Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-rf4ce-secur.h
1 /* packet-rf4ce-secur.h
2  * Security related functions and objects for RF4CE dissector
3  * Copyright (C) Atmosic 2023
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * SPDX-License-Identifier: GPL-2.0-or-later
10  */
11 
12 #ifndef PACKET_RF4CE_SECUR_H
13 #define PACKET_RF4CE_SECUR_H
14 
15 #include <stdbool.h>
16 #include "config.h"
17 #include <epan/packet.h>
18 #include <epan/expert.h>
19 #include <epan/uat.h>
20 #include <epan/value_string.h>
21 
22 #define RF4CE_IEEE_ADDR_LEN 8
23 #define RF4CE_SHORT_ADDR_LEN 2
24 
25 #define RF4CE_MIN_NWK_LENGTH 5
26 #define RF4CE_MAX_NWK_LENGTH 148
27 
28 #define RF4CE_VENDOR_SECRET_STORAGE_SIZE 64
29 #define RF4CE_NWK_KEY_STORAGE_SIZE 64
30 #define RF4CE_ADDR_TABLE_SIZE (RF4CE_NWK_KEY_STORAGE_SIZE * 2)
31 
32 #define RF4CE_NWK_KEY_SEED_DATA_LENGTH 80
33 
34 #define RF4CE_CCM_M 4
35 #define RF4CE_CCM_L 2
36 #define RF4CE_CCM_NONCE_LEN (15 - RF4CE_CCM_L)
37 #define RF4CE_SECUR_CONTROL 5
38 #define SEC_STR_LEN 16
39 #define KEY_LEN SEC_STR_LEN
40 
41 typedef struct keypair_context_s {
42  guint8 nwk_key_seed_latest[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
43  guint8 nwk_key_seed_prev[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
44  guint8 nwk_key_seed[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
45  guint8 controller_addr[RF4CE_IEEE_ADDR_LEN];
46  guint8 target_addr[RF4CE_IEEE_ADDR_LEN];
47  guint8 nwk_key_exchange_transfer_expected;
48  guint8 nwk_key_exchange_transfer_received;
50 
51 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH 8
52 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH 8
53 
54 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_AB_LENGTH \
55  (RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH \
56  + RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH)
57 
58 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_TAG_A_LENGTH 4
59 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_TAG_B_LENGTH 4
60 
61 #define RF4CE_KEY_EXCHANGE_CONTEXT_LENGTH 9
62 #define RF4CE_KEY_EXCHANGE_LABEL_LENGTH (2 * (RF4CE_IEEE_ADDR_LEN))
63 
64 #define RF4CE_CMAC_ARG_2_LENGTH \
65  (RF4CE_KEY_EXCHANGE_CONTEXT_LENGTH \
66  + RF4CE_KEY_EXCHANGE_LABEL_LENGTH \
67  + KEY_LEN)
68 
69 /* RF4CE GDP 2.0 spec, part 7.4.2 Key generation
70  * Context shall be set to the ASCII representation of the nine character string (including a space
71  * after “RF4CE” but without quotes and without null termination) “RF4CE GDP”.
72  */
73 #define CONTEXT_STR "RF4CE GDP"
74 #define CONTEXT_STR_LEN 9
75 
76 extern guint8 DEFAULT_SECRET[SEC_STR_LEN];
77 
78 typedef struct key_exchange_context_s {
79  guint8 rand_a[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH];
80  guint8 rand_b[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH];
81  guint8 mac_a[RF4CE_IEEE_ADDR_LEN]; /* target address */
82  guint8 mac_b[RF4CE_IEEE_ADDR_LEN]; /* controller address */
83  gboolean is_proc_started;
85 
86 typedef struct
87 #if defined(_MSC_VER)
88 # pragma pack(push, 1)
89 #else
90 __attribute__((__packed__))
91 #endif
92 rf4ce_key_dk_tag_s
93 {
94  guint8 a[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH];
95  guint8 b[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH];
96 } rf4ce_key_dk_tag_t;
97 #ifdef _MSC_VER
98 # pragma pack(pop)
99 #endif
100 
101 typedef struct
102 #if defined(_MSC_VER)
103 # pragma pack(push, 1)
104 #else
105 __attribute__((__packed__))
106 #endif
107 rf4ce_key_context_s
108 {
109  guint8 context[CONTEXT_STR_LEN];
