diff options
author | Mikael Kanstrup <mikael.kanstrup@sony.com> | 2019-03-18 14:56:39 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2019-03-21 12:13:58 +0000 |
commit | 9cf77ec5e12e24f1a8c6eb9fa14c015b830f066b (patch) | |
tree | c8f339d4d4f6ff956fd734c026e9b5b1f006be72 /test | |
parent | b780bb19bdf46d100fc6aa9afda8049b0d371730 (diff) |
ieee80211: Support decrypting WPA3-Personal / SAE captures
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/wpa3-sae.pcapng.gz | bin | 0 -> 5981 bytes | |||
-rw-r--r-- | test/config/80211_keys.tmpl | 1 | ||||
-rw-r--r-- | test/suite_decryption.py | 10 |
3 files changed, 11 insertions, 0 deletions
diff --git a/test/captures/wpa3-sae.pcapng.gz b/test/captures/wpa3-sae.pcapng.gz Binary files differnew file mode 100644 index 0000000000..755827065e --- /dev/null +++ b/test/captures/wpa3-sae.pcapng.gz diff --git a/test/config/80211_keys.tmpl b/test/config/80211_keys.tmpl index 0f3874baa2..a9f3c81632 100644 --- a/test/config/80211_keys.tmpl +++ b/test/config/80211_keys.tmpl @@ -5,3 +5,4 @@ "wpa-psk","a5001e18e0b3f792278825bc3abff72d7021d7c157b600470ef730e2490835d4" "wpa-psk","79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a" "wpa-psk","23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162" +"wpa-psk","ecbfe709d6151eaba6a4fd9cba94fbb570c1fc4c15506fad3185b4a0a0cfda9a" diff --git a/test/suite_decryption.py b/test/suite_decryption.py index 113096584a..808c5c6aeb 100644 --- a/test/suite_decryption.py +++ b/test/suite_decryption.py @@ -79,6 +79,16 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase): )) self.assertEqual(self.countOutput('ICMP.*Echo .ping'), 2) + def test_80211_wpa3_personal(self, cmd_tshark, capture_file): + '''IEEE 802.11 decode WPA3 personal / SAE''' + # Included in git sources test/captures/wpa3-sae.pcapng.gz + self.assertRun((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-r', capture_file('wpa3-sae.pcapng.gz'), + '-Y', 'wlan.analysis.tk == 20a2e28f4329208044f4d7edca9e20a6 || wlan.analysis.gtk == 1fc82f8813160031d6bf87bca22b6354', + )) + self.assertTrue(self.grepOutput('Who has 192.168.5.18')) + self.assertTrue(self.grepOutput('DHCP ACK')) @fixtures.mark_usefixtures('test_env') @fixtures.uses_fixtures |