diff options
author | Mikael Kanstrup <mikael.kanstrup@sony.com> | 2019-03-18 14:56:39 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2019-03-21 12:13:58 +0000 |
commit | 9cf77ec5e12e24f1a8c6eb9fa14c015b830f066b (patch) | |
tree | c8f339d4d4f6ff956fd734c026e9b5b1f006be72 /wsutil/wsgcrypt.c | |
parent | b780bb19bdf46d100fc6aa9afda8049b0d371730 (diff) |
ieee80211: Support decrypting WPA3-Personal / SAE captures
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wsutil/wsgcrypt.c')
-rw-r--r-- | wsutil/wsgcrypt.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/wsutil/wsgcrypt.c b/wsutil/wsgcrypt.c index eef943c272..dcb0ccb325 100644 --- a/wsutil/wsgcrypt.c +++ b/wsutil/wsgcrypt.c @@ -30,6 +30,29 @@ gcry_error_t ws_hmac_buffer(int algo, void *digest, const void *buffer, size_t l return GPG_ERR_NO_ERROR; } +gcry_error_t ws_cmac_buffer(int algo, void *digest, const void *buffer, size_t length, const void *key, size_t keylen) +{ +#if GCRYPT_VERSION_NUMBER >= 0x010600 + gcry_mac_hd_t cmac_handle; + gcry_error_t result = + result = gcry_mac_open(&cmac_handle, algo, 0, NULL); + if (result) { + return result; + } + result = gcry_mac_setkey(cmac_handle, key, keylen); + if (result) { + gcry_mac_close(cmac_handle); + return result; + } + gcry_mac_write(cmac_handle, buffer, length); + gcry_mac_read(cmac_handle, digest, &keylen); + gcry_mac_close(cmac_handle); + return GPG_ERR_NO_ERROR; +#else + return GPG_ERR_UNSUPPORTED_ALGORITHM; +#endif +} + void crypt_des_ecb(guint8 *output, const guint8 *buffer, const guint8 *key56) { guint8 key64[8]; |