Wireshark-dev: [Wireshark-dev] EAPOL and Key MIC values longer than 16 bytes
From: Richard Sharpe <[email protected]>
Date: Tue, 2 Jan 2018 21:02:49 -0800
Hi folks,

The DPP spec requires the EAPOL Key MIC length to be the same as the
Nonce length.

I have a capture with such frames and the 4-way handshake seems to
have worked, so the code dealing with it seems happy.

The problem is how do I determine that a MIC longer than 16 is being used?

The only clue I have is that the Key Descriptor Version is a value (0)
listed as Reserved in 802.1X-2010.

However, 802.11-2016 Section 12.7.2 (Figure 12-33 and description)
indicates that avalue of 0 is normal and the MIC Length varies.
Unfortunately, 12.7.3 and Table 12-8 suggests that the max value is 24
bytes, not the 32 bytes I am seeing.

Perhaps the only thing I can do is to introduce a preference for EAPOL
that allows the user to specify a different Key MIC size.


Richard Sharpe