethereal-users: [Ethereal-users] OT: WPA-AES-PSK Query

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Jitesh Shah" <jitesh.shah@xxxxxxxxxx>
Date: Fri, 23 Sep 2005 13:52:12 +0530
Hi
Greetings
Sorry for this off topic but then this group has thousands of professionals who could help me out :)
I am trying to implement WPA PSK 4 way handshake using AES. Using AES and EAPOL-Descriptor version #2, WPA-PSK requires usage of AES-CBC-MAC for EAPOL-MIC computation and HMAC-SHA1 for the Key encryption. Please correct me if I am wrong.
I believe AES-CBC-MAC computation is based on RFC3610 (is this assumption correct??) Now RFC 3610 states for the computation of CBC-MAC, a flag a nonce and data length are required along with additional and optional additional data. WPA specification for 802.11i (draft 10: used by WPA) doesnt specify how are these flags, nonce or data lengths arrived at.
I tried to sniff the conversation between an AP and STA using AES-PSK. The captures of message # 1 and # 2 of the 4 way handshake are attached as Ethreal capture files. The passphrase is   password     and the SSID is      IEEE      
Using the passphrase and SSID the PSK can be arrived at. I have verified that the PSK I obtained is same as specified in 802.11i standard (its a test vector there) And using this PSKand the Anonce and the Snonce from message 1 and message 2 the PTK is obtained. I obtained the following PTK.
1f eb 16 21 a2 13 a4 09 59 88 3c bc 5f 2d b1 88
d8 df bf 2e e6 00 2e 5c d3 52 2b 83 24 a9 18 eb
3e 5c 2d bc 36 5c 0e 5a f4 51 1c ff 1f 4f 88 2c
Is my PTK correct?? 
Could someone please help me in obtaining the EAPOL-MIC key as seen in message # 2 Eapol Message. I am not sure as to how is the AES-CBC-MAC. How is this MIC arrived at?? Any clues/pointers/tips?? Starting from what part of the message # 2, is used for MIC Calculation. Is snap header also used for MIC calculation or is it from the Key descriptor version or is it starting from the EAPOL Version number. What is the algorithm used for this EAPOL MIC Computation if it is not AES-CBC-MAC. If it is AES-CBC-MAC how is the algorithm run: any clues/tips/pointers??

Regards,
Jitesh Shah                                                            <<message1>>  <<message2>>

Attachment: message1
Description: message1

Attachment: message2
Description: message2