Wireshark  4.3.0
The Wireshark network protocol analyzer
dot11decrypt_system.h
Go to the documentation of this file.
1 
9 #ifndef _DOT11DECRYPT_SYSTEM_H
10 #define _DOT11DECRYPT_SYSTEM_H
11 
12 /************************************************************************/
13 /* Constant definitions */
14 
15 /* General definitions */
16 #define DOT11DECRYPT_RET_SUCCESS 0
17 #define DOT11DECRYPT_RET_UNSUCCESS 1
18 
19 #define DOT11DECRYPT_RET_NO_DATA 1
20 #define DOT11DECRYPT_RET_WRONG_DATA_SIZE 2
21 #define DOT11DECRYPT_RET_REQ_DATA 3
22 #define DOT11DECRYPT_RET_NO_VALID_HANDSHAKE 4
23 #define DOT11DECRYPT_RET_NO_DATA_ENCRYPTED 5
24 
25 #define DOT11DECRYPT_RET_SUCCESS_HANDSHAKE -1
26 
27 #define DOT11DECRYPT_MAX_KEYS_NR 64
28 
29 /* Decryption algorithms fields size definition (bytes) */
30 #define DOT11DECRYPT_WPA_NONCE_LEN 32
31 #define DOT11DECRYPT_WPA_PTK_MAX_LEN 88 /* TKIP 48, CCMP 64, GCMP-256 88 bytes */
32 #define DOT11DECRYPT_WPA_MICKEY_MAX_LEN 24
33 
34 #define DOT11DECRYPT_WEP_128_KEY_LEN 16 /* 128 bits */
35 
36 /* General 802.11 constants */
37 #define DOT11DECRYPT_MAC_LEN 6
38 #define DOT11DECRYPT_RADIOTAP_HEADER_LEN 24
39 
40 #define DOT11DECRYPT_EAPOL_MAX_LEN 1024U
41 
42 #define DOT11DECRYPT_TK_LEN 16
43 
44 /* Max length of capture data */
45 #define DOT11DECRYPT_MAX_CAPLEN 8192
46 
47 #define DOT11DECRYPT_WEP_IVLEN 3 /* 24bit */
48 #define DOT11DECRYPT_WEP_KIDLEN 1 /* 1 octet */
49 #define DOT11DECRYPT_WEP_ICV 4
50 #define DOT11DECRYPT_WEP_HEADER DOT11DECRYPT_WEP_IVLEN + DOT11DECRYPT_WEP_KIDLEN
51 #define DOT11DECRYPT_WEP_TRAILER DOT11DECRYPT_WEP_ICV
52 
53 /*
54  * 802.11i defines an extended IV for use with non-WEP ciphers.
55  * When the EXTIV bit is set in the key id byte an additional
56  * 4 bytes immediately follow the IV for TKIP. For CCMP the
57  * EXTIV bit is likewise set but the 8 bytes represent the
58  * CCMP header rather than IV+extended-IV.
59  */
60 #define DOT11DECRYPT_RSNA_EXTIV 0x20
61 #define DOT11DECRYPT_RSNA_EXTIVLEN 4 /* extended IV length */
62 #define DOT11DECRYPT_TKIP_MICLEN 8 /* trailing MIC */
63 
64 #define DOT11DECRYPT_RSNA_HEADER DOT11DECRYPT_WEP_HEADER + DOT11DECRYPT_RSNA_EXTIVLEN
65 
66 #define DOT11DECRYPT_CCMP_HEADER DOT11DECRYPT_RSNA_HEADER
67 #define DOT11DECRYPT_CCMP_TRAILER 8 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
68 #define DOT11DECRYPT_CCMP_256_TRAILER 16 /* IEEE 802.11-2016 12.5.3.2 CCMP MPDU format */
69 
70 #define DOT11DECRYPT_GCMP_HEADER 8 /* IEEE 802.11-206 12.5.5.2 GCMP MPDU format */
71 #define DOT11DECRYPT_GCMP_TRAILER 16
72 
73 #define DOT11DECRYPT_TKIP_HEADER DOT11DECRYPT_RSNA_HEADER
74 #define DOT11DECRYPT_TKIP_TRAILER DOT11DECRYPT_TKIP_MICLEN + DOT11DECRYPT_WEP_ICV
75 
76 #define DOT11DECRYPT_CRC_LEN 4
77 
78 /************************************************************************/
79 /* File includes */
80 
81 #include <stdint.h>
82 #include <stdbool.h>
83 
84 #include "dot11decrypt_user.h"
85 #include "ws_symbol_export.h"
86 
87 /************************************************************************/
88 /* Macro definitions */
89 
90 /************************************************************************/
