Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
dot11decrypt_system.h
Go to the documentation of this file.
1
9#ifndef _DOT11DECRYPT_SYSTEM_H
10#define _DOT11DECRYPT_SYSTEM_H
11
12/************************************************************************/
13/* Constant definitions */
14
15/* General definitions */
16#define DOT11DECRYPT_RET_SUCCESS 0
17#define DOT11DECRYPT_RET_UNSUCCESS 1
18
19#define DOT11DECRYPT_RET_NO_DATA 1
20#define DOT11DECRYPT_RET_WRONG_DATA_SIZE 2
21#define DOT11DECRYPT_RET_REQ_DATA 3
22#define DOT11DECRYPT_RET_NO_VALID_HANDSHAKE 4
23#define DOT11DECRYPT_RET_NO_DATA_ENCRYPTED 5
24
25#define DOT11DECRYPT_RET_SUCCESS_HANDSHAKE -1
26
27#define DOT11DECRYPT_MAX_KEYS_NR 64
28
29/* Decryption algorithms fields size definition (bytes) */
30#define DOT11DECRYPT_WPA_NONCE_LEN 32
31#define DOT11DECRYPT_WPA_PTK_MAX_LEN 88 /* TKIP 48, CCMP 64, GCMP-256 88 bytes */
32#define DOT11DECRYPT_WPA_MICKEY_MAX_LEN 24
33
34#define DOT11DECRYPT_WEP_128_KEY_LEN 16 /* 128 bits */
35
36/* General 802.11 constants */
37#define DOT11DECRYPT_MAC_LEN 6
38#define DOT11DECRYPT_RADIOTAP_HEADER_LEN 24
39
40#define DOT11DECRYPT_EAPOL_MAX_LEN 1024U
41
42#define DOT11DECRYPT_TK_LEN 16
43
44/* Max length of capture data */
45#define DOT11DECRYPT_MAX_CAPLEN 8192
46
47#define DOT11DECRYPT_WEP_IVLEN 3 /* 24bit */
48#define DOT11DECRYPT_WEP_KIDLEN 1 /* 1 octet */
49#define DOT11DECRYPT_WEP_ICV 4
50#define DOT11DECRYPT_WEP_HEADER DOT11DECRYPT_WEP_IVLEN + DOT11DECRYPT_WEP_KIDLEN
51#define DOT11DECRYPT_WEP_TRAILER DOT11DECRYPT_WEP_ICV
52
53/*
54 * 802.11i defines an extended IV for use with non-WEP ciphers.
55 * When the EXTIV bit is set in the key id byte an additional
56 * 4 bytes immediately follow the IV for TKIP. For CCMP the
57 * EXTIV bit is likewise set but the 8 bytes represent the
58 * CCMP header rather than IV+extended-IV.
59 */
60#define DOT11DECRYPT_RSNA_EXTIV 0x20
61#define DOT11DECRYPT_RSNA_EXTIVLEN 4 /* extended IV length */
62#define DOT11DECRYPT_TKIP_MICLEN 8 /* trailing MIC */
63
64#define DOT11DECRYPT_RSNA_HEADER DOT11DECRYPT_WEP_HEADER + DOT11DECRYPT_RSNA_EXTIVLEN
65
66#define DOT11DECRYPT_CCMP_HEADER DOT11DECRYPT_RSNA_HEADER
67#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
68#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
69
70#define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
71#define DOT11DECRYPT_GCMP_TRAILER 16
72
73#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
74#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
75
76#define DOT11DECRYPT_CRC_LEN 4
77
78/************************************************************************/
79/* File includes */
80
81#include <stdint.h>
82#include <stdbool.h>
83
84#include "dot11decrypt_user.h"
85#include "ws_symbol_export.h"
86
87/************************************************************************/
88/* Macro definitions */
89
90/************************************************************************/
91/* Type definitions */
92
94 unsigned char bssid[DOT11DECRYPT_MAC_LEN];
95 unsigned char sta[DOT11DECRYPT_MAC_LEN];
97
99 /* This is for reassociations. A linked list of old security
100 * associations is kept. GCS
101 */
103
106 uint8_t handshake;
107 uint8_t validKey;
108
109 struct {
110 uint8_t key_ver; /* Key descriptor version */
111 unsigned char nonce[DOT11DECRYPT_WPA_NONCE_LEN];
112 /* used to derive PTK, ANonce stored, SNonce taken */
113 /* the 2nd packet of the 4W handshake */
114 int akm;
115 int cipher;
116 int tmp_group_cipher; /* Keep between HS msg 2 and 3 */
117 unsigned char ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; /* session key used in decryption algorithm */
118 int ptk_len;
119 } wpa;
120
121
123
124typedef struct _DOT11DECRYPT_CONTEXT {
125 GHashTable *sa_hash;
126 DOT11DECRYPT_KEY_ITEM keys[DOT11DECRYPT_MAX_KEYS_NR];
127 size_t keys_nr;
128 char pkt_ssid[DOT11DECRYPT_WPA_SSID_MAX_LEN];
129 size_t pkt_ssid_len;
131
132typedef enum _DOT11DECRYPT_HS_MSG_TYPE {
133 DOT11DECRYPT_HS_MSG_TYPE_INVALID = 0,
134 DOT11DECRYPT_HS_MSG_TYPE_4WHS_1,
135 DOT11DECRYPT_HS_MSG_TYPE_4WHS_2,
136 DOT11DECRYPT_HS_MSG_TYPE_4WHS_3,
137 DOT11DECRYPT_HS_MSG_TYPE_4WHS_4,
138 DOT11DECRYPT_HS_MSG_TYPE_GHS_1,
139 DOT11DECRYPT_HS_MSG_TYPE_GHS_2
140} DOT11DECRYPT_HS_MSG_TYPE;
141
142typedef struct _DOT11DECRYPT_FTE {
143 uint8_t *mic;
144 uint8_t mic_len;
145 uint8_t *anonce;
146 uint8_t *snonce;
147 uint8_t *r0kh_id;
