Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Ica4e3c1651bda5dbc7b4d77140520ac4db91b792
Reviewed-on: https://code.wireshark.org/review/37538
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I54455eb441b7f222ab118f0187f88491a02c68cd
Reviewed-on: https://code.wireshark.org/review/37491
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I62821de732de36302aa731c9a033c521abb5f6e6
Reviewed-on: https://code.wireshark.org/review/37456
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I6b10f6ece7e6a50f3538ea97ac75a0ec654e434e
Reviewed-on: https://code.wireshark.org/review/37407
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add support for TK user input keys. With this Wireshark can
decrypt packet captures where 4WHS frames are missing and
packet captures with non-supported AKMS, for example
802.11r / Fast BSS Transitioning.
Decryption using user TK works as a backup if the normal
decryption flow does not succeed. Having TK decryption keys
added will affect general IEEE 802.11 dissector performance
as each encrypted packet will be tested with every TK.
Worst case scenario is plenty of TKs where none of them
matches encrypted frames.
On successful user TK decryption an SA is formed based on
parameters used to decrypt the frame. This SA is similar to
what is formed when Wireshark detects and derive keys from
4WHS messages. With the SA entry in place the decryption
performance (success case) should be on par with "normal"
decryption flow.
Bug: 16579
Change-Id: I72c2c1e2c6693131d3ba07f8ddb8ff772c1b54a9
Reviewed-on: https://code.wireshark.org/review/37217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Simplify the SA storage by replacing the static array with a
hash table. This way there's no need to keep track of whether
an entry is used or not and no need to traverse the whole
array for the non-matching case. This change should benefit
performance but was mainly done to prepare for coming changes
where code adding and searching for SA entries is modified. With
this change in place those changes become cleaner.
Change-Id: Ide572c5e4e7e872f1654d8d8f288cd6451f04435
Reviewed-on: https://code.wireshark.org/review/37307
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Remove some unused defines, function parameters and functions.
Change-Id: I1bbc3ff7e0a9d11e8521ddf24b35113d8e332f08
Reviewed-on: https://code.wireshark.org/review/37305
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Added range_string for Operating Indicator Class
information to support Hotspot 2.0 ANQP messages
Bug: 16568
Change-Id: I98db7aed00703cf329d5a96d317bdf655a0f3dcd
Reviewed-on: https://code.wireshark.org/review/37245
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Adding Hotspot 2.0 ANQP Connection Capability Information
so the IP protocol and port assignments show up in the GUI
based on the Hotspot 2.0 documentation and implementation details.
Bug: 16569
Change-Id: Ic3e26e04c5d48269d59b6604b125569328c82faf
Reviewed-on: https://code.wireshark.org/review/37246
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Adding ANQP Type 280 - Network Authentication Type
Information with Timestamp per IEEE 802.11-2016 standard
and adding fields required for timestamp values.
Bug: 16570
Change-Id: Ifbe5d8abc40fcb543c2abaa7478d5feaae2f7945
Reviewed-on: https://code.wireshark.org/review/37247
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Set index start to 1 for Friendly Operator Name subtree.
Moved lang code and name string within subtree.
Bug: 16534
Change-Id: I0fd4d926f585ec432a869c7a15e13b84d5d0f2fb
Reviewed-on: https://code.wireshark.org/review/36996
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Adjusted dissect_anqp_capab_list() to include
~anqp_subtype and ~anqp_reserved fields when
WFA HS2.0 exists as a vendor-specific capability ID.
Bug: 16548
Change-Id: I2923df3f6de42a58af643cd07b29c77e802cdcab
Reviewed-on: https://code.wireshark.org/review/37147
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 16520
Change-Id: If44494d59e325f2fdba99c2b37992a9243b3ed76
Reviewed-on: https://code.wireshark.org/review/36982
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- Fix some fields name
- Use BASE_UNIT to display fields units
Bug: 16494
Change-Id: I004c720bb53fd8afe64494d2574efc137ca94ccf
Reviewed-on: https://code.wireshark.org/review/36874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
In Wi-Fi Agile Multiband Technical Specification it is specified that
'BSS Transition Candidate List Entries' found in WNM Transition
management request/response action frame may contain WFA vendor
specific element.
Bug: 16494
Change-Id: Ifa7a2b1a6da48e6d4920e896340c3671cfb9625e
Reviewed-on: https://code.wireshark.org/review/36871
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
When present in WNM Transition management request, 'BSS Termination
Duration' has the same format as the sub element in neighbor report
element and not just a single 64bits value.
Bug: 16494
Change-Id: I3a5a0659fa9e81e97de7a99fea2cffa6a58eea0e
Reviewed-on: https://code.wireshark.org/review/36870
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
"Wi-fi Agile Multiband" specification also defines WFA vendor specific
sub-elements for WNM notification request.
