Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
dot11decrypt_system.h
Go to the documentation of this file.
1
9#ifndef _DOT11DECRYPT_SYSTEM_H
10#define _DOT11DECRYPT_SYSTEM_H
11
12/************************************************************************/
13/* Constant definitions */
14
15/* General definitions */
16#define DOT11DECRYPT_RET_SUCCESS 0
17#define DOT11DECRYPT_RET_UNSUCCESS 1
18
19#define DOT11DECRYPT_RET_NO_DATA 1
20#define DOT11DECRYPT_RET_WRONG_DATA_SIZE 2
21#define DOT11DECRYPT_RET_REQ_DATA 3
22#define DOT11DECRYPT_RET_NO_VALID_HANDSHAKE 4
23#define DOT11DECRYPT_RET_NO_DATA_ENCRYPTED 5
24
25#define DOT11DECRYPT_RET_SUCCESS_HANDSHAKE -1
26
27#define DOT11DECRYPT_MAX_KEYS_NR 64
28
29/* Decryption algorithms fields size definition (bytes) */
30#define DOT11DECRYPT_WPA_NONCE_LEN 32
31#define DOT11DECRYPT_WPA_PTK_MAX_LEN 96 /* TKIP 48, AKM 18/24/25 96 */
32#define DOT11DECRYPT_WPA_MICKEY_MAX_LEN 32
33
34#define DOT11DECRYPT_WEP_128_KEY_LEN 16 /* 128 bits */
35
36/* General 802.11 constants */
37#define DOT11DECRYPT_MAC_LEN 6
38#define DOT11DECRYPT_RADIOTAP_HEADER_LEN 24
39
40#define DOT11DECRYPT_EAPOL_MAX_LEN 1024U
41
42#define DOT11DECRYPT_TK_LEN 16
43
44/* Max length of capture data */
45#define DOT11DECRYPT_MAX_CAPLEN (12 * 1024)
46
47#define DOT11DECRYPT_WEP_IVLEN 3 /* 24bit */
48#define DOT11DECRYPT_WEP_KIDLEN 1 /* 1 octet */
49#define DOT11DECRYPT_WEP_ICV 4
50#define DOT11DECRYPT_WEP_HEADER DOT11DECRYPT_WEP_IVLEN + DOT11DECRYPT_WEP_KIDLEN
51#define DOT11DECRYPT_WEP_TRAILER DOT11DECRYPT_WEP_ICV
52
53/*
54 * 802.11i defines an extended IV for use with non-WEP ciphers.
55 * When the EXTIV bit is set in the key id byte an additional
56 * 4 bytes immediately follow the IV for TKIP. For CCMP the
57 * EXTIV bit is likewise set but the 8 bytes represent the
58 * CCMP header rather than IV+extended-IV.
59 */
60#define DOT11DECRYPT_RSNA_EXTIV 0x20
61#define DOT11DECRYPT_RSNA_EXTIVLEN 4 /* extended IV length */
62#define DOT11DECRYPT_TKIP_MICLEN 8 /* trailing MIC */
63
64#define DOT11DECRYPT_RSNA_HEADER DOT11DECRYPT_WEP_HEADER + DOT11DECRYPT_RSNA_EXTIVLEN
65
66#define DOT11DECRYPT_CCMP_HEADER DOT11DECRYPT_RSNA_HEADER
67#define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
68#define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
69
70#define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
71#define DOT11DECRYPT_GCMP_TRAILER 16
72
73#define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
74#define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
75
76#define DOT11DECRYPT_RSNA_MIN_TRAILER 8
77
78#define DOT11DECRYPT_MAX_MLO_LINKS 3 // Is there actually any device supporting this many links?
