Wireshark-commits: [Wireshark-commits] master 9cf77ec: ieee80211: Support decrypting WPA3-Personal
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9cf77ec5e12e24f1a8c6eb9fa14c015b830f066b
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
9cf77ec by Mikael Kanstrup (mikael.kanstrup@xxxxxxxx):
ieee80211: Support decrypting WPA3-Personal / SAE captures
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@xxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from b780bb1 NAS-5GS: Dissect Packet filter contents Single remote port type.
add 9cf77ec ieee80211: Support decrypting WPA3-Personal / SAE captures
Summary of changes:
debian/libwsutil0.symbols | 1 +
epan/crypt/dot11decrypt.c | 505 +++++++++++++++++++++++++++++++++++--
epan/crypt/dot11decrypt_system.h | 3 +-
epan/crypt/dot11decrypt_user.h | 1 +
epan/dissectors/packet-ieee80211.c | 4 +-
test/captures/wpa3-sae.pcapng.gz | Bin 0 -> 5981 bytes
test/config/80211_keys.tmpl | 1 +
test/suite_decryption.py | 10 +
wsutil/wsgcrypt.c | 23 ++
wsutil/wsgcrypt.h | 2 +
10 files changed, 521 insertions(+), 29 deletions(-)
create mode 100644 test/captures/wpa3-sae.pcapng.gz
