wlantest: Add more notes about decryption into pcapng

Note the used TK/GTK and KeyID in frame notes when writing decrypted
frames to a PCAPNG file.

Signed-off-by: Jouni Malinen <j@w1.fi>

wlantest/rx_data.c

@@ -119,8 +119,21 @@ static void rx_data_process(struct wlantest *wt, const u8 *bssid,
 }
 
 
+static void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
+				 const u8 *tk, size_t tk_len, int keyid)
+{
+	char tk_hex[65];
+
+	if (!decrypted)
+		return;
+
+	wpa_snprintf_hex(tk_hex, sizeof(tk_hex), tk, tk_len);
+	add_note(wt, MSG_EXCESSIVE, "TK[%d] %s", keyid, tk_hex);
+}
+
+
 static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
-			const struct ieee80211_hdr *hdr,
+			const struct ieee80211_hdr *hdr, int keyid,
 			const u8 *data, size_t data_len, size_t *decrypted_len)
 {
 	struct wlantest_ptk *ptk;
@@ -152,7 +165,10 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
 		}
 		if (decrypted) {
 			wpa_debug_level = prev_level;
-			add_note(wt, MSG_DEBUG, "Found PTK match from list of all known PTKs");
+			add_note(wt, MSG_DEBUG,
+				 "Found PTK match from list of all known PTKs");
+			write_decrypted_note(wt, decrypted, ptk->ptk.tk,
+					     ptk->ptk.tk_len, keyid);
 			return decrypted;
 		}
 	}
@@ -229,14 +245,20 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
 		ccmp_get_pn(pn, data);
 	if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) {
 		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
-			 " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
+		char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
+
+		wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
+		wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), bss->rsc[keyid], 6);
+		add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
+			 " A2=" MACSTR " A3=" MACSTR
+			 " seq=%u frag=%u%s keyid=%d %s<=%s",
 			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
 			 MAC2STR(hdr->addr3),
 			 WLAN_GET_SEQ_SEQ(seq_ctrl),
 			 WLAN_GET_SEQ_FRAG(seq_ctrl),
 			 (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
-			 " Retry" : "");
+			 " Retry" : "",
+			 keyid, pn_hex, rsc_hex);
 		wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
 		wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6);
 		replay = 1;
@@ -260,6 +282,11 @@ skip_replay_det:
 					 hdr, data, len, &dlen);
 
 	if (decrypted) {
+		char gtk[65];
+
+		wpa_snprintf_hex(gtk, sizeof(gtk), bss->gtk[keyid],
+				 bss->gtk_len[keyid]);
+		add_note(wt, MSG_EXCESSIVE, "GTK[%d] %s", keyid, gtk);
 		rx_data_process(wt, bss->bssid, NULL, dst, src, decrypted,
 				dlen, 1, NULL);
 		if (!replay)
@@ -451,14 +478,20 @@ static void rx_data_bss_prot(struct wlantest *wt,
 		ccmp_get_pn(pn, data);
 	if (os_memcmp(pn, rsc, 6) <= 0) {
 		u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
-		add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
-			 " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
+		char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
+
+		wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
+		wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), rsc, 6);
+		add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
+			 " A2=" MACSTR " A3=" MACSTR
+			 " seq=%u frag=%u%s keyid=%d tid=%d %s<=%s",
 			 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
 			 MAC2STR(hdr->addr3),
 			 WLAN_GET_SEQ_SEQ(seq_ctrl),
 			 WLAN_GET_SEQ_FRAG(seq_ctrl),
 			 (le_to_host16(hdr->frame_control) &  WLAN_FC_RETRY) ?
-			 " Retry" : "");
+			 " Retry" : "",
+			 keyid, tid, pn_hex, rsc_hex);
 		wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
 		wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
 		replay = 1;
@@ -466,16 +499,22 @@ static void rx_data_bss_prot(struct wlantest *wt,
 
 skip_replay_det:
 	if (tk) {
-		if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256)
+		if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) {
 			decrypted = ccmp_256_decrypt(tk, hdr, data, len, &dlen);
-		else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
-			 sta->pairwise_cipher == WPA_CIPHER_GCMP_256)
+			write_decrypted_note(wt, decrypted, tk, 32, keyid);
+		} else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
+			   sta->pairwise_cipher == WPA_CIPHER_GCMP_256) {
 			decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, data,
 						 len, &dlen);
-		else
+			write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len,
+					     keyid);
+		} else {
 			decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen);
+			write_decrypted_note(wt, decrypted, tk, 16, keyid);
+		}
 	} else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
 		decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen);
+		write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid);
 	} else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) {
 		decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
 	} else if (sta->ptk_set) {
@@ -489,14 +528,16 @@ skip_replay_det:
 		else
 			decrypted = ccmp_decrypt(sta->ptk.tk, hdr, data, len,
 						 &dlen);
+		write_decrypted_note(wt, decrypted, sta->ptk.tk,
+				     sta->ptk.tk_len, keyid);
 	} else {
-		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
-					len, &dlen);
+		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
+					data, len, &dlen);
 		ptk_iter_done = 1;
 	}
 	if (!decrypted && !ptk_iter_done) {
-		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
-					len, &dlen);
+		decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
+					data, len, &dlen);
 		if (decrypted) {
 			add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
 		}