Wireshark · Ethereal-dev: [Ethereal-dev] Key Information support in EAPOL-Key message

Ethereal-dev: [Ethereal-dev] Key Information support in EAPOL-Key message

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Motonori Shindo <mshindo@xxxxxxxxxxx>

Date: Tue, 14 Oct 2003 16:16:43 +0900 (JST)

Hi,

Please find attached a patch to add Key Information dissection in
EAPOL-Key message that is used in WPA/802.11i.

Regards,

? autom4te-2.53.cache
? packet-eapol.c.save
? packet-eapol.c.working
? packet-ieee80211.c.save
? epan/autom4te-2.53.cache
? gtk2/.deps
? plugins/acn/.deps
? plugins/acn/.libs
? plugins/acn/Makefile
? plugins/acn/Makefile.in
? plugins/acn/acn.la
? plugins/acn/packet-acn.lo
? wiretap/autom4te-2.53.cache
Index: packet-eapol.c
===================================================================
RCS file: /cvsroot/ethereal/packet-eapol.c,v
retrieving revision 1.14
diff -u -r1.14 packet-eapol.c
--- packet-eapol.c	23 Sep 2003 02:35:59 -0000	1.14
+++ packet-eapol.c	14 Oct 2003 07:13:35 -0000
@@ -47,6 +47,15 @@
 static int hf_eapol_keydes_key = -1;
 
 static int hf_eapol_wpa_keydes_keyinfo = -1;
+static int hf_eapol_wpa_keydes_keyinfo_keydes_ver = -1;
+static int hf_eapol_wpa_keydes_keyinfo_key_type = -1;
+static int hf_eapol_wpa_keydes_keyinfo_key_index = -1;
+static int hf_eapol_wpa_keydes_keyinfo_install = -1;
+static int hf_eapol_wpa_keydes_keyinfo_key_ack = -1;
+static int hf_eapol_wpa_keydes_keyinfo_key_mic = -1;
+static int hf_eapol_wpa_keydes_keyinfo_secure = -1;
+static int hf_eapol_wpa_keydes_keyinfo_error = -1;
+static int hf_eapol_wpa_keydes_keyinfo_request = -1;
 static int hf_eapol_wpa_keydes_nonce = -1;
 static int hf_eapol_wpa_keydes_rsc = -1;
 static int hf_eapol_wpa_keydes_id = -1;
@@ -57,6 +66,7 @@
 static gint ett_eapol = -1;
 static gint ett_eapol_keydes_data = -1;
 static gint ett_eapol_key_index = -1;
+static gint ett_keyinfo = -1;
 
 static dissector_handle_t eap_handle;
 static dissector_handle_t data_handle;
@@ -86,8 +96,27 @@
 	{ 0, NULL }
 };
 
+#define KEY_INFO_KEYDES_VER_MASK	0x0007
+#define KEY_INFO_KEY_TYPE_MASK		0x0008
+#define KEY_INFO_KEY_INDEX_MASK		0x0030
+#define KEY_INFO_INSTALL_MASK		0x0040
+#define KEY_INFO_KEY_ACK_MASK		0x0080
+#define KEY_INFO_KEY_MIC_MASK		0x0100
+#define KEY_INFO_SECURE_MASK		0x0200
+#define KEY_INFO_ERROR_MASK		0x0400
+#define KEY_INFO_REQUEST_MASK		0x0800
+
 static const true_false_string keytype_tfs =
 	{ "Unicast", "Broadcast" };
+static const true_false_string tfs_keyinfo_key_type =
+	{ "Pairwise key", "Group key" };
+#define KEYDES_VER_TYPE1	0x01
+#define KEYDES_VER_TYPE2	0x02
+static const value_string keydes_ver[] = {
+	{ KEYDES_VER_TYPE1,	"HMAC-MD5 for MIC and RC4 for encryption" },
+	{ KEYDES_VER_TYPE2,	"AES-CBC-MAC for MIC and HMAC-SHA1 for encryption" },
+	{ 0, 		NULL }
+};
 
 static void
 dissect_eapol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
@@ -99,8 +128,11 @@
   guint       len;
   guint16     eapol_key_len, eapol_data_len;
   guint8      key_index;
+  guint16     keyinfo;
   proto_tree *ti = NULL;
   proto_tree *eapol_tree = NULL;
+  proto_tree *keyinfo_item = NULL;
+  proto_tree *keyinfo_tree = NULL;
   proto_tree *key_index_tree, *keydes_tree;
   tvbuff_t   *next_tvb;
 