For simplicity treat those sub-element as normal WFA vendor specific
elements. This is OK as the 'OUI type' for those sub-elements doesn't
clash with 'OUI type' defined for normal elements.
Bug: 16494
Change-Id: Id2321ec283647a6db4be7f475fd5fc107596f854
Reviewed-on: https://code.wireshark.org/review/36869
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
This patch complete dissection of WFA vendor specific MBO-OCE element
with the OCE attributes.
The OCE attributes are defined in 'Optimized Connectivity Experience'
specification. (version 1.1 has been used as reference).
Bug: 16494
Change-Id: I366f230efe1029ca2b97da78a8b80371c438043e
Reviewed-on: https://code.wireshark.org/review/36868
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add parsing of MBO ANQP element as defined by 'Wi-Fi Agile Multiband'
specification (v1.4)
Bug: 16494
Change-Id: If03a9d474912a607fa1752ac1f787b71a45e0fa6
Reviewed-on: https://code.wireshark.org/review/36867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
For Vendor Specific ANQP element the OUI is not included in the packet
subset dissected by the anqp vendor specific function so adapt the
length accordingly.
Bug: 16494
Change-Id: I8082fdabc379cb3ea71c01e6fb009f49afd16dff
Reviewed-on: https://code.wireshark.org/review/36866
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Subtypes (refers to 'OUI type' in most specs) found in Wi-Fi alliance
vendor specific Element and vendor specific ANQP are not part of
single enum so treat them separately.
Also move the 'ANQP' in the macro prefix to allow more consistent
naming when more WFA ANQP are added.
Bug: 16494
Change-Id: I20b187a32230c623eaf1e6ff9f689c8376bb4b5b
Reviewed-on: https://code.wireshark.org/review/36865
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The Multi Band Operation / Optimized Connectivity Experience element
is a vendor specific element defined by the Wi-Fi Alliance.
It is composed of two types of attributes MBO and OCE.
This patch only add support for MBO attributes as defined in
"Wi-fi Agile Multiband" specification (used version 1.4 as reference).
Bug: 16494
Change-Id: I764191f26591dc6b493983681e75bf328777a0b6
Reviewed-on: https://code.wireshark.org/review/36864
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
- Complete list of possible sub elements for beacon measurement
request/report (as of IEEE P802.11REVmd/D3.2)
For sub elements that are also regular elements (request, extended
request, AP channel report and wide bandwidth channel switch) use
the "regular" dissect function instead of duplicating the code.
- Create a sub-tree for each sub element
- Just like request part, add warning for unknown sub elements in
report and properly skip them.
- Correct offset used to read fixed size fields in 'reported frame
body' and skip those fields if the frame is reported with several
fragment
- Used already defined "display functions" for RCPI and RSNI fields in
beacon report (slightly update RSNI function).
- Update TIM element parsing to allow a size of 2 as TIM might be
truncated in frame reported body.
Bug: 16469
Change-Id: If339cf4990b2bf8ec049ce23aa9461c8a9d85be2
Reviewed-on: https://code.wireshark.org/review/36643
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add support for decrypting GCMP/GCMP-256 encrypted IEEE 802.11 traffic
Bug: 16197
Change-Id: I907d772665141c8be10a9f4a187bd76594c8d2e4
Reviewed-on: https://code.wireshark.org/review/36346
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Add support for decrypting CCMP-256 encrypted IEEE 802.11 traffic
Bug: 16197
Change-Id: I0c9ee09e5b71cb02e6d2381049fd5bbb02686f7f
Reviewed-on: https://code.wireshark.org/review/36344
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Includes DMG parameter, Spectrum management and Radio measurement
fields to DMG parameter whenever it is transmitted by a DMG STA/AP.
These fields were added in 802.11ad-2012 Spec.
Change-Id: I56356b804703251981772499534e029a324766df
Signed-off-by: Jambukumar Kulandaivel <jambukumar@codeaurora.org>
Reviewed-on: https://code.wireshark.org/review/36276
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Dissect the 60GHz information element which is part of the
WI-FI alliance (WFA) 60Ghz technical specification version 1.0.
Change-Id: Ib5a7f0e137a8ef11b389253026ee9fb1b54cdfa3
Signed-off-by: Jambukumar Kulandaivel <jambukumar@codeaurora.org>
Reviewed-on: https://code.wireshark.org/review/35975
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
My previous patch was broken and did not handle the new Anti-Clogging Token
container. It was broken because I did not realise that Table 9-42 specified
the order of elements in the SAE Fixed Field. Table 9-43 specifies when
elements will be in which type of SAE request. However, 9-42 specifies the
order.
This has been tested with captures from WFA and Jouni Malinen.