148 uint8_t r0kh_id_len;
149 uint8_t *r1kh_id;
150 uint8_t r1kh_id_len;
152
154 DOT11DECRYPT_HS_MSG_TYPE msg_type;
155 uint16_t len;
156 uint8_t key_type;
157 uint8_t key_version;
158 uint16_t key_len;
159 uint8_t *key_iv;
160 uint8_t *key_data;
161 uint16_t key_data_len;
162 uint8_t group_cipher;
163 uint8_t cipher;
164 uint8_t akm;
165 uint8_t *nonce;
166 uint8_t *mic;
167 uint16_t mic_len;
168 uint8_t *gtk;
169 uint16_t gtk_len;
170
171 /* For fast bss transition akms */
172 uint8_t *mdid;
175
177{
178 uint8_t frame_subtype;
179 uint8_t group_cipher;
180 uint8_t cipher;
181 uint8_t akm;
182 uint8_t *mdid;
184 uint8_t* rsne_tag;
185 uint8_t* rsnxe_tag;
186 uint8_t* mde_tag;
187 uint8_t* fte_tag;
188 uint8_t* rde_tag;
189 uint8_t *gtk;
190 uint16_t gtk_len;
191 uint16_t gtk_subelem_key_len;
192 uint8_t bssid[DOT11DECRYPT_MAC_LEN];
193 uint8_t sa[DOT11DECRYPT_MAC_LEN];
194 uint8_t da[DOT11DECRYPT_MAC_LEN];
196
197/************************************************************************/
198/* Function prototype declarations */
199
200#ifdef __cplusplus
201extern "C" {
202#endif
203
245 const uint8_t *data,
246 const unsigned data_off,
247 const unsigned data_len,
248 unsigned char *decrypt_data,
249 uint32_t *decrypt_len,
251 ;
252
272extern int
274 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
275 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
276 const unsigned char sta[DOT11DECRYPT_MAC_LEN],
277 unsigned char *decrypted_data, unsigned *decrypted_len,
279 ;
280
308 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
309 const uint8_t *eapol_raw,
310 const unsigned tot_len,
311 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
312 const unsigned char sta[DOT11DECRYPT_MAC_LEN])
313 ;
314
334int
336 const PDOT11DECRYPT_CONTEXT ctx,
337 const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
338 uint8_t *decrypted_gtk, size_t *decrypted_len,
339 DOT11DECRYPT_KEY_ITEM* used_key);
340
356 const uint8_t *data,
357 const unsigned tot_len)
358 ;
359
368int
369Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck);
370
371int
372Dot11DecryptGetKEK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kek);
373
374int
375Dot11DecryptGetTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **tk);
376
377int
378Dot11DecryptGetGTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **gtk);
379
401extern int Dot11DecryptSetKeys(
404 const size_t keys_nr)
405 ;
406
421 char *pkt_ssid,
422 size_t pkt_ssid_len)
423 ;
424
438WS_DLL_PUBLIC
441 ;
442
455WS_DLL_PUBLIC
458 ;
459
460#ifdef __cplusplus
461}
462#endif
463
464#endif /* _DOT11DECRYPT_SYSTEM_H */
int Dot11DecryptScanEapolForKeys(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const uint8_t *eapol_raw, const unsigned tot_len, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN])
Definition dot11decrypt.c:829
int Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck)
Definition dot11decrypt.c:578
WS_DLL_PUBLIC int Dot11DecryptDestroyContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1185
int Dot11DecryptDecryptPacket(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned data_off, const unsigned data_len, unsigned char *decrypt_data, uint32_t *decrypt_len, PDOT11DECRYPT_KEY_ITEM key)
int Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN], unsigned char *decrypted_data, unsigned *decrypted_len, PDOT11DECRYPT_KEY_ITEM key)
Definition dot11decrypt.c:409
int Dot11DecryptSetLastSSID(PDOT11DECRYPT_CONTEXT ctx, char *pkt_ssid, size_t pkt_ssid_len)
Definition dot11decrypt.c:1134
int Dot11DecryptSetKeys(PDOT11DECRYPT_CONTEXT ctx, DOT11DECRYPT_KEY_ITEM keys[], const size_t keys_nr)
Definition dot11decrypt.c:1054
WS_DLL_PUBLIC int Dot11DecryptInitContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1163
int Dot11DecryptScanTdlsForKeys(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned tot_len)
Definition dot11decrypt.c:632
int Dot11DecryptScanFtAssocForKeys(const PDOT11DECRYPT_CONTEXT ctx, const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed, uint8_t *decrypted_gtk, size_t *decrypted_len, DOT11DECRYPT_KEY_ITEM *used_key)
Definition dot11decrypt.c:1822
Definition dot11decrypt_system.h:177
Definition dot11decrypt_system.h:124
Definition dot11decrypt_system.h:153
Definition dot11decrypt_system.h:142
Definition dot11decrypt_user.h:84
Definition dot11decrypt_system.h:93
Definition dot11decrypt_system.h:98
Definition packet-isakmp.c:1889