1 /*
2  * Reaver - Common definitions
3  * Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
4  *
5  *  This program is free software; you can redistribute it and/or modify
6  *  it under the terms of the GNU General Public License as published by
7  *  the Free Software Foundation; either version 2 of the License, or
8  *  (at your option) any later version.
9  *
10  *  This program is distributed in the hope that it will be useful,
11  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  *  GNU General Public License for more details.
14  *
15  *  You should have received a copy of the GNU General Public License
16  *  along with this program; if not, write to the Free Software
17  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18  *
19  *
20  *  In addition, as a special exception, the copyright holders give
21  *  permission to link the code of portions of this program with the
22  *  OpenSSL library under certain conditions as described in each
23  *  individual source file, and distribute linked combinations
24  *  including the two.
25  *  You must obey the GNU General Public License in all respects
26  *  for all of the code used other than OpenSSL. *  If you modify
27  *  file(s) with this exception, you may extend this exception to your
28  *  version of the file(s), but you are not obligated to do so. *  If you
29  *  do not wish to do so, delete this exception statement from your
30  *  version. *  If you delete this exception statement from all source
31  *  files in the program, then also delete it here.
32  */
33 
34 #ifndef DEFS_H
35 #define DEFS_H
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <stdint.h>
40 #include <unistd.h>
41 #include <string.h>
42 #include <time.h>
43 #include <pcap.h>
44 #include "utils/endianness.h"
45 
46 #include "wps.h"
47 #include "cprintf.h"
48 
49 #define NULL_MAC		"\x00\x00\x00\x00\x00\x00"
50 #define DEFAULT_MAX_NUM_PROBES	15
51 #define MAX_ASSOC_FAILURES	10
52 
53 #define TIMESTAMP_LEN		8
54 #define MAC_ADDR_LEN    	6
55 #define SSID_TAG_NUMBER		0
56 #define RATES_TAG_NUMBER	1
57 #define CHANNEL_TAG_NUMBER	3
58 #define WPS_TAG_NUMBER		0xDD
59 #define VENDOR_SPECIFIC_TAG	0xDD
60 #define RSN_TAG_NUMBER		0x30
61 #define HT_CAPS_TAG_NUMBER	0x2d
62 
63 #define CAPABILITY_WEP		0x10
64 
65 #define WPA_IE_ID               "\x00\x50\xF2\x01\x01\x00"
66 #define WPA_IE_ID_LEN           6
67 
68 #define MANAGEMENT_FRAME	0x00
69 #define SUBTYPE_BEACON		0x08
70 
71 #define DOT1X_AUTHENTICATION	0x888E
72 #define DOT1X_EAP_PACKET	0x00
73 
74 #define SIMPLE_CONFIG		0x00000001
75 
76 #define P1_SIZE			10000
77 #define P2_SIZE			1000
78 
79 #define EAPOL_START_MAX_TRIES	10
80 #define WARN_FAILURE_COUNT	10
81 
82 #define EAPOL_START		1
83 #define EAP_IDENTITY 		0x01
84 #define EAP_EXPANDED            0xFE
85 
86 #define M57_DEFAULT_TIMEOUT     400000          /* uSeconds */
87 #define M57_MAX_TIMEOUT         1000000         /* uSeconds */
88 #define DEFAULT_DELAY           1               /* Seconds */