110  guint8 mac_a[RF4CE_IEEE_ADDR_LEN];
111  guint8 mac_b[RF4CE_IEEE_ADDR_LEN];
112  guint8 pairing_key[KEY_LEN];
113 }
114 rf4ce_key_context_t;
115 #ifdef _MSC_VER
116 # pragma pack(pop)
117 #endif
118 
119 void rf4ce_aes_cmac(guchar *input, gulong length, guchar *key, guchar *mac_value);
120 
121 typedef struct addr_entry_s {
122  guint8 ieee_addr[RF4CE_IEEE_ADDR_LEN];
123  guint16 short_addr;
124  gboolean is_used;
125 } addr_entry_t;
126 
127 typedef struct nwk_key_entry_s {
128  guint8 nwk_key[KEY_LEN];
129  addr_entry_t *controller_addr_ent;
130  addr_entry_t *target_addr_ent;
131  gboolean key_from_gui;
132  gboolean is_used;
133  gboolean is_pairing_key;
135 
136 typedef struct vendor_secret_entry_s {
137  guint8 secret[SEC_STR_LEN];
138  gboolean is_used;
140 
141 typedef struct uat_security_record_s {
142  gchar *sec_str;
143  guint8 type;
144  gchar *label;
146 
147 void keypair_context_init(const guint8 *controller_ieee, const guint8 *target_ieee, guint8 expected_transfer_count);
148 void keypair_context_update_seed(guint8 *seed, guint8 seed_seqn);
149 
150 void nwk_key_storage_add_entry(guint8 *nwk_key, addr_entry_t *controller_addr_ent, addr_entry_t *target_addr_ent, gboolean key_from_gui, gboolean is_pairing_key);
151 void nwk_key_storage_release_entry(guint8 *nwk_key, gboolean key_from_gui);
152 
153 void rf4ce_addr_table_add_addrs(const void *ieee_addr, guint16 short_addr);
154 gboolean rf4ce_addr_table_get_ieee_addr(guint8 *ieee_addr, packet_info *pinfo, gboolean is_src);
155 addr_entry_t *rf4ce_addr_table_get_addr_entry_by_ieee(guint8 *ieee_addr);
156 
157 void key_exchange_context_init(void);
158 
159 void key_exchange_context_start_procedure(void);
160 void key_exchange_context_stop_procedure(void);
161 gboolean key_exchange_context_is_procedure_started(void);
162 
163 void key_exchange_context_set_rand_a(guint8 *rand_a);
164 void key_exchange_context_set_rand_b(guint8 *rand_b);
165 
166 void key_exchange_context_set_mac_a(guint8 *mac_a);
167 void key_exchange_context_set_mac_b(guint8 *mac_b);
168 
169 void key_exchange_calc_key(guint32 tag_b_pack);
170 
171 void vendor_secret_storage_add_entry(guint8 *secret);
172 void vendor_secret_storage_release_entry(guint8 *secret);
173 
174 void rf4ce_secur_cleanup(void);
175 
176 typedef struct
177 #if defined(_MSC_VER)
178 # pragma pack(push, 1)
179 #else
180 __attribute__((__packed__))
181 #endif
182 rf4ce_secur_ccm_nonce_s
183 {
184  guint8 source_address[RF4CE_IEEE_ADDR_LEN];
185  guint32 frame_counter;
186  guint8 secur_control;
187 } rf4ce_secur_ccm_nonce_t;
188 #ifdef _MSC_VER
189 # pragma pack(pop)
190 #endif
191 
192 typedef struct
193 #if defined(_MSC_VER)
194 # pragma pack(push, 1)
195 #else
196 __attribute__((__packed__))
197 #endif
198 rf4ce_secur_ccm_auth_s
199 {
200  guint8 frame_control;
201  guint32 frame_counter;
202  guint8 dest_address[RF4CE_IEEE_ADDR_LEN];
203 } rf4ce_secur_ccm_auth_t;
204 #ifdef _MSC_VER
205 # pragma pack(pop)
206 #endif
207 
208 gboolean decrypt_data(
209  const guint8 *in,
210  guint8 *out,
211  guint16 payload_offset,
212  guint16 *len,
213  guint8 src_ieee[RF4CE_IEEE_ADDR_LEN],
214  guint8 dst_ieee[RF4CE_IEEE_ADDR_LEN]);
215 
216 #endif /* PACKET_RF4CE_SECUR_H */
Definition: packet_info.h:44
Definition: packet-rf4ce-secur.h:121
Definition: packet-isakmp.c:1885
Definition: tvbuff_lz77huff.c:32
Definition: packet-rf4ce-secur.h:78
Definition: packet-rf4ce-secur.h:41
Definition: packet-rf4ce-secur.h:127
Definition: packet-rf4ce-secur.h:141
Definition: packet-rf4ce-secur.h:136