IEEE 802.11: 802.1X (WPA-EAP) rekeying support

This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.

Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).

For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)

Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.

Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.

It was tested primary with WPA-CCMP, but TKIP is also working.

One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.

Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>

3 files changed, 21 insertions, 1 deletions

diff --git a/test/captures/wpa-eap-tls.pcap.gz b/test/captures/wpa-eap-tls.pcap.gz
new file mode 100644
index 0000000000..307e5fadde
--- /dev/null
+++ b/test/captures/wpa-eap-tls.pcap.gz
diff --git a/test/config/80211_keys.tmpl b/test/config/80211_keys.tmpl
index 121a912739..450da23791 100644
--- a/test/config/80211_keys.tmpl
+++ b/test/config/80211_keys.tmpl
@@ -1,2 +1,5 @@
-# This file is automatically generated, DO NOT MODIFY.
+# Keys needed for the decryption test suite
 "wpa-pwd","Induction"
+"wpa-psk","a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4"
+"wpa-psk","79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a"
+"wpa-psk","23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162"
diff --git a/test/suite-decryption.sh b/test/suite-decryption.sh
index 269567810a..86931676b1 100755
--- a/test/suite-decryption.sh
+++ b/test/suite-decryption.sh
@@ -74,6 +74,22 @@ decryption_step_80211_wpa_psk() {
 	test_step_ok
 }
 
+# WPA EAP (EAPOL Rekey)
+# Included in git sources test/captures/wpa-eap-tls.pcap.gz
+decryption_step_80211_wpa_eap() {
+	env $TS_DC_ENV $TSHARK $TS_DC_ARGS \
+		-o "wlan.enable_decryption: TRUE" \
+		-r "$CAPTURE_DIR/wpa-eap-tls.pcap.gz" \
+		-Y "wlan.analysis.tk==7d9987daf5876249b6c773bf454a0da7" \
+		 | grep "Group Message" > /dev/null 2>&1
+	RETURNVALUE=$?
+	if [ ! $RETURNVALUE -eq $EXIT_OK ]; then
+		test_step_failed "Failed to decrypt IEEE 802.11 WPA EAP"
+		return
+	fi
+	test_step_ok
+}
+
 # DTLS
 # https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=snakeoil.tgz
 decryption_step_dtls() {
@@ -214,6 +230,7 @@ decryption_step_http2() {
 
 tshark_decryption_suite() {
 	test_step_add "IEEE 802.11 WPA PSK Decryption" decryption_step_80211_wpa_psk
+	test_step_add "IEEE 802.11 WPA EAP Decryption" decryption_step_80211_wpa_eap
 	test_step_add "DTLS Decryption" decryption_step_dtls
 	test_step_add "SSL Decryption (private key)" decryption_step_ssl
 	test_step_add "SSL Decryption (master secret)" decryption_step_ssl_master_secret