@@ -147,8 +179,22 @@
       proto_tree_add_item(eapol_tree, hf_eapol_keydes_type, tvb, offset, 1, FALSE);
       offset += 1;
       if (keydesc_type == EAPOL_WPA_KEY) {
-        proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_keyinfo, tvb,
-        		    offset, 2, tvb_get_ntohs(tvb, offset));
+	keyinfo = tvb_get_ntohs(tvb, offset);
+	keyinfo_item = 
+	  proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_keyinfo, tvb,
+			      offset, 2, keyinfo);
+
+	keyinfo_tree = proto_item_add_subtree(keyinfo_item, ett_keyinfo);
+	proto_tree_add_uint(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_keydes_ver, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_type, tvb, offset, 2, keyinfo);
+	proto_tree_add_uint(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_index, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_install, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_ack, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_mic, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_secure, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_error, tvb, offset, 2, keyinfo);
+	proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_request, tvb, offset, 2, keyinfo);
+
         offset += 2;
         proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset,
         		    2, tvb_get_ntohs(tvb, offset));
@@ -263,6 +309,61 @@
 	{ &hf_eapol_wpa_keydes_keyinfo, {
 		"Key Information", "eapol.keydes.key_info", FT_UINT16,
 		BASE_HEX, NULL, 0x0, "WPA key info", HFILL }},
+
+	{ &hf_eapol_wpa_keydes_keyinfo_keydes_ver, {
+		"Key Descriptor Version", 
+		"eapol.keydes.key_info.keydes_ver", 
+		FT_UINT16, BASE_DEC, VALS(&keydes_ver),
+		KEY_INFO_KEYDES_VER_MASK, 
+		"Key Descriptor Version Type", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_key_type, {
+		"Key Type", 
+		"eapol.keydes.key_info.key_type", 
+		FT_BOOLEAN, 16, TFS(&tfs_keyinfo_key_type), 
+		KEY_INFO_KEY_TYPE_MASK, 
+		"Key Type (Pairwise or Group)", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_key_index, {
+		"Key Index", 
+		"eapol.keydes.key_info.key_index", 
+		FT_UINT16, BASE_DEC, NULL, 
+		KEY_INFO_KEY_INDEX_MASK, 
+		"Key Index (0-3)", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_install, {
+		"Install flag", 
+		"eapol.keydes.key_info.install", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_INSTALL_MASK, 
+		"Install flag", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_key_ack, {
+		"Key Ack flag", 
+		"eapol.keydes.key_info.key_ack", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_KEY_ACK_MASK, 
+		"Key Ack flag", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_key_mic, {
+		"Key MIC flag", 
+		"eapol.keydes.key_info.key_mic", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_KEY_MIC_MASK, 
+		"Key MIC flag", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_secure, {
+		"Secure flag", 
+		"eapol.keydes.key_info.secure", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_SECURE_MASK, 
+		"Secure flag", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_error, {
+		"Error flag", 
+		"eapol.keydes.key_info.error", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_ERROR_MASK, 
+		"Error flag", HFILL }},
+	{ &hf_eapol_wpa_keydes_keyinfo_request, {
+		"Request flag", 
+		"eapol.keydes.key_info.request", 
+		FT_BOOLEAN, 16, TFS(&flags_set_truth), 
+		KEY_INFO_REQUEST_MASK, 
+		"Request flag", HFILL }},
 	{ &hf_eapol_wpa_keydes_nonce, {
 		"Nonce", "eapol.keydes.nonce", FT_BYTES, BASE_NONE,
 		NULL, 0x0, "WPA Key Nonce", HFILL }},
@@ -285,6 +386,7 @@
   static gint *ett[] = {
 	&ett_eapol,
 	&ett_eapol_keydes_data,
+	&ett_keyinfo,
 	&ett_eapol_key_index
   };

Follow-Ups:
- Re: [Ethereal-dev] Key Information support in EAPOL-Key message
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Ethereal crashed when opening captured file (ERROR tvbuff.c)
Next by Date: [Ethereal-dev] Documenting the ethereal source code:
Previous by thread: Re: [Ethereal-dev] Ethereal crashed when opening captured file (ERROR tvbuff.c)
Next by thread: Re: [Ethereal-dev] Key Information support in EAPOL-Key message
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$