The idea is to allow user to enter TK as decryption key. When decrypting packets if no valid SA exist either due to 4WHS missing in packet capture or due to non supported AKMS Wireshark would try decrypting using all user entered TKs and all supported ciphers. If a packet can be successfully decrypted an SA would be formed from the inputs used. Then on subsequent packets the SA already exists and decryption can continue without repeated attempts. Performance should be acceptable I hope.
I uploaded a non-finished patch implementing support for decryption using TK entered by user here:
Mohit Khattar: If you know how to download patches from Gerrit and build, feel free to try it out. Hopefully it can be used to successfully decrypt your FT captures.
/Mikael
