diff options
author | Cedric Izoard <cedric.izoard@ceva-dsp.com> | 2016-01-11 14:37:09 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2016-01-13 03:44:26 +0000 |
commit | e48882fd0c6cbd44d95c6c55ea3942219fd84261 (patch) | |
tree | 311219ef588014300e3253d1f7cbe9eb8840b9b2 /epan/crypt | |
parent | 42ca2a994d3720e4f396d9d64e4223c10b75d9e5 (diff) |
[airpcap] Decrypt protected management frames (802.11w)
Enable decryption of Protected Management Frames by:
- Authorizing decryption for robust management frame (i.e. management
frame that may be encrypted): deauth, disassoc and action
(Note: Assume all action frames are robust even if it is not the case)
- Updating initialization of Additional Authentication Data (AAD)
(don't filter-out subtype) and construct nonce (set mgmt flag) for
management frames
Bug: 11995
Change-Id: I7c34a021e4c49111b85d217c9272d24d0e29ecb2
Reviewed-on: https://code.wireshark.org/review/13232
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/crypt')
-rw-r--r-- | epan/crypt/airpdcap.c | 32 | ||||
-rw-r--r-- | epan/crypt/airpdcap_ccmp.c | 8 | ||||
-rw-r--r-- | epan/crypt/airpdcap_int.h | 20 |
3 files changed, 49 insertions, 11 deletions
diff --git a/epan/crypt/airpdcap.c b/epan/crypt/airpdcap.c index b976662a39..5b5dfb3c50 100644 --- a/epan/crypt/airpdcap.c +++ b/epan/crypt/airpdcap.c @@ -661,9 +661,13 @@ INT AirPDcapPacketProcess( return AIRPDCAP_RET_REQ_DATA; } - /* check if the packet is of data type */ - if (AIRPDCAP_TYPE(data[0])!=AIRPDCAP_TYPE_DATA) { - AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "not data packet", AIRPDCAP_DEBUG_LEVEL_5); + /* check if the packet is of data or robust managment type */ + if (!((AIRPDCAP_TYPE(data[0])==AIRPDCAP_TYPE_DATA) || + (AIRPDCAP_TYPE(data[0])==AIRPDCAP_TYPE_MANAGEMENT && + (AIRPDCAP_SUBTYPE(data[0])==AIRPDCAP_SUBTYPE_DISASS || + AIRPDCAP_SUBTYPE(data[0])==AIRPDCAP_SUBTYPE_DEAUTHENTICATION || + AIRPDCAP_SUBTYPE(data[0])==AIRPDCAP_SUBTYPE_ACTION)))) { + AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "not data nor robust mgmt packet", AIRPDCAP_DEBUG_LEVEL_5); return AIRPDCAP_RET_NO_DATA; } @@ -682,7 +686,11 @@ INT AirPDcapPacketProcess( /* get BSSID */ if ( (addr=AirPDcapGetBssidAddress((const AIRPDCAP_MAC_FRAME_ADDR4 *)(data))) != NULL) { memcpy(id.bssid, addr, AIRPDCAP_MAC_LEN); +#ifdef _DEBUG + g_snprintf(msgbuf, MSGBUF_LEN, "BSSID_MAC: %02X.%02X.%02X.%02X.%02X.%02X\t", + id.bssid[0],id.bssid[1],id.bssid[2],id.bssid[3],id.bssid[4],id.bssid[5]); AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", msgbuf, AIRPDCAP_DEBUG_LEVEL_3); +#endif } else { AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "BSSID not found", AIRPDCAP_DEBUG_LEVEL_5); return AIRPDCAP_RET_REQ_DATA; @@ -691,7 +699,11 @@ INT AirPDcapPacketProcess( /* get STA address */ if ( (addr=AirPDcapGetStaAddress((const AIRPDCAP_MAC_FRAME_ADDR4 *)(data))) != NULL) { memcpy(id.sta, addr, AIRPDCAP_MAC_LEN); +#ifdef _DEBUG + g_snprintf(msgbuf, MSGBUF_LEN, "STA_MAC: %02X.%02X.%02X.%02X.%02X.