91 /* Type definitions */
92 
94  unsigned char bssid[DOT11DECRYPT_MAC_LEN];
95  unsigned char sta[DOT11DECRYPT_MAC_LEN];
97 
99  /* This is for reassociations. A linked list of old security
100  * associations is kept. GCS
101  */
102  struct _DOT11DECRYPT_SEC_ASSOCIATION* next;
103 
106  uint8_t handshake;
107  uint8_t validKey;
108 
109  struct {
110  uint8_t key_ver; /* Key descriptor version */
111  unsigned char nonce[DOT11DECRYPT_WPA_NONCE_LEN];
112  /* used to derive PTK, ANonce stored, SNonce taken */
113  /* the 2nd packet of the 4W handshake */
114  int akm;
115  int cipher;
116  int tmp_group_cipher; /* Keep between HS msg 2 and 3 */
117  unsigned char ptk[DOT11DECRYPT_WPA_PTK_MAX_LEN]; /* session key used in decryption algorithm */
118  int ptk_len;
119  } wpa;
120 
121 
123 
124 typedef struct _DOT11DECRYPT_CONTEXT {
125  GHashTable *sa_hash;
126  DOT11DECRYPT_KEY_ITEM keys[DOT11DECRYPT_MAX_KEYS_NR];
127  size_t keys_nr;
128  char pkt_ssid[DOT11DECRYPT_WPA_SSID_MAX_LEN];
129  size_t pkt_ssid_len;
131 
132 typedef enum _DOT11DECRYPT_HS_MSG_TYPE {
133  DOT11DECRYPT_HS_MSG_TYPE_INVALID = 0,
134  DOT11DECRYPT_HS_MSG_TYPE_4WHS_1,
135  DOT11DECRYPT_HS_MSG_TYPE_4WHS_2,
136  DOT11DECRYPT_HS_MSG_TYPE_4WHS_3,
137  DOT11DECRYPT_HS_MSG_TYPE_4WHS_4,
138  DOT11DECRYPT_HS_MSG_TYPE_GHS_1,
139  DOT11DECRYPT_HS_MSG_TYPE_GHS_2
140 } DOT11DECRYPT_HS_MSG_TYPE;
141 
142 typedef struct _DOT11DECRYPT_FTE {
143  uint8_t *mic;
144  uint8_t mic_len;
145  uint8_t *anonce;
146  uint8_t *snonce;
147  uint8_t *r0kh_id;
148  uint8_t r0kh_id_len;
149  uint8_t *r1kh_id;
150  uint8_t r1kh_id_len;
152 
154  DOT11DECRYPT_HS_MSG_TYPE msg_type;
155  uint16_t len;
156  uint8_t key_type;
157  uint8_t key_version;
158  uint16_t key_len;
159  uint8_t *key_iv;
160  uint8_t *key_data;
161  uint16_t key_data_len;
162  uint8_t group_cipher;
163  uint8_t cipher;
164  uint8_t akm;
165  uint8_t *nonce;
166  uint8_t *mic;
167  uint16_t mic_len;
168  uint8_t *gtk;
169  uint16_t gtk_len;
170 
171  /* For fast bss transition akms */
172  uint8_t *mdid;
173  DOT11DECRYPT_FTE fte;
175 
177 {
178  uint8_t frame_subtype;
179  uint8_t group_cipher;
180  uint8_t cipher;
181  uint8_t akm;
182  uint8_t *mdid;
183  DOT11DECRYPT_FTE fte;
184  uint8_t* rsne_tag;
185  uint8_t* mde_tag;
186  uint8_t* fte_tag;
187  uint8_t* rde_tag;
188  uint8_t *gtk;
189  uint16_t gtk_len;
190  uint16_t gtk_subelem_key_len;
191  uint8_t bssid[DOT11DECRYPT_MAC_LEN];
192  uint8_t sa[DOT11DECRYPT_MAC_LEN];
193  uint8_t da[DOT11DECRYPT_MAC_LEN];
195 
196 /************************************************************************/
197 /* Function prototype declarations */
198 
199 #ifdef __cplusplus
200 extern "C" {
201 #endif
202 
244  const uint8_t *data,
245  const unsigned data_off,
246  const unsigned data_len,
247  unsigned char *decrypt_data,
248  uint32_t *decrypt_len,
250  ;
251 
271 extern int
273  PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
274  const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
275  const unsigned char sta[DOT11DECRYPT_MAC_LEN],
276  unsigned char *decrypted_data, unsigned *decrypted_len,
278  ;
279 
307  PDOT11DECRYPT_EAPOL_PARSED eapol_parsed,
308  const uint8_t *eapol_raw,
309  const unsigned tot_len,
310  const unsigned char bssid[DOT11DECRYPT_MAC_LEN],
311  const unsigned char sta[DOT11DECRYPT_MAC_LEN])
312  ;
313 
333 int
335  const PDOT11DECRYPT_CONTEXT ctx,
336  const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed,
337  uint8_t *decrypted_gtk, size_t *decrypted_len,
338  DOT11DECRYPT_KEY_ITEM* used_key);
339 
353 extern int Dot11DecryptScanTdlsForKeys(
355  const uint8_t *data,
356  const unsigned tot_len)
357  ;
358 
367 int
368 Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck);
369 
370 int
371 Dot11DecryptGetKEK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kek);
372 
373 int
374 Dot11DecryptGetTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **tk);
375 
376 int
377 Dot11DecryptGetGTK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **gtk);
378 
400 extern int Dot11DecryptSetKeys(
402  DOT11DECRYPT_KEY_ITEM keys[],
403  const size_t keys_nr)
404  ;
405 
420  char *pkt_ssid,
421  size_t pkt_ssid_len)
422  ;
423 
437 WS_DLL_PUBLIC
440  ;
441 
454 WS_DLL_PUBLIC
457  ;
458 
459 #ifdef __cplusplus
460 }
461 #endif
462 
463 #endif /* _DOT11DECRYPT_SYSTEM_H */
int Dot11DecryptScanEapolForKeys(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const uint8_t *eapol_raw, const unsigned tot_len, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN])
Definition: dot11decrypt.c:831
int Dot11DecryptGetKCK(const PDOT11DECRYPT_KEY_ITEM key, const uint8_t **kck)
Definition: dot11decrypt.c:580
WS_DLL_PUBLIC int Dot11DecryptDestroyContext(PDOT11DECRYPT_CONTEXT ctx)
Definition: dot11decrypt.c:1187
int Dot11DecryptDecryptPacket(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned data_off, const unsigned data_len, unsigned char *decrypt_data, uint32_t *decrypt_len, PDOT11DECRYPT_KEY_ITEM key)
int Dot11DecryptDecryptKeyData(PDOT11DECRYPT_CONTEXT ctx, PDOT11DECRYPT_EAPOL_PARSED eapol_parsed, const unsigned char bssid[DOT11DECRYPT_MAC_LEN], const unsigned char sta[DOT11DECRYPT_MAC_LEN], unsigned char *decrypted_data, unsigned *decrypted_len, PDOT11DECRYPT_KEY_ITEM key)
Definition: dot11decrypt.c:411
int Dot11DecryptSetLastSSID(PDOT11DECRYPT_CONTEXT ctx, char *pkt_ssid, size_t pkt_ssid_len)
Definition: dot11decrypt.c:1136
int Dot11DecryptSetKeys(PDOT11DECRYPT_CONTEXT ctx, DOT11DECRYPT_KEY_ITEM keys[], const size_t keys_nr)
Definition: dot11decrypt.c:1056
WS_DLL_PUBLIC int Dot11DecryptInitContext(PDOT11DECRYPT_CONTEXT ctx)
Definition: dot11decrypt.c:1165
int Dot11DecryptScanTdlsForKeys(PDOT11DECRYPT_CONTEXT ctx, const uint8_t *data, const unsigned tot_len)
Definition: dot11decrypt.c:634
int Dot11DecryptScanFtAssocForKeys(const PDOT11DECRYPT_CONTEXT ctx, const PDOT11DECRYPT_ASSOC_PARSED assoc_parsed, uint8_t *decrypted_gtk, size_t *decrypted_len, DOT11DECRYPT_KEY_ITEM *used_key)
Definition: dot11decrypt.c:1814
Definition: dot11decrypt_system.h:177
Definition: dot11decrypt_system.h:124
Definition: dot11decrypt_system.h:153
Definition: dot11decrypt_system.h:142
Definition: dot11decrypt_user.h:84
Definition: dot11decrypt_system.h:93
Definition: dot11decrypt_system.h:98
Definition: packet-isakmp.c:1885