Wireshark-commits: [Wireshark-commits] master c3bc159: 802.11: EAPOL 4-way handshake information wr

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 2 Apr 2015 07:14:10 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c3bc15907dc9a88f628d878317addec5ad3555db
Submitter: Alexis La Goutte (alexis.lagoutte@xxxxxxxxx)
Changed: branch: master
Repository: wireshark

Commits:

c3bc159 by Alexis La Goutte (alexis.lagoutte@xxxxxxxxx):

    802.11: EAPOL 4-way handshake information wrong
    
    the EAPOL Key Exchange descriptions show key packets 2 and 4 as "Key (Message 4 of 4)"
    
    Reason of issue : 
     In the IEEE 802.11 specification the value for the counter is defined as following:
    Message #2 - counter = n
    Message #4 - counter = n+1
    So the only way to distinguish between message #2 and message #4 using the counter value would be for Wireshark to "look ahead" and compare the counter values (e.g., if counter1 < counter2, then message 2, else message 4).
    
    Fix : 
    However, there is a much easier way to distinguish between message #2 and message #4.  Instead of using the counter field, Wireshark could parse the "WPA Key Nonce" field (display filter = wlan_rsna_eapol.keydes.nonce).
    According to the IEEE specification, sections 11.6.6.3 and 11.6.6.5 define the value for the WPA Key Nonce as following:
    Message #2, Key Nonce = SNonce (Supplicant Nonce)
    Message #4, Key Nonce = 0
    So, the logic would be:
    1. Use the Wireshark parser to determine the WPA Key Nonce value.  The Key nonce field is 32 octets.
    2. If !(keynonce), then message #2
        Else message #4
    (Only check the first 4 octets of nonce if equal to zero)
    
    
    Issue reported by Murray Pickard
    Reason of issue (and proposed fix) by Amato Carbonara
    
    Bug: 10557
    Change-Id: I66086ac27a4d7d3ac0356be295d23001e2af71c8
    Reviewed-on: https://code.wireshark.org/review/7868
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    

Actions performed:

    from  33abb91   dumpcap: fix Resource leak (CID: 129558)
    adds  c3bc159   802.11: EAPOL 4-way handshake information wrong


Summary of changes:
 epan/dissectors/packet-ieee80211.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)