2007-01-12 00:54:13 +00:00
|
|
|
/* airpcap_int.h
|
|
|
|
*
|
|
|
|
* Copyright (c) 2006 CACE Technologies, Davis (California)
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
2018-03-08 14:53:58 +00:00
|
|
|
* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only)
|
2007-01-12 00:54:13 +00:00
|
|
|
*/
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#ifndef _DOT11DECRYPT_INT_H
|
|
|
|
#define _DOT11DECRYPT_INT_H
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
/* File includes */
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#include "dot11decrypt_interop.h"
|
|
|
|
#include "dot11decrypt_system.h"
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2020-03-08 11:40:20 +00:00
|
|
|
#include "ws_attributes.h"
|
|
|
|
#include <wsutil/wsgcrypt.h>
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
|
|
|
|
/****************************************************************************/
|
|
|
|
/* Definitions */
|
|
|
|
|
|
|
|
/* IEEE 802.11 packet type values */
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_TYPE_MANAGEMENT 0
|
|
|
|
#define DOT11DECRYPT_TYPE_CONTROL 1
|
|
|
|
#define DOT11DECRYPT_TYPE_DATA 2
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2016-01-11 13:37:09 +00:00
|
|
|
/* IEEE 802.11 packet subtype values */
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_SUBTYPE_ASSOC_REQ 0
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_ASSOC_RESP 1
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_REASSOC_REQ 2
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_REASSOC_RESP 3
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_PROBE_REQ 4
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_PROBE_RESP 5
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_MEASUREMENT_PILOT 6
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_BEACON 8
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_ATIM 9
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_DISASS 10
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_AUTHENTICATION 11
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_DEAUTHENTICATION 12
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_ACTION 13
|
|
|
|
#define DOT11DECRYPT_SUBTYPE_ACTION_NO_ACK 14
|
2016-01-11 13:37:09 +00:00
|
|
|
|
2018-06-12 21:30:50 +00:00
|
|
|
/*
|
|
|
|
* Min length of encrypted data (TKIP=21bytes, CCMP=17bytes)
|
|
|
|
* CCMP = 8 octets of CCMP header, 1 octet of data, 8 octets of MIC.
|
|
|
|
* TKIP = 4 octets of IV/Key ID, 4 octets of Extended IV, 1 octet of data,
|
|
|
|
* 8 octets of MIC, 4 octets of ICV
|
|
|
|
*/
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_CRYPTED_DATA_MINLEN 17
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_TA_OFFSET 10
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* */
|
|
|
|
/****************************************************************************/
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
/* Macro definitions */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Macros to get various bits of a 802.11 control frame
|
|
|
|
*/
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_TYPE(FrameControl_0) (UINT8)((FrameControl_0 >> 2) & 0x3)
