1 /* 2 * wlantest - IEEE 802.11 protocol monitoring and testing tool 3 * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef WLANTEST_H 10 #define WLANTEST_H 11 12 #include "utils/list.h" 13 #include "common/wpa_common.h" 14 #include "wlantest_ctrl.h" 15 16 struct ieee802_11_elems; 17 struct radius_msg; 18 struct ieee80211_hdr; 19 struct wlantest_bss; 20 21 #define MAX_RADIUS_SECRET_LEN 128 22 23 struct wlantest_radius_secret { 24 struct dl_list list; 25 char secret[MAX_RADIUS_SECRET_LEN]; 26 }; 27 28 struct wlantest_passphrase { 29 struct dl_list list; 30 char passphrase[64]; 31 u8 ssid[32]; 32 size_t ssid_len; 33 u8 bssid[ETH_ALEN]; 34 }; 35 36 struct wlantest_pmk { 37 struct dl_list list; 38 u8 pmk[PMK_LEN_MAX]; 39 size_t pmk_len; 40 }; 41 42 struct wlantest_ptk { 43 struct dl_list list; 44 struct wpa_ptk ptk; 45 size_t ptk_len; 46 }; 47 48 struct wlantest_wep { 49 struct dl_list list; 50 size_t key_len; 51 u8 key[13]; 52 }; 53 54 struct wlantest_sta { 55 struct dl_list list; 56 struct wlantest_bss *bss; 57 u8 addr[ETH_ALEN]; 58 u8 mld_mac_addr[ETH_ALEN]; 59 u8 link_addr[MAX_NUM_MLD_LINKS][ETH_ALEN]; 60 enum { 61 STATE1 /* not authenticated */, 62 STATE2 /* authenticated */, 63 STATE3 /* associated */ 64 } state; 65 u16 auth_alg; 66 bool ft_over_ds; 67 u16 aid; 68 u8 rsnie[257]; /* WPA/RSN IE */ 69 u8 rsnxe[254]; /* RSNXE data */ 70 size_t rsnxe_len; 71 u8 osenie[257]; /* OSEN IE */ 72 int proto; 73 int pairwise_cipher; 74 int group_cipher; 75 int key_mgmt; 76 int rsn_capab; 77 /* ANonce from the previous EAPOL-Key msg 1/4 or 3/4 */ 78 u8 anonce[WPA_NONCE_LEN]; 79 /* SNonce from the previous EAPOL-Key msg 2/4 */ 80 u8 snonce[WPA_NONCE_LEN]; 81 u8 pmk_r0[PMK_LEN_MAX]; 82 size_t pmk_r0_len; 83 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 84 u8 pmk_r1[PMK_LEN_MAX]; 85 size_t pmk_r1_len; 86 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 87 struct wpa_ptk ptk; /* Derived PTK */ 88 int ptk_set; 89 struct wpa_ptk tptk; /* Derived PTK during rekeying */ 90 int tptk_set; 91 u8 rsc_tods[16 + 1][6]; 92 u8 rsc_fromds[16 + 1][6]; 93 u8 ap_sa_query_tr[2]; 94 u8 sta_sa_query_tr[2]; 95 u32 counters[NUM_WLANTEST_STA_COUNTER]; 96 int assocreq_seen; 97 u16 assocreq_capab_info; 98 u16 assocreq_listen_int; 99 u8 *assocreq_ies; 100 size_t assocreq_ies_len; 101 102 /* Last ICMP Echo request information */ 103 u32 icmp_echo_req_src; 104 u32 icmp_echo_req_dst; 105 u16 icmp_echo_req_id; 106 u16 icmp_echo_req_seq; 107 108 le16 seq_ctrl_to_sta[17]; 109 le16 seq_ctrl_to_ap[17]; 110 int allow_duplicate; 111 112 int pwrmgt; 113 int pspoll; 114 115 u8 gtk[32]; 116 size_t gtk_len; 117 int gtk_idx; 118 119 u32 tx_tid[16 + 1]; 120 u32 rx_tid[16 + 1]; 121 122 u16 sae_group; 123 u16 owe_group; 124 125 enum rsn_selection_variant rsn_selection; 126 }; 127 128 struct wlantest_tdls { 129 struct dl_list list; 130 struct wlantest_sta *init; 131 struct wlantest_sta *resp; 132 struct tpk { 133 u8 kck[16]; 134 u8 tk[16]; 135 } tpk; 136 int link_up; 137 u8 dialog_token; 138 u8 rsc_init[16 + 1][6]; 139 u8 rsc_resp[16 + 1][6]; 140 u32 counters[NUM_WLANTEST_TDLS_COUNTER]; 141 u8 inonce[32]; 142 u8 rnonce[32]; 143 }; 144 145 struct wlantest_bss { 146 struct dl_list list; 147 u8 bssid[ETH_ALEN]; 148 u8 mld_mac_addr[ETH_ALEN]; 149 u8 link_id; 150 bool link_id_set; 151 u16 capab_info; 152 u16 prev_capab_info; 153 u8 ssid[32]; 154 size_t ssid_len; 155 int beacon_seen; 156 int proberesp_seen; 157 int ies_set; 158 int parse_error_reported; 159 u8 wpaie[257]; 160 u8 rsnie[257]; 161 u8 rsnxe[254]; /* RSNXE data */ 162 size_t rsnxe_len; 163 u8 rsnxoe[251]; /* RSNXOE data */ 164 size_t rsnxoe_len; 165 u8 osenie[257]; 166 int proto; 167 int pairwise_cipher; 168 int group_cipher; 169 int mgmt_group_cipher; 170 int key_mgmt; 171 int rsn_capab; 172 struct dl_list sta; /* struct wlantest_sta */ 173 struct dl_list pmk; /* struct wlantest_pmk */ 174 u8 gtk[4][32]; 175 size_t gtk_len[4]; 176 int gtk_idx; 177 u8 rsc[4][6]; 178 u8 igtk[8][32]; 179 size_t igtk_len[8]; 180 int