Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
dot11decrypt_system.h
Go to the documentation of this file.
1
9#ifndef _DOT11DECRYPT_SYSTEM_H
10#define _DOT11DECRYPT_SYSTEM_H
11
12/************************************************************************/
13/* Constant definitions */
14
15/* General definitions */
16#define DOT11DECRYPT_RET_SUCCESS 0
17#define DOT11DECRYPT_RET_UNSUCCESS 1
18
19#define DOT11DECRYPT_RET_NO_DATA 1
20#define DOT11DECRYPT_RET_WRONG_DATA_SIZE 2
21#define DOT11DECRYPT_RET_REQ_DATA 3
22#define DOT11DECRYPT_RET_NO_VALID_HANDSHAKE 4
23#define DOT11DECRYPT_RET_NO_DATA_ENCRYPTED 5
24
25#define DOT11DECRYPT_RET_SUCCESS_HANDSHAKE -1
26
27#define DOT11DECRYPT_MAX_KEYS_NR 64
28
29/* Decryption algorithms fields size definition (bytes) */
30#define DOT11DECRYPT_WPA_NONCE_LEN 32
31#define DOT11DECRYPT_WPA_PTK_MAX_LEN 88 /* TKIP 48, CCMP 64, GCMP-256 88 bytes */
32#define DOT11DECRYPT_WPA_MICKEY_MAX_LEN 24
33
34#define DOT11DECRYPT_WEP_128_KEY_LEN 16 /* 128 bits */
35
36/* General 802.11 constants */
37#define DOT11DECRYPT_MAC_LEN 6
38#define DOT11DECRYPT_RADIOTAP_HEADER_LEN 24
39
40#define DOT11DECRYPT_EAPOL_MAX_LEN 1024U
41
42#define DOT11DECRYPT_TK_LEN 16
43
44/* Max length of capture data */
45#define DOT11DECRYPT_MAX_CAPLEN 8192
46
47#define DOT11DECRYPT_WEP_IVLEN 3 /* 24bit */
48#define DOT11DECRYPT_WEP_KIDLEN 1 /* 1 octet */
49#define DOT11DECRYPT_WEP_ICV 4
50#define DOT11DECRYPT_WEP_HEADER DOT11DECRYPT_WEP_IVLEN + DOT11DECRYPT_WEP_KIDLEN
51#define DOT11DECRYPT_WEP_TRAILER DOT11DECRYPT_WEP_ICV
52
53/*
54 * 802.11i defines an extended IV for use with non-WEP ciphers.
55 * When the EXTIV bit is set in the key id byte an additional
56 * 4 bytes immediately follow the IV for TKIP. For CCMP the
57 * EXTIV bit is likewise set but the 8 bytes represent the
58 * CCMP header rather than IV+extended-IV.
59 */
60#define DOT11DECRYPT_RSNA_EXTIV 0x20
61#define DOT11DECRYPT_RSNA_EXTIVLEN 4 /* extended IV length */
62#define DOT11DECRYPT_TKIP_MICLEN 8 /* trailing MIC */
63
64#define DOT11DECRYPT_RSNA_HEADER DOT11DECRYPT_WEP_HEADER + DOT11DECRYPT_RSNA_EXTIVLEN
65
66#define DOT11DECRYPT_CCMP_HEADER DOT11DECRYPT_RSNA_HEADER
67#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
68#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
69
70#define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
71#define DOT11DECRYPT_GCMP_TRAILER 16
72
73#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
74#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
75
76#define DOT11DECRYPT_CRC_LEN 4
77
78/************************************************************************/
79/* File includes */
80
81#include <stdint.h>
82#include <stdbool.h>
83
84#include "dot11decrypt_user.h"
85#include "ws_symbol_export.h"
86
87/************************************************************************/
88/* Macro definitions */
89
90/************************************************************************/
91/* Type definitions */
92
93typedef struct _DOT11DECRYPT_SEC_ASSOCIATION_ID {
94 unsigned char bssid[DOT11DECRYPT_MAC_LEN];
95 unsigned char sta[DOT11DECRYPT_MAC_LEN];
96} DOT11DECRYPT_SEC_ASSOCIATION_ID, *PDOT11DECRYPT_SEC_ASSOCIATION_ID;
97
98typedef struct _DOT11DECRYPT_SEC_ASSOCIATION {
99 /* This is for reassociations. A linked list of old security
100 * associations is kept. GCS
101 */
102 struct _DOT11DECRYPT_SEC_ASSOCIATION* next;
103
104 DOT11DECRYPT_SEC_ASSOCIATION_ID saId;
105 DOT11DECRYPT_KEY_ITEM *key;
106 uint8_t handshake;
107 uint8_t validKey;
108
109 struct {
