diff options
| author | Alexander Wetzel <alexander.wetzel@web.de> | 2015-11-01 18:49:42 +0100 |
|---|---|---|
| committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2015-11-09 11:28:14 +0000 |
| commit | cb3dd958af31099772c8934179e113929ae0c020 (patch) | |
| tree | f65bfcfea17b718ad59ea727968c6669453c489b /test | |
| parent | d4985a5acb63460797f4d009366a2038b0797570 (diff) | |
WPA/WPA2 decoding fixes and improvements
- start decoding when we have eapol1+2 packets
Do not insist on a complete captured handshake, decode what we can.
- more robust way to detect eapol #2 packets
At least Win 10 is violating the spec on rekey by setting the secure
bit in #2. Unpatched version shows and handles #2 as #4, breaking
decoding after rekey.
- fixed eapol rekey key handling
Inital patch (see https://code.wireshark.org/review/8268)
is adding redundant keys, since it scans all the time
and not only once.
- ignore tailing garbage after eapol sections in frame
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8
Included testcase to test decode for incomplete handshakes and eapol2
packets with secure bit set on rekey.
Ping-Bug: 9065
Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd
Reviewed-on: https://code.wireshark.org/review/11484
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/captures/wpa-test-decode.pcap.gz | bin | 0 -> 167294 bytes | |||
| -rw-r--r-- | test/config/80211_keys.tmpl | 1 | ||||
| -rwxr-xr-x | test/suite-decryption.sh | 17 |
3 files changed, 18 insertions, 0 deletions
diff --git a/test/captures/wpa-test-decode.pcap.gz b/test/captures/wpa-test-decode.pcap.gz Binary files differnew file mode 100644 index 0000000000..050f94ec4a --- /dev/null +++ b/test/captures/wpa-test-decode.pcap.gz diff --git a/test/config/80211_keys.tmpl b/test/config/80211_keys.tmpl index 450da23791..63593e5849 100644 --- a/test/config/80211_keys.tmpl +++ b/test/config/80211_keys.tmpl @@ -1,5 +1,6 @@ # Keys needed for the decryption test suite "wpa-pwd","Induction" +"wpa-pwd","test0815" "wpa-psk","a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4" "wpa-psk","79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a" "wpa-psk","23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162" diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh index dd4202dae3..7795c2238d 100755 --- a/test/suite-decryption.sh +++ b/test/suite-decryption.sh @@ -89,6 +89,22 @@ decryption_step_80211_wpa_eap() { fi test_step_ok } +# WPA decode with message1+2 only and secure bit set on message 2 +# Included in git sources test/captures/wpa-test-decode.pcap.gz +decryption_step_80211_wpa_eapol_incomplete_rekeys() { + $TESTS_DIR/run_and_catch_crashes env $TS_DC_ENV $TSHARK $TS_DC_ARGS \ + -o "wlan.enable_decryption: TRUE" \ + -r "$CAPTURE_DIR/wpa-test-decode.pcap.gz" \ + -Y "icmp.resp_to == 4263" \ + | grep "Echo" > /dev/null 2>&1 + RETURNVALUE=$? + if [ ! $RETURNVALUE -eq $EXIT_OK ]; then + test_step_failed "Not able to follow rekey with missing eapol frames" + return + fi + test_step_ok +} + # DTLS # https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil.tgz @@ -266,6 +282,7 @@ decryption_step_http2() { tshark_decryption_suite() { test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk + test_step_add "IEEE 802.11 WPA PSK Decryption2 (EAPOL frames missing for Win 10 client)" decryption_step_80211_wpa_eapol_incomplete_rekeys test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap test_step_add "DTLS Decryption" decryption_step_dtls test_step_add "SSL Decryption (private key)" decryption_step_ssl |