Wireshark-commits: [Wireshark-commits] master-1.12 a64a489: 802.11: EAPOL 4-way handshake informati

From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Thu, 2 Apr 2015 07:14:44 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a64a4893d278c9c99f61b2357fd24e6d03360561
Submitter: Alexis La Goutte (alexis.lagoutte@xxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark

Commits:

a64a489 by Alexis La Goutte (alexis.lagoutte@xxxxxxxxx):

    802.11: EAPOL 4-way handshake information wrong
    
    the EAPOL Key Exchange descriptions show key packets 2 and 4 as "Key (Message 4 of 4)"
    
    Reason of issue : 
     In the IEEE 802.11 specification the value for the counter is defined as following:
    Message #2 - counter = n
    Message #4 - counter = n+1
    So the only way to distinguish between message #2 and message #4 using the counter value would be for Wireshark to "look ahead" and compare the counter values (e.g., if counter1 < counter2, then message 2, else message 4).
    
    Fix : 
    However, there is a much easier way to distinguish between message #2 and message #4.  Instead of using the counter field, Wireshark could parse the "WPA Key Nonce" field (display filter = wlan_rsna_eapol.keydes.nonce).
    According to the IEEE specification, sections 11.6.6.3 and 11.6.6.5 define the value for the WPA Key Nonce as following:
    Message #2, Key Nonce = SNonce (Supplicant Nonce)
    Message #4, Key Nonce = 0
    So, the logic would be:
    1. Use the Wireshark parser to determine the WPA Key Nonce value.  The Key nonce field is 32 octets.
    2. If !(keynonce), then message #2
        Else message #4
    (Only check the first 4 octets of nonce if equal to zero)
    
    
    Issue reported by Murray Pickard
    Reason of issue (and proposed fix) by Amato Carbonara
    
    Bug: 10557
    Change-Id: I66086ac27a4d7d3ac0356be295d23001e2af71c8
    Reviewed-on: https://code.wireshark.org/review/7868
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    (cherry picked from commit c3bc15907dc9a88f628d878317addec5ad3555db)
    Reviewed-on: https://code.wireshark.org/review/7880
    

Actions performed:

    from  6d54f33   Add the new #defines to cmakeconfig.h.in.
    adds  a64a489   802.11: EAPOL 4-way handshake information wrong


Summary of changes:
 epan/dissectors/packet-ieee80211.c |   11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)