Re: IEEE 802.11 WPA3 decryption support

[Guy Harris <guy () alum mit edu>]

On Mar 25, 2019, at 2:32 AM, Kanstrup, Mikael <Mikael.Kanstrup () sony com> wrote:

> I started working on WPA3 decryption support. Some parts of it has already been merged.

So does this mean we'll prove Michael Berg of Tamosoft wrong?

        https://twitter.com/TamoSoft/status/1049975990695399424

"WPA3 will make it impossible to perform on-the-fly or post-capture decryption of WiFi packets by tools like CommView 
for WiFi. Good security, but still upsetting from the packet analysis standpoint..."

> The dot11crypt engine duplicate quite a lot IEEE 802.11 dissector functionality

Yes, and it shouldn't.

(It may originally have been code used in the AirPcap adapters and adapted for use in Wireshark, but there's no reason 
I can see to keep them in sync, especially given that 1) they've probably already diverged in ways that keep our 
version of the code usable in the adapters and 2) those adapters may be a dead product line, as they haven't done 
anything past 11n.)

> but now also lack certain parts.

And that's one reason why it shouldn't, but it shouldn't have even duplicated that functionality for WEP/WPA/WPA2.

> Instead of adding further duplication I'd like to propose the following changes:
>
> - Replace the scan for keys functionality from dot11decrypt engine with a new SetKey(from, to, key_index, key) 
> function that the IEEE802.11 dissector can call when a key is found.

Yes!
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe