dot11decrypt: Support decrypting FT initial mobility domain

Add partial support for decrypting captures with connections
established using FT BSS Transition (IEEE 802.11r).

FT BSS Transition decryption comes with the following limitations:

- Only FT-PSK is supported.
- Keys can only be derived from the FT 4-way handshake messages.
- Roaming is not supported.

2 files changed, 11 insertions, 0 deletions

diff --git a/test/captures/wpa2-ft-psk.pcapng.gz b/test/captures/wpa2-ft-psk.pcapng.gz
new file mode 100644
index 0000000000..f40540e2ad
--- /dev/null
+++ b/test/captures/wpa2-ft-psk.pcapng.gz
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index 25f92bfa04..e045b56ee8 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -223,6 +223,17 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
         self.assertTrue(self.grepOutput('DHCP Request'))        # Verifies TK is correct
         self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK is correct
 
+    def test_80211_wpa2_ft_psk(self, cmd_tshark, capture_file):
+        '''IEEE 802.11 decode WPA2 FT PSK'''
+        # Included in git sources test/captures/wpa2-ft-psk.pcapng.gz
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('wpa2-ft-psk.pcapng.gz'),
+                '-Y', 'wlan.analysis.tk == 58f564fd078c3cc8ceb8c8be8e51d30d || wlan.analysis.gtk == a2e4ae32e73603f12ecbce89992de9df',
+                ))
+        self.assertTrue(self.grepOutput('DHCP Request'))           # Verifies GTK decryption
+        self.assertTrue(self.grepOutput(r'Echo \(ping\) request')) # Verifies TK decryption
+
 @fixtures.mark_usefixtures('test_env_80211_user_tk')
 @fixtures.uses_fixtures
 class case_decrypt_80211_user_tk(subprocesstest.SubprocessTestCase):