110 uint8_t key_ver; /* Key descriptor version */
111 unsigned char nonce[DOT11DECRYPT_WPA_NONCE_LEN];
112 /* used to derive PTK, ANonce stored, SNonce taken */
113 /* the 2nd packet of the 4W handshake */
114 int akm;
115 int cipher;
116 int tmp_group_cipher; /* Keep between HS msg 2 and 3 */
117 unsigned char ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; /* session key used in decryption algorithm */
118 int ptk_len;
119 } wpa;
120
121
122} DOT11DECRYPT_SEC_ASSOCIATION, *PDOT11DECRYPT_SEC_ASSOCIATION;
123
124typedef struct _DOT11DECRYPT_CONTEXT {
125 GHashTable *sa_hash;
126 DOT11DECRYPT_KEY_ITEM keys[DOT11DECRYPT_MAX_KEYS_NR];
127 size_t keys_nr;
128 char pkt_ssid[DOT11DECRYPT_WPA_SSID_MAX_LEN];
129 size_t pkt_ssid_len;
130} DOT11DECRYPT_CONTEXT, *PDOT11DECRYPT_CONTEXT;
131
132typedef enum _DOT11DECRYPT_HS_MSG_TYPE {
133 DOT11DECRYPT_HS_MSG_TYPE_INVALID = 0,
134 DOT11DECRYPT_HS_MSG_TYPE_4WHS_1,
135 DOT11DECRYPT_HS_MSG_TYPE_4WHS_2,
136 DOT11DECRYPT_HS_MSG_TYPE_4WHS_3,
137 DOT11DECRYPT_HS_MSG_TYPE_4WHS_4,
138 DOT11DECRYPT_HS_MSG_TYPE_GHS_1,
139 DOT11DECRYPT_HS_MSG_TYPE_GHS_2
140} DOT11DECRYPT_HS_MSG_TYPE;
141
142typedef struct _DOT11DECRYPT_FTE {
143 uint8_t *mic;
144 uint8_t mic_len;
145 uint8_t *anonce;
146 uint8_t *snonce;
147 uint8_t *r0kh_id;
148 uint8_t r0kh_id_len;
149 uint8_t *r1kh_id;
150 uint8_t r1kh_id_len;
151} DOT11DECRYPT_FTE, *PDOT11DECRYPT_FTE;
152
153typedef struct _DOT11DECRYPT_EAPOL_PARSED {
154 DOT11DECRYPT_HS_MSG_TYPE msg_type;
155 uint16_t len;
156 uint8_t key_type;
157 uint8_t key_version;
158 uint16_t key_len;
159 uint8_t *key_iv;
160 uint8_t *key_data;
161 uint16_t key_data_len;
162 uint8_t group_cipher;
163 uint8_t cipher;
164 uint8_t akm;
165 uint8_t *nonce;
166 uint8_t *mic;
167 uint16_t mic_len;
168 uint8_t *gtk;
169 uint16_t gtk_len;
170
171 /* For fast bss transition akms */
172 uint8_t *mdid;
173 DOT11DECRYPT_FTE fte;
174} DOT11DECRYPT_EAPOL_PARSED, *PDOT11DECRYPT_EAPOL_PARSED;
175
176typedef struct _DOT11DECRYPT_ASSOC_PARSED
177{
178 uint8_t frame_subtype;
179 uint8_t group_cipher;
180 uint8_t cipher;
181 uint8_t akm;
182 uint8_t *mdid;
183 DOT11DECRYPT_FTE fte;
184 uint8_t* rsne_tag;
185 uint8_t* mde_tag;
186 uint8_t* fte_tag;
187 uint8_t* rde_tag;
188 uint8_t *gtk;
189 uint16_t gtk_len;
190 uint16_t gtk_subelem_key_len;
191 uint8_t bssid[DOT11DECRYPT_MAC_LEN];
192 uint8_t sa[DOT11DECRYPT_MAC_LEN];
193 uint8_t da[DOT11DECRYPT_MAC_LEN];
194} DOT11DECRYPT_ASSOC_PARSED, *PDOT11DECRYPT_ASSOC_PARSED;
195
196/************************************************************************/
197/* Function prototype declarations */
198
199#ifdef __cplusplus
200extern "C" {
201#endif
202
242extern int Dot11DecryptDecryptPacket(
243 PDOT11DECRYPT_CONTEXT ctx,
244 const uint8_t *data,
245 const unsigned data_off,
246 const unsigned data_len,
247 unsigned char *decrypt_data,
248 uint32_t *decrypt_len,
249 PDOT11DECRYPT_KEY_ITEM key)
250 ;
251
271extern int
272Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx,
273 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
274 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
275 const unsigned char sta[DOT11DECRYPT_MAC_LEN],
276 unsigned char *decrypted_data, unsigned *decrypted_len,
277 PDOT11DECRYPT_KEY_ITEM key)
278 ;
279
305extern int Dot11DecryptScanEapolForKeys(
306 PDOT11DECRYPT_CONTEXT ctx,
307 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
308 const uint8_t *eapol_raw,
309 const unsigned tot_len,
310 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
311 const unsigned char sta[DOT11DECRYPT_MAC_LEN])
