wireshark/epan/crypt/airpdcap_debug.h

/* airpcap_debug.h
 *
 * $Id$
 *
 * Copyright (c) 2006 CACE Technologies, Davis (California)
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the project nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * Alternatively, this software may be distributed under the terms of the
 * GNU General Public License ("GPL") version 2 as published by the Free
 * Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef	_AIRPDCAP_DEBUG_H
#define	_AIRPDCAP_DEBUG_H

#include "airpdcap_interop.h"

void print_debug_line(CHAR *function, CHAR *msg, INT level);

#ifdef	_DEBUG
#ifdef	__FUNCTION__
#define	AIRPDCAP_DEBUG_PRINT_LINE(notdefined, msg, level) print_debug_line(__FUNCTION__, msg, level);
#else
#define	AIRPDCAP_DEBUG_PRINT_LINE(function, msg, level) print_debug_line(function, msg, level);
#endif
#else
#ifdef	__FUNCTION__
#define	AIRPDCAP_DEBUG_PRINT_LINE(notdefined, msg, level)
#else
#define	AIRPDCAP_DEBUG_PRINT_LINE(function, msg, level)
#endif
#endif

/******************************************************************************/
/* Debug section: internal function to print debug information						*/
/*																										*/
#ifdef	_DEBUG
#include "stdio.h"
#include <time.h>

/*	Debug level definition																		*/
#define	AIRPDCAP_DEBUG_LEVEL_1	1
#define	AIRPDCAP_DEBUG_LEVEL_2	2
#define	AIRPDCAP_DEBUG_LEVEL_3	3
#define	AIRPDCAP_DEBUG_LEVEL_4	4
#define	AIRPDCAP_DEBUG_LEVEL_5	5

#define	AIRPDCAP_DEBUG_USED_LEVEL	AIRPDCAP_DEBUG_LEVEL_3

#ifdef	_TRACE
#ifdef	__FUNCTION__
#define	AIRPDCAP_DEBUG_TRACE_START(notdefined) print_debug_line(__FUNCTION__, "Start!", AIRPDCAP_DEBUG_USED_LEVEL);
#define	AIRPDCAP_DEBUG_TRACE_END(notdefined) print_debug_line(__FUNCTION__, "End!", AIRPDCAP_DEBUG_USED_LEVEL);
#else
#define	AIRPDCAP_DEBUG_TRACE_START(function) print_debug_line(function, "Start!", AIRPDCAP_DEBUG_USED_LEVEL);
#define	AIRPDCAP_DEBUG_TRACE_END(function) print_debug_line(function, "End!", AIRPDCAP_DEBUG_USED_LEVEL);
#endif
#else
#ifdef	__FUNCTION__
#define	AIRPDCAP_DEBUG_TRACE_START(notdefined)
#define	AIRPDCAP_DEBUG_TRACE_END(notdefined)
#else
#define	AIRPDCAP_DEBUG_TRACE_START(function)
#define	AIRPDCAP_DEBUG_TRACE_END(function)
#endif
#endif

#define DEBUG_DUMP(x,y,z) g_warning("%s: %s", x, bytes_to_str(y, (z)))

#else	/* !defined _DEBUG	*/

#define	AIRPDCAP_DEBUG_LEVEL_1
#define	AIRPDCAP_DEBUG_LEVEL_2
#define	AIRPDCAP_DEBUG_LEVEL_3
#define	AIRPDCAP_DEBUG_LEVEL_4
#define	AIRPDCAP_DEBUG_LEVEL_5

#define	AIRPDCAP_DEBUG_TRACE_START(function)
#define	AIRPDCAP_DEBUG_TRACE_END(function)

#define DEBUG_DUMP(x,y,z)

