jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wlantest: Add more notes about decryption into pcapng

Browse source 
Note the used TK/GTK and KeyID in frame notes when writing decrypted
frames to a PCAPNG file.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-02-28 01:30:00 +02:00
parent 0e3e3a9ab5
commit f5849f1c7c
1 changed files with 57 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
wlantest/rx_data.c
View file

@ -119,8 +119,21 @@ static void rx_data_process(struct wlantest *wt, const u8 *bssid,
}
static void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
const u8 *tk, size_t tk_len, int keyid)
{
char tk_hex[65];
if (!decrypted)
return;
wpa_snprintf_hex(tk_hex, sizeof(tk_hex), tk, tk_len);
add_note(wt, MSG_EXCESSIVE, "TK[%d] %s", keyid, tk_hex);
}
static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
const struct ieee80211_hdr *hdr,
const struct ieee80211_hdr *hdr, int keyid,
const u8 *data, size_t data_len, size_t *decrypted_len)
{
struct wlantest_ptk *ptk;
@ -152,7 +165,10 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
}
if (decrypted) {
wpa_debug_level = prev_level;
add_note(wt, MSG_DEBUG, "Found PTK match from list of all known PTKs");
add_note(wt, MSG_DEBUG,
"Found PTK match from list of all known PTKs");
write_decrypted_note(wt, decrypted, ptk->ptk.tk,
ptk->ptk.tk_len, keyid);
return decrypted;
}
}
@ -229,14 +245,20 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
ccmp_get_pn(pn, data);
if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), bss->rsc[keyid], 6);
add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR
" seq=%u frag=%u%s keyid=%d %s<=%s",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl),
(le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
" Retry" : "");
" Retry" : "",
keyid, pn_hex, rsc_hex);
wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6);
replay = 1;
@ -260,6 +282,11 @@ skip_replay_det:
hdr, data, len, &dlen);
if (decrypted) {
char gtk[65];
wpa_snprintf_hex(gtk, sizeof(gtk), bss->gtk[keyid],
bss->gtk_len[keyid]);
add_note(wt, MSG_EXCESSIVE, "GTK[%d] %s", keyid, gtk);
rx_data_process(wt, bss->bssid, NULL, dst, src, decrypted,
dlen, 1, NULL);
if (!replay)
@ -451,14 +478,20 @@ static void rx_data_bss_prot(struct wlantest *wt,
ccmp_get_pn(pn, data);
if (os_memcmp(pn, rsc, 6) <= 0) {
u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1];
wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6);
wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), rsc, 6);
add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR
" A2=" MACSTR " A3=" MACSTR
" seq=%u frag=%u%s keyid=%d tid=%d %s<=%s",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3),
WLAN_GET_SEQ_SEQ(seq_ctrl),
WLAN_GET_SEQ_FRAG(seq_ctrl),
(le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
" Retry" : "");
" Retry" : "",
keyid, tid, pn_hex, rsc_hex);
wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
replay = 1;
@ -466,16 +499,22 @@ static void rx_data_bss_prot(struct wlantest *wt,
skip_replay_det:
if (tk) {
if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256)
if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) {
decrypted = ccmp_256_decrypt(tk, hdr, data, len, &dlen);
else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
sta->pairwise_cipher == WPA_CIPHER_GCMP_256)
write_decrypted_note(wt, decrypted, tk, 32, keyid);
} else if (sta->pairwise_cipher == WPA_CIPHER_GCMP ||
sta->pairwise_cipher == WPA_CIPHER_GCMP_256) {
decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, data,
len, &dlen);
else
write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len,
keyid);
} else {
decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen);
write_decrypted_note(wt, decrypted, tk, 16, keyid);
}
} else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen);
write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid);
} else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) {
decrypted = wep_decrypt(wt, hdr, data, len, &dlen);
} else if (sta->ptk_set) {
@ -489,14 +528,16 @@ skip_replay_det:
else
decrypted = ccmp_decrypt(sta->ptk.tk, hdr, data, len,
&dlen);
write_decrypted_note(wt, decrypted, sta->ptk.tk,
sta->ptk.tk_len, keyid);
} else {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
len, &dlen);
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
data, len, &dlen);
ptk_iter_done = 1;
}
if (!decrypted && !ptk_iter_done) {
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data,
len, &dlen);
decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid,
data, len, &dlen);
if (decrypted) {
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
}