From 3e9ce48d24242c891968f65ae5160e967e73cfa5 Mon Sep 17 00:00:00 2001 From: Mikael Kanstrup Date: Sun, 22 Mar 2020 10:06:56 +0100 Subject: dot11decrypt: Fix decryption of MFP enabled connections MFP enabled connections with SHA-256 key management (IEEE 802.11w) use EAPOL key version == 3. This case was missing making decryption of such connections fail. Allow key version 3 to handle these too. Change-Id: If9e3fcc5c3bbfb46e82b39dfed5b2a74787a4f16 Reviewed-on: https://code.wireshark.org/review/36534 Reviewed-by: Peter Wu Petri-Dish: Peter Wu Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman --- epan/crypt/dot11decrypt.c | 19 ++++++++++--------- test/captures/wpa2-psk-mfp.pcapng.gz | Bin 0 -> 3128 bytes test/suite_decryption.py | 13 +++++++++++++ 3 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 test/captures/wpa2-psk-mfp.pcapng.gz diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c index a9cebf5d01..d0c63e2b7b 100644 --- a/epan/crypt/dot11decrypt.c +++ b/epan/crypt/dot11decrypt.c @@ -328,8 +328,8 @@ Dot11DecryptCopyKey(PDOT11DECRYPT_SEC_ASSOCIATION sa, PDOT11DECRYPT_KEY_ITEM key key->KeyData.Wpa.Cipher = sa->wpa.cipher; if (sa->wpa.key_ver==DOT11DECRYPT_WPA_KEY_VER_NOT_CCMP) key->KeyType=DOT11DECRYPT_KEY_TYPE_TKIP; - else if (sa->wpa.key_ver == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP || - sa->wpa.key_ver == 0) + else if (sa->wpa.key_ver == 0 || sa->wpa.key_ver == 3 || + sa->wpa.key_ver == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) { switch (sa->wpa.cipher) { case 1: @@ -1587,8 +1587,11 @@ Dot11DecryptRsna4WHandshake( } memcpy(eapol, eapol_raw, tot_len); - if (eapol_parsed->key_version == 0) { - /* PTK derivation is based on Authentication Key Management Type */ + /* From IEEE 802.11-2016 12.7.2 EAPOL-Key frames */ + if (eapol_parsed->key_version == 0 || eapol_parsed->key_version == 3 || + eapol_parsed->key_version == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) + { + /* PTK derivation is based on Authentication Key Management Type */ akm = eapol_parsed->akm; cipher = eapol_parsed->cipher; group_cipher = eapol_parsed->group_cipher; @@ -1597,11 +1600,9 @@ Dot11DecryptRsna4WHandshake( akm = 2; cipher = 2; group_cipher = 2; - } else if (eapol_parsed->key_version == DOT11DECRYPT_WPA_KEY_VER_AES_CCMP) { - /* CCMP-128 */ - akm = eapol_parsed->akm; - cipher = eapol_parsed->cipher; - group_cipher = eapol_parsed->group_cipher; + } else { + DEBUG_PRINT_LINE("EAPOL key_version not supported", DEBUG_LEVEL_3); + return DOT11DECRYPT_RET_NO_VALID_HANDSHAKE; } /* derive the PTK from the BSSID, STA MAC, PMK, SNonce, ANonce */ diff --git a/test/captures/wpa2-psk-mfp.pcapng.gz b/test/captures/wpa2-psk-mfp.pcapng.gz new file mode 100644 index 0000000000..da445aec36 Binary files /dev/null and b/test/captures/wpa2-psk-mfp.pcapng.gz differ diff --git a/test/suite_decryption.py b/test/suite_decryption.py index be6403f879..5afac4e049 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -65,6 +65,19 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase): )) self.assertEqual(self.countOutput('802.11.*SN=.*FN=.*Flags='), 3) + def test_80211_wpa2_psk_mfp(self, cmd_tshark, capture_file, features): + '''IEEE 802.11 decode WPA2 PSK with MFP enabled (802.11w)''' + # Included in git sources test/captures/wpa2-psk-mfp.pcapng.gz + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa2-psk-mfp.pcapng.gz'), + '-Y', 'wlan.analysis.tk == 4e30e8c019bea43ea5262b10853b818d || wlan.analysis.gtk == 70cdbf2e5bc0ca22e53930818a5d80e4', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK is correct + self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct + self.assertTrue(self.grepOutput('Echo \(ping\) request')) # Verifies TK is correct def test_80211_wpa_tdls(self, cmd_tshark, capture_file, features): '''WPA decode traffic in a TDLS (Tunneled Direct-Link Setup) session (802.11z)''' -- cgit v1.2.3