Ask Your Question
0

Wireshark decryption needs updates for AKM 24

asked 2025-05-12 19:19:29 +0000

presto8 gravatar image

Regarding WPA3 decyption, it appears that epan/crypt/dot11decrypt.c may not have kept up-to-date with some of the changes in the underlying IEEE spec.

Specifically, AKM 24 supports three different integrity algorithms: HMAC-SHA-256, -384, and -512. The resulting KCK size is 128, 192, or 256 bits accordingly. This is mostly dependent on whether group 19, 20, or 21 is chosen.

However, several functions in dot11decrypt.c make decisions solely based on AKM:

Dot11DecryptGetIntegrityAlgoFromAkm
Dot11DecryptGetKckLen
Dot11DecryptGetKekLen
Dot11DecryptGetHashAlgoFromAkm

For this reason, decryption of WPA3 encrypted traffic currently does not work in Wireshark if the AKM is 24.

Note that AKM 18 also supports different integrity algorithms and KCK length.

I tried modifying the functions above to add "case 24:" and hard-code 128-bit and HMAC-SHA-256, but the decryption still didn't work. Thought I would raise the issue here to see if anybody had any advice. Thanks!

Source: IEEE Std 802.11-2024, table 12-11.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-05-13 05:22:45 +0000

SYN-bit gravatar image

updated 2025-05-13 05:23:34 +0000

Thanks for reporting this issue, however, we keep track of bugs and/or enhancement requests on gitlab. Could you add this as an enhancement request on https://gitlab.com/wireshark/wireshar...

edit flag offensive delete link more

Comments

Thank you, I'll do that :-)

presto8 gravatar imagepresto8 ( 2025-05-13 13:15:39 +0000 )edit

Thank you!

SYN-bit gravatar imageSYN-bit ( 2025-05-13 21:52:23 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-05-12 19:19:29 +0000

Seen: 41 times

Last updated: 2 days ago