1 /* 2 * wlantest - IEEE 802.11 protocol monitoring and testing tool 3 * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef WLANTEST_H 10 #define WLANTEST_H 11 12 #include "utils/list.h" 13 #include "common/wpa_common.h" 14 #include "wlantest_ctrl.h" 15 16 struct ieee802_11_elems; 17 struct radius_msg; 18 struct ieee80211_hdr; 19 struct wlantest_bss; 20 21 #define MAX_RADIUS_SECRET_LEN 128 22 23 struct wlantest_radius_secret { 24 struct dl_list list; 25 char secret[MAX_RADIUS_SECRET_LEN]; 26 }; 27 28 struct wlantest_passphrase { 29 struct dl_list list; 30 char passphrase[64]; 31 u8 ssid[32]; 32 size_t ssid_len; 33 u8 bssid[ETH_ALEN]; 34 }; 35 36 struct wlantest_pmk { 37 struct dl_list list; 38 u8 pmk[PMK_LEN_MAX]; 39 size_t pmk_len; 40 }; 41 42 struct wlantest_ptk { 43 struct dl_list list; 44 struct wpa_ptk ptk; 45 size_t ptk_len; 46 }; 47 48 struct wlantest_wep { 49 struct dl_list list; 50 size_t key_len; 51 u8 key[13]; 52 }; 53 54 struct wlantest_sta { 55 struct dl_list list; 56 struct wlantest_bss *bss; 57 u8 addr[ETH_ALEN]; 58 u8 mld_mac_addr[ETH_ALEN]; 59 u8 link_addr[MAX_NUM_MLD_LINKS][ETH_ALEN]; 60 enum { 61 STATE1 /* not authenticated */, 62 STATE2 /* authenticated */, 63 STATE3 /* associated */ 64 } state; 65 u16 auth_alg; 66 bool ft_over_ds; 67 u16 aid; 68 u8 rsnie[257]; /* WPA/RSN IE */ 69 u8 rsnxe[254]; /* RSNXE data */ 70 size_t rsnxe_len; 71 int proto; 72 int pairwise_cipher; 73 int group_cipher; 74 int key_mgmt; 75 int rsn_capab; 76 /* ANonce from the previous EAPOL-Key msg 1/4 or 3/4 */ 77 u8 anonce[WPA_NONCE_LEN]; 78 /* SNonce from the previous EAPOL-Key msg 2/4 */ 79 u8 snonce[WPA_NONCE_LEN]; 80 u8 pmk_r0[PMK_LEN_MAX]; 81 size_t pmk_r0_len; 82 u8 pmk_r0_name[WPA_PMK_NAME_LEN]; 83 u8 pmk_r1[PMK_LEN_MAX]; 84 size_t pmk_r1_len; 85 u8 pmk_r1_name[WPA_PMK_NAME_LEN]; 86 struct wpa_ptk ptk; /* Derived PTK */ 87 int ptk_set; 88 struct wpa_ptk tptk; /* Derived PTK during rekeying */ 89 int tptk_set; 90 u8 rsc_tods[16 + 1][6]; 91 u8 rsc_fromds[16 + 1][6]; 92 u8 ap_sa_query_tr[2]; 93 u8 sta_sa_query_tr[2]; 94 u32 counters[NUM_WLANTEST_STA_COUNTER]; 95 int assocreq_seen; 96 u16 assocreq_capab_info; 97 u16 assocreq_listen_int; 98 u8 *assocreq_ies; 99 size_t assocreq_ies_len; 100 101 /* Last ICMP Echo request information */ 102 u32 icmp_echo_req_src; 103 u32 icmp_echo_req_dst; 104 u16 icmp_echo_req_id; 105 u16 icmp_echo_req_seq; 106 107 le16 seq_ctrl_to_sta[17]; 108 le16 seq_ctrl_to_ap[17]; 109 int allow_duplicate; 110 111 int pwrmgt; 112 int pspoll; 113 114 u8 gtk[32]; 115 size_t gtk_len; 116 int gtk_idx; 117 118 u32 tx_tid[16 + 1]; 119 u32 rx_tid[16 + 1]; 120 121 u16 sae_group; 122 u16 owe_group; 123 124 enum rsn_selection_variant rsn_selection; 125 }; 126 127 struct wlantest_tdls { 128 struct dl_list list; 129 struct wlantest_sta *init; 130 struct wlantest_sta *resp; 131 struct tpk { 132 u8 kck[16]; 133 u8 tk[16]; 134 } tpk; 135 int link_up; 136 u8 dialog_token; 137 u8 rsc_init[16 + 1][6]; 138 u8 rsc_resp[16 + 1][6]; 139 u32 counters[NUM_WLANTEST_TDLS_COUNTER]; 140 