diff options
author | Gerald Combs <gerald@wireshark.org> | 2008-07-30 22:32:21 +0000 |
---|---|---|
committer | Gerald Combs <gerald@wireshark.org> | 2008-07-30 22:32:21 +0000 |
commit | b5a8677250457bf9bab44eba58d4e8ccc9a8ce29 (patch) | |
tree | 26d0d2af8e6deb28e8476b095ab0aa0e015a625b /epan/crypt/airpdcap_tkip.c | |
parent | 476c61472a9b684ec86ba508b5b20e89a8816708 (diff) |
Add WPA group key decryption from Brian Stormont, via bug 1420:
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
Diffstat (limited to 'epan/crypt/airpdcap_tkip.c')
-rw-r--r-- | epan/crypt/airpdcap_tkip.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/epan/crypt/airpdcap_tkip.c b/epan/crypt/airpdcap_tkip.c index e64b303445..819a0c6dce 100644 --- a/epan/crypt/airpdcap_tkip.c +++ b/epan/crypt/airpdcap_tkip.c @@ -216,17 +216,23 @@ INT AirPDcapTkipDecrypt( UCHAR TA[AIRPDCAP_MAC_LEN], UCHAR TK[AIRPDCAP_TK_LEN]) { + UINT64 TSC64; UINT32 TSC; UINT16 TSC16; UINT8 *IV; UINT16 TTAK[AIRPDCAP_TTAK_LEN]; UINT8 wep_seed[AIRPDCAP_WEP_128_KEY_LEN]; + /* DEBUG_DUMP("TA", TA, 6); */ + IV = tkip_mpdu; - TSC16 = (UINT16)READ_6(IV[2], IV[0], IV[4], IV[5], IV[6], IV[7]); + TSC64 = READ_6(IV[2], IV[0], IV[4], IV[5], IV[6], IV[7]); + TSC16 = (UINT16)TSC64; - TSC = (UINT32)TSC16 >> 16; + /* The original code made no sense!! We were shifting a 16-bit number 16 bits to the right. */ + /* We instead have to have READ_6() be returned to a UINT64 and shift *that* value. */ + TSC = (UINT32)(TSC64 >> 16); AirPDcapTkipMixingPhase1(TTAK, TK, TA, TSC); |