mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
wlantest: Parse EAPOL-Key frames
This commit is contained in:
parent
021a6fe499
commit
32234bba52
@ -16,6 +16,8 @@
|
|||||||
|
|
||||||
#include "utils/common.h"
|
#include "utils/common.h"
|
||||||
#include "common/ieee802_11_defs.h"
|
#include "common/ieee802_11_defs.h"
|
||||||
|
#include "common/eapol_common.h"
|
||||||
|
#include "common/wpa_common.h"
|
||||||
#include "wlantest.h"
|
#include "wlantest.h"
|
||||||
|
|
||||||
|
|
||||||
@ -57,16 +59,309 @@ static const char * data_stype(u16 stype)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR,
|
||||||
|
MAC2STR(src), MAC2STR(dst));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
|
||||||
|
const u8 *src, const u8 *data, size_t len,
|
||||||
|
int prot)
|
||||||
|
{
|
||||||
|
const struct wpa_eapol_key *hdr;
|
||||||
|
u16 key_info, key_length, ver, key_data_length;
|
||||||
|
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key", data, len);
|
||||||
|
if (len < sizeof(*hdr)) {
|
||||||
|
wpa_printf(MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
|
||||||
|
MAC2STR(src));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
hdr = (const struct wpa_eapol_key *) data;
|
||||||
|
|
||||||
|
if (hdr->type == EAPOL_KEY_TYPE_RC4) {
|
||||||
|
/* TODO: EAPOL-Key RC4 for WEP */
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hdr->type != EAPOL_KEY_TYPE_RSN &&
|
||||||
|
hdr->type != EAPOL_KEY_TYPE_WPA) {
|
||||||
|
wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key type %u",
|
||||||
|
hdr->type);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
key_info = WPA_GET_BE16(hdr->key_info);
|
||||||
|
key_length = WPA_GET_BE16(hdr->key_length);
|
||||||
|
key_data_length = WPA_GET_BE16(hdr->key_data_length);
|
||||||
|
ver = key_info & WPA_KEY_INFO_TYPE_MASK;
|
||||||
|
wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
|
||||||
|
"datalen=%u",
|
||||||
|
ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
|
||||||
|
(key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
|
||||||
|
WPA_KEY_INFO_KEY_INDEX_SHIFT,
|
||||||
|
(key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
|
||||||
|
(key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
|
||||||
|
key_data_length);
|
||||||
|
|
||||||
|
if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
|
||||||
|
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
|
||||||
|
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
||||||
|
wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key Key Descriptor "
|
||||||
|
"Version %u", ver);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
|
||||||
|
hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
|
||||||
|
hdr->key_nonce, WPA_NONCE_LEN);
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
|
||||||
|
hdr->key_iv, 16);
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
|
||||||
|
hdr->key_nonce, WPA_KEY_RSC_LEN);
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
|
||||||
|
hdr->key_mic, 16);
|
||||||
|
|
||||||
|
if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (key_info & WPA_KEY_INFO_KEY_TYPE) {
|
||||||
|
/* 4-Way Handshake */
|
||||||
|
switch (key_info & (WPA_KEY_INFO_SECURE |
|
||||||
|
WPA_KEY_INFO_MIC |
|
||||||
|
WPA_KEY_INFO_ACK |
|
||||||
|
WPA_KEY_INFO_INSTALL)) {
|
||||||
|
case WPA_KEY_INFO_ACK:
|
||||||
|
rx_data_eapol_key_1_of_4(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
case WPA_KEY_INFO_MIC:
|
||||||
|
rx_data_eapol_key_2_of_4(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
||||||
|
WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
|
||||||
|
rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
|
||||||
|
rx_data_eapol_key_4_of_4(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* Group Key Handshake */
|
||||||
|
switch (key_info & (WPA_KEY_INFO_SECURE |
|
||||||
|
WPA_KEY_INFO_MIC |
|
||||||
|
WPA_KEY_INFO_ACK)) {
|
||||||
|
case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
||||||
|
WPA_KEY_INFO_ACK:
|
||||||
|
rx_data_eapol_key_1_of_2(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
|
||||||
|
rx_data_eapol_key_2_of_2(wt, dst, src, data, len);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src,
|
||||||
|
const u8 *data, size_t len, int prot)
|
||||||
|
{
|
||||||
|
const struct ieee802_1x_hdr *hdr;
|
||||||
|
u16 length;
|
||||||
|
const u8 *p;
|
||||||
|
|
||||||
|
wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
|
||||||
|
if (len < sizeof(*hdr)) {
|
||||||
|
wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
|
||||||
|
MAC2STR(src));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
hdr = (const struct ieee802_1x_hdr *) data;
|
||||||
|
length = be_to_host16(hdr->length);
|
||||||
|
wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
|
||||||
|
"type=%u len=%u",
|
||||||
|
MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
|
||||||
|
hdr->version, hdr->type, length);
|
||||||
|
if (sizeof(*hdr) + length > len) {
|
||||||
|
wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
|
||||||
|
MAC2STR(src));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sizeof(*hdr) + length < len) {
|
||||||
|
wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
|
||||||
|
(int) (len - sizeof(*hdr) - length));
|
||||||
|
}
|
||||||
|
p = (const u8 *) (hdr + 1);
|
||||||
|
|
||||||
|
switch (hdr->type) {
|
||||||
|
case IEEE802_1X_TYPE_EAP_PACKET:
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
|
||||||
|
break;
|
||||||
|
case IEEE802_1X_TYPE_EAPOL_START:
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
|
||||||
|
break;
|
||||||
|
case IEEE802_1X_TYPE_EAPOL_LOGOFF:
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
|
||||||
|
break;
|
||||||
|
case IEEE802_1X_TYPE_EAPOL_KEY:
|
||||||
|
rx_data_eapol_key(wt, dst, src, p, length, prot);
|
||||||
|
break;
|
||||||
|
case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
|
||||||
|
p, length);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_eth(struct wlantest *wt, const u8 *dst, const u8 *src,
|
||||||
|
u16 ethertype, const u8 *data, size_t len, int prot)
|
||||||
|
{
|
||||||
|
if (ethertype == ETH_P_PAE)
|
||||||
|
rx_data_eapol(wt, dst, src, data, len, prot);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_process(struct wlantest *wt, const u8 *dst, const u8 *src,
|
||||||
|
const u8 *data, size_t len, int prot)
|
||||||
|
{
|
||||||
|
if (len >= 8 && os_memcmp(data, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) {
|
||||||
|
rx_data_eth(wt, dst, src, WPA_GET_BE16(data + 6),
|
||||||
|
data + 8, len - 8, prot);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
wpa_hexdump(MSG_DEBUG, "Unrecognized LLC", data, len > 8 ? len : 7);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_bss_prot(struct wlantest *wt,
|
||||||
|
const struct ieee80211_hdr *hdr, const u8 *qos,
|
||||||
|
const u8 *dst, const u8 *src, const u8 *data,
|
||||||
|
size_t len)
|
||||||
|
{
|
||||||
|
/* TODO: Try to decrypt and if success, call rx_data_process() with
|
||||||
|
* prot = 1 */
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void rx_data_bss(struct wlantest *wt, const struct ieee80211_hdr *hdr,
|
||||||
|
const u8 *qos, const u8 *dst, const u8 *src,
|
||||||
|
