| // Copyright 2012 Google, Inc. All rights reserved. |
| // |
| // Use of this source code is governed by a BSD-style license |
| // that can be found in the LICENSE file in the root of the source |
| // tree. |
| |
| package layers |
| |
| import ( |
| "encoding/binary" |
| "fmt" |
| "github.com/google/gopacket" |
| ) |
| |
| // EAPOL defines an EAP over LAN (802.1x) layer. |
| type EAPOL struct { |
| BaseLayer |
| Version uint8 |
| Type EAPOLType |
| Length uint16 |
| } |
| |
| // LayerType returns LayerTypeEAPOL. |
| func (e *EAPOL) LayerType() gopacket.LayerType { return LayerTypeEAPOL } |
| |
| // DecodeFromBytes decodes the given bytes into this layer. |
| func (e *EAPOL) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error { |
| if len(data) < 4 { |
| df.SetTruncated() |
| return fmt.Errorf("EAPOL length %d too short", len(data)) |
| } |
| e.Version = data[0] |
| e.Type = EAPOLType(data[1]) |
| e.Length = binary.BigEndian.Uint16(data[2:4]) |
| e.BaseLayer = BaseLayer{data[:4], data[4:]} |
| return nil |
| } |
| |
| // SerializeTo writes the serialized form of this layer into the |
| // SerializationBuffer, implementing gopacket.SerializableLayer |
| func (e *EAPOL) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOptions) error { |
| bytes, _ := b.PrependBytes(4) |
| bytes[0] = e.Version |
| bytes[1] = byte(e.Type) |
| binary.BigEndian.PutUint16(bytes[2:], e.Length) |
| return nil |
| } |
| |
| // CanDecode returns the set of layer types that this DecodingLayer can decode. |
| func (e *EAPOL) CanDecode() gopacket.LayerClass { |
| return LayerTypeEAPOL |
| } |
| |
| // NextLayerType returns the layer type contained by this DecodingLayer. |
| func (e *EAPOL) NextLayerType() gopacket.LayerType { |
| return e.Type.LayerType() |
| } |
| |
| func decodeEAPOL(data []byte, p gopacket.PacketBuilder) error { |
| e := &EAPOL{} |
| return decodingLayerDecoder(e, data, p) |
| } |
| |
| // EAPOLKeyDescriptorType is an enumeration of key descriptor types |
| // as specified by 802.1x in the EAPOL-Key frame |
| type EAPOLKeyDescriptorType uint8 |
| |
| // Enumeration of EAPOLKeyDescriptorType |
| const ( |
| EAPOLKeyDescriptorTypeRC4 EAPOLKeyDescriptorType = 1 |
| EAPOLKeyDescriptorTypeDot11 EAPOLKeyDescriptorType = 2 |
| EAPOLKeyDescriptorTypeWPA EAPOLKeyDescriptorType = 254 |
| ) |
| |
| func (kdt EAPOLKeyDescriptorType) String() string { |
| switch kdt { |
| case EAPOLKeyDescriptorTypeRC4: |
| return "RC4" |
| case EAPOLKeyDescriptorTypeDot11: |
| return "802.11" |
| case EAPOLKeyDescriptorTypeWPA: |
| return "WPA" |
| default: |
| return fmt.Sprintf("unknown descriptor type %d", kdt) |
| } |
| } |
| |
| // EAPOLKeyDescriptorVersion is an enumeration of versions specifying the |
| // encryption algorithm for the key data and the authentication for the |
| // message integrity code (MIC) |
| type EAPOLKeyDescriptorVersion uint8 |
| |
| // Enumeration of EAPOLKeyDescriptorVersion |
| const ( |
| EAPOLKeyDescriptorVersionOther EAPOLKeyDescriptorVersion = 0 |
| EAPOLKeyDescriptorVersionRC4HMACMD5 EAPOLKeyDescriptorVersion = 1 |
| EAPOLKeyDescriptorVersionAESHMACSHA1 EAPOLKeyDescriptorVersion = 2 |
| EAPOLKeyDescriptorVersionAES128CMAC EAPOLKeyDescriptorVersion = 3 |
| ) |
| |
| func (v EAPOLKeyDescriptorVersion) String() string { |
| switch v { |
| case EAPOLKeyDescriptorVersionOther: |
| return "Other" |
| case EAPOLKeyDescriptorVersionRC4HMACMD5: |
| return "RC4-HMAC-MD5" |
| case EAPOLKeyDescriptorVersionAESHMACSHA1: |
| return "AES-HMAC-SHA1-128" |
| case EAPOLKeyDescriptorVersionAES128CMAC: |
| return "AES-128-CMAC" |
| default: |
| return fmt.Sprintf("unknown version %d", v) |
| } |
| } |
| |
| // EAPOLKeyType is an enumeration of key derivation types describing |
| // the purpose of the keys being derived. |
| type EAPOLKeyType uint8 |
