Wireshark-commits: [Wireshark-commits] master-1.12 bac021c: IEEE 802.11: 802.1X (WPA-EAP) rekeying

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx>
Date: Mon, 21 Dec 2015 09:33:21 +0000 (UTC)
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bac021c5930834b480a6109f8802de5c3af41f39
Submitter: Guy Harris (guy@xxxxxxxxxxxx)
Changed: branch: master-1.12
Repository: wireshark

Commits:

bac021c by deagol (alexander.wetzel@xxxxxx):

    IEEE 802.11: 802.1X (WPA-EAP) rekeying support
    
    This patch extends the existing decryption support for WPA to also
    handle rekeys by checking each decrypted packet for a 4-way-handshake.
    
    Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
    (WPA-EAP).
    
    For decrypting WPA-EAP secured packets the user must provide all used PMK's
    of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
    via the existing interface.
    (The capture must have all 4-way-handshakes included also, starting with
    the first unencrypted one.)
    
    Every decrypted unicast packet will habe the used PMK and TK shown in the
    CCMP/TKIP section below the key index in the GUI. Group packets will display the
    GTK instead.
    
    Additionally this fixes a small issue with group rekey handling, so every packet
    can be selected in the GUI in random order, removing the need to manually find
    the correct group keying packets prior to that.
    
    It was tested primary with WPA-CCMP, but TKIP is also working.
    
    One section in the code touch bluetooth 802.1X support. It should do
    exactly the same, but will now also examine all decypted packets for rekeys.
    
    Ping-Bug: 11172
    Change-Id: I19d055581fce6268df888da63485a48326046748
    Reviewed-on: https://code.wireshark.org/review/8268
    Reviewed-by: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Petri-Dish: Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>
    Tested-by: Petri Dish Buildbot <buildbot-no-reply@xxxxxxxxxxxxx>
    Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
    Reviewed-on: https://code.wireshark.org/review/12777
    Reviewed-by: Guy Harris <guy@xxxxxxxxxxxx>
    

Actions performed:

    from  8110a70   [airpdcap] check the length of the WPA broadcast key we calculated
    adds  bac021c   IEEE 802.11: 802.1X (WPA-EAP) rekeying support


Summary of changes:
 airpcap_loader.h                   |    2 +-
 epan/crypt/airpdcap.c              |  215 +++++++++---------------------------
 epan/crypt/airpdcap_system.h       |   14 +--
 epan/crypt/airpdcap_user.h         |    9 +-
 epan/dissectors/packet-ieee80211.c |   51 ++++++++-
 test/captures/wpa-eap-tls.pcap.gz  |  Bin 0 -> 25629 bytes
 test/config/80211_keys.tmpl        |    5 +-
 test/suite-decryption.sh           |   17 +++
 8 files changed, 131 insertions(+), 182 deletions(-)
 create mode 100644 test/captures/wpa-eap-tls.pcap.gz