Change-Id: Icbaa53560036c421299c74867ec04d9a28ea8aa0
Reviewed-on: https://code.wireshark.org/review/36098
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The code was not properly corrected and a confirm result would show
a malformed packet because two bytes were not accounted for.
Change-Id: Ibc2f14ec46b0d63401d8d3b3768b032ed9b12e56
Reviewed-on: https://code.wireshark.org/review/36028
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
After feedback from the WFA and checking tables 9-3 and 9-6 in
IEEE802.11-2016 and testing this is more correct.
Change-Id: I26e65046610d887b2bcdac6caa8b4665eb2f6e20
Reviewed-on: https://code.wireshark.org/review/36018
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
With SAE there is a need to handle the anti-clogging token.
Tested with test cases from WFA.
Change-Id: I5bad92677481bc45b7bd10b526aa6a44c200ce17
Reviewed-on: https://code.wireshark.org/review/36019
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ifcf041eb70bd68564d326b94868a45efab86a71f
Reviewed-on: https://code.wireshark.org/review/35568
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
It's the responsibility of code that processes radio metadata (file
readers in libwiretap or dissectors in libwireshark) to set the PHY
correctly, even if it has to infer it from the frequency. The 802.11
dissector should just check the PHY.
Change-Id: Ie6aa73a062c7538cbe2e994fb6a6a2a1e9ac978d
Reviewed-on: https://code.wireshark.org/review/35533
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This prevents the use of too high values when using the
shift operator.
Bug: 15632
Change-Id: Iba4156c3038ca3c6645e41650b716c2ab07d3e43
Reviewed-on: https://code.wireshark.org/review/35344
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I4ef686f5dc9a43f94db34cab0f7fe466ef271585
Reviewed-on: https://code.wireshark.org/review/35482
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Compressed block acks, in the form of 256 bit bitmaps, are parsed
per 64 bit section. Scanning along a section needs to be done by
indexing this section, not the full 256 bits of the complete bitmap.
Change-Id: Id0e6a7299e14be1ad68dd1cf6d736123008854ac
Reviewed-on: https://code.wireshark.org/review/35440
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
If the capture does not contain any indication of the Key MIC Len or we
are making only one pass (such as with tshark) we can actually figure
out the Key MIC Len if we see the first frame of the four-way handshake.
We only use this approach if we used the default value for the Key MIC Len
and defer to other information if it is available. We also save the value
once we have figured it out and only try to figure it out on the first
frame of the four-way handshake.
If we cannot determine the Key MIC length from the first frame in the
four-way handshake we can use the second frame in the four-way handshake.
However, we also need to keep some extra state, specifically, whether or not
we have actually set the last AKM suite seen.
Bug: 16210
Change-Id: I28bc7dacbd34d03b24e66371f66b22853fa608d1
Reviewed-on: https://code.wireshark.org/review/35119
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
The "Preferred AC" field in the "Trigger Dependent User Info"
subfield of the Basic Trigger frame uses the "ACI-to-AC encoding"
described in Table 9-136 of the 2016 IEEE 802.11 specification. The
802.11ax specification refers the reader to this table when describing
the "Preferred AC" field.
Change-Id: I81ca3280c2865bc87fc4a8ddb63b5e8f7255d414
Reviewed-on: https://code.wireshark.org/review/35190
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
With AKMS 00-0F-AC:12 a 384 bit long PMK shall be used. To be able
to support key derivation and decryption from this larger sized
PMK the user PSK / PMK key input validation code is updated as well
as the various places where a hard coded PMK size is used.
Ping-Bug: 16197
Change-Id: I39c9337e8a84095246e3db5ef33dc96fb78e5dc3
Reviewed-on: https://code.wireshark.org/review/35065
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Use AKM, cipher suite and group cipher suite from RSNA to determine
key lenghts and offsets. This allows keys of different lengths
for PTK derivation, MIC validation etc.
Ping-Bug: 16197
Change-Id: I9a721fb9811db89357218b50a2a107cf945d3dae
Reviewed-on: https://code.wireshark.org/review/35064
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The ieee80211 dissector reuses the conversation concept to track
each association as one conversation. For this a simple counter
is incremented on each (re)assoc request frame.
There are two already existing hacky tricks for conversation lookup:
1. Each frame is marked with current assoc counter value
2. pinfo srcport and destport is then set to assoc counter value
With the above a conversation can then be looked up using the normal
conversation utility functions.
Though depending on the dissection flow a conflicting conversation can
be created eap dissector making the conversation lookup used for
function determine_mic_len return the one created by EAP dissector
instead with the effect that wrong mic length is returned.
Building further on this hack a way to solve this is to explictly
mark pinfo srcport destport whenever we're either creating or searching
for a "wlan conversation".