igtk_idx; 181 u8 ipn[8][6]; 182 int bigtk_idx; 183 u32 counters[NUM_WLANTEST_BSS_COUNTER]; 184 struct dl_list tdls; /* struct wlantest_tdls */ 185 u8 mdid[MOBILITY_DOMAIN_ID_LEN]; 186 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; 187 size_t r0kh_id_len; 188 u8 r1kh_id[FT_R1KH_ID_LEN]; 189 bool mesh; 190 }; 191 192 struct wlantest_radius { 193 struct dl_list list; 194 u32 srv; 195 u32 cli; 196 struct radius_msg *last_req; 197 }; 198 199 200 #define MAX_CTRL_CONNECTIONS 10 201 #define MAX_NOTES 10 202 203 struct tkip_frag { 204 struct wpabuf *buf; 205 u8 ra[ETH_ALEN]; 206 u8 ta[ETH_ALEN]; 207 u16 sn; 208 u8 fn; 209 }; 210 211 struct wlantest { 212 int monitor_sock; 213 int monitor_wired; 214 215 int ctrl_sock; 216 int ctrl_socks[MAX_CTRL_CONNECTIONS]; 217 218 struct dl_list passphrase; /* struct wlantest_passphrase */ 219 struct dl_list bss; /* struct wlantest_bss */ 220 struct dl_list secret; /* struct wlantest_radius_secret */ 221 struct dl_list radius; /* struct wlantest_radius */ 222 struct dl_list pmk; /* struct wlantest_pmk */ 223 struct dl_list ptk; /* struct wlantest_ptk */ 224 struct dl_list wep; /* struct wlantest_wep */ 225 226 unsigned int rx_mgmt; 227 unsigned int rx_ctrl; 228 unsigned int rx_data; 229 unsigned int fcs_error; 230 unsigned int frame_num; 231 232 void *write_pcap; /* pcap_t* */ 233 void *write_pcap_dumper; /* pcpa_dumper_t */ 234 struct timeval write_pcap_time; 235 u8 *decrypted; 236 size_t decrypted_len; 237 FILE *pcapng; 238 u32 write_pcapng_time_high; 239 u32 write_pcapng_time_low; 240 241 u8 last_hdr[30]; 242 size_t last_len; 243 int last_mgmt_valid; 244 245 unsigned int assume_fcs:1; 246 unsigned int pcap_no_buffer:1; 247 unsigned int ethernet:1; 248 249 char *notes[MAX_NOTES]; 250 size_t num_notes; 251 252 const char *write_file; 253 const char *pcapng_file; 254 255 struct tkip_frag tkip_frag; 256 }; 257 258 void add_note(struct wlantest *wt, int level, const char *fmt, ...) 259 PRINTF_FORMAT(3, 4); 260 void clear_notes(struct wlantest *wt); 261 size_t notes_len(struct wlantest *wt, size_t hdrlen); 262 void write_decrypted_note(struct wlantest *wt, const u8 *decrypted, 263 const u8 *tk, size_t tk_len, int keyid); 264 265 int add_wep(struct wlantest *wt, const char *key); 266 int read_cap_file(struct wlantest *wt, const char *fname); 267 int read_wired_cap_file(struct wlantest *wt, const char *fname); 268 269 int write_pcap_init(struct wlantest *wt, const char *fname); 270 void write_pcap_deinit(struct wlantest *wt); 271 void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len); 272 void write_pcap_decrypted(struct wlantest *wt, const u8 *buf1, size_t len1, 273 const u8 *buf2, size_t len2); 274 275 int write_pcapng_init(struct wlantest *wt, const char *fname); 276 void write_pcapng_deinit(struct wlantest *wt); 277 struct pcap_pkthdr; 278 void write_pcapng_write_read(struct wlantest *wt, int dlt, 279 struct pcap_pkthdr *hdr, const u8 *data); 280 void write_pcapng_captured(struct wlantest *wt, const u8 *buf, size_t len); 281 282 void wlantest_process(struct wlantest *wt, const u8 *data, size_t len); 283 void wlantest_process_prism(struct wlantest *wt, const u8 *data, size_t len); 284 void wlantest_process_80211(struct wlantest *wt, const u8 *data, size_t len); 285 void wlantest_process_wired(struct wlantest *wt, const u8 *data, size_t len); 286 int monitor_init(struct wlantest *wt, const char *ifname); 287 int monitor_init_wired(struct wlantest *wt, const char *ifname); 288 void monitor_deinit(struct wlantest *wt); 289 void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len); 290 void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr); 291 void rx_data(struct wlantest *wt, const u8 *data, size_t len); 292 void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 293 const u8 *dst, const u8 *src, 294 const u8 *data, size_t len, int prot); 295 void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 296 const u8 *dst, const u8 *src, const u8 *data, size_t len, 297 const u8 *peer_addr); 