79
80/************************************************************************/
81/* File includes */
82
83#include <stdint.h>
84#include <stdbool.h>
85
86#include "dot11decrypt_user.h"
87#include "ws_symbol_export.h"
88
89/************************************************************************/
90/* Macro definitions */
91
92/************************************************************************/
93/* Type definitions */
94
95typedef struct _DOT11DECRYPT_SEC_ASSOCIATION_ID {
96 unsigned char bssid[DOT11DECRYPT_MAC_LEN];
97 unsigned char sta[DOT11DECRYPT_MAC_LEN];
98} DOT11DECRYPT_SEC_ASSOCIATION_ID, *PDOT11DECRYPT_SEC_ASSOCIATION_ID;
99
100typedef struct _DOT11DECRYPT_SEC_ASSOCIATION {
101 /* This is for reassociations. A linked list of old security
102 * associations is kept. GCS
103 */
104 struct _DOT11DECRYPT_SEC_ASSOCIATION* next;
105
106 DOT11DECRYPT_SEC_ASSOCIATION_ID saId;
107 DOT11DECRYPT_KEY_ITEM *key;
108 uint8_t handshake;
109 uint8_t validKey;
110
111 struct {
112 uint8_t key_ver; /* Key descriptor version */
113 unsigned char nonce[DOT11DECRYPT_WPA_NONCE_LEN];
114 /* used to derive PTK, ANonce stored, SNonce taken */
115 /* the 2nd packet of the 4W handshake */
116 int akm;
117 int cipher;
118 int tmp_group_cipher; /* Keep between HS msg 2 and 3 */
119 int pmk_len;
120 unsigned char ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; /* session key used in decryption algorithm */
121 int ptk_len;
122
123 /* MLD info */
124 uint8_t mld : 1; /* 1 if both STA and AP MLD MAC set */
125 uint8_t ap_mld_mac_set : 1;
126 uint8_t sta_mld_mac_set : 1;
127 uint8_t ap_mld_mac[DOT11DECRYPT_MAC_LEN];
128 uint8_t sta_mld_mac[DOT11DECRYPT_MAC_LEN];
129 struct DOT11DECRYPT_MLO_LINK_INFO {
130 uint8_t id_set : 1;
131 uint8_t sta_mac_set : 1;
132 uint8_t ap_mac_set : 1;
133 uint8_t id : 4;
134 uint8_t sta_mac[DOT11DECRYPT_MAC_LEN];
135 uint8_t ap_mac[DOT11DECRYPT_MAC_LEN];
136 } mlo_links[DOT11DECRYPT_MAX_MLO_LINKS];
137 } wpa;
138
139
140} DOT11DECRYPT_SEC_ASSOCIATION, *PDOT11DECRYPT_SEC_ASSOCIATION;
141
142typedef struct _DOT11DECRYPT_CONTEXT {
143 GHashTable *sa_hash;
144 DOT11DECRYPT_KEY_ITEM keys[DOT11DECRYPT_MAX_KEYS_NR];
145 size_t keys_nr;
146 uint8_t pkt_ssid[DOT11DECRYPT_WPA_SSID_MAX_LEN];
147 size_t pkt_ssid_len;
148} DOT11DECRYPT_CONTEXT, *PDOT11DECRYPT_CONTEXT;
149
150typedef enum _DOT11DECRYPT_HS_MSG_TYPE {
151 DOT11DECRYPT_HS_MSG_TYPE_INVALID = 0,
152 DOT11DECRYPT_HS_MSG_TYPE_4WHS_1,
153 DOT11DECRYPT_HS_MSG_TYPE_4WHS_2,
154 DOT11DECRYPT_HS_MSG_TYPE_4WHS_3,
155 DOT11DECRYPT_HS_MSG_TYPE_4WHS_4,
156 DOT11DECRYPT_HS_MSG_TYPE_GHS_1,
157 DOT11DECRYPT_HS_MSG_TYPE_GHS_2
158} DOT11DECRYPT_HS_MSG_TYPE;
159
160typedef struct _DOT11DECRYPT_FTE {
161 uint8_t *mic;
162 uint8_t mic_len;
163 uint8_t *anonce;
164 uint8_t *snonce;
165 uint8_t *r0kh_id;
166 uint8_t r0kh_id_len;
167 uint8_t *r1kh_id;
168 uint8_t r1kh_id_len;
169} DOT11DECRYPT_FTE, *PDOT11DECRYPT_FTE;
170
171typedef struct _DOT11DECRYPT_EAPOL_PARSED {
172 DOT11DECRYPT_HS_MSG_TYPE msg_type;
173 uint16_t len;
174 uint8_t key_type;
175 uint8_t key_version;
176 uint16_t key_len;
177 uint8_t *key_iv;
178 uint8_t *key_data;
179 uint16_t key_data_len;
180 uint8_t group_cipher;
181 uint8_t cipher;
182 uint8_t akm;
183 uint8_t *nonce;
184 uint8_t *mic;
185 uint16_t mic_len;
186 uint8_t *gtk;
187 uint16_t gtk_len;
188 uint8_t *mld_mac;
189
190 uint8_t mlo_link_count;
191 struct DOT11DECRYPT_EAPOL_PARSED_MLO_LINK {
192 uint8_t id;
193 uint8_t *mac;
194 } mlo_link[DOT11DECRYPT_MAX_MLO_LINKS];
195
196 uint8_t mlo_gtk_count;
197 struct DOT11DECRYPT_EAPOL_PARSED_MLO_GTK {
198 uint8_t link_id;
199 uint8_t *key;
200 uint8_t len;
201 } mlo_gtk[DOT11DECRYPT_MAX_MLO_LINKS];
202
203 /* For fast bss transition akms */
204 uint8_t *mdid;
205 DOT11DECRYPT_FTE fte;
206} DOT11DECRYPT_EAPOL_PARSED, *PDOT11DECRYPT_EAPOL_PARSED;
207
208typedef struct _DOT11DECRYPT_ASSOC_PARSED
209{
210 uint8_t frame_subtype;
211 uint8_t group_cipher;
212 uint8_t cipher;
213 uint8_t akm;
214 uint8_t *mdid;
215 DOT11DECRYPT_FTE fte;
216 uint8_t* rsne_tag;
217 uint8_t* rsnxe_tag;
218 uint8_t* mde_tag;
219 uint8_t* fte_tag;
220 uint8_t* rde_tag;
221 uint8_t *gtk;
222 uint16_t gtk_len;
223 uint16_t gtk_subelem_key_len;
224 uint8_t bssid[DOT11DECRYPT_MAC_LEN];
225 uint8_t sa[DOT11DECRYPT_MAC_LEN];
226 uint8_t da[DOT11DECRYPT_MAC_LEN];
227} DOT11DECRYPT_ASSOC_PARSED, *PDOT11DECRYPT_ASSOC_PARSED;
228
229/************************************************************************/
230/* Function prototype declarations */
231
232#ifdef __cplusplus
233extern "C" {
234#endif
235
275extern int Dot11DecryptDecryptPacket(
276 PDOT11DECRYPT_CONTEXT ctx,
277 const uint8_t *data,
278 const unsigned data_off,
279 const unsigned data_len,
280 unsigned char *decrypt_data,
281 uint32_t *decrypt_len,
282 PDOT11DECRYPT_KEY_ITEM key)
283 ;
284
304extern int
305Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx,
306 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
307 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
308 const unsigned char sta[DOT11DECRYPT_MAC_LEN],
309 unsigned char *decrypted_data, unsigned *decrypted_len,
310 PDOT11DECRYPT_KEY_ITEM key)
311 ;
312
338extern int Dot11DecryptScanEapolForKeys(
339 PDOT11DECRYPT_CONTEXT ctx,
340 PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
341 const uint8_t *eapol_raw,
342 const unsigned tot_len,
343 const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
344 const unsigned char sta[DOT11DECRYPT_MAC_LEN])
345 ;
346
366int
367Dot11DecryptScanFtAssocForKeys(
368 const PDOT11DECRYPT_CONTEXT ctx,
369 const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
370 uint8_t *decrypted_gtk, size_t *decrypted_len,
371 DOT11DECRYPT_KEY_ITEM* used_key);
372
386extern int Dot11DecryptScanTdlsForKeys(
387 PDOT11DECRYPT_CONTEXT ctx,
388 const uint8_t *data,
389 const unsigned tot_len)
390 ;
391
400int
401Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck);
402
403int
404Dot11DecryptGetKEK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kek);
405
406int
407Dot11DecryptGetTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **tk);
408
409int
410Dot11DecryptGetGTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **gtk);
