blob: 902598a2069118666fc1c134a45ae398a065458c [file] [log] [blame]
// Copyright 2012 Google, Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.
package layers
import (
"encoding/binary"
"fmt"
"github.com/google/gopacket"
)
// EAPOL defines an EAP over LAN (802.1x) layer.
type EAPOL struct {
BaseLayer
Version uint8
Type EAPOLType
Length uint16
}
// LayerType returns LayerTypeEAPOL.
func (e *EAPOL) LayerType() gopacket.LayerType { return LayerTypeEAPOL }
// DecodeFromBytes decodes the given bytes into this layer.
func (e *EAPOL) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
if len(data) < 4 {
df.SetTruncated()
return fmt.Errorf("EAPOL length %d too short", len(data))
}
e.Version = data[0]
e.Type = EAPOLType(data[1])
e.Length = binary.BigEndian.Uint16(data[2:4])
e.BaseLayer = BaseLayer{data[:4], data[4:]}
return nil
}
// SerializeTo writes the serialized form of this layer into the
// SerializationBuffer, implementing gopacket.SerializableLayer
func (e *EAPOL) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOptions) error {
bytes, _ := b.PrependBytes(4)
bytes[0] = e.Version
bytes[1] = byte(e.Type)
binary.BigEndian.PutUint16(bytes[2:], e.Length)
return nil
}
// CanDecode returns the set of layer types that this DecodingLayer can decode.
func (e *EAPOL) CanDecode() gopacket.LayerClass {
return LayerTypeEAPOL
}
// NextLayerType returns the layer type contained by this DecodingLayer.
func (e *EAPOL) NextLayerType() gopacket.LayerType {
return e.Type.LayerType()
}
func decodeEAPOL(data []byte, p gopacket.PacketBuilder) error {
e := &EAPOL{}
return decodingLayerDecoder(e, data, p)
}
// EAPOLKeyDescriptorType is an enumeration of key descriptor types
// as specified by 802.1x in the EAPOL-Key frame
type EAPOLKeyDescriptorType uint8
// Enumeration of EAPOLKeyDescriptorType
const (
EAPOLKeyDescriptorTypeRC4 EAPOLKeyDescriptorType = 1
EAPOLKeyDescriptorTypeDot11 EAPOLKeyDescriptorType = 2
EAPOLKeyDescriptorTypeWPA EAPOLKeyDescriptorType = 254
)
func (kdt EAPOLKeyDescriptorType) String() string {
switch kdt {
case EAPOLKeyDescriptorTypeRC4:
return "RC4"
case EAPOLKeyDescriptorTypeDot11:
return "802.11"
case EAPOLKeyDescriptorTypeWPA:
return "WPA"
default:
return fmt.Sprintf("unknown descriptor type %d", kdt)
}
}
// EAPOLKeyDescriptorVersion is an enumeration of versions specifying the
// encryption algorithm for the key data and the authentication for the
// message integrity code (MIC)
type EAPOLKeyDescriptorVersion uint8
// Enumeration of EAPOLKeyDescriptorVersion
const (
EAPOLKeyDescriptorVersionOther EAPOLKeyDescriptorVersion = 0
EAPOLKeyDescriptorVersionRC4HMACMD5 EAPOLKeyDescriptorVersion = 1
EAPOLKeyDescriptorVersionAESHMACSHA1 EAPOLKeyDescriptorVersion = 2
EAPOLKeyDescriptorVersionAES128CMAC EAPOLKeyDescriptorVersion = 3
)
func (v EAPOLKeyDescriptorVersion) String() string {
switch v {
case EAPOLKeyDescriptorVersionOther:
return "Other"
case EAPOLKeyDescriptorVersionRC4HMACMD5:
return "RC4-HMAC-MD5"
case EAPOLKeyDescriptorVersionAESHMACSHA1:
return "AES-HMAC-SHA1-128"
case EAPOLKeyDescriptorVersionAES128CMAC:
return "AES-128-CMAC"
default:
return fmt.Sprintf("unknown version %d", v)
}
}
// EAPOLKeyType is an enumeration of key derivation types describing
// the purpose of the keys being derived.
type EAPOLKeyType uint8
// Enumeration of EAPOLKeyType
const (
EAPOLKeyTypeGroupSMK EAPOLKeyType = 0
EAPOLKeyTypePairwise EAPOLKeyType = 1
)
func (kt EAPOLKeyType) String() string {
switch kt {
case EAPOLKeyTypeGroupSMK:
return "Group/SMK"
case EAPOLKeyTypePairwise:
return "Pairwise"
default:
return fmt.Sprintf("unknown key type %d", kt)
}
}
// EAPOLKey defines an EAPOL-Key frame for 802.1x authentication
type EAPOLKey struct {
BaseLayer
KeyDescriptorType EAPOLKeyDescriptorType
KeyDescriptorVersion EAPOLKeyDescriptorVersion
KeyType EAPOLKeyType
KeyIndex uint8
Install bool
KeyACK bool
KeyMIC bool
Secure bool
MICError bool
Request bool
HasEncryptedKeyData bool
SMKMessage bool
KeyLength uint16
ReplayCounter uint64
Nonce []byte
IV []byte
RSC uint64
ID uint64
MIC []byte
KeyDataLength uint16
EncryptedKeyData []byte
}
// LayerType returns LayerTypeEAPOLKey.
func (ek *EAPOLKey) LayerType() gopacket.LayerType {
return LayerTypeEAPOLKey
}
// CanDecode returns the set of layer types that this DecodingLayer can decode.
func (ek *EAPOLKey) CanDecode() gopacket.LayerType {
return LayerTypeEAPOLKey
}
// NextLayerType returns layers.LayerTypeDot11InformationElement if the key
// data exists and is unencrypted, otherwise it does not expect a next layer.
func (ek *EAPOLKey) NextLayerType() gopacket.LayerType {
if !ek.HasEncryptedKeyData && ek.KeyDataLength > 0 {
return LayerTypeDot11InformationElement
}
return gopacket.LayerTypePayload
}
const eapolKeyFrameLen = 95
// DecodeFromBytes decodes the given bytes into this layer.
func (ek *EAPOLKey) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
if len(data) < eapolKeyFrameLen {
df.SetTruncated()
return fmt.Errorf("EAPOLKey length %v too short, %v required",
len(data), eapolKeyFrameLen)
}
ek.KeyDescriptorType = EAPOLKeyDescriptorType(data[0])
info := binary.BigEndian.Uint16(data[1:3])
ek.KeyDescriptorVersion = EAPOLKeyDescriptorVersion(info & 0x0007)
ek.KeyType = EAPOLKeyType((info & 0x0008) >> 3)
ek.KeyIndex = uint8((info & 0x0030) >> 4)
ek.Install = (info & 0x0040) != 0
ek.KeyACK = (info & 0x0080) != 0
ek.KeyMIC = (info & 0x0100) != 0
ek.Secure = (info & 0x0200) != 0
ek.MICError = (info & 0x0400) != 0
ek.Request = (info & 0x0800) != 0
ek.HasEncryptedKeyData = (info & 0x1000) != 0
ek.SMKMessage = (info & 0x2000) != 0
ek.KeyLength = binary.BigEndian.Uint16(data[3:5])
ek.ReplayCounter = binary.BigEndian.Uint64(data[5:13])
ek.Nonce = data[13:45]
ek.IV = data[45:61]
ek.RSC = binary.BigEndian.Uint64(data[61:69])
ek.ID = binary.BigEndian.Uint64(data[69:77])
ek.MIC = data[77:93]
ek.KeyDataLength = binary.BigEndian.Uint16(data[93:95])
totalLength := eapolKeyFrameLen + int(ek.KeyDataLength)
if len(data) < totalLength {
df.SetTruncated()
return fmt.Errorf("EAPOLKey data length %d too short, %d required",
len(data)-eapolKeyFrameLen, ek.KeyDataLength)
}
if ek.HasEncryptedKeyData {
ek.EncryptedKeyData = data[eapolKeyFrameLen:totalLength]
ek.BaseLayer = BaseLayer{
Contents: data[:totalLength],
Payload: data[totalLength:],
}
} else {
ek.BaseLayer = BaseLayer{
Contents: data[:eapolKeyFrameLen],
Payload: data[eapolKeyFrameLen:],
}
}
return nil
}
// SerializeTo writes the serialized form of this layer into the
// SerializationBuffer, implementing gopacket.SerializableLayer.
// See the docs for gopacket.SerializableLayer for more info.
func (ek *EAPOLKey) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOptions) error {
buf, err := b.PrependBytes(eapolKeyFrameLen + len(ek.EncryptedKeyData))
if err != nil {
return err
}
buf[0] = byte(ek.KeyDescriptorType)
var info uint16
info |= uint16(ek.KeyDescriptorVersion)
info |= uint16(ek.KeyType) << 3
info |= uint16(ek.KeyIndex) << 4
if ek.Install {
info |= 0x0040
}
if ek.KeyACK {
info |= 0x0080
}
if ek.KeyMIC {
info |= 0x0100
}
if ek.Secure {
info |= 0x0200
}
if ek.MICError {
info |= 0x0400
}
if ek.Request {
info |= 0x0800
}
if ek.HasEncryptedKeyData {
info |= 0x1000
}
if ek.SMKMessage {
info |= 0x2000
}
binary.BigEndian.PutUint16(buf[1:3], info)
binary.BigEndian.PutUint16(buf[3:5], ek.KeyLength)
binary.BigEndian.PutUint64(buf[5:13], ek.ReplayCounter)
copy(buf[13:45], ek.Nonce)
copy(buf[45:61], ek.IV)
binary.BigEndian.PutUint64(buf[61:69], ek.RSC)
binary.BigEndian.PutUint64(buf[69:77], ek.ID)
copy(buf[77:93], ek.MIC)
binary.BigEndian.PutUint16(buf[93:95], ek.KeyDataLength)
if len(ek.EncryptedKeyData) > 0 {
copy(buf[95:95+len(ek.EncryptedKeyData)], ek.EncryptedKeyData)
}
return nil
}
func decodeEAPOLKey(data []byte, p gopacket.PacketBuilder) error {
ek := &EAPOLKey{}
return decodingLayerDecoder(ek, data, p)
}