u8 inonce[32]; 141 u8 rnonce[32]; 142 }; 143 144 struct wlantest_bss { 145 struct dl_list list; 146 u8 bssid[ETH_ALEN]; 147 u8 mld_mac_addr[ETH_ALEN]; 148 u8 link_id; 149 bool link_id_set; 150 u16 capab_info; 151 u16 prev_capab_info; 152 u8 ssid[32]; 153 size_t ssid_len; 154 int beacon_seen; 155 int proberesp_seen; 156 int ies_set; 157 int parse_error_reported; 158 u8 wpaie[257]; 159 u8 rsnie[257]; 160 u8 rsnxe[254]; /* RSNXE data */ 161 size_t rsnxe_len; 162 u8 rsnxoe[251]; /* RSNXOE data */ 163 size_t rsnxoe_len; 164 u8 osenie[257]; 165 int proto; 166 int pairwise_cipher; 167 int group_cipher; 168 int mgmt_group_cipher; 169 int key_mgmt; 170 int rsn_capab; 171 struct dl_list sta; /* struct wlantest_sta */ 172 struct dl_list pmk; /* struct wlantest_pmk */ 173 u8 gtk[4][32]; 174 size_t gtk_len[4]; 175 int gtk_idx; 176 u8 rsc[4][6]; 177 u8 igtk[8][32]; 178 size_t igtk_len[8]; 179 int igtk_idx; 180 u64 ipn[8]; 181 int bigtk_idx; 182 u32 counters[NUM_WLANTEST_BSS_COUNTER]; 183 struct dl_list tdls; /* struct wlantest_tdls */ 184 u8 mdid[MOBILITY_DOMAIN_ID_LEN]; 185 u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; 186 size_t r0kh_id_len; 187 u8 r1kh_id[FT_R1KH_ID_LEN]; 188 bool mesh; 189 }; 190 191 struct wlantest_radius { 192 struct dl_list list; 193 u32 srv; 194 u32 cli; 195 struct radius_msg *last_req; 196 }; 197 198 199 #define MAX_CTRL_CONNECTIONS 10 200 #define MAX_NOTES 10 201 202 struct tkip_frag { 203 struct wpabuf *buf; 204 u8 ra[ETH_ALEN]; 205 u8 ta[ETH_ALEN]; 206 u16 sn; 207 u8 fn; 208 }; 209 210 struct wlantest { 211 int monitor_sock; 212 int monitor_wired; 213 214 int ctrl_sock; 215 int ctrl_socks[MAX_CTRL_CONNECTIONS]; 216 217 struct dl_list passphrase; /* struct wlantest_passphrase */ 218 struct dl_list bss; /* struct wlantest_bss */ 219 struct dl_list secret; /* struct wlantest_radius_secret */ 220 struct dl_list radius; /* struct wlantest_radius */ 221 struct dl_list pmk; /* struct wlantest_pmk */ 222 struct dl_list ptk; /* struct wlantest_ptk */ 223 struct dl_list wep; /* struct wlantest_wep */ 224 225 unsigned int rx_mgmt; 226 unsigned int rx_ctrl; 227 unsigned int rx_data; 228 unsigned int fcs_error; 229 unsigned int frame_num; 230 231 void *write_pcap; /* pcap_t* */ 232 void *write_pcap_dumper; /* pcpa_dumper_t */ 233 struct timeval write_pcap_time; 234 u8 *decrypted; 235 size_t decrypted_len; 236 FILE *pcapng; 237 u32 write_pcapng_time_high; 238 u32 write_pcapng_time_low; 239 240 u8 last_hdr[30]; 241 size_t last_len; 242 int last_mgmt_valid; 243 244 unsigned int assume_fcs:1; 245 unsigned int pcap_no_buffer:1; 246 unsigned int ethernet:1; 247 248 char *notes[MAX_NOTES]; 249 size_t num_notes; 250 251 const char *write_file; 252 const char *pcapng_file; 253 254 struct tkip_frag tkip_frag; 255 }; 256 257 void add_note(struct wlantest *wt, int level, const char *fmt, ...) 