411
433extern int Dot11DecryptSetKeys(
434 PDOT11DECRYPT_CONTEXT ctx,
435 DOT11DECRYPT_KEY_ITEM keys[],
436 const size_t keys_nr)
437 ;
438
451int Dot11DecryptSetLastSSID(
452 PDOT11DECRYPT_CONTEXT ctx,
453 char *pkt_ssid,
454 size_t pkt_ssid_len)
455 ;
456
470WS_DLL_PUBLIC
471int Dot11DecryptInitContext(
472 PDOT11DECRYPT_CONTEXT ctx)
473 ;
474
487WS_DLL_PUBLIC
488int Dot11DecryptDestroyContext(
489 PDOT11DECRYPT_CONTEXT ctx)
490 ;
491
492#ifdef __cplusplus
493}
494#endif
495
496#endif /* _DOT11DECRYPT_SYSTEM_H */
Dot11DecryptGetKCK
int Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck)
Definition dot11decrypt.c:564
Dot11DecryptScanEapolForKeys
int Dot11DecryptScanEapolForKeys(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const uint8_t *eapol_raw, const unsigned tot_len, const unsigned char bssid[6], const unsigned char sta[6])
Definition dot11decrypt.c:850
Dot11DecryptDestroyContext
WS_DLL_PUBLIC int Dot11DecryptDestroyContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1213
Dot11DecryptDecryptPacket
int Dot11DecryptDecryptPacket(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned data_off, const unsigned data_len, unsigned char *decrypt_data, uint32_t *decrypt_len, PDOT11DECRYPT_KEY_ITEM key)
Dot11DecryptDecryptKeyData
int Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const unsigned char bssid[6], const unsigned char sta[6], unsigned char *decrypted_data, unsigned *decrypted_len, PDOT11DECRYPT_KEY_ITEM key)
Definition dot11decrypt.c:385
Dot11DecryptSetLastSSID
int Dot11DecryptSetLastSSID(PDOT11DECRYPT_CONTEXT ctx, char *pkt_ssid, size_t pkt_ssid_len)
Definition dot11decrypt.c:1162
Dot11DecryptSetKeys
int Dot11DecryptSetKeys(PDOT11DECRYPT_CONTEXT ctx, DOT11DECRYPT_KEY_ITEM keys[], const size_t keys_nr)
Definition dot11decrypt.c:1082
Dot11DecryptInitContext
WS_DLL_PUBLIC int Dot11DecryptInitContext(PDOT11DECRYPT_CONTEXT ctx)
Definition dot11decrypt.c:1191
Dot11DecryptScanTdlsForKeys
int Dot11DecryptScanTdlsForKeys(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned tot_len)
Definition dot11decrypt.c:618
Dot11DecryptScanFtAssocForKeys
int Dot11DecryptScanFtAssocForKeys(const PDOT11DECRYPT_CONTEXT ctx, const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed, uint8_t *decrypted_gtk, size_t *decrypted_len, DOT11DECRYPT_KEY_ITEM *used_key)
Definition dot11decrypt.c:1920
dot11decrypt_user.h
_DOT11DECRYPT_ASSOC_PARSED
Definition dot11decrypt_system.h:209
_DOT11DECRYPT_CONTEXT
Definition dot11decrypt_system.h:142
_DOT11DECRYPT_EAPOL_PARSED::DOT11DECRYPT_EAPOL_PARSED_MLO_GTK
Definition dot11decrypt_system.h:197
_DOT11DECRYPT_EAPOL_PARSED::DOT11DECRYPT_EAPOL_PARSED_MLO_LINK
Definition dot11decrypt_system.h:191
_DOT11DECRYPT_EAPOL_PARSED
Definition dot11decrypt_system.h:171
_DOT11DECRYPT_FTE
Definition dot11decrypt_system.h:160
_DOT11DECRYPT_KEY_ITEM
Definition dot11decrypt_user.h:87
_DOT11DECRYPT_SEC_ASSOCIATION_ID
Definition dot11decrypt_system.h:95
_DOT11DECRYPT_SEC_ASSOCIATION
Definition dot11decrypt_system.h:100
decrypt_data
Definition packet-isakmp.c:1941
Generated by doxygen 1.9.8