diff options
author | Jérôme Pouiller <jerome.pouiller@silabs.com> | 2022-09-21 17:42:41 +0200 |
---|---|---|
committer | Alexis La Goutte <alexis.lagoutte@gmail.com> | 2022-09-30 18:37:13 +0000 |
commit | a1e2f3b3f58a4a858331de8b10cd9247300e81d4 (patch) | |
tree | 74e31064dd30ba89d7532e869082dfac67c87b60 /epan/dissectors/packet-ieee80211.c | |
parent | 0f296eb3f911ee4d5b31d14ab9d5dd59a79763fc (diff) |
ieee80211: Fix EAPOL dissector for Wi-SUN
In section 6.5.2.3 ("PTK and GTK Installation Flow"), the Wi-SUN
specification says that the second message in 4 way handshake must have
these properties:
Descriptor Type = 2
Key Information:
1. Key Descriptor Version = 2
2. Key Type = 1 (Pairwise)
3. Install = 0
4. Key Ack = 0
5. Key MIC = 1
6. Secure = 0
7. Error = 0
8. Request = 0
9. Encrypted Key Data = 0
10. SMK Message = 0
11. Reserved = 0
Key Length = 0
Key Replay Counter = see [IEEE802.11] section 11.6.2.
Key Nonce = SUP generated SNonce
EAPOL-Key IV = 0
Key RSC = 0
Key MIC = MIC(KCK, EAPOL) computed over the body of this EAPOL-Key frame
with the Key MIC field first initialized to 0.
Key Data Length = 0
Key Data = none
Thus, until now, the message 2/4 of 4 way handshake was identified as
message 4/4.
Diffstat (limited to 'epan/dissectors/packet-ieee80211.c')
-rw-r--r-- | epan/dissectors/packet-ieee80211.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index fda0a1d32f..d78b7df44c 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -19554,6 +19554,15 @@ static conversation_t *find_wlan_conversation_pinfo(packet_info *pinfo) return find_conversation_pinfo(pinfo, 0); } +static gboolean determine_nonce_is_set(tvbuff_t *tvb) { + int offset; + + for (offset = 12; offset < 12 + 32; offset++) + if (tvb_get_guint8(tvb, offset)) + return TRUE; + return FALSE; +} + static guint16 determine_mic_len(packet_info *pinfo, gboolean assoc_frame, gboolean *defaulted) { guint16 eapol_key_mic_len = 16; /* Default MIC length */ @@ -35715,6 +35724,7 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_ NULL }; guint16 eapol_data_offset = 76; /* 92 - 16 */ + gboolean has_nonce = determine_nonce_is_set(tvb); gboolean defaulted_mic_len = FALSE; guint16 eapol_key_mic_len = determine_mic_len(pinfo, FALSE, &defaulted_mic_len); save_proto_data_value(pinfo, eapol_key_mic_len, MIC_LEN_KEY); @@ -35775,11 +35785,14 @@ dissect_wlan_rsna_eapol_wpa_or_rsn_key(tvbuff_t *tvb, packet_info *pinfo, proto_ use the Secure Bit and/or the Nonce, but there are implementations ignoring the spec. The Secure Bit is incorrectly set on rekeys for Windows clients for Message 2 and the Nonce is non-zero in Message 4 in Bug 11994 (Apple?) */ + /* In Wi-SUN protocol, message 2 does not contains any data. However, all the implementations + * respect 802.11X, so Secure Bit is set only on message 2 and Nonce is set only on message 4 + * (see section 6.5.2.3 of Wi-SUN specification) */ /* When using AES-SIV without plaintext (i.e. only for integrity), the ciphertext has length 16 */ /* With MLO message 4 will have 12 bytes of data */ if (((eapol_key_mic_len == 0) && (eapol_data_len > 16)) || - ((eapol_key_mic_len > 0) && (eapol_data_len != 0) && - (eapol_data_len != 12))) { + ((eapol_key_mic_len > 0) && (eapol_data_len == 0) && !(keyinfo & KEY_INFO_SECURE_MASK) && has_nonce) || + ((eapol_key_mic_len > 0) && (eapol_data_len != 0) && (eapol_data_len != 12))) { ti = proto_tree_add_uint(tree, hf_wlan_rsna_eapol_wpa_keydes_msgnr, tvb, offset, 0, 2); col_set_str(pinfo->cinfo, COL_INFO, "Key (Message 2 of 4)"); |