const u8 *data, size_t len)
|
||||||
|
{
|
||||||
|
u16 fc = le_to_host16(hdr->frame_control);
|
||||||
|
int prot = !!(fc & WLAN_FC_ISWEP);
|
||||||
|
|
||||||
|
if (qos) {
|
||||||
|
u8 ack = (qos[0] & 0x60) >> 5;
|
||||||
|
wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
|
||||||
|
" len=%u%s tid=%u%s%s",
|
||||||
|
MAC2STR(src), MAC2STR(dst), (unsigned int) len,
|
||||||
|
prot ? " Prot" : "", qos[0] & 0x0f,
|
||||||
|
(qos[0] & 0x10) ? " EOSP" : "",
|
||||||
|
ack == 0 ? "" :
|
||||||
|
(ack == 1 ? " NoAck" :
|
||||||
|
(ack == 2 ? " NoExpAck" : " BA")));
|
||||||
|
} else {
|
||||||
|
wpa_printf(MSG_MSGDUMP, "BSS DATA: " MACSTR " -> " MACSTR
|
||||||
|
" len=%u%s",
|
||||||
|
MAC2STR(src), MAC2STR(dst), (unsigned int) len,
|
||||||
|
prot ? " Prot" : "");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (prot)
|
||||||
|
rx_data_bss_prot(wt, hdr, qos, dst, src, data, len);
|
||||||
|
else
|
||||||
|
rx_data_process(wt, dst, src, data, len, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void rx_data(struct wlantest *wt, const u8 *data, size_t len)
|
void rx_data(struct wlantest *wt, const u8 *data, size_t len)
|
||||||
{
|
{
|
||||||
const struct ieee80211_hdr *hdr;
|
const struct ieee80211_hdr *hdr;
|
||||||
u16 fc;
|
u16 fc, stype;
|
||||||
|
size_t hdrlen;
|
||||||
|
const u8 *qos = NULL;
|
||||||
|
|
||||||
if (len < 24)
|
if (len < 24)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
hdr = (const struct ieee80211_hdr *) data;
|
hdr = (const struct ieee80211_hdr *) data;
|
||||||
fc = le_to_host16(hdr->frame_control);
|
fc = le_to_host16(hdr->frame_control);
|
||||||
|
stype = WLAN_FC_GET_STYPE(fc);
|
||||||
|
hdrlen = 24;
|
||||||
|
if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) ==
|
||||||
|
(WLAN_FC_TODS | WLAN_FC_FROMDS))
|
||||||
|
hdrlen += ETH_ALEN;
|
||||||
|
if (stype & 0x08) {
|
||||||
|
qos = data + hdrlen;
|
||||||
|
hdrlen += 2;
|
||||||
|
}
|
||||||
|
if (len < hdrlen)
|
||||||
|
return;
|
||||||
wt->rx_data++;
|
wt->rx_data++;
|
||||||
|
|
||||||
switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
|
switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
|
||||||
@ -87,6 +382,8 @@ void rx_data(struct wlantest *wt, const u8 *data, size_t len)
|
|||||||
fc & WLAN_FC_ISWEP ? " Prot" : "",
|
fc & WLAN_FC_ISWEP ? " Prot" : "",
|
||||||
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
|
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
|
||||||
MAC2STR(hdr->addr3));
|
MAC2STR(hdr->addr3));
|
||||||
|
rx_data_bss(wt, hdr, qos, hdr->addr1, hdr->addr2,
|
||||||
|
data + hdrlen, len - hdrlen);
|
||||||
break;
|
break;
|
||||||
case WLAN_FC_TODS:
|
case WLAN_FC_TODS:
|
||||||
wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s ToDS BSSID=" MACSTR
|
wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s ToDS BSSID=" MACSTR
|
||||||
@ -96,6 +393,8 @@ void rx_data(struct wlantest *wt, const u8 *data, size_t len)
|
|||||||
fc & WLAN_FC_ISWEP ? " Prot" : "",
|
fc & WLAN_FC_ISWEP ? " Prot" : "",
|
||||||
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
|
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
|
||||||
MAC2STR(hdr->addr3));
|
MAC2STR(hdr->addr3));
|
||||||
|
rx_data_bss(wt, hdr, qos, hdr->addr3, hdr->addr2,
|
||||||
|
data + hdrlen, len - hdrlen);
|
||||||
break;
|
break;
|
||||||
case WLAN_FC_TODS | WLAN_FC_FROMDS:
|
case WLAN_FC_TODS | WLAN_FC_FROMDS:
|
||||||
wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s WDS RA=" MACSTR " TA="
|
wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s WDS RA=" MACSTR " TA="
|
||||||
|
Loading…
Reference in New Issue
Block a user