Wireshark-commits: [Wireshark-commits] rev 25879: /trunk/ /trunk/epan/crypt/: airpdcap.c airpdcap_d

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: gerald@xxxxxxxxxxxxx
Date: Wed, 30 Jul 2008 22:32:25 GMT
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=25879

User: gerald
Date: 2008/07/30 03:32 PM

Log:
 Add WPA group key decryption from Brian Stormont, via bug 1420:
 
 Although this patch successfully recognizes group keys and decrypts packets
 properly using the group key, there is a limitation.  If an AP is using key
 rotation, clicking on individual packets in a trace may not properly decrypt a
 packet encrypted with a group key.  This is because the current structure used
 in Wireshark only supports one active unicast and one active group key.  If a
 new key has been seen, but you are looking at a packet encrypted with an older
 key, it will not decrypt.  The summary lines, however, do show the packets
 properly decrypted.
 
 I've written up a much longer and more detailed explanation in a comment in the
 code, along with a proposed idea for a solution, plus a clunky work-around in
 the GUI when using the current code.
 
 I also suspect there might still be a problem with decrypting TKIP groups keys
 that are sent using WPA2 authentication.  In the most common operation, if you
 are using WPA2, you'll also be using AES keys. It's not a common AP
 configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
 it.  Since it is an uncommon setup, I haven't put aside the time to test this
 patch against such an AP.   I do have access to an AP that supports this, so
 when I have the time I'll test it and if needed, will submit another patch to
 handle that odd-ball condition.
 
 From me:
 
 Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
 in the comments).
 Preserve the GPL licensing text in several files (which the patch shouldn't
 have removed).
 Remove changes that added whitespace.
 Convert C++-style comments to C-style.
 Update to include recent SVN changes (e.g. renaming variables named "index").
 Remove extraneous printf's.
 Define DEBUG_DUMP in airpdcap_debug.h.
 Comment out some instances of DEBUG_DUMP.
 Change malloc/free to g_malloc/g_free.
 Use g_memdup instead of allocating and copying.
 Use gint16 instead of INT16 in airpdcap_rijndael.c.
 Add Brian to AUTHORS.

Directory: /trunk/epan/crypt/
  Changes    Path                   Action
  +427 -20   airpdcap.c             Modified
  +4 -0      airpdcap_debug.h       Modified
  +2 -0      airpdcap_int.h         Modified
  +313 -1    airpdcap_rijndael.c    Modified
  +3 -1      airpdcap_rijndael.h    Modified
  +8 -2      airpdcap_tkip.c        Modified

Directory: /trunk/
  Changes    Path          Action
  +4 -0      AUTHORS       Modified