89 #define DEFAULT_TIMEOUT         10               /* Seconds */
90 #define DEFAULT_LOCK_DELAY      60              /* Seconds */
91 #define SEC_TO_US               1000000         /* uSeconds in a Second */
92 
93 #define WPS_DEVICE_NAME		"Glau"
94 #define WPS_MANUFACTURER	"Microsoft"
95 #define WPS_MODEL_NAME		"Windows"
96 #define WPS_MODEL_NUMBER	"6.1.7601"
97 #define WPS_DEVICE_TYPE		"\x00\x01\x00\x50\xF2\x04\x00\x01"
98 #define WPS_OS_VERSION		"\x01\x00\x06\x00"
99 #define WPS_RF_BANDS		0x01
100 
101 enum encryption_type
102 {
103         NONE,
104         WEP,
105         WPA
106 };
107 
108 enum key_state
109 {
110 	KEY1_WIP = 0,
111 	KEY2_WIP = 1,
112 	KEY_DONE = 2
113 };
114 
115 enum eap_codes
116 {
117 	EAP_REQUEST = 1,
118 	EAP_RESPONSE = 2,
119 	EAP_SUCCESS = 3,
120 	EAP_FAILURE = 4
121 };
122 
123 enum wps_result
124 {
125 	KEY_ACCEPTED = 0,
126 	KEY_REJECTED = 1,
127 	RX_TIMEOUT = 2,
128 	EAP_FAIL = 3,
129 	UNKNOWN_ERROR = 4
130 };
131 
132 enum nack_code
133 {
134 	NO_NACK = -1,
135 	NO_ERROR = 0,
136 	OOB_RRAD_ERROR = 1,
137 	CRC_FAILURE = 2,
138 	CHANNEL_24_NS = 3,
139 	CHANNEL_50_NS = 4,
140 	WEAK_SIGNAL = 5,
141 	NET_AUTH_FAILURE = 6,
142 	NET_ASSOCIATION_FAILURE = 7,
143 	NO_DHCP_RESPONSE = 8,
144 	FAILED_DHCP_CONFIG = 9,
145 	IP_ADDR_CONFLICT = 10,
146 	REGISTRAR_CONNECT_FAILURE = 11,
147 	MULTIPLE_PBC = 12,
148 	ROGUE_ACTIVITY = 13,
149 	DEVICE_BUSY = 14,
150 	SETUP_LOCKED = 15,
151 	MESSAGE_TIMEOUT = 16,
152 	REGISTRATION_TIMEOUT = 17,
153 	AUTH_FAILURE = 18
154 };
155 
156 enum wps_type
157 {
158 	TERMINATE = -1,
159 	UNKNOWN = 0,
160 	IDENTITY_REQUEST = 1,
161 	IDENTITY_RESPONSE = 2,
162 	M1 = 0x04,
163         M2 = 0x05,
164         M3 = 0x07,
165         M4 = 0x08,
166         M5 = 0x09,
167         M6 = 0x0A,
168         M7 = 0x0B,
169         M8 = 0x0C,
170         DONE = 0x0F,
171         NACK = 0x0E,
172         WPS_PT_DEAUTH = 0xFF
173 };
174 
175 enum wfa_elements
176 {
177 	AP_CHANNEL = 0x1001,
178 	ASSOCIATION_STATE = 0x1002,
179 	AUTHENTICATION_TYPE = 0x1003,
180 	AUTHENTICATION_TYPE_FLAGS = 0x1004,
181 	AUTHENTICATOR = 0x1005,
182 	CONFIG_METHODS = 0x1008,
183 	CONFIGURATION_ERROR = 0x1009,
184 	CONFIRMATION_URL_4 = 0x100A,
185 	CONFIRMATION_URL_6 = 0x100B,
186 	CONNECTION_TYPE = 0x100C,
187 	CONNECTION_TYPE_FLAGS = 0x100D,
188 	CREDENTIAL = 0x100E,
189 	DEVICE_NAME = 0x1011,
190 	DEVICE_PASSWORD_ID = 0x1012,
191 	ENROLLEE_HASH_1 = 0x1014,
192 	ENROLLEE_HASH_2 = 0x1015,
193 	ENROLLEE_SNONCE_1 = 0x1016,
194 	ENROLLEE_SNONCE_2 = 0x1017,
195 	ENCRYPTED_SETTINGS = 0x1018,
196 	ENCRYPTION_TYPE = 0x100F,
197 	ENCRYPTION_TYPE_FLAGS = 0x1010,
198 	ENROLLEE_NONCE = 0x101A,
199 	FEATURE_ID = 0x101B,
200 	IDENTITY = 0x101C,
201 	IDENTITY_PROOF = 0x101D,
202 	KEY_WRAP_AUTHENTICATOR = 0x101E,
203 	KEY_IDENTIFIER = 0x101F,
204 	MAC_ADDRESS = 0x1020,
205 	MANUFACTURER = 0x1021,
206 	MESSAGE_TYPE = 0x1022,
207 	MODEL_NAME = 0x1023,
208 	MODEL_NUMBER = 0x1024,
209 	NETWORK_INDEX = 0x1026,
210 	NETWORK_KEY = 0x1027,
211 	NETWORK_KEY_INDEX = 0x1028,
212 	NEW_DEVICE_NAME = 0x1029,
213 	NEW_PASSWORD = 0x102A,
214 	OOB_DEVICE_PASSWORD = 0x102C,
215 	OS_VERSION = 0x102D,
216 	POWER_LEVEL = 0x102F,
217 	PSK_CURRENT = 0x1030,
218 	PSK_MAX = 0x1031,
219 	PUBLIC_KEY = 0x1032,
220 	RADIO_ENABLED = 0x1033,
221 	REBOOT = 0x1034,
222 	REGISTRAR_CURRENT = 0x1035,
223 	REGISTRAR_ESTABLISHED = 0x1036,
224 	REGISTRAR_LIST = 0x1037,
225 	REGISTRAR_MAX = 0x1038,
226 	REGISTRAR_NONCE = 0x1039,
227 	REQUEST_TYPE = 0x103A,
228 	RESPONSE_TYPE = 0x103B,
229 	RF_BANDS = 0x103C,
230 	REGISTRAR_HASH_1 = 0x103D,
231 	REGISTRAR_HASH_2 = 0x103E,
232 	REGISTRAR_SNONCE_1 = 0x103F,
233 	REGISTRAR_SNONCE_2 = 0x1040,
234 	SELECTED_REGISTRAR = 0x1041,
235 	SERIAL_NUMBER = 0x1042,
236 	WPS_STATE = 0x1044,
237 	SSID = 0x1045,
238 	TOTAL_NETWORKS = 0x1046,
239 	ENROLLEE_UUID = 0x1047,
240 	REGISTRAR_UUID = 0x1048,
241 	VENDOR_EXTENSION = 0x1049,
242 	VERSION = 0x104A,
243 	X509_CERT_REQUEST = 0x104B,
244 	X509_CERT = 0x104C,
245 	WPS_EAP_IDENTITY = 0x104D,
246 	MESSAGE_COUNTER = 0x104E,
247 	PUBLIC_KEY_HASH = 0x104F,
248 	REKEY_KEY = 0x1050,
249 	KEY_LIFETIME = 0x1051,
250 	PERMITTED_CONFIG_METHODS = 0x1052,
251 	SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053,
252 	PRIMARY_DEVICE_TYPE = 0x1054,
253 	SECONDARY_DEVICE_TYPE_LIST = 0x1055,
254 	PORTABLE_DEVICE = 0x1056,
255 	AP_SETUP_LOCKED = 0x1057,
256 	APPLICATION_EXTENSION = 0x1058,
257 	EAP_TYPE = 0x1059,
258 	INITIALIZATION_VECTOR = 0x1060,
259 	KEY_PROVIDED_AUTOMATICALLY = 0x1061,
260 	ENABLED_8021X = 0x1062,
261 	APP_SESSION_KEY = 0x1063,
262 	WEP_TRANSMIT_KEY = 0x10064
263 };
264 
265 #define IEEE80211_FCTL_VERS		0x0003
266 #define IEEE80211_FCTL_FTYPE		0x000c
267 #define IEEE80211_FCTL_STYPE		0x00f0
268 #define IEEE80211_FCTL_TODS		0x0100
269 #define IEEE80211_FCTL_FROMDS		0x0200
270 #define IEEE80211_FCTL_MOREFRAGS	0x0400
271 #define IEEE80211_FCTL_RETRY		0x0800
272 #define IEEE80211_FCTL_PM		0x1000
273 #define IEEE80211_FCTL_MOREDATA		0x2000
274 #define IEEE80211_FCTL_PROTECTED	0x4000
275 #define IEEE80211_FCTL_ORDER		0x8000
276 
277 #define IEEE80211_SCTL_FRAG		0x000F
278 #define IEEE80211_SCTL_SEQ		0xFFF0
279 
280 #define IEEE80211_FTYPE_MGMT		0x0000
281 #define IEEE80211_FTYPE_CTL		0x0004
282 #define IEEE80211_FTYPE_DATA		0x0008
283 
284 /* management */
285 #define IEEE80211_STYPE_ASSOC_REQ	0x0000
286 #define IEEE80211_STYPE_ASSOC_RESP	0x0010
287 #define IEEE80211_STYPE_REASSOC_REQ	0x0020
288 #define IEEE80211_STYPE_REASSOC_RESP	0x0030
289 #define IEEE80211_STYPE_PROBE_REQ	0x0040
290 #define IEEE80211_STYPE_PROBE_RESP	0x0050
291 #define IEEE80211_STYPE_BEACON		0x0080
292 #define IEEE80211_STYPE_ATIM		0x0090
293 #define IEEE80211_STYPE_DISASSOC	0x00A0
294 #define IEEE80211_STYPE_AUTH		0x00B0
295 #define IEEE80211_STYPE_DEAUTH		0x00C0
296 #define IEEE80211_STYPE_ACTION		0x00D0
297 
298 /* control */
299 #define IEEE80211_STYPE_BACK_REQ	0x0080
300 #define IEEE80211_STYPE_BACK		0x0090
301 #define IEEE80211_STYPE_PSPOLL		0x00A0
302 #define IEEE80211_STYPE_RTS		0x00B0
303 #define IEEE80211_STYPE_CTS		0x00C0
304 #define IEEE80211_STYPE_ACK		0x00D0
305 #define IEEE80211_STYPE_CFEND		0x00E0
306 #define IEEE80211_STYPE_CFENDACK	0x00F0
307 
308 /* data */
309 #define IEEE80211_STYPE_DATA			0x0000
310 #define IEEE80211_STYPE_DATA_CFACK		0x0010
311 #define IEEE80211_STYPE_DATA_CFPOLL		0x0020
312 #define IEEE80211_STYPE_DATA_CFACKPOLL		0x0030
313 #define IEEE80211_STYPE_NULLFUNC		0x0040
314 #define IEEE80211_STYPE_CFACK			0x0050
315 #define IEEE80211_STYPE_CFPOLL			0x0060
316 #define IEEE80211_STYPE_CFACKPOLL		0x0070
317 #define IEEE80211_STYPE_QOS_DATA		0x0080
318 #define IEEE80211_STYPE_QOS_DATA_CFACK		0x0090
319 #define IEEE80211_STYPE_QOS_DATA_CFPOLL		0x00A0
320 #define IEEE80211_STYPE_QOS_DATA_CFACKPOLL	0x00B0
321 #define IEEE80211_STYPE_QOS_NULLFUNC		0x00C0
322 #define IEEE80211_STYPE_QOS_CFACK		0x00D0
323 #define IEEE80211_STYPE_QOS_CFPOLL		0x00E0
324 #define IEEE80211_STYPE_QOS_CFACKPOLL		0x00F0
325 
326 /* these types denote that the values are stored in a specific byte order */
327 #ifndef LE16_DEFINED
328 #define LE16_DEFINED
329 typedef uint16_t le16;
330 typedef uint32_t le32;
331 
332 typedef uint16_t be16;
333 typedef uint32_t be32;
334 #endif
335 
336 #pragma pack(1)
337 struct radio_tap_header
338 {
339 	uint8_t revision;
340 	uint8_t pad;
341 	le16 len;
342 	le32 flags;
343 #ifdef RADIOTAP_HEADER_WITH_RATE
344 	uint8_t rate;
345 	uint8_t pad2;
346 #endif
347 	le16 txflags;
348 };
349 
350 struct dot11_frame_header
351 {
352 	le16 fc;
353 	le16 duration;
354 	unsigned char addr1[MAC_ADDR_LEN];
355 	unsigned char addr2[MAC_ADDR_LEN];
356 	unsigned char addr3[MAC_ADDR_LEN];
357 	le16 frag_seq;
358 };
359 
360 struct authentication_management_frame
361 {
362 	le16 algorithm;
363 	le16 sequence;
364 	le16 status;
365 };
366 
367 struct association_request_management_frame
368 {
369 	le16 capability;
370 	le16 listen_interval;
371 };
372 
373 struct association_response_management_frame
374 {
375 	le16 capability;
376 	le16 status;
377 	le16 id;
378 };
379 
380 struct beacon_management_frame
381 {
382 	unsigned char timestamp[TIMESTAMP_LEN];
383 	le16 beacon_interval;
384 	le16 capability;
385 };
386 
387 struct llc_header
388 {
389 	uint8_t dsap;
390 	uint8_t ssap;
391 	uint8_t control_field;
392 	unsigned char org_code[3];
393 	be16 type;
394 };
395 
396 struct dot1X_header
397 {
398 	uint8_t version;
399 	uint8_t type;
400 	uint16_t len;
401 };
402 
403 struct eap_header
404 {
405 	uint8_t code;
406 	uint8_t id;
407 	uint16_t len;
408 	uint8_t type;
409 };
410 
411 struct wfa_expanded_header
412 {
413 	unsigned char id[3];
414 	be32 type;
415 	uint8_t opcode;
416 	uint8_t flags;
417 };
418 
419 struct wfa_element_header
420 {
421         uint16_t type;
422         uint16_t length;
423 };
424 
425 struct tagged_parameter
426 {
427 	uint8_t number;
428 	uint8_t len;
429 };
430 #pragma pack()
431 
432 #define MIN_BEACON_SIZE		(sizeof(struct radio_tap_header) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame))
433 
434 #endif
435