path: root/test
diff options
authordeagol <alexander.wetzel@web.de>2015-05-01 22:56:50 +0200
committerAnders Broman <a.broman58@gmail.com>2015-05-08 04:27:49 +0000
commit1439eb677820fff055df86e43341fde1d94a64d1 (patch)
tree31b136ae73871a6182c5c634100b9eea07185a16 /test
parentb644698bef613c4bb1eda5d2f7481620583fc185 (diff)
IEEE 802.11: 802.1X (WPA-EAP) rekeying support
This patch extends the existing decryption support for WPA to also handle rekeys by checking each decrypted packet for a 4-way-handshake. Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise (WPA-EAP). For decrypting WPA-EAP secured packets the user must provide all used PMK's of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark via the existing interface. (The capture must have all 4-way-handshakes included also, starting with the first unencrypted one.) Every decrypted unicast packet will habe the used PMK and TK shown in the CCMP/TKIP section below the key index in the GUI. Group packets will display the GTK instead. Additionally this fixes a small issue with group rekey handling, so every packet can be selected in the GUI in random order, removing the need to manually find the correct group keying packets prior to that. It was tested primary with WPA-CCMP, but TKIP is also working. One section in the code touch bluetooth 802.1X support. It should do exactly the same, but will now also examine all decypted packets for rekeys. Ping-Bug: 11172 Change-Id: I19d055581fce6268df888da63485a48326046748 Reviewed-on: https://code.wireshark.org/review/8268 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'test')
-rw-r--r--test/captures/wpa-eap-tls.pcap.gzbin0 -> 25629 bytes
3 files changed, 21 insertions, 1 deletions
diff --git a/test/captures/wpa-eap-tls.pcap.gz b/test/captures/wpa-eap-tls.pcap.gz
new file mode 100644
index 0000000000..307e5fadde
--- /dev/null
+++ b/test/captures/wpa-eap-tls.pcap.gz
Binary files differ
diff --git a/test/config/80211_keys.tmpl b/test/config/80211_keys.tmpl
index 121a912739..450da23791 100644
--- a/test/config/80211_keys.tmpl
+++ b/test/config/80211_keys.tmpl
@@ -1,2 +1,5 @@
-# This file is automatically generated, DO NOT MODIFY.
+# Keys needed for the decryption test suite
diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh
index 269567810a..86931676b1 100755
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@@ -74,6 +74,22 @@ decryption_step_80211_wpa_psk() {
+# WPA EAP (EAPOL Rekey)
+# Included in git sources test/captures/wpa-eap-tls.pcap.gz
+decryption_step_80211_wpa_eap() {
+ -o "wlan.enable_decryption: TRUE" \
+ -r "$CAPTURE_DIR/wpa-eap-tls.pcap.gz" \
+ -Y "wlan.analysis.tk==7d9987daf5876249b6c773bf454a0da7" \
+ | grep "Group Message" > /dev/null 2>&1
+ if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+ test_step_failed "Failed to decrypt IEEE 802.11 WPA EAP"
+ return
+ fi
+ test_step_ok
# https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil.tgz
decryption_step_dtls() {
@@ -214,6 +230,7 @@ decryption_step_http2() {
tshark_decryption_suite() {
test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
+ test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap
test_step_add "DTLS Decryption" decryption_step_dtls
test_step_add "SSL Decryption (private key)" decryption_step_ssl
test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret