From b5a8677250457bf9bab44eba58d4e8ccc9a8ce29 Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Wed, 30 Jul 2008 22:32:21 +0000 Subject: Add WPA group key decryption from Brian Stormont, via bug 1420: Although this patch successfully recognizes group keys and decrypts packets properly using the group key, there is a limitation. If an AP is using key rotation, clicking on individual packets in a trace may not properly decrypt a packet encrypted with a group key. This is because the current structure used in Wireshark only supports one active unicast and one active group key. If a new key has been seen, but you are looking at a packet encrypted with an older key, it will not decrypt. The summary lines, however, do show the packets properly decrypted. I've written up a much longer and more detailed explanation in a comment in the code, along with a proposed idea for a solution, plus a clunky work-around in the GUI when using the current code. I also suspect there might still be a problem with decrypting TKIP groups keys that are sent using WPA2 authentication. In the most common operation, if you are using WPA2, you'll also be using AES keys. It's not a common AP configuration to use WPA2 with TKIP. In fact, most APs don't seem to support it. Since it is an uncommon setup, I haven't put aside the time to test this patch against such an AP. I do have access to an AP that supports this, so when I have the time I'll test it and if needed, will submit another patch to handle that odd-ball condition. From me: Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated in the comments). Preserve the GPL licensing text in several files (which the patch shouldn't have removed). Remove changes that added whitespace. Convert C++-style comments to C-style. Update to include recent SVN changes (e.g. renaming variables named "index"). Remove extraneous printf's. Define DEBUG_DUMP in airpdcap_debug.h. Comment out some instances of DEBUG_DUMP. Change malloc/free to g_malloc/g_free. Use g_memdup instead of allocating and copying. Use gint16 instead of INT16 in airpdcap_rijndael.c. Add Brian to AUTHORS. svn path=/trunk/; revision=25879 --- epan/crypt/airpdcap_tkip.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'epan/crypt/airpdcap_tkip.c') diff --git a/epan/crypt/airpdcap_tkip.c b/epan/crypt/airpdcap_tkip.c index e64b303445..819a0c6dce 100644 --- a/epan/crypt/airpdcap_tkip.c +++ b/epan/crypt/airpdcap_tkip.c @@ -216,17 +216,23 @@ INT AirPDcapTkipDecrypt( UCHAR TA[AIRPDCAP_MAC_LEN], UCHAR TK[AIRPDCAP_TK_LEN]) { + UINT64 TSC64; UINT32 TSC; UINT16 TSC16; UINT8 *IV; UINT16 TTAK[AIRPDCAP_TTAK_LEN]; UINT8 wep_seed[AIRPDCAP_WEP_128_KEY_LEN]; + /* DEBUG_DUMP("TA", TA, 6); */ + IV = tkip_mpdu; - TSC16 = (UINT16)READ_6(IV[2], IV[0], IV[4], IV[5], IV[6], IV[7]); + TSC64 = READ_6(IV[2], IV[0], IV[4], IV[5], IV[6], IV[7]); + TSC16 = (UINT16)TSC64; - TSC = (UINT32)TSC16 >> 16; + /* The original code made no sense!! We were shifting a 16-bit number 16 bits to the right. */ + /* We instead have to have READ_6() be returned to a UINT64 and shift *that* value. */ + TSC = (UINT32)(TSC64 >> 16); AirPDcapTkipMixingPhase1(TTAK, TK, TA, TSC); -- cgit v1.2.3