Wireshark · Wireshark-dev: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes

Wireshark-dev: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes

From: Richard Sharpe <realrichardsharpe@xxxxxxxxx>

Date: Tue, 2 Jan 2018 21:02:49 -0800

Hi folks,

The DPP spec requires the EAPOL Key MIC length to be the same as the
Nonce length.

I have a capture with such frames and the 4-way handshake seems to
have worked, so the code dealing with it seems happy.

The problem is how do I determine that a MIC longer than 16 is being used?

The only clue I have is that the Key Descriptor Version is a value (0)
listed as Reserved in 802.1X-2010.

However, 802.11-2016 Section 12.7.2 (Figure 12-33 and description)
indicates that avalue of 0 is normal and the MIC Length varies.
Unfortunately, 12.7.3 and Table 12-8 suggests that the max value is 24
bytes, not the 32 bytes I am seeing.

Perhaps the only thing I can do is to introduce a preference for EAPOL
that allows the user to specify a different Key MIC size.

Thoughts.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)

Follow-Ups:
- Re: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Trying to enable logs for wireshark
Next by Date: Re: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes
Previous by thread: [Wireshark-dev] Trying to enable logs for wireshark
Next by thread: Re: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes
Index(es):
- Date
- Thread