|
|
|
|
#define DOT11DECRYPT_SUBTYPE(FrameControl_0) (UINT8)((FrameControl_0 >> 4) & 0xF)
|
|
|
|
#define DOT11DECRYPT_DS_BITS(FrameControl_1) (UINT8)(FrameControl_1 & 0x3)
|
|
|
|
#define DOT11DECRYPT_TO_DS(FrameControl_1) (UINT8)(FrameControl_1 & 0x1)
|
|
|
|
#define DOT11DECRYPT_FROM_DS(FrameControl_1) (UINT8)((FrameControl_1 >> 1) & 0x1)
|
|
|
|
#define DOT11DECRYPT_WEP(FrameControl_1) (UINT8)((FrameControl_1 >> 6) & 0x1)
|
2007-01-01 20:07:23 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the Key ID from the Initialization Vector (last byte)
|
|
|
|
*/
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_EXTIV(KeyID) ((KeyID >> 5) & 0x1)
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_KEY_INDEX(KeyID) ((KeyID >> 6) & 0x3) /** Used to determine TKIP group key from unicast (group = 1, unicast = 0) */
|
Add WPA group key decryption from Brian Stormont, via bug 1420:
Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
2008-07-30 22:32:21 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Macros to get various bits of an EAPOL frame */
|
2018-02-23 17:43:29 +00:00
|
|
|
#define DOT11DECRYPT_EAP_KEY_DESCR_VER(KeyInfo_1) ((UCHAR)(KeyInfo_1 & 0x3))
|
|
|
|
#define DOT11DECRYPT_EAP_KEY(KeyInfo_1) ((KeyInfo_1 >> 3) & 0x1)
|
|
|
|
#define DOT11DECRYPT_EAP_INST(KeyInfo_1) ((KeyInfo_1 >> 6) & 0x1)
|
|
|
|
#define DOT11DECRYPT_EAP_ACK(KeyInfo_1) ((KeyInfo_1 >> 7) & 0x1)
|
|
|
|
#define DOT11DECRYPT_EAP_MIC(KeyInfo_0) (KeyInfo_0 & 0x1)
|
|
|
|
#define DOT11DECRYPT_EAP_SEC(KeyInfo_0) ((KeyInfo_0 >> 1) & 0x1)
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2020-03-08 19:20:30 +00:00
|
|
|
/* Note: copied from net80211/ieee80211.h */
|
|
|
|
#define DOT11DECRYPT_FC1_DIR_MASK 0x03
|
|
|
|
#define DOT11DECRYPT_FC1_DIR_DSTODS 0x03 /* AP ->AP */
|
|
|
|
#define DOT11DECRYPT_FC0_SUBTYPE_QOS 0x80
|
|
|
|
#define DOT11DECRYPT_FC0_TYPE_DATA 0x08
|
|
|
|
#define DOT11DECRYPT_FC0_TYPE_MASK 0x0c
|
|
|
|
#define DOT11DECRYPT_SEQ_FRAG_MASK 0x000f
|
|
|
|
#define DOT11DECRYPT_QOS_HAS_SEQ(wh) \
|
|
|
|
(((wh)->fc[0] & \
|
|
|
|
(DOT11DECRYPT_FC0_TYPE_MASK | DOT11DECRYPT_FC0_SUBTYPE_QOS)) == \
|
|
|
|
(DOT11DECRYPT_FC0_TYPE_DATA | DOT11DECRYPT_FC0_SUBTYPE_QOS))
|
|
|
|
|
|
|
|
#define DOT11DECRYPT_ADDR_COPY(dst,src) memcpy(dst, src, DOT11DECRYPT_MAC_LEN)
|
|
|
|
|
|
|
|
#define DOT11DECRYPT_IS_4ADDRESS(wh) \
|
|
|
|
((wh->fc[1] & DOT11DECRYPT_FC1_DIR_MASK) == DOT11DECRYPT_FC1_DIR_DSTODS)
|
|
|
|
#define DOT11DECRYPT_IS_QOS_DATA(wh) DOT11DECRYPT_QOS_HAS_SEQ(wh)
|
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/****************************************************************************/
|
|
|
|
|
|
|
|
/****************************************************************************/
|
|
|
|
/* Structure definitions */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - According to the thread at
|
2019-07-26 18:43:17 +00:00
|
|
|
* https://www.wireshark.org/lists/wireshark-dev/200612/msg00384.html we
|
2007-01-01 20:07:23 +00:00
|
|
|
* shouldn't have to worry about packing our structs, since the largest
|
|
|
|
* elements are 8 bits wide.