258 PRINTF_FORMAT(3, 4); 259 void clear_notes(struct wlantest *wt); 260 size_t notes_len(struct wlantest *wt, size_t hdrlen); 261 void write_decrypted_note(struct wlantest *wt, const u8 *decrypted, 262 const u8 *tk, size_t tk_len, int keyid); 263 264 int add_wep(struct wlantest *wt, const char *key); 265 int read_cap_file(struct wlantest *wt, const char *fname); 266 int read_wired_cap_file(struct wlantest *wt, const char *fname); 267 268 int write_pcap_init(struct wlantest *wt, const char *fname); 269 void write_pcap_deinit(struct wlantest *wt); 270 void write_pcap_captured(struct wlantest *wt, const u8 *buf, size_t len); 271 void write_pcap_decrypted(struct wlantest *wt, const u8 *buf1, size_t len1, 272 const u8 *buf2, size_t len2); 273 274 int write_pcapng_init(struct wlantest *wt, const char *fname); 275 void write_pcapng_deinit(struct wlantest *wt); 276 struct pcap_pkthdr; 277 void write_pcapng_write_read(struct wlantest *wt, int dlt, 278 struct pcap_pkthdr *hdr, const u8 *data); 279 void write_pcapng_captured(struct wlantest *wt, const u8 *buf, size_t len); 280 281 void wlantest_process(struct wlantest *wt, const u8 *data, size_t len); 282 void wlantest_process_prism(struct wlantest *wt, const u8 *data, size_t len); 283 void wlantest_process_80211(struct wlantest *wt, const u8 *data, size_t len); 284 void wlantest_process_wired(struct wlantest *wt, const u8 *data, size_t len); 285 int monitor_init(struct wlantest *wt, const char *ifname); 286 int monitor_init_wired(struct wlantest *wt, const char *ifname); 287 void monitor_deinit(struct wlantest *wt); 288 void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len); 289 void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr); 290 void rx_data(struct wlantest *wt, const u8 *data, size_t len); 291 void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 292 const u8 *dst, const u8 *src, 293 const u8 *data, size_t len, int prot); 294 void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, 295 const u8 *dst, const u8 *src, const u8 *data, size_t len, 296 const u8 *peer_addr); 297 void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid, 298 const u8 *sta_addr, const u8 *dst, const u8 *src, 299 const u8 *data, size_t len); 300 301 struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid); 302 struct wlantest_bss * bss_find_mld(struct wlantest *wt, const u8 *mld_mac_addr, 303 int link_id); 304 struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid); 305 void bss_deinit(struct wlantest_bss *bss); 306 void bss_update(struct wlantest *wt, struct wlantest_bss *bss, 307 struct ieee802_11_elems *elems, int beacon); 308 void bss_flush(struct wlantest *wt); 309 int bss_add_pmk_from_passphrase(struct wlantest_bss *bss, 310 const char *passphrase); 311 void pmk_deinit(struct wlantest_pmk *pmk); 312 void tdls_deinit(struct wlantest_tdls *tdls); 313 314 struct wlantest_sta * sta_find(struct wlantest_bss *bss, const u8 *addr); 315 struct wlantest_sta * sta_find_mlo(struct wlantest *wt, 316 struct wlantest_bss *bss, const u8 *addr); 317 struct wlantest_sta * sta_get(struct wlantest_bss *bss, const u8 *addr); 318 void sta_deinit(struct wlantest_sta *sta); 319 void sta_update_assoc(struct wlantest_sta *sta, 320 struct ieee802_11_elems *elems); 321 void sta_new_ptk(struct wlantest *wt, struct wlantest_sta *sta, 322 struct wpa_ptk *ptk); 323 324 u8 * ccmp_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 325 const u8 *a1, const u8 *a2, const u8 *a3, 326 const u8 *data, size_t data_len, size_t *decrypted_len); 327 u8 * ccmp_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, 328 const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3, 329 const u8 *pn, int keyid, size_t *encrypted_len); 330 u8 * ccmp_encrypt_pv1(const u8 *tk, const u8 *a1, const u8 *a2, const u8 *a3, 331 const u8 *frame, size_t len, 332 size_t hdrlen, const u8 *pn, int keyid, 333 size_t *encrypted_len); 334 void ccmp_get_pn(u8 *pn, const u8 *data); 335 u8 * ccmp_256_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 336 const u8 *a1, const u8 *a2, const u8 *a3, 337 const u8 *data, size_t data_len, size_t *decrypted_len); 338 u8 * ccmp_256_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, 339 const u8 *qos, const u8 *a1, const u8 *a2, const u8 *a3, 340 const u8 *pn, int keyid, size_t *encrypted_len); 341 342 enum michael_mic_result { 343 MICHAEL_MIC_OK, 344 MICHAEL_MIC_INCORRECT, 345 MICHAEL_MIC_NOT_VERIFIED 346 }; 347 u8 * tkip_decrypt(const u8 *tk, const struct ieee80211_hdr *hdr, 348 const u8 *data, size_t data_len, size_t *decrypted_len, 349 enum michael_mic_result *mic_res, struct tkip_frag *frag); 350 u8 * tkip_encrypt(const u8 *tk, u8 *frame, size_t len, size_t hdrlen, u8 *qos, 351 u8 *pn, int keyid, size_t *encrypted_len); 352 void tkip_get_pn(u8 *pn, const u8 *data); 353 354 u8 * wep_decrypt(struct wlantest *wt, const struct ieee80211_hdr *hdr, 355 const u8 *data, size_t data_len, size_t *decrypted_len); 356 357 u8 * bip_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 358 u64 ipn, int keyid, size_t *prot_len); 359 u8 * bip_protect_s1g_beacon(const u8 *igtk, size_t igtk_len, const u8 *frame, 360 size_t len, const u8 *ipn, int keyid, bool bce, 361 size_t *prot_len); 362 u8 * bip_gmac_protect(const u8 *igtk, size_t igtk_len, u8 *frame, size_t len, 363 u8 *ipn, int keyid, size_t *prot_len); 364 u8 * bip_gmac_protect_s1g_beacon(const u8 *igtk, size_t igtk_len, 365 const u8 *frame, size_t len, const u8 *ipn, 366 int keyid, bool bce, size_t *prot_len); 367 368 u8 * gcmp_decrypt(const u8 *tk, size_t tk_len, const struct ieee80211_hdr *hdr, 369 const u8 *a1, const u8 *a2, const u8 *a3, 370 const u8 *data, size_t data_len, size_t *decrypted_len); 371 u8 * gcmp_encrypt(const u8 *tk, size_t tk_len, const u8 *frame, size_t len, 372 size_t hdrlen, const u8 *qos, const u8 *a1, const u8 *a2, 373 const u8 *a3, const u8 *pn, int keyid, size_t *encrypted_len); 374 375 int ctrl_init(struct wlantest *wt); 376 void ctrl_deinit(struct wlantest *wt); 377 378 int wlantest_inject(struct wlantest *wt, struct wlantest_bss *bss, 379 struct wlantest_sta *sta, u8 *frame, size_t len, 380 enum wlantest_inject_protection prot); 381 382 int wlantest_relog(struct wlantest *wt); 383 384 #endif /* WLANTEST_H */ 385