diff options
author | Mikael Kanstrup <mikael.kanstrup@sony.com> | 2020-05-22 21:32:38 +0200 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2020-06-01 07:23:56 +0000 |
commit | 42544c8c44c12b45ff6c156cd3e6e8c1b23e150e (patch) | |
tree | 4ea308a74570fefa5f90fe32c2eb2c7418067ffe /test/suite_decryption.py | |
parent | f1bc8ad34b55cba7234536483d42c551fc3b2f17 (diff) |
dot11decrypt: Support decryption using TK user input
Add support for TK user input keys. With this Wireshark can
decrypt packet captures where 4WHS frames are missing and
packet captures with non-supported AKMS, for example
802.11r / Fast BSS Transitioning.
Decryption using user TK works as a backup if the normal
decryption flow does not succeed. Having TK decryption keys
added will affect general IEEE 802.11 dissector performance
as each encrypted packet will be tested with every TK.
Worst case scenario is plenty of TKs where none of them
matches encrypted frames.
On successful user TK decryption an SA is formed based on
parameters used to decrypt the frame. This SA is similar to
what is formed when Wireshark detects and derive keys from
4WHS messages. With the SA entry in place the decryption
performance (success case) should be on par with "normal"
decryption flow.
Bug: 16579
Change-Id: I72c2c1e2c6693131d3ba07f8ddb8ff772c1b54a9
Reviewed-on: https://code.wireshark.org/review/37217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'test/suite_decryption.py')
-rw-r--r-- | test/suite_decryption.py | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 92962924fb..45c8c99b77 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -214,6 +214,74 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase): self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK is correct self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK is correct +@fixtures.mark_usefixtures('test_env_80211_user_tk') +@fixtures.uses_fixtures +class case_decrypt_80211_user_tk(subprocesstest.SubprocessTestCase): + def test_80211_user_tk_tkip(self, cmd_tshark, capture_file): + '''IEEE 802.11 decode TKIP using user TK''' + # Included in git sources test/captures/wpa1-gtk-rekey.pcapng.gz + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa1-gtk-rekey.pcapng.gz'), + '-Y', 'wlan.analysis.tk == "d0e57d224c1bb8806089d8c23154074c" || wlan.analysis.gtk == "6eaf63f4ad7997ced353723de3029f4d" || wlan.analysis.gtk == "fb42811bcb59b7845376246454fbdab7"', + )) + self.assertTrue(self.grepOutput('DHCP Discover')) + self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 8) + + def test_80211_user_tk_ccmp(self, cmd_tshark, capture_file, features): + '''IEEE 802.11 decode CCMP-128 using user TK''' + # Included in git sources test/captures/wpa2-psk-mfp.pcapng.gz + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa2-psk-mfp.pcapng.gz'), + '-Y', 'wlan.analysis.tk == 4e30e8c019bea43ea5262b10853b818d || wlan.analysis.gtk == 70cdbf2e5bc0ca22e53930818a5d80e4', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK decryption + self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK decryption + self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK decryption + + def test_80211_user_tk_ccmp_256(self, cmd_tshark, capture_file, features): + '''IEEE 802.11 decode CCMP-256 using user TK''' + # Included in git sources test/captures/wpa-ccmp-256.pcapng.gz + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa-ccmp-256.pcapng.gz'), + '-Y', 'wlan.analysis.tk == 4e6abbcf9dc0943936700b6825952218f58a47dfdf51dbb8ce9b02fd7d2d9e40 || wlan.analysis.gtk == 502085ca205e668f7e7c61cdf4f731336bb31e4f5b28ec91860174192e9b2190', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK decryption + self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK decryption + self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK decryption + + def test_80211_user_tk_gcmp(self, cmd_tshark, capture_file, features): + '''IEEE 802.11 decode GCMP using user TK''' + # Included in git sources test/captures/wpa-gcmp.pcapng.gz + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa-gcmp.pcapng.gz'), + '-Y', 'wlan.analysis.tk == 755a9c1c9e605d5ff62849e4a17a935c || wlan.analysis.gtk == 7ff30f7a8dd67950eaaf2f20a869a62d', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK decryption + self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK decryption + self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK decryption + + def test_80211_wpa_gcmp_256(self, cmd_tshark, capture_file, features): + '''IEEE 802.11 decode GCMP-256 using user TK''' + # Included in git sources test/captures/wpa-gcmp-256.pcapng.gz + if not features.have_libgcrypt16: + self.skipTest('Requires GCrypt 1.6 or later.') + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa-gcmp-256.pcapng.gz'), + '-Y', 'wlan.analysis.tk == b3dc2ff2d88d0d34c1ddc421cea17f304af3c46acbbe7b6d808b6ebf1b98ec38 || wlan.analysis.gtk == a745ee2313f86515a155c4cb044bc148ae234b9c72707f772b69c2fede3e4016', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.5')) # Verifies GTK decryption + self.assertTrue(self.grepOutput('DHCP Request')) # Verifies TK decryption + self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK decryption + @fixtures.mark_usefixtures('test_env') @fixtures.uses_fixtures class case_decrypt_dtls(subprocesstest.SubprocessTestCase): |