Wireshark 4.5.0
The Wireshark network protocol analyzer
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
dot11decrypt_system.h
Go to the documentation of this file.
1
9#ifndef _DOT11DECRYPT_SYSTEM_H
10#define _DOT11DECRYPT_SYSTEM_H
11
12/************************************************************************/
13/* Constant definitions */
14
15/* General definitions */
16#define DOT11DECRYPT_RET_SUCCESS 0
17#define DOT11DECRYPT_RET_UNSUCCESS 1
18
19#define DOT11DECRYPT_RET_NO_DATA 1
20#define DOT11DECRYPT_RET_WRONG_DATA_SIZE 2
21#define DOT11DECRYPT_RET_REQ_DATA 3
22#define DOT11DECRYPT_RET_NO_VALID_HANDSHAKE 4
23#define DOT11DECRYPT_RET_NO_DATA_ENCRYPTED 5
24
25#define DOT11DECRYPT_RET_SUCCESS_HANDSHAKE -1
26
27#define DOT11DECRYPT_MAX_KEYS_NR 64
28
29/* Decryption algorithms fields size definition (bytes) */
30#define DOT11DECRYPT_WPA_NONCE_LEN 32
31#define DOT11DECRYPT_WPA_PTK_MAX_LEN 88 /* TKIP 48, CCMP 64, GCMP-256 88 bytes */
32#define DOT11DECRYPT_WPA_MICKEY_MAX_LEN 24
33
34#define DOT11DECRYPT_WEP_128_KEY_LEN 16 /* 128 bits */
35
36/* General 802.11 constants */
37#define DOT11DECRYPT_MAC_LEN 6
38#define DOT11DECRYPT_RADIOTAP_HEADER_LEN 24
39
40#define DOT11DECRYPT_EAPOL_MAX_LEN 1024U
41
42#define DOT11DECRYPT_TK_LEN 16
43
44/* Max length of capture data */
45#define DOT11DECRYPT_MAX_CAPLEN 8192
46
47#define DOT11DECRYPT_WEP_IVLEN 3 /* 24bit */
48#define DOT11DECRYPT_WEP_KIDLEN 1 /* 1 octet */
49#define DOT11DECRYPT_WEP_ICV 4
50#define DOT11DECRYPT_WEP_HEADER DOT11DECRYPT_WEP_IVLEN + DOT11DECRYPT_WEP_KIDLEN
51#define DOT11DECRYPT_WEP_TRAILER DOT11DECRYPT_WEP_ICV
52
53/*
54 * 802.11i defines an extended IV for use with non-WEP ciphers.
55 * When the EXTIV bit is set in the key id byte an additional
56 * 4 bytes immediately follow the IV for TKIP. For CCMP the
57 * EXTIV bit is likewise set but the 8 bytes represent the
58 * CCMP header rather than IV+extended-IV.
59 */
60#define DOT11DECRYPT_RSNA_EXTIV 0x20
61#define DOT11DECRYPT_RSNA_EXTIVLEN 4 /* extended IV length */
62#define DOT11DECRYPT_TKIP_MICLEN 8 /* trailing MIC */
63
64#define DOT11DECRYPT_RSNA_HEADER DOT11DECRYPT_WEP_HEADER + DOT11DECRYPT_RSNA_EXTIVLEN
65
66#define DOT11DECRYPT_CCMP_HEADER DOT11DECRYPT_RSNA_HEADER
67#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
68#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
69
70#define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
71#define DOT11DECRYPT_GCMP_TRAILER 16
72
73#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
74#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
75
76#define DOT11DECRYPT_CRC_LEN 4
77
78/************************************************************************/
79/* File includes */
80
81#include <stdint.h>
82#include <stdbool.h>
83
84#include "dot11decrypt_user.h"
85#include "ws_symbol_export.h"
86
87/************************************************************************/
88/* Macro definitions */
89
90/************************************************************************/
91/* Type definitions */
92
94 unsigned char bssid[DOT11DECRYPT_MAC_LEN];
95 unsigned char sta[DOT11DECRYPT_MAC_LEN];
97
99 /* This is for reassociations. A linked list of old security
100 * associations is kept. GCS
101 */
103
106 uint8_t handshake;
107 uint8_t validKey;
108
109 struct {
110 uint8_t key_ver; /* Key descriptor version */
111 unsigned char nonce[DOT11DECRYPT_WPA_NONCE_LEN];
112 /* used to derive PTK, ANonce stored, SNonce taken */
113 /* the 2nd packet of the 4W handshake */
114 int akm;
115 int cipher;
116 int tmp_group_cipher; /* Keep between HS msg 2 and 3 */
117 unsigned char ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; /* session key used in decryption algorithm */
118 int ptk_len;
119 int dh_group;
120 } wpa;
121
122
124
125typedef struct _DOT11DECRYPT_CONTEXT {
126 GHashTable *sa_hash;
127 DOT11DECRYPT_KEY_ITEM keys[DOT11DECRYPT_MAX_KEYS_NR];
128 size_t keys_nr;
129 char pkt_ssid[DOT11DECRYPT_WPA_SSID_MAX_LEN];
130 size_t pkt_ssid_len;
132
133typedef enum _DOT11DECRYPT_HS_MSG_TYPE {
134 DOT11DECRYPT_HS_MSG_TYPE_INVALID = 0,
135 DOT11DECRYPT_HS_MSG_TYPE_4WHS_1,
136 DOT11DECRYPT_HS_MSG_TYPE_4WHS_2,
137 DOT11DECRYPT_HS_MSG_TYPE_4WHS_3,
138 DOT11DECRYPT_HS_MSG_TYPE_4WHS_4,
139 DOT11DECRYPT_HS_MSG_TYPE_GHS_1,
140 DOT11DECRYPT_HS_MSG_TYPE_GHS_2
141} DOT11DECRYPT_HS_MSG_TYPE;
142
143typedef struct _DOT11DECRYPT_FTE {
144 uint8_t *mic;
145 uint8_t mic_len;
146 uint8_t *anonce;
147 uint8_t *snonce;
148 uint8_t *r0kh_id;
149 uint8_t r0kh_id_len;
150 uint8_t *r1kh_id;
151 uint8_t r1kh_id_len;
153
155 DOT11DECRYPT_HS_MSG_TYPE msg_type;
156 uint16_t len;
157 uint8_t key_type;
158 uint8_t key_version;
159 uint16_t key_len;
160 uint8_t *key_iv;
161 uint8_t *key_data;
162 uint16_t key_data_len;
163 uint8_t group_cipher;
164 uint8_t cipher;
165 uint8_t akm;
166 uint8_t *nonce;
167 uint8_t *mic;
168 uint16_t mic_len;
169 uint8_t *gtk;
170 uint16_t gtk_len;
171 uint16_t dh_group;
172
173 /* For fast bss transition akms */
174 uint8_t *mdid;
177
179{
180 uint8_t frame_subtype;
181 uint8_t group_cipher;
182 uint8_t cipher;
183 uint8_t akm;
184 uint8_t *mdid;
186 uint8_t* rsne_tag;
187 uint8_t* rsnxe_tag;
188 uint8_t* mde_tag;
189 uint8_t* fte_tag;
190 uint8_t* rde_tag;
191 uint8_t *gtk;
192 uint16_t gtk_len;
193 uint16_t gtk_subelem_key_len;
194 uint8_t bssid[DOT11DECRYPT_MAC_LEN];
195 uint8_t sa[DOT11DECRYPT_MAC_LEN];
196 uint8_t da[DOT11DECRYPT_MAC_LEN];
198
199/************************************************************************/
200/* Function prototype declarations */
201
202#ifdef __cplusplus
203extern "C" {
204#endif
205
247 const uint8_t *data,
248 const unsigned data_off,
249 const unsigned data_len,
250 unsigned char *decrypt_data,
251 uint32_t *decrypt_len,
253 ;
254
274extern int
276 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
277 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
278 const unsigned char sta[DOT11DECRYPT_MAC_LEN],
279 unsigned char *decrypted_data, unsigned *decrypted_len,
281 ;
282
310 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
311 const uint8_t *eapol_raw,
312 const unsigned tot_len,
313 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
314 const unsigned char sta[DOT11DECRYPT_MAC_LEN])
315 ;
316
336int
338 const PDOT11DECRYPT_CONTEXT ctx,
339 const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
340 uint8_t *decrypted_gtk, size_t *decrypted_len,
341 DOT11DECRYPT_KEY_ITEM* used_key);
342
358 const uint8_t *data,
359 const unsigned tot_len)
360 ;
361
370int
371Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck);
372
373int
374Dot11DecryptGetKEK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kek);
375
376int
377Dot11DecryptGetTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **tk);
378
379int
380Dot11DecryptGetGTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **gtk);
381
403extern int Dot11DecryptSetKeys(
406 const size_t keys_nr)
407 ;
408
423 char *pkt_ssid,
424 size_t pkt_ssid_len)
425 ;
426
440WS_DLL_PUBLIC
443 ;
444
457WS_DLL_PUBLIC
460 ;
461
462#ifdef __cplusplus
463}
464#endif
465
466#endif /* _DOT11DECRYPT_SYSTEM_H */
int Dot11DecryptScanEapolForKeys(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const uint8_t *eapol_raw, const unsigned tot_len, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN])
Definition dot11decrypt.c:830
int Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck)
Definition dot11decrypt.c:579
WS_DLL_PUBLIC int Dot11DecryptDestroyContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1186
int Dot11DecryptDecryptPacket(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned data_off, const unsigned data_len, unsigned char *decrypt_data, uint32_t *decrypt_len, PDOT11DECRYPT_KEY_ITEM key)
int Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN], unsigned char *decrypted_data, unsigned *decrypted_len, PDOT11DECRYPT_KEY_ITEM key)
Definition dot11decrypt.c:410
int Dot11DecryptSetLastSSID(PDOT11DECRYPT_CONTEXT ctx, char *pkt_ssid, size_t pkt_ssid_len)
Definition dot11decrypt.c:1135
int Dot11DecryptSetKeys(PDOT11DECRYPT_CONTEXT ctx, DOT11DECRYPT_KEY_ITEM keys[], const size_t keys_nr)
Definition dot11decrypt.c:1055
WS_DLL_PUBLIC int Dot11DecryptInitContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1164
int Dot11DecryptScanTdlsForKeys(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned tot_len)
Definition dot11decrypt.c:633
int Dot11DecryptScanFtAssocForKeys(const PDOT11DECRYPT_CONTEXT ctx, const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed, uint8_t *decrypted_gtk, size_t *decrypted_len, DOT11DECRYPT_KEY_ITEM *used_key)
Definition dot11decrypt.c:1826
Definition dot11decrypt_system.h:179
Definition dot11decrypt_system.h:125
Definition dot11decrypt_system.h:154
Definition dot11decrypt_system.h:143
Definition dot11decrypt_user.h:84
Definition dot11decrypt_system.h:93
Definition dot11decrypt_system.h:98
Definition packet-isakmp.c:1889