4 files changed, 17 insertions, 1 deletions

diff --git a/epan/crypt/dot11decrypt.c b/epan/crypt/dot11decrypt.c
index 7bbc4751b3..fe0d2593df 100644
--- a/epan/crypt/dot11decrypt.c
+++ b/epan/crypt/dot11decrypt.c
@@ -1811,6 +1811,7 @@ Dot11DecryptGetIntegrityAlgoFromAkm(int akm, int *algo, gboolean *hmac)
             break;
 #endif
         case 11:
+        case 18:
             *algo = GCRY_MD_SHA256;
             *hmac = TRUE;
             break;
@@ -1836,7 +1837,7 @@ Dot11DecryptRsnaMicCheck(
     int akm)
 {
     UCHAR mic[DOT11DECRYPT_WPA_MICKEY_LEN];
-    UCHAR c_mic[HASH_SHA1_LENGTH] = { 0 };  /* MIC 16 byte, the HMAC-SHA1 use a buffer of 20 bytes */
+    UCHAR c_mic[32] = { 0 };  /* MIC 16 byte, though HMAC-SHA256 algo need 32 bytes buffer */
     int algo = -1;
     gboolean hmac = TRUE;
 
@@ -2165,6 +2166,7 @@ static int Dot11DecryptGetPtkLen(int akm, int cipher)
         case 6:
         case 8:
         case 11:
+        case 18:
             /* KCK len + KEK len + TK len */
             ptk_len = 128 + 128 + Dot11DecryptGetTkLen(cipher);
             break;
@@ -2201,6 +2203,7 @@ Dot11DecryptGetDeriveFuncFromAkm(int akm)
         case 11:
         case 12:
         case 13:
+        case 18:
             func = Dot11DecryptRsnaKdfX;
             break;
         default:
@@ -2229,6 +2232,7 @@ Dot11DecryptGetDeriveAlgoFromAkm(int akm)
         case 9:
         case 10:
         case 11:
+        case 18:
             algo = GCRY_MD_SHA256;
             break;
         case 12:
diff --git a/test/captures/owe.pcapng.gz b/test/captures/owe.pcapng.gz
new file mode 100644
index 0000000000..930d6bc503
--- /dev/null
+++ b/test/captures/owe.pcapng.gz
diff --git a/test/config/80211_keys.tmpl b/test/config/80211_keys.tmpl
index a9f3c81632..7cb9811f18 100644
--- a/test/config/80211_keys.tmpl
+++ b/test/config/80211_keys.tmpl
@@ -6,3 +6,4 @@
 "wpa-psk","79258f6ceeecedd3482b92deaabdb675f09bcb4003ef5074f5ddb10a94ebe00a"
 "wpa-psk","23a9ee58c7810546ae3e7509fda9f97435778d689e53a54891c56d02f18ca162"
 "wpa-psk","ecbfe709d6151eaba6a4fd9cba94fbb570c1fc4c15506fad3185b4a0a0cfda9a"
+"wpa-psk","a4b0b2efa7f77d1006eccf1a814b62125c15fac5c137d9cdff8c75c43194268f"
diff --git a/test/suite_decryption.py b/test/suite_decryption.py
index 808c5c6aeb..754c9bffc6 100644
--- a/test/suite_decryption.py
+++ b/test/suite_decryption.py
@@ -90,6 +90,17 @@ class case_decrypt_80211(subprocesstest.SubprocessTestCase):
         self.assertTrue(self.grepOutput('Who has 192.168.5.18'))
         self.assertTrue(self.grepOutput('DHCP ACK'))
 
+    def test_80211_owe(self, cmd_tshark, capture_file):
+        '''IEEE 802.11 decode OWE'''
+        # Included in git sources test/captures/owe.pcapng.gz
+        self.assertRun((cmd_tshark,
+                '-o', 'wlan.enable_decryption: TRUE',
+                '-r', capture_file('owe.pcapng.gz'),
+                '-Y', 'wlan.analysis.tk == 10f3deccc00d5c8f629fba7a0fff34aa || wlan.analysis.gtk == 016b04ae9e6050bcc1f940dda9ffff2b',
+                ))
+        self.assertTrue(self.grepOutput('Who has 192.168.5.2'))
+        self.assertTrue(self.grepOutput('DHCP ACK'))
+
 @fixtures.mark_usefixtures('test_env')
 @fixtures.uses_fixtures
 class case_decrypt_dtls(subprocesstest.SubprocessTestCase):