ieee80211: Support decrypting WPA3-Personal / SAE captures

Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.

SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.

Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.

Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index 113096584a..808c5c6aeb 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -79,6 +79,16 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
                 ))
         self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 2)
 
+    def test_80211_wpa3_personal(self, cmd_tshark, capture_file):
+        '''IEEE 802.11 decode WPA3 personal / SAE'''
+        # Included in git sources test/captures/wpa3-sae.pcapng.gz
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('wpa3-sae.pcapng.gz'),
+                '-Y', 'wlan.analysis.tk == 20a2e28f4329208044f4d7edca9e20a6 || wlan.analysis.gtk == 1fc82f8813160031d6bf87bca22b6354',
+                ))
+        self.assertTrue(self.grepOutput('Who has 192.168.5.18'))
+        self.assertTrue(self.grepOutput('DHCP ACK'))
 
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures