2007-01-12 00:54:13 +00:00
|
|
|
/* airpcap_int.h
|
|
|
|
*
|
|
|
|
* $Id$
|
|
|
|
*
|
|
|
|
* Copyright (c) 2006 CACE Technologies, Davis (California)
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
2008-03-10 17:20:15 +00:00
|
|
|
* Alternatively, this software may be distributed under the terms of the
|
|
|
|
* GNU General Public License ("GPL") version 2 as published by the Free
|
|
|
|
* Software Foundation.
|
|
|
|
*
|
2007-01-12 00:54:13 +00:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
2006-12-05 21:06:09 +00:00
|
|
|
#ifndef _AIRPDCAP_INT_H
|
|
|
|
#define _AIRPDCAP_INT_H
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
/* File includes */
|
|
|
|
|
2006-12-05 21:06:09 +00:00
|
|
|
#include "airpdcap_interop.h"
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
|
|
|
|
/****************************************************************************/
|
|
|
|
/* Definitions */
|
|
|
|
|
|
|
|
/* IEEE 802.11 packet type values */
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_TYPE_MANAGEMENT 0
|
|
|
|
#define AIRPDCAP_TYPE_CONTROL 1
|
2006-12-27 23:05:55 +00:00
|
|
|
#define AIRPDCAP_TYPE_DATA 2
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Min length of encrypted data (TKIP=25bytes, CCMP=21bytes) */
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_CRYPTED_DATA_MINLEN 21
|
|
|
|
|
|
|
|
#define AIRPDCAP_TA_OFFSET 10
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* */
|
|
|
|
/****************************************************************************/
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
/* Macro definitions */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Macros to get various bits of a 802.11 control frame
|
|
|
|
*/
|
|
|
|
#define AIRPDCAP_TYPE(FrameControl_0) (UINT8)((FrameControl_0 >> 2) & 0x3)
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_SUBTYPE(FrameControl_0) (UINT8)((FrameControl_0 >> 4) & 0xF)
|
2007-05-20 22:40:35 +00:00
|
|
|
#define AIRPDCAP_DS_BITS(FrameControl_1) (UINT8)(FrameControl_1 & 0x3)
|
2007-01-01 20:07:23 +00:00
|
|
|
#define AIRPDCAP_TO_DS(FrameControl_1) (UINT8)(FrameControl_1 & 0x1)
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_FROM_DS(FrameControl_1) (UINT8)((FrameControl_1 >> 1) & 0x1)
|
2007-01-01 20:07:23 +00:00
|
|
|
#define AIRPDCAP_WEP(FrameControl_1) (UINT8)((FrameControl_1 >> 6) & 0x1)
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the Key ID from the Initialization Vector (last byte)
|
|
|
|
*/
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_EXTIV(KeyID) ((KeyID >> 5) & 0x1)
|
|
|
|
|
2010-08-29 10:47:38 +00:00
|
|
|
#define AIRPDCAP_KEY_INDEX(KeyID) ((KeyID >> 6) & 0x3) /** Used to determine TKIP group key from unicast (group = 1, unicast = 0) */
|
Add WPA group key decryption from Brian Stormont, via bug 1420:
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
2008-07-30 22:32:21 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Macros to get various bits of an EAPOL frame */
|
2006-12-05 21:06:09 +00:00
|
|
|
#define AIRPDCAP_EAP_KEY_DESCR_VER(KeyInfo_1) ((UCHAR)(KeyInfo_1 & 0x3))
|
2007-01-01 20:07:23 +00:00
|
|
|
#define AIRPDCAP_EAP_KEY(KeyInfo_1) ((KeyInfo_1 >> 3) & 0x1)
|
|
|
|
#define AIRPDCAP_EAP_INST(KeyInfo_1) ((KeyInfo_1 >> 6) & 0x1)
|
|
|
|
#define AIRPDCAP_EAP_ACK(KeyInfo_1) ((KeyInfo_1 >> 7) & 0x1)
|
|
|
|
#define AIRPDCAP_EAP_MIC(KeyInfo_0) (KeyInfo_0 & 0x1)
|
|
|
|
#define AIRPDCAP_EAP_SEC(KeyInfo_0) ((KeyInfo_0 >> 1) & 0x1)
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Note: copied from net80211/ieee80211_airpdcap_tkip.c */
|
2006-12-05 21:06:09 +00:00
|
|
|
#define S_SWAP(a,b) { UINT8 t = S[a]; S[a] = S[b]; S[b] = t; }
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
|
|
|
|
/****************************************************************************/
|
|
|
|
/* Structure definitions */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - According to the thread at
|
|
|
|
* http://www.wireshark.org/lists/wireshark-dev/200612/msg00384.html we
|
|
|
|
* shouldn't have to worry about packing our structs, since the largest
|
|
|
|
* elements are 8 bits wide.
|
|
|
|
*/
|
|
|
|
#ifdef _MSC_VER /* MS Visual C++ */
|
2006-12-05 21:06:09 +00:00
|
|
|
#pragma pack(push)
|
|
|
|
#pragma pack(1)
|
2007-01-01 20:07:23 +00:00
|
|
|
#endif
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (without the address 4) */
|
2006-12-05 21:06:09 +00:00
|
|
|
typedef struct _AIRPDCAP_MAC_FRAME {
|
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
|
|
|
UCHAR addr1[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr2[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr3[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR seq[2];
|
|
|
|
} AIRPDCAP_MAC_FRAME, *PAIRPDCAP_MAC_FRAME;
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (with the address 4) */
|
2006-12-05 21:06:09 +00:00
|
|
|
typedef struct _AIRPDCAP_MAC_FRAME_ADDR4 {
|
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
|
|
|
UCHAR addr1[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr2[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr3[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR seq[2];
|
|
|
|
UCHAR addr4[AIRPDCAP_MAC_LEN];
|
|
|
|
} AIRPDCAP_MAC_FRAME_ADDR4, *PAIRPDCAP_MAC_FRAME_ADDR4;
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (without the address 4, with QOS) */
|
2006-12-05 21:06:09 +00:00
|
|
|
typedef struct _AIRPDCAP_MAC_FRAME_QOS {
|
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
|
|
|
UCHAR addr1[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr2[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr3[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR seq[2];
|
|
|
|
UCHAR qos[2];
|
|
|
|
} AIRPDCAP_MAC_FRAME_QOS, *PAIRPDCAP_MAC_FRAME_QOS;
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (with the address 4 and QOS) */
|
2006-12-05 21:06:09 +00:00
|
|
|
typedef struct _AIRPDCAP_MAC_FRAME_ADDR4_QOS {
|
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
|
|
|
UCHAR addr1[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr2[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR addr3[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR seq[2];
|
|
|
|
UCHAR addr4[AIRPDCAP_MAC_LEN];
|
|
|
|
UCHAR qos[2];
|
|
|
|
} AIRPDCAP_MAC_FRAME_ADDR4_QOS, *PAIRPDCAP_MAC_FRAME_ADDR4_QOS;
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
#ifdef _MSC_VER /* MS Visual C++ */
|
2006-12-05 21:06:09 +00:00
|
|
|
#pragma pack(pop)
|
2007-01-01 20:07:23 +00:00
|
|
|
#endif
|
|
|
|
|
2006-12-05 21:06:09 +00:00
|
|
|
/******************************************************************************/
|
|
|
|
|
2006-12-27 23:05:55 +00:00
|
|
|
#endif
|