Wireshark-bugs: [Wireshark-bugs] [Bug 1420] 802.11 WPA/WPA2-PSK Unable to decode Group Keys
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420
Brian Stormont <nospam@xxxxxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1610| |review_for_checkin?
Flag| |
--- Comment #3 from Brian Stormont <nospam@xxxxxxxxxxxxxxx> 2008-04-02 21:16:00 GMT ---
Created an attachment (id=1610)
--> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1610)
This is a patch for proposed group key support for WPA and WPA2 PSK
This is my first attempt at submitting a patch for Wireshark. If I didn't
follow the proper conventions or did something wrong, please let me know.
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.