From f5849f1c7ce03f7429189af105a8439e56076757 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 28 Feb 2020 01:30:00 +0200 Subject: [PATCH] wlantest: Add more notes about decryption into pcapng Note the used TK/GTK and KeyID in frame notes when writing decrypted frames to a PCAPNG file. Signed-off-by: Jouni Malinen --- wlantest/rx_data.c | 73 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 57 insertions(+), 16 deletions(-) diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c index d6c7a54c7..63da868d3 100644 --- a/wlantest/rx_data.c +++ b/wlantest/rx_data.c @@ -119,8 +119,21 @@ static void rx_data_process(struct wlantest *wt, const u8 *bssid, } +static void write_decrypted_note(struct wlantest *wt, const u8 *decrypted, + const u8 *tk, size_t tk_len, int keyid) +{ + char tk_hex[65]; + + if (!decrypted) + return; + + wpa_snprintf_hex(tk_hex, sizeof(tk_hex), tk, tk_len); + add_note(wt, MSG_EXCESSIVE, "TK[%d] %s", keyid, tk_hex); +} + + static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, - const struct ieee80211_hdr *hdr, + const struct ieee80211_hdr *hdr, int keyid, const u8 *data, size_t data_len, size_t *decrypted_len) { struct wlantest_ptk *ptk; @@ -152,7 +165,10 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher, } if (decrypted) { wpa_debug_level = prev_level; - add_note(wt, MSG_DEBUG, "Found PTK match from list of all known PTKs"); + add_note(wt, MSG_DEBUG, + "Found PTK match from list of all known PTKs"); + write_decrypted_note(wt, decrypted, ptk->ptk.tk, + ptk->ptk.tk_len, keyid); return decrypted; } } @@ -229,14 +245,20 @@ static void rx_data_bss_prot_group(struct wlantest *wt, ccmp_get_pn(pn, data); if (os_memcmp(pn, bss->rsc[keyid], 6) <= 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); - add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR - " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s", + char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1]; + + wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6); + wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), bss->rsc[keyid], 6); + add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR + " A2=" MACSTR " A3=" MACSTR + " seq=%u frag=%u%s keyid=%d %s<=%s", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl), (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ? - " Retry" : ""); + " Retry" : "", + keyid, pn_hex, rsc_hex); wpa_hexdump(MSG_INFO, "RX PN", pn, 6); wpa_hexdump(MSG_INFO, "RSC", bss->rsc[keyid], 6); replay = 1; @@ -260,6 +282,11 @@ skip_replay_det: hdr, data, len, &dlen); if (decrypted) { + char gtk[65]; + + wpa_snprintf_hex(gtk, sizeof(gtk), bss->gtk[keyid], + bss->gtk_len[keyid]); + add_note(wt, MSG_EXCESSIVE, "GTK[%d] %s", keyid, gtk); rx_data_process(wt, bss->bssid, NULL, dst, src, decrypted, dlen, 1, NULL); if (!replay) @@ -451,14 +478,20 @@ static void rx_data_bss_prot(struct wlantest *wt, ccmp_get_pn(pn, data); if (os_memcmp(pn, rsc, 6) <= 0) { u16 seq_ctrl = le_to_host16(hdr->seq_ctrl); - add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR - " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s", + char pn_hex[6 * 2 + 1], rsc_hex[6 * 2 + 1]; + + wpa_snprintf_hex(pn_hex, sizeof(pn_hex), pn, 6); + wpa_snprintf_hex(rsc_hex, sizeof(rsc_hex), rsc, 6); + add_note(wt, MSG_INFO, "replay detected: A1=" MACSTR + " A2=" MACSTR " A3=" MACSTR + " seq=%u frag=%u%s keyid=%d tid=%d %s<=%s", MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr3), WLAN_GET_SEQ_SEQ(seq_ctrl), WLAN_GET_SEQ_FRAG(seq_ctrl), (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ? - " Retry" : ""); + " Retry" : "", + keyid, tid, pn_hex, rsc_hex); wpa_hexdump(MSG_INFO, "RX PN", pn, 6); wpa_hexdump(MSG_INFO, "RSC", rsc, 6); replay = 1; @@ -466,16 +499,22 @@ static void rx_data_bss_prot(struct wlantest *wt, skip_replay_det: if (tk) { - if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) + if (sta->pairwise_cipher == WPA_CIPHER_CCMP_256) { decrypted = ccmp_256_decrypt(tk, hdr, data, len, &dlen); - else if (sta->pairwise_cipher == WPA_CIPHER_GCMP || - sta->pairwise_cipher == WPA_CIPHER_GCMP_256) + write_decrypted_note(wt, decrypted, tk, 32, keyid); + } else if (sta->pairwise_cipher == WPA_CIPHER_GCMP || + sta->pairwise_cipher == WPA_CIPHER_GCMP_256) { decrypted = gcmp_decrypt(tk, sta->ptk.tk_len, hdr, data, len, &dlen); - else + write_decrypted_note(wt, decrypted, tk, sta->ptk.tk_len, + keyid); + } else { decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen); + write_decrypted_note(wt, decrypted, tk, 16, keyid); + } } else if (sta->pairwise_cipher == WPA_CIPHER_TKIP) { decrypted = tkip_decrypt(sta->ptk.tk, hdr, data, len, &dlen); + write_decrypted_note(wt, decrypted, sta->ptk.tk, 32, keyid); } else if (sta->pairwise_cipher == WPA_CIPHER_WEP40) { decrypted = wep_decrypt(wt, hdr, data, len, &dlen); } else if (sta->ptk_set) { @@ -489,14 +528,16 @@ skip_replay_det: else decrypted = ccmp_decrypt(sta->ptk.tk, hdr, data, len, &dlen); + write_decrypted_note(wt, decrypted, sta->ptk.tk, + sta->ptk.tk_len, keyid); } else { - decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data, - len, &dlen); + decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid, + data, len, &dlen); ptk_iter_done = 1; } if (!decrypted && !ptk_iter_done) { - decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, data, - len, &dlen); + decrypted = try_all_ptk(wt, sta->pairwise_cipher, hdr, keyid, + data, len, &dlen); if (decrypted) { add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs"); }