|
|
|
|
*/
|
|
|
|
#ifdef _MSC_VER /* MS Visual C++ */
|
2006-12-05 21:06:09 +00:00
|
|
|
#pragma pack(push)
|
|
|
|
#pragma pack(1)
|
2007-01-01 20:07:23 +00:00
|
|
|
#endif
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (without the address 4) */
|
2018-02-23 17:43:29 +00:00
|
|
|
typedef struct _DOT11DECRYPT_MAC_FRAME {
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr1[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr2[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr3[DOT11DECRYPT_MAC_LEN];
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR seq[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
} DOT11DECRYPT_MAC_FRAME, *PDOT11DECRYPT_MAC_FRAME;
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (with the address 4) */
|
2018-02-23 17:43:29 +00:00
|
|
|
typedef struct _DOT11DECRYPT_MAC_FRAME_ADDR4 {
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr1[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr2[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr3[DOT11DECRYPT_MAC_LEN];
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR seq[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr4[DOT11DECRYPT_MAC_LEN];
|
|
|
|
} DOT11DECRYPT_MAC_FRAME_ADDR4, *PDOT11DECRYPT_MAC_FRAME_ADDR4;
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (without the address 4, with QOS) */
|
2018-02-23 17:43:29 +00:00
|
|
|
typedef struct _DOT11DECRYPT_MAC_FRAME_QOS {
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr1[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr2[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr3[DOT11DECRYPT_MAC_LEN];
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR seq[2];
|
|
|
|
UCHAR qos[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
} DOT11DECRYPT_MAC_FRAME_QOS, *PDOT11DECRYPT_MAC_FRAME_QOS;
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
/* Definition of IEEE 802.11 frame (with the address 4 and QOS) */
|
2018-02-23 17:43:29 +00:00
|
|
|
typedef struct _DOT11DECRYPT_MAC_FRAME_ADDR4_QOS {
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR fc[2];
|
|
|
|
UCHAR dur[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr1[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr2[DOT11DECRYPT_MAC_LEN];
|
|
|
|
UCHAR addr3[DOT11DECRYPT_MAC_LEN];
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR seq[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
UCHAR addr4[DOT11DECRYPT_MAC_LEN];
|
2006-12-05 21:06:09 +00:00
|
|
|
UCHAR qos[2];
|
2018-02-23 17:43:29 +00:00
|
|
|
} DOT11DECRYPT_MAC_FRAME_ADDR4_QOS, *PDOT11DECRYPT_MAC_FRAME_ADDR4_QOS;
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-01 20:07:23 +00:00
|
|
|
#ifdef _MSC_VER /* MS Visual C++ */
|
2006-12-05 21:06:09 +00:00
|
|
|
#pragma pack(pop)
|
2007-01-01 20:07:23 +00:00
|
|
|
#endif
|
|
|
|
|
2006-12-05 21:06:09 +00:00
|
|
|
/******************************************************************************/
|
|
|
|
|
2020-03-08 11:40:20 +00:00
|
|
|
int Dot11DecryptCcmpDecrypt(
|
|
|
|
guint8 *m,
|
|
|
|
int mac_header_len,
|
|
|
|
int len,
|
|
|
|
guint8 *TK1,
|
|
|
|
int tk_len,
|
|
|
|
int mic_len);
|
|
|
|
|
|
|
|
#if GCRYPT_VERSION_NUMBER >= 0x010600 /* 1.6.0 */
|
|
|
|
int Dot11DecryptGcmpDecrypt(
|
|
|
|
guint8 *m,
|
|
|
|
int mac_header_len,
|
|
|
|
int len,
|
|
|
|
guint8 *TK1,
|
|
|
|
int tk_len);
|
|
|
|
#else
|
|
|
|
static inline int Dot11DecryptGcmpDecrypt(
|
|
|
|
guint8 *m _U_,
|
|
|
|
int mac_header_len _U_,
|
|
|
|
int len _U_,
|
|
|
|
guint8 *TK1 _U_,
|
|
|
|
int tk_len _U_)
|
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
INT Dot11DecryptTkipDecrypt(
|
|
|
|
UCHAR *tkip_mpdu,
|
|
|
|
size_t mpdu_len,
|
|
|
|
UCHAR TA[DOT11DECRYPT_MAC_LEN],
|
|
|
|
UCHAR TK[DOT11DECRYPT_TK_LEN])
|
|
|
|
;
|
|
|
|
|
2006-12-27 23:05:55 +00:00
|
|
|
#endif
|