Uploading the patch to get some feedback on how this whole "wlan
conversation" thing can be properly solved. This error was discovered
when working on implementing support for bug 16197 where 24 byte long
MICs are used.
Change-Id: I7bd22cdf5d382a6c5f881ee29820f058d581a94e
Reviewed-on: https://code.wireshark.org/review/35050
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Simplify the still quite complex Dot11DecryptScanEapolForKeys function
and further reduce frame parsing inside Dot11Decrypt engine. This is
done by breaking out the EAPOL keydata decryption step into a new
function Dot11DecryptDecryptKeyData to be called from dissector.
After this Dot11DecryptScanEapolForKeys can now focus on one
task, to scan for keys in (unencrypted) EAPOL key frames.
With keydata decryption step separated from the broadcast
key parsing step the dissectors' GTK parsing can replace
the Dot11Decrypt internal RSN GTK TAG parsing.
Change-Id: I3b89f40586b8b7dbe2ff74cfc30761010d5b80bc
Reviewed-on: https://code.wireshark.org/review/35022
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
To be able to support authentication key management suites that use
different MIC, PMK, PTK lengths the engine would need to be extended
to support parsing EAPOL Key frames with variable field lengts. Though
as the IEEE 802.11 dissector already support this the alternative
(implemented in this patch) is to remove the EAPOL frame parsing inside
the engine and have the dissector feed it with a struct of parsed
fields instead.
For this a new type DOT11DECRYPT_EAPOL_PARSED is exported and
dot11decrypt now expects dissector to fill this struct with parsed
EAPOL fields before calling Dot11DecryptScanEapolForKeys.
Dissection of EAPOL fields is scattered over several functions in the
dissector code so parsed fields are temporarily stored in proto data
and then gathered before fed into dot11decrypt engine.
Change-Id: Ic6aeb4900f373dcde1ea3f1f0f24df2ae827576e
Reviewed-on: https://code.wireshark.org/review/35020
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This reverts commit 39bbb90e783e8ab6b5bc435927e8f05ec809194e.
If you check 9.4.2.242.3 HE PHY Capabilities Information field, you will see the "Supported Channel Width" field starts from B1 of the "HE PHY Capabilities Information field", not B0.
The Table 9-231 Subfields of the HE PHY Capabilities Information fiel applies only for the Channel Width Support Field. So B1 of the PHY cap should be used as B0 of the channel width.
Bug: 16190
Change-Id: Iff5beaf93f57d535b70ffab4b51e4a163aaf3a6d
Reviewed-on: https://code.wireshark.org/review/35038
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 16081
Change-Id: I3d2a9ac8058be1a7e7a686c96b8feb8883085c75
Reviewed-on: https://code.wireshark.org/review/34661
Tested-by: Petri Dish Buildbot
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
EAPOL key message type is known by dissector so no need for dot11decrypt
to parse frames to determine this. Instead feed engine with message
type from dissector. With this some code duplication can be avoided.
Change-Id: Icfd119186ebab5b0db29968df3eb94275d921e76
Reviewed-on: https://code.wireshark.org/review/34929
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
As a step towards removing the parsing of frames inside dot11decrypt
engine separate the key extraction step from the decryption step.
Two new functions for extracting keys are now provided by the
do11decrypt engine. One to be called for EAPOL key frames that
will extract and feed the engine with keys present in 4-way handshake
and group handshake messages. And one to be called for TDLS action
frames to extract keys and feed the engine with keys during TDLS
session establishement.
The old Dot11DecryptPacketProcess function called for all 802.11
frames is simplified and now only has one purpose. To decrypt
encrypted packets. Hence renamed to Dot11DecryptDecryptPacket.
Change-Id: Idb38d538f435ec352c6bbb200a09bc2a2347c42e
Reviewed-on: https://code.wireshark.org/review/34928
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Roland Knall <rknall@gmail.com>
|
|
Change-Id: I221d0bf489ef3eef32d931e4832ce0d8b155ae22
Reviewed-on: https://code.wireshark.org/review/34940
Petri-Dish: Pascal Quantin <pascal@wireshark.org>
Reviewed-by: Pascal Quantin <pascal@wireshark.org>
|
|
Support Extended Key ID for Individually Addressed Frames from
IEEE 802.11 - 2016.
Extended Key ID allows unicast (PTK) keys to also use key ID 1 and has
an additional RSN attribute "KeyID" in EAPOL #3.
Add the additional attribute KeyID to the RSN parser, stop assuming
unicast keys are only using key ID 0 and add a test case to verify
Extended Key ID parsing and decoding.
Change-Id: I43005c74df561be5524fa3738149781f50dafa14
Reviewed-on: https://code.wireshark.org/review/34883
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
|