diff options
| author | Mikael Kanstrup <mikael.kanstrup@sony.com> | 2019-11-10 09:07:48 +0100 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2019-11-14 08:27:37 +0000 |
| commit | 591561387962f2892e639d2bce76392815abfa10 (patch) | |
| tree | f91a2e6ba9e4cd67553f39bb75bfe698ffb4a710 /epan/crypt | |
| parent | 7638ea013d5f6271c48c5474bdab569f6375dcbd (diff) | |
dot11decrypt: Support 384 bit long PMK
With AKMS 00-0F-AC:12 a 384 bit long PMK shall be used. To be able
to support key derivation and decryption from this larger sized
PMK the user PSK / PMK key input validation code is updated as well
as the various places where a hard coded PMK size is used.
Ping-Bug: 16197
Change-Id: I39c9337e8a84095246e3db5ef33dc96fb78e5dc3
Reviewed-on: https://code.wireshark.org/review/35065
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'epan/crypt')
| -rw-r--r-- | epan/crypt/dot11decrypt.c | 20 | ||||
| -rw-r--r-- | epan/crypt/dot11decrypt_user.h | 6 | ||||
| -rw-r--r-- | epan/crypt/wep-wpadefs.h | 7 |
3 files changed, 15 insertions, 18 deletions
diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c index 0ee74e1402..fdf058aa67 100644 --- a/epan/crypt/dot11decrypt.c +++ b/epan/crypt/dot11decrypt.c @@ -237,7 +237,7 @@ static const UCHAR * Dot11DecryptGetBssidAddress( static void Dot11DecryptDerivePtk( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], int key_version, int akm, @@ -246,7 +246,7 @@ Dot11DecryptDerivePtk( static void Dot11DecryptRsnaPrfX( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], const INT x, /* for TKIP 512, for CCMP 384 */ UCHAR *ptk, @@ -255,7 +255,7 @@ Dot11DecryptRsnaPrfX( static void Dot11DecryptRsnaKdfX( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], const INT x, UCHAR *ptk, @@ -304,7 +304,7 @@ const guint8 broadcast_mac[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; typedef void (*DOT11DECRYPT_PTK_DERIVE_FUNC)( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], const INT x, UCHAR *ptk, @@ -966,6 +966,7 @@ INT Dot11DecryptSetKeys( if (keys[i].KeyType==DOT11DECRYPT_KEY_TYPE_WPA_PWD) { DEBUG_PRINT_LINE("Set a WPA-PWD key", DEBUG_LEVEL_4); Dot11DecryptRsnaPwd2Psk(keys[i].UserPwd.Passphrase, keys[i].UserPwd.Ssid, keys[i].UserPwd.SsidLen, keys[i].KeyData.Wpa.Psk); + keys[i].KeyData.Wpa.PskLen = DOT11DECRYPT_WPA_PWD_PSK_LEN; } #ifdef DOT11DECRYPT_DEBUG else if (keys[i].KeyType==DOT11DECRYPT_KEY_TYPE_WPA_PMK) { @@ -2116,7 +2117,7 @@ Dot11DecryptGetDeriveAlgoFromAkm(int akm) static void Dot11DecryptDerivePtk( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], int key_version, int akm, @@ -2162,7 +2163,7 @@ Dot11DecryptDerivePtk( static void Dot11DecryptRsnaPrfX( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], const INT x, /* for TKIP 512, for CCMP 384 */ UCHAR *ptk, @@ -2220,7 +2221,7 @@ Dot11DecryptRsnaPrfX( static void Dot11DecryptRsnaKdfX( DOT11DECRYPT_SEC_ASSOCIATION *sa, - const UCHAR pmk[32], + const UCHAR *pmk, const UCHAR snonce[32], const INT x, UCHAR *ptk, @@ -2350,7 +2351,7 @@ Dot11DecryptRsnaPwd2Psk( Dot11DecryptRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 1, m_output); Dot11DecryptRsnaPwd2PskStep(pp_ba->data, pp_ba->len, ssid, ssidLength, 4096, 2, &m_output[20]); - memcpy(output, m_output, DOT11DECRYPT_WPA_PSK_LEN); + memcpy(output, m_output, DOT11DECRYPT_WPA_PWD_PSK_LEN); g_byte_array_free(pp_ba, TRUE); return 0; @@ -2513,7 +2514,8 @@ parse_key_string(gchar* input_string, guint8 key_type) res = hex_str_to_bytes(input_string, key_ba, FALSE); /* Two tokens means that the user should have entered a WPA-BIN key ... */ - if(!res || ((key_ba->len) != WPA_PSK_KEY_SIZE)) + if(!res || (key_ba->len != DOT11DECRYPT_WPA_PWD_PSK_LEN && + key_ba->len != DOT11DECRYPT_WPA_PMK_MAX_LEN)) { g_byte_array_free(key_ba, TRUE); diff --git a/epan/crypt/dot11decrypt_user.h b/epan/crypt/dot11decrypt_user.h index 1549cd60de..6d06926bda 100644 --- a/epan/crypt/dot11decrypt_user.h +++ b/epan/crypt/dot11decrypt_user.h @@ -43,7 +43,8 @@ #define DOT11DECRYPT_WPA_PASSPHRASE_MAX_LEN 63 /* null-terminated string, the actual length of the storage is 64 */ #define DOT11DECRYPT_WPA_SSID_MIN_LEN 0 #define DOT11DECRYPT_WPA_SSID_MAX_LEN 32 -#define DOT11DECRYPT_WPA_PSK_LEN 32 +#define DOT11DECRYPT_WPA_PMK_MAX_LEN 48 +#define DOT11DECRYPT_WPA_PWD_PSK_LEN 32 /* */ /* */ /******************************************************************************/ @@ -124,8 +125,9 @@ typedef struct _DOT11DECRYPT_KEY_ITEM { * calculated. */ struct DOT11DECRYPT_KEY_ITEMDATA_WPA { - UCHAR Psk[DOT11DECRYPT_WPA_PSK_LEN]; + UCHAR Psk[DOT11DECRYPT_WPA_PMK_MAX_LEN]; UCHAR Ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; + UINT8 PskLen; UINT8 PtkLen; UINT8 Akm; UINT8 Cipher; diff --git a/epan/crypt/wep-wpadefs.h b/epan/crypt/wep-wpadefs.h index b62444b32e..ff7944090e 100644 --- a/epan/crypt/wep-wpadefs.h +++ b/epan/crypt/wep-wpadefs.h @@ -67,13 +67,6 @@ extern "C" { #define WPA_SSID_MIN_BIT_SIZE (WPA_SSID_MIN_CHAR_SIZE*8) /** - * Let the user enter a raw PSK along with a passphrase + SSID - */ -#define WPA_PSK_KEY_SIZE 32 /* Fixed size, 32 bytes (256bit) */ -#define WPA_PSK_KEY_CHAR_SIZE (WPA_PSK_KEY_SIZE*2) -#define WPA_PSK_KEY_BIT_SIZE (WPA_PSK_KEY_SIZE*8) - -/** * Prefix definitions for preferences */ #define STRING_KEY_TYPE_WEP "wep" |