%02X\t", + id.sta[0],id.sta[1],id.sta[2],id.sta[3],id.sta[4],id.sta[5]); AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", msgbuf, AIRPDCAP_DEBUG_LEVEL_3); +#endif } else { AIRPDCAP_DEBUG_PRINT_LINE("AirPDcapPacketProcess", "SA not found", AIRPDCAP_DEBUG_LEVEL_5); return AIRPDCAP_RET_REQ_DATA; @@ -1590,11 +1602,11 @@ AirPDcapStoreSa( * key caching. In each case, it's more important to return a value than * to return a _correct_ value, so we fudge addresses in some cases, e.g. * the BSSID in bridged connections. - * FromDS ToDS Sta BSSID - * 0 0 addr2 addr3 - * 0 1 addr2 addr1 - * 1 0 addr1 addr2 - * 1 1 addr2 addr1 + * FromDS ToDS Sta BSSID + * 0 0 addr1/2 addr3 + * 0 1 addr2 addr1 + * 1 0 addr1 addr2 + * 1 1 addr2 addr1 */ static const UCHAR * @@ -1603,6 +1615,10 @@ AirPDcapGetStaAddress( { switch(AIRPDCAP_DS_BITS(frame->fc[1])) { /* Bit 1 = FromDS, bit 0 = ToDS */ case 0: + if (memcmp(frame->addr2, frame->addr3, AIRPDCAP_MAC_LEN) == 0) + return frame->addr1; + else + return frame->addr2; case 1: return frame->addr2; case 2: diff --git a/epan/crypt/airpdcap_ccmp.c b/epan/crypt/airpdcap_ccmp.c index cedfe423e2..ac27c26181 100644 --- a/epan/crypt/airpdcap_ccmp.c +++ b/epan/crypt/airpdcap_ccmp.c @@ -112,6 +112,7 @@ static void ccmp_init_blocks( UINT8 a[AES_BLOCK_LEN], UINT8 b[AES_BLOCK_LEN]) { + UINT8 mgmt = (AIRPDCAP_TYPE(wh->fc[0]) == AIRPDCAP_TYPE_MANAGEMENT); #define IS_4ADDRESS(wh) \ ((wh->fc[1] & AIRPDCAP_FC1_DIR_MASK) == AIRPDCAP_FC1_DIR_DSTODS) #define IS_QOS_DATA(wh) AIRPDCAP_QOS_HAS_SEQ(wh) @@ -144,7 +145,10 @@ static void ccmp_init_blocks( */ aad[0] = 0; /* AAD length >> 8 */ /* NB: aad[1] set below */ - aad[2] = (UINT8)(wh->fc[0] & 0x8f); /* XXX magic #s */ + if (!mgmt) + aad[2] = (UINT8)(wh->fc[0] & 0x8f); /* XXX magic #s */ + else + aad[2] = wh->fc[0]; aad[3] = (UINT8)(wh->fc[1] & 0xc7); /* XXX magic #s */ /* NB: we know 3 addresses are contiguous */ memcpy(aad + 4, &wh->addr1[0], 3 * AIRPDCAP_MAC_LEN); @@ -188,6 +192,8 @@ static void ccmp_init_blocks( b0[1] = 0; aad[1] = 22; } + if (mgmt) + b0[1] |= 0x10; /* set MGMT flag */ memset(&aad[26], 0, 4); } diff --git a/epan/crypt/airpdcap_int.h b/epan/crypt/airpdcap_int.h index e0d3f1ea95..ec69aece0c 100644 --- a/epan/crypt/airpdcap_int.h +++ b/epan/crypt/airpdcap_int.h @@ -51,8 +51,24 @@ #define AIRPDCAP_TYPE_CONTROL 1 #define AIRPDCAP_TYPE_DATA 2 -/* Min length of encrypted data (TKIP=25bytes, CCMP=21bytes) */ -#define AIRPDCAP_CRYPTED_DATA_MINLEN 21 +/* IEEE 802.11 packet subtype values */ +#define AIRPDCAP_SUBTYPE_ASSOC_REQ 0 +#define AIRPDCAP_SUBTYPE_ASSOC_RESP 1 +#define AIRPDCAP_SUBTYPE_REASSOC_REQ 2 +#define AIRPDCAP_SUBTYPE_REASSOC_RESP 3 +#define AIRPDCAP_SUBTYPE_PROBE_REQ 4 +#define AIRPDCAP_SUBTYPE_PROBE_RESP 5 +#define AIRPDCAP_SUBTYPE_MEASUREMENT_PILOT 6 +#define AIRPDCAP_SUBTYPE_BEACON 8 +#define AIRPDCAP_SUBTYPE_ATIM 9 +#define AIRPDCAP_SUBTYPE_DISASS 10 +#define AIRPDCAP_SUBTYPE_AUTHENTICATION 11 +#define AIRPDCAP_SUBTYPE_DEAUTHENTICATION 12 +#define AIRPDCAP_SUBTYPE_ACTION 13 +#define AIRPDCAP_SUBTYPE_ACTION_NO_ACK 14 + +/* Min length of encrypted data (TKIP=21bytes, CCMP=17bytes) */ +#define AIRPDCAP_CRYPTED_DATA_MINLEN 17 #define AIRPDCAP_TA_OFFSET 10 |