ieee80211: Extended Key ID support

Support Extended Key ID for Individually Addressed Frames from IEEE 802.11 - 2016. Extended Key ID allows unicast (PTK) keys to also use key ID 1 and has an additional RSN attribute "KeyID" in EAPOL #3. Add the additional attribute KeyID to the RSN parser, stop assuming unicast keys are only using key ID 0 and add a test case to verify Extended Key ID parsing and decoding. Change-Id: I43005c74df561be5524fa3738149781f50dafa14 Reviewed-on: https://code.wireshark.org/review/34883 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
author: Alexander Wetzel <alexander.wetzel@web.de> 2019-10-28 18:19:00 +0100
committer: Jaap Keuter <jaap.keuter@xs4all.nl> 2019-11-02 11:40:57 +0000
commit: e7acb32a5a48d57ffd6dc17f6a9de60630f82c7e (patch)
tree: 4aecb398c81f66da4b5615dca4c86f89152472a5 /test
parent: 35615574e5691c7bf2e09254271ac32c9cf59d95 (diff)
2 files changed, 25 insertions, 0 deletions
diff --git a/test/captures/wpa_ptk_extended_key_id.pcap.gz b/test/captures/wpa_ptk_extended_key_id.pcap.gz
new file mode 100644
index 0000000000..c093018f61
--- /dev/null
+++ b/test/captures/wpa_ptk_extended_key_id.pcap.gz
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index e87358ee86..62735c250e 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -112,6 +112,31 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
         self.assertTrue(self.grepOutput('DHCP Discover'))
         self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 8)
 
+    def test_80211_wpa_extended_key_id_rekey(self, cmd_tshark, capture_file):
+        '''WPA decode for Extended Key ID'''
+        # Included in git sources test/captures/wpa_ptk_extended_key_id.pcap.gz
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('wpa_ptk_extended_key_id.pcap.gz'),
+                '-Tfields',
+                '-e' 'wlan.fc.type_subtype',
+                '-e' 'wlan.ra',
+                '-e' 'wlan.analysis.tk',
+                '-e' 'wlan.analysis.gtk',
+                '-e' 'wlan.rsn.ie.ptk.keyid',
+                ))
+        # Verify frames are decoded with the correct key
+        self.assertEqual(self.countOutput('^32\t33:33:00:00:00:16\t\t234a9a6ddcca3cb728751cea49d01bb0\t$'), 5)
+        self.assertEqual(self.countOutput('^32\t33:33:ff:00:00:00\t\t234a9a6ddcca3cb728751cea49d01bb0\t$'), 1)
+        self.assertEqual(self.countOutput('^32\t33:33:ff:00:03:00\t\t234a9a6ddcca3cb728751cea49d01bb0\t$'), 1)
+        self.assertEqual(self.countOutput('^32\tff:ff:ff:ff:ff:ff\t\t234a9a6ddcca3cb728751cea49d01bb0\t$'), 4)
+        self.assertEqual(self.countOutput('^40\t02:00:00:00:03:00\t618b4d1829e2a496d7fd8c034a6d024d\t\t$'), 2)
+        self.assertEqual(self.countOutput('^40\t02:00:00:00:00:00\t618b4d1829e2a496d7fd8c034a6d024d\t\t$'), 1)
+        # Verify RSN PTK KeyID parsing
+        self.assertEqual(self.countOutput('^40\t02:00:00:00:00:00\t\t\t1$'), 1)
+        self.assertEqual(self.countOutput('^40\t02:00:00:00:00:00\tf31ecff5452f4c286cf66ef50d10dabe\t\t0$'), 1)
+        self.assertEqual(self.countOutput('^40\t02:00:00:00:00:00\t28dd851decf3f1c2a35df8bcc22fa1d2\t\t1$'), 1)
+
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
 class case_decrypt_dtls(subprocesstest.SubprocessTestCase):
author	Alexander Wetzel <alexander.wetzel@web.de>	2019-10-28 18:19:00 +0100
committer	Jaap Keuter <jaap.keuter@xs4all.nl>	2019-11-02 11:40:57 +0000
commit	e7acb32a5a48d57ffd6dc17f6a9de60630f82c7e (patch)
tree	4aecb398c81f66da4b5615dca4c86f89152472a5 /test
parent	35615574e5691c7bf2e09254271ac32c9cf59d95 (diff)