312 ;
313
333int
334Dot11DecryptScanFtAssocForKeys(
335 const PDOT11DECRYPT_CONTEXT ctx,
336 const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
337 uint8_t *decrypted_gtk, size_t *decrypted_len,
338 DOT11DECRYPT_KEY_ITEM* used_key);
339
353extern int Dot11DecryptScanTdlsForKeys(
354 PDOT11DECRYPT_CONTEXT ctx,
355 const uint8_t *data,
356 const unsigned tot_len)
357 ;
358
367int
368Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck);
369
370int
371Dot11DecryptGetKEK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kek);
372
373int
374Dot11DecryptGetTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **tk);
375
376int
377Dot11DecryptGetGTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **gtk);
378
400extern int Dot11DecryptSetKeys(
401 PDOT11DECRYPT_CONTEXT ctx,
402 DOT11DECRYPT_KEY_ITEM keys[],
403 const size_t keys_nr)
404 ;
405
418int Dot11DecryptSetLastSSID(
419 PDOT11DECRYPT_CONTEXT ctx,
420 char *pkt_ssid,
421 size_t pkt_ssid_len)
422 ;
423
437WS_DLL_PUBLIC
438int Dot11DecryptInitContext(
439 PDOT11DECRYPT_CONTEXT ctx)
440 ;
441
454WS_DLL_PUBLIC
455int Dot11DecryptDestroyContext(
456 PDOT11DECRYPT_CONTEXT ctx)
457 ;
458
459#ifdef __cplusplus
460}
461#endif
462
463#endif /* _DOT11DECRYPT_SYSTEM_H */
Dot11DecryptScanEapolForKeys
int Dot11DecryptScanEapolForKeys(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const uint8_t *eapol_raw, const unsigned tot_len, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN])
Definition dot11decrypt.c:829
Dot11DecryptGetKCK
int Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck)
Definition dot11decrypt.c:578
Dot11DecryptDestroyContext
WS_DLL_PUBLIC int Dot11DecryptDestroyContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1185
Dot11DecryptDecryptPacket
int Dot11DecryptDecryptPacket(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned data_off, const unsigned data_len, unsigned char *decrypt_data, uint32_t *decrypt_len, PDOT11DECRYPT_KEY_ITEM key)
Dot11DecryptDecryptKeyData
int Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN], unsigned char *decrypted_data, unsigned *decrypted_len, PDOT11DECRYPT_KEY_ITEM key)
Definition dot11decrypt.c:409
Dot11DecryptSetLastSSID
int Dot11DecryptSetLastSSID(PDOT11DECRYPT_CONTEXT ctx, char *pkt_ssid, size_t pkt_ssid_len)
Definition dot11decrypt.c:1134
Dot11DecryptSetKeys
int Dot11DecryptSetKeys(PDOT11DECRYPT_CONTEXT ctx, DOT11DECRYPT_KEY_ITEM keys[], const size_t keys_nr)
Definition dot11decrypt.c:1054
Dot11DecryptInitContext
WS_DLL_PUBLIC int Dot11DecryptInitContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1163
Dot11DecryptScanTdlsForKeys
int Dot11DecryptScanTdlsForKeys(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned tot_len)
Definition dot11decrypt.c:632
Dot11DecryptScanFtAssocForKeys
int Dot11DecryptScanFtAssocForKeys(const PDOT11DECRYPT_CONTEXT ctx, const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed, uint8_t *decrypted_gtk, size_t *decrypted_len, DOT11DECRYPT_KEY_ITEM *used_key)
Definition dot11decrypt.c:1822
dot11decrypt_user.h
_DOT11DECRYPT_ASSOC_PARSED
Definition dot11decrypt_system.h:177
_DOT11DECRYPT_CONTEXT
Definition dot11decrypt_system.h:124
_DOT11DECRYPT_EAPOL_PARSED
Definition dot11decrypt_system.h:153
_DOT11DECRYPT_FTE
Definition dot11decrypt_system.h:142
_DOT11DECRYPT_KEY_ITEM
Definition dot11decrypt_user.h:84
_DOT11DECRYPT_SEC_ASSOCIATION_ID
Definition dot11decrypt_system.h:93
_DOT11DECRYPT_SEC_ASSOCIATION
Definition dot11decrypt_system.h:98
decrypt_data
Definition packet-isakmp.c:1889
Generated by doxygen 1.9.8