#endif	/* ?defined _DEBUG	*/


#endif	/* ?defined _AIRPDCAP_DEBUG_H	*/
Add copyright attributions and licenses. License each derived work according to its pedigree. svn path=/trunk/; revision=20401 2007-01-12 00:54:13 +00:00			`/* airpcap_debug.h`
			`*`
			`* $Id$`
			`*`
			`* Copyright (c) 2006 CACE Technologies, Davis (California)`
			`* All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions`
			`* are met:`
			`* 1. Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* 2. Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`* 3. Neither the name of the project nor the names of its contributors`
			`* may be used to endorse or promote products derived from this software`
			`* without specific prior written permission.`
			`*`
Change the BSD-licensed written by CACE to BSD+GPL. svn path=/trunk/; revision=24599 2008-03-10 17:20:15 +00:00			`* Alternatively, this software may be distributed under the terms of the`
			`* GNU General Public License ("GPL") version 2 as published by the Free`
			`* Software Foundation.`
			`*`
Add copyright attributions and licenses. License each derived work according to its pedigree. svn path=/trunk/; revision=20401 2007-01-12 00:54:13 +00:00			* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE`
			`* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`* SUCH DAMAGE.`
			`*/`

Add AirPDcap files. svn path=/trunk/; revision=20052 2006-12-05 21:06:09 +00:00			`#ifndef _AIRPDCAP_DEBUG_H`
			`#define _AIRPDCAP_DEBUG_H`

			`#include "airpdcap_interop.h"`

			`void print_debug_line(CHAR function, CHAR msg, INT level);`

			`#ifdef _DEBUG`
			`#ifdef __FUNCTION__`
			`#define AIRPDCAP_DEBUG_PRINT_LINE(notdefined, msg, level) print_debug_line(__FUNCTION__, msg, level);`
			`#else`
			`#define AIRPDCAP_DEBUG_PRINT_LINE(function, msg, level) print_debug_line(function, msg, level);`
			`#endif`
			`#else`
			`#ifdef __FUNCTION__`
			`#define AIRPDCAP_DEBUG_PRINT_LINE(notdefined, msg, level)`
			`#else`
			`#define AIRPDCAP_DEBUG_PRINT_LINE(function, msg, level)`
			`#endif`
			`#endif`

			`/******************************************************************************/`
			`/* Debug section: internal function to print debug information */`
			`/* */`
			`#ifdef _DEBUG`
			`#include "stdio.h"`
			`#include <time.h>`

			`/* Debug level definition */`
			`#define AIRPDCAP_DEBUG_LEVEL_1 1`
			`#define AIRPDCAP_DEBUG_LEVEL_2 2`
			`#define AIRPDCAP_DEBUG_LEVEL_3 3`
			`#define AIRPDCAP_DEBUG_LEVEL_4 4`
			`#define AIRPDCAP_DEBUG_LEVEL_5 5`

			`#define AIRPDCAP_DEBUG_USED_LEVEL AIRPDCAP_DEBUG_LEVEL_3`

			`#ifdef _TRACE`
			`#ifdef __FUNCTION__`
			`#define AIRPDCAP_DEBUG_TRACE_START(notdefined) print_debug_line(__FUNCTION__, "Start!", AIRPDCAP_DEBUG_USED_LEVEL);`
			`#define AIRPDCAP_DEBUG_TRACE_END(notdefined) print_debug_line(__FUNCTION__, "End!", AIRPDCAP_DEBUG_USED_LEVEL);`
			`#else`
			`#define AIRPDCAP_DEBUG_TRACE_START(function) print_debug_line(function, "Start!", AIRPDCAP_DEBUG_USED_LEVEL);`
			`#define AIRPDCAP_DEBUG_TRACE_END(function) print_debug_line(function, "End!", AIRPDCAP_DEBUG_USED_LEVEL);`
			`#endif`
			`#else`
			`#ifdef __FUNCTION__`
			`#define AIRPDCAP_DEBUG_TRACE_START(notdefined)`
			`#define AIRPDCAP_DEBUG_TRACE_END(notdefined)`
			`#else`
			`#define AIRPDCAP_DEBUG_TRACE_START(function)`
			`#define AIRPDCAP_DEBUG_TRACE_END(function)`
			`#endif`
			`#endif`

Add WPA group key decryption from Brian Stormont, via bug 1420: Although this patch successfully recognizes group keys and decrypts packets properly using the group key, there is a limitation. If an AP is using key rotation, clicking on individual packets in a trace may not properly decrypt a packet encrypted with a group key. This is because the current structure used in Wireshark only supports one active unicast and one active group key. If a new key has been seen, but you are looking at a packet encrypted with an older key, it will not decrypt. The summary lines, however, do show the packets properly decrypted. I've written up a much longer and more detailed explanation in a comment in the code, along with a proposed idea for a solution, plus a clunky work-around in the GUI when using the current code. I also suspect there might still be a problem with decrypting TKIP groups keys that are sent using WPA2 authentication. In the most common operation, if you are using WPA2, you'll also be using AES keys. It's not a common AP configuration to use WPA2 with TKIP. In fact, most APs don't seem to support it. Since it is an uncommon setup, I haven't put aside the time to test this patch against such an AP. I do have access to an AP that supports this, so when I have the time I'll test it and if needed, will submit another patch to handle that odd-ball condition. From me: Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated in the comments). Preserve the GPL licensing text in several files (which the patch shouldn't have removed). Remove changes that added whitespace. Convert C++-style comments to C-style. Update to include recent SVN changes (e.g. renaming variables named "index"). Remove extraneous printf's. Define DEBUG_DUMP in airpdcap_debug.h. Comment out some instances of DEBUG_DUMP. Change malloc/free to g_malloc/g_free. Use g_memdup instead of allocating and copying. Use gint16 instead of INT16 in airpdcap_rijndael.c. Add Brian to AUTHORS. svn path=/trunk/; revision=25879 2008-07-30 22:32:21 +00:00			`#define DEBUG_DUMP(x,y,z) g_warning("%s: %s", x, bytes_to_str(y, (z)))`

Add AirPDcap files. svn path=/trunk/; revision=20052 2006-12-05 21:06:09 +00:00			`#else /* !defined _DEBUG */`

			`#define AIRPDCAP_DEBUG_LEVEL_1`
			`#define AIRPDCAP_DEBUG_LEVEL_2`
			`#define AIRPDCAP_DEBUG_LEVEL_3`
			`#define AIRPDCAP_DEBUG_LEVEL_4`
			`#define AIRPDCAP_DEBUG_LEVEL_5`

			`#define AIRPDCAP_DEBUG_TRACE_START(function)`
			`#define AIRPDCAP_DEBUG_TRACE_END(function)`

Add WPA group key decryption from Brian Stormont, via bug 1420: Although this patch successfully recognizes group keys and decrypts packets properly using the group key, there is a limitation. If an AP is using key rotation, clicking on individual packets in a trace may not properly decrypt a packet encrypted with a group key. This is because the current structure used in Wireshark only supports one active unicast and one active group key. If a new key has been seen, but you are looking at a packet encrypted with an older key, it will not decrypt. The summary lines, however, do show the packets properly decrypted. I've written up a much longer and more detailed explanation in a comment in the code, along with a proposed idea for a solution, plus a clunky work-around in the GUI when using the current code. I also suspect there might still be a problem with decrypting TKIP groups keys that are sent using WPA2 authentication. In the most common operation, if you are using WPA2, you'll also be using AES keys. It's not a common AP configuration to use WPA2 with TKIP. In fact, most APs don't seem to support it. Since it is an uncommon setup, I haven't put aside the time to test this patch against such an AP. I do have access to an AP that supports this, so when I have the time I'll test it and if needed, will submit another patch to handle that odd-ball condition. From me: Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated in the comments). Preserve the GPL licensing text in several files (which the patch shouldn't have removed). Remove changes that added whitespace. Convert C++-style comments to C-style. Update to include recent SVN changes (e.g. renaming variables named "index"). Remove extraneous printf's. Define DEBUG_DUMP in airpdcap_debug.h. Comment out some instances of DEBUG_DUMP. Change malloc/free to g_malloc/g_free. Use g_memdup instead of allocating and copying. Use gint16 instead of INT16 in airpdcap_rijndael.c. Add Brian to AUTHORS. svn path=/trunk/; revision=25879 2008-07-30 22:32:21 +00:00			`#define DEBUG_DUMP(x,y,z)`

Add AirPDcap files. svn path=/trunk/; revision=20052 2006-12-05 21:06:09 +00:00			`#endif /* ?defined _DEBUG */`


Prepare to move the airpdcap code to epan/crypt (SVN won't let me actually move the files until these changes are checked in). Add an AC_DEFINE for airpdcap (which will be removed once the changes have settled). Update the airpdcap code to compile on non-Windows systems. Fix up comments and whitespace to conform more closely to the rest of the code base. Verified to compile under Windows and OS X. svn path=/trunk/; revision=20227 2006-12-27 23:05:55 +00:00			`#endif /* ?defined _AIRPDCAP_DEBUG_H */`