| |
| // Enumeration of EAPOLKeyType |
| const ( |
| EAPOLKeyTypeGroupSMK EAPOLKeyType = 0 |
| EAPOLKeyTypePairwise EAPOLKeyType = 1 |
| ) |
| |
| func (kt EAPOLKeyType) String() string { |
| switch kt { |
| case EAPOLKeyTypeGroupSMK: |
| return "Group/SMK" |
| case EAPOLKeyTypePairwise: |
| return "Pairwise" |
| default: |
| return fmt.Sprintf("unknown key type %d", kt) |
| } |
| } |
| |
| // EAPOLKey defines an EAPOL-Key frame for 802.1x authentication |
| type EAPOLKey struct { |
| BaseLayer |
| KeyDescriptorType EAPOLKeyDescriptorType |
| KeyDescriptorVersion EAPOLKeyDescriptorVersion |
| KeyType EAPOLKeyType |
| KeyIndex uint8 |
| Install bool |
| KeyACK bool |
| KeyMIC bool |
| Secure bool |
| MICError bool |
| Request bool |
| HasEncryptedKeyData bool |
| SMKMessage bool |
| KeyLength uint16 |
| ReplayCounter uint64 |
| Nonce []byte |
| IV []byte |
| RSC uint64 |
| ID uint64 |
| MIC []byte |
| KeyDataLength uint16 |
| EncryptedKeyData []byte |
| } |
| |
| // LayerType returns LayerTypeEAPOLKey. |
| func (ek *EAPOLKey) LayerType() gopacket.LayerType { |
| return LayerTypeEAPOLKey |
| } |
| |
| // CanDecode returns the set of layer types that this DecodingLayer can decode. |
| func (ek *EAPOLKey) CanDecode() gopacket.LayerType { |
| return LayerTypeEAPOLKey |
| } |
| |
| // NextLayerType returns layers.LayerTypeDot11InformationElement if the key |
| // data exists and is unencrypted, otherwise it does not expect a next layer. |
| func (ek *EAPOLKey) NextLayerType() gopacket.LayerType { |
| if !ek.HasEncryptedKeyData && ek.KeyDataLength > 0 { |
| return LayerTypeDot11InformationElement |
| } |
| return gopacket.LayerTypePayload |
| } |
| |
| const eapolKeyFrameLen = 95 |
| |
| // DecodeFromBytes decodes the given bytes into this layer. |
| func (ek *EAPOLKey) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error { |
| if len(data) < eapolKeyFrameLen { |
| df.SetTruncated() |
| return fmt.Errorf("EAPOLKey length %v too short, %v required", |
| len(data), eapolKeyFrameLen) |
| } |
| |
| ek.KeyDescriptorType = EAPOLKeyDescriptorType(data[0]) |
| |
| info := binary.BigEndian.Uint16(data[1:3]) |
| ek.KeyDescriptorVersion = EAPOLKeyDescriptorVersion(info & 0x0007) |
| ek.KeyType = EAPOLKeyType((info & 0x0008) >> 3) |
| ek.KeyIndex = uint8((info & 0x0030) >> 4) |
| ek.Install = (info & 0x0040) != 0 |
| ek.KeyACK = (info & 0x0080) != 0 |
| ek.KeyMIC = (info & 0x0100) != 0 |
| ek.Secure = (info & 0x0200) != 0 |
| ek.MICError = (info & 0x0400) != 0 |
| ek.Request = (info & 0x0800) != 0 |
| ek.HasEncryptedKeyData = (info & 0x1000) != 0 |
| ek.SMKMessage = (info & 0x2000) != 0 |
| |
| ek.KeyLength = binary.BigEndian.Uint16(data[3:5]) |
| ek.ReplayCounter = binary.BigEndian.Uint64(data[5:13]) |
| |
| ek.Nonce = data[13:45] |
| ek.IV = data[45:61] |
| ek.RSC = binary.BigEndian.Uint64(data[61:69]) |
| ek.ID = binary.BigEndian.Uint64(data[69:77]) |
| ek.MIC = data[77:93] |
| |
| ek.KeyDataLength = binary.BigEndian.Uint16(data[93:95]) |
| |
| totalLength := eapolKeyFrameLen + int(ek.KeyDataLength) |
| if len(data) < totalLength { |
| df.SetTruncated() |
| return fmt.Errorf("EAPOLKey data length %d too short, %d required", |
| len(data)-eapolKeyFrameLen, ek.KeyDataLength) |
| } |
| |
| if ek.HasEncryptedKeyData { |
| ek.EncryptedKeyData = data[eapolKeyFrameLen:totalLength] |
| ek.BaseLayer = BaseLayer{ |
| Contents: data[:totalLength], |
| Payload: data[totalLength:], |
| } |
| } else { |
| ek.BaseLayer = BaseLayer{ |
| Contents: data[:eapolKeyFrameLen], |
| Payload: data[eapolKeyFrameLen:], |
| } |
| } |
| |
| return nil |
| } |
| |
| // SerializeTo writes the serialized form of this layer into the |
| // SerializationBuffer, implementing gopacket.SerializableLayer. |
| // See the docs for gopacket.SerializableLayer for more info. |
| func (ek *EAPOLKