1 /* 2 * wlantest - IEEE 802.11 protocol monitoring and testing tool 3 * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef WLANTEST_H 10 #define WLANTEST_H 11 12 #include "utils/list.h" 13 #include "common/wpa_common.h" 14 #include "wlantest_ctrl.h" 15 16 struct ieee802_11_elems; 17 struct radius_msg; 18 struct ieee80211_hdr; 19 struct wlantest_bss; 20 21 #define MAX_RADIUS_SECRET_LEN 128 22 23 struct wlantest_radius_secret { 24 struct dl_list list; 25 char secret[MAX_RADIUS_SECRET_LEN]; 26 }; 27 28 struct wlantest_passphrase { 29 struct dl_list list; 30 char passphrase[64]; 31 u8 ssid[32]; 32 size_t ssid_len; 33 u8 bssid[ETH_ALEN]; 34 }; 35 36 struct wlantest_pmk { 37 struct dl_list list; 38 u8 pmk[PMK_LEN_MAX]; 39 size_t pmk_len; 40 }; 41 42 struct wlantest_ptk { 43 struct dl_list list; 44 struct wpa_ptk ptk; 45 size_t ptk_len; 46 }; 47 48 struct wlantest_wep { 49 struct dl_list list; 50 size_t key_len; 51 u8 key[13]; 52 }; 53 54 struct wlantest_sta { 55 struct dl_list list; 56 struct wlantest_bss *bss; 57 u8 addr[ETH_ALEN]; 58 enum { 59 STATE1 /* not authenticated */, 60 STATE2 /* authenticated */, 61 STATE3 /* associated */ 62 } state; 63 u16 auth_alg; 64 bool ft_over_ds; 65 u16 aid; 66 u8 rsnie[257]; /* WPA/RSN IE */ 67 u8 osenie[257]; /* OSEN IE */ 68 int proto; 69 int pairwise_cipher; 70 int group_cipher; 71 int key_mgmt; 72 int rsn_capab; 73 /* ANonce from the previous EAPOL-Key msg 1/4 or 3/4 */ 74 u8 anonce[WPA_NONCE_LEN]; 75 /* SNonce from the previous EAPOL-Key msg 2/4 */ 76 u8 snonce[WPA_NONCE_LEN]; 77 u8 pmk_r0[PMK_LEN_MAX]; 78 size_t pmk_r0_len; 79 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 80 u8 pmk_r1[PMK_LEN_MAX]; 81 size_t pmk_r1_len; 82 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 83 struct wpa_ptk ptk; /* Derived PTK */ 84 int ptk_set; 85 struct wpa_ptk tptk; /* Derived PTK during rekeying */ 86 int tptk_set; 87 u8 rsc_tods[16 + 1][6]; 88 u8 rsc_fromds[16 + 1][6]; 89 u8 ap_sa_query_tr[2]; 90 u8 sta_sa_query_tr[2]; 91 u32 counters[NUM_WLANTEST_STA_COUNTER]; 92 int assocreq_seen; 93 u16 assocreq_capab_info; 94 u16 assocreq_listen_int; 95 u8 *assocreq_ies; 96 size_t assocreq_ies_len; 97 98 /* Last ICMP Echo request information */ 99 u32 icmp_echo_req_src; 100 u32 icmp_echo_req_dst; 101 u16 icmp_echo_req_id; 102 u16 icmp_echo_req_seq; 103 104 le16 seq_ctrl_to_sta[17]; 105 le16 seq_ctrl_to_ap[17]; 106 int allow_duplicate; 107 108 int pwrmgt; 109 int pspoll; 110 111 u8 gtk[32]; 112 size_t gtk_len; 113 int gtk_idx; 114 115 u32 tx_tid[16 + 1]; 116 u32 rx_tid[16 + 1]; 117 }; 118 119 struct wlantest_tdls { 120 struct dl_list list; 121 struct wlantest_sta *init; 122 struct wlantest_sta *resp; 123 struct tpk { 124 u8 kck[16]; 125 u8 tk[16]; 126 } tpk; 127 int link_up; 128 u8 dialog_token; 129 u8 rsc_init[16 + 1][6]; 130 u8 rsc_resp[16 + 1][6]; 131 u32 counters[NUM_WLANTEST_TDLS_COUNTER]; 132 u8 inonce[32]; 133 u8 rnonce[32]; 134 }; 135 136 struct wlantest_bss { 137 struct dl_list list; 138 u8 bssid[ETH_ALEN]; 139 u16 capab_info; 140 u16 prev_capab_info; 141 u8 ssid[32]; 142 size_t ssid_len; 143 int beacon_seen; 144 int proberesp_seen; 145 int ies_set; 146 int parse_error_reported; 147 u8 wpaie[257]; 148 u8 rsnie[257]; 149 u8 osenie[257]; 150 int proto; 151 int pairwise_cipher; 152 int group_cipher; 153 int mgmt_group_cipher; 154 int key_mgmt; 155 int rsn_capab; 156 struct dl_list sta; /* struct wlantest_sta */ 157 struct dl_list pmk; /* struct wlantest_pmk */ 158 u8 gtk[4][32]; 159 size_t gtk_len[4]; 160 int gtk_idx; 161 u8 rsc[4][6]; 162 u8 igtk[8][32]; 163 size_t igtk_len[8]; 164 int igtk_idx; 165 u8 ipn[8][6]; 166 int bigtk_idx; 167 u32 counters[NUM_WLANTEST_BSS_COUNTER]; 168 struct dl_list tdls; /* struct wlantest_tdls */ 169 u8 mdid[MOBILITY_DOMAIN_ID_LEN]; 170 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; 171 size_t r0kh_id_len; 172 u8 r1kh_id[FT_R1KH_ID_LEN]; 173 bool mesh; 174 }; 175 176 struct wlantest_radius { 177 struct dl_list list; 178 u32 srv; 179 u32 cli; 180 struct radius_msg *last_req; 181 }; 182 183 184 #define MAX_CTRL_CONNECTIONS 10 185 #define MAX_NOTES 10 186 187 struct tkip_frag { 188 struct wpabuf *buf; 189 u8 ra[ETH_ALEN]; 190 u8 ta[ETH_ALEN]; 191 u16 sn; 192 u8 fn; 193 }; 194 195 struct wlantest { 196 int monitor_sock; 197 int monitor_wired; 198 199 int ctrl_sock; 200 int ctrl_socks[MAX_CTRL_CONNECTIONS]; 201 202 struct dl_list passphrase; /* struct wlantest_passphrase */ 203 struct dl_list bss; /* struct wlantest_bss */ 204 struct dl_list secret; /* struct wlantest_radius_secret */ 205 struct dl_list radius; /* struct wlantest_radius */ 206 struct dl_list pmk; /* struct wlantest_pmk */ 207 struct dl_list ptk; /* struct wlantest_ptk */ 208 struct dl_list wep; /* struct wlantest_wep */ 209 210 unsigned int rx_mgmt; 211 unsigned int rx_ctrl; 212 unsigned int rx_data; 213 unsigned int fcs_error; 214 unsigned int frame_num; 215 216 void *write_pcap; /* pcap_t* */ 217 void *write_pcap_dumper; /* pcpa_dumper_t */ 218 struct timeval write_pcap_time; 219 u8 *decrypted; 220 size_t decrypted_len; 221 FILE *pcapng; 222 u32 write_pcapng_time_high; 223 u32 write_pcapng_time_low; 224 225 u8 last_hdr[30]; 226 size_t last_len; 227 int last_mgmt_valid; 228 229 unsigned int assume_fcs:1; 230 unsigned int pcap_no_buffer:1; 231 unsigned int ethernet:1; 232 233 char *notes[MAX_NOTES]; 234 size_t num_notes; 235 236 const char *write_file; 237 const char *pcapng_file; 238 239 struct tkip_frag tkip_frag; 240 }; 241 242 void add_note(struct wlantest *wt, int level, const char *fmt, ...) 243 PRINTF_FORMAT(3, 4); 244 void clear_notes(struct wlantest *wt); 245 size_t notes_len(struct wlantest *wt, size_t hdrlen); 246 void write_decrypted_note(struct wlantest *wt, const u8 *decrypted, 247 const u8 *tk, size_t tk_len, int keyid); 248 249 int add_wep(struct wlantest *wt, const char *key); 250 int read_cap_file(struct wlantest *wt, const char *fname); 251 int read_wired_cap_file(struct wlantest *wt, const char *fname); 252 253 int write_pcap_init(struct wlantest *wt, const char *fname); 254 void write_pcap_deinit(struct wlantest *wt); 255 void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len); 256 void write_pcap_decrypted(struct wlantest *wt, const u8 *buf1, size_t len1, 257 const u8 *buf2, size_t len2); 258 259 int write_pcapng_init(struct wlantest *wt, const char *fname); 260 void write_pcapng_deinit(struct wlantest *wt); 261 struct pcap_pkthdr; 262 void write_pcapng_write_read(struct wlantest *wt, int dlt, 263 struct pcap_pkthdr *hdr, const u8 *data); 264 void write_pcapng_captured(struct wlantest *wt, const u8 *buf, size_t len); 265 266 void wlantest_process(struct wlantest *wt, const u8 *data, size_t len); 267 void wlantest_process_prism(struct wlantest *wt, const u8 *data, size_t len); 268 void wlantest_process_80211(struct wlantest *wt, const u8 *data, size_t len); 269 void wlantest_process_wired(struct wlantest *wt, const u8 *data, size_t len); 270 int monitor_init(struct wlantest *wt, const char *ifname); 271 int monitor_init_wired(struct wlantest *wt, const char *ifname); 272 void monitor_deinit(struct wlantest *wt); 273 void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len); 274 void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr); 275 void rx_data(struct wlantest *wt, const u8 *data, size_t len); 276 void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 277 const u8 *dst, const u8 *src, 278 const u8 *data, size_t len, int prot); 279 void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 280 const u8 *dst, const u8 *src, const u8 *data, size_t len, 281 const u8 *peer_addr); 282 void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid, 283 const u8 *sta_addr, const u8 *dst, const u8 *src, 284 const u8 *data, size_t len); 285 286 struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid); 287 struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid); 288 void bss_deinit(struct wlantest_bss *bss); 289 void bss_update(struct wlantest *wt, struct wlantest_bss *bss, 290 struct ieee802_11_elems *elems, int beacon); 291 void bss_flush(struct wlantest *wt); 292 int bss_add_pmk_from_passphrase(struct wlantest_bss *bss, 293 const char *passphrase); 294 void pmk_deinit(struct wlantest_pmk *pmk); 295 void tdls_deinit(struct wlantest_tdls *tdls); 296 297 struct wlantest_sta * sta_find(struct wlantest_bss *bss, const u8 *addr); 298 struct wlantest_sta * sta_get(struct wlantest_bss *bss, const u8 *addr); 299 void sta_deinit(struct wlantest_sta *sta); 300 void sta_update_assoc(struct wlantest_sta *sta, 301 struct ieee802_11_elems *elems); 302 303 u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 304 const u8 *data, size_t data_len, size_t *decrypted_len); 305 u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, 306 u8 *pn, int keyid, size_t *encrypted_len); 307 u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3, 308 const u8 *frame, size_t len, 309 size_t hdrlen, const u8 *pn, int keyid, 310 size_t *encrypted_len); 311 void ccmp_get_pn(u8 *pn, const u8 *data); 312 u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 313 const u8 *data, size_t data_len, size_t *decrypted_len); 314 u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, 315 u8 *qos, u8 *pn, int keyid, size_t *encrypted_len); 316 317 enum michael_mic_result { 318 MICHAEL_MIC_OK, 319 MICHAEL_MIC_INCORRECT, 320 MICHAEL_MIC_NOT_VERIFIED 321 }; 322 u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 323 const u8 *data, size_t data_len, size_t *decrypted_len, 324 enum michael_mic_result *mic_res, struct tkip_frag *frag); 325 u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, 326 u8 *pn, int keyid, size_t *encrypted_len); 327 void tkip_get_pn(u8 *pn, const u8 *data); 328 329 u8 * wep_decrypt(struct wlantest *wt, const struct ieee80211_hdr *hdr, 330 const u8 *data, size_t data_len, size_t *decrypted_len); 331 332 u8 * bip_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 333 u8 *ipn, int keyid, size_t *prot_len); 334 u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 335 u8 *ipn, int keyid, size_t *prot_len); 336 337 u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, 338 const u8 *data, size_t data_len, size_t *decrypted_len); 339 u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, 340 size_t hdrlen, const u8 *qos, 341 const u8 *pn, int keyid, size_t *encrypted_len); 342 343 int ctrl_init(struct wlantest *wt); 344 void ctrl_deinit(struct wlantest *wt); 345 346 int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss, 347 struct wlantest_sta *sta, u8 *frame, size_t len, 348 enum wlantest_inject_protection prot); 349 350 int wlantest_relog(struct wlantest *wt); 351 352 #endif /* WLANTEST_H */ 353