298 void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid, 299 const u8 *sta_addr, const u8 *dst, const u8 *src, 300 const u8 *data, size_t len); 301 302 struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid); 303 struct wlantest_bss * bss_find_mld(struct wlantest *wt, const u8 *mld_mac_addr, 304 int link_id); 305 struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid); 306 void bss_deinit(struct wlantest_bss *bss); 307 void bss_update(struct wlantest *wt, struct wlantest_bss *bss, 308 struct ieee802_11_elems *elems, int beacon); 309 void bss_flush(struct wlantest *wt); 310 int bss_add_pmk_from_passphrase(struct wlantest_bss *bss, 311 const char *passphrase); 312 void pmk_deinit(struct wlantest_pmk *pmk); 313 void tdls_deinit(struct wlantest_tdls *tdls); 314 315 struct wlantest_sta * sta_find(struct wlantest_bss *bss, const u8 *addr); 316 struct wlantest_sta * sta_find_mlo(struct wlantest *wt, 317 struct wlantest_bss *bss, const u8 *addr); 318 struct wlantest_sta * sta_get(struct wlantest_bss *bss, const u8 *addr); 319 void sta_deinit(struct wlantest_sta *sta); 320 void sta_update_assoc(struct wlantest_sta *sta, 321 struct ieee802_11_elems *elems); 322 void sta_new_ptk(struct wlantest *wt, struct wlantest_sta *sta, 323 struct wpa_ptk *ptk); 324 325 u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 326 const u8 *a1, const u8 *a2, const u8 *a3, 327 const u8 *data, size_t data_len, size_t *decrypted_len); 328 u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, 329 const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3, 330 const u8 *pn, int keyid, size_t *encrypted_len); 331 u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3, 332 const u8 *frame, size_t len, 333 size_t hdrlen, const u8 *pn, int keyid, 334 size_t *encrypted_len); 335 void ccmp_get_pn(u8 *pn, const u8 *data); 336 u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 337 const u8 *a1, const u8 *a2, const u8 *a3, 338 const u8 *data, size_t data_len, size_t *decrypted_len); 339 u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, 340 const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3, 341 const u8 *pn, int keyid, size_t *encrypted_len); 342 343 enum michael_mic_result { 344 MICHAEL_MIC_OK, 345 MICHAEL_MIC_INCORRECT, 346 MICHAEL_MIC_NOT_VERIFIED 347 }; 348 u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 349 const u8 *data, size_t data_len, size_t *decrypted_len, 350 enum michael_mic_result *mic_res, struct tkip_frag *frag); 351 u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, 352 u8 *pn, int keyid, size_t *encrypted_len); 353 void tkip_get_pn(u8 *pn, const u8 *data); 354 355 u8 * wep_decrypt(struct wlantest *wt, const struct ieee80211_hdr *hdr, 356 const u8 *data, size_t data_len, size_t *decrypted_len); 357 358 u8 * bip_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 359 u8 *ipn, int keyid, size_t *prot_len); 360 u8 * bip_protect_s1g_beacon(const u8 *igtk, size_t igtk_len, const u8 *frame, 361 size_t len, const u8 *ipn, int keyid, bool bce, 362 size_t *prot_len); 363 u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 364 u8 *ipn, int keyid, size_t *prot_len); 365 u8 * bip_gmac_protect_s1g_beacon(const u8 *igtk, size_t igtk_len, 366 const u8 *frame, size_t len, const u8 *ipn, 367 int keyid, bool bce, size_t *prot_len); 368 369 u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, 370 const u8 *a1, const u8 *a2, const u8 *a3, 371 const u8 *data, size_t data_len, size_t *decrypted_len); 372 u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, 373 size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2, 374 const u8 *a3, const u8 *pn, int keyid, size_t *encrypted_len); 375 376 int ctrl_init(struct wlantest *wt); 377 void ctrl_deinit(struct wlantest *wt); 378 379 int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss, 380 struct wlantest_sta *sta, u8 *frame, size_t len, 381 enum wlantest_inject_protection prot); 382 383 int wlantest_relog(struct wlantest *wt); 384 385 #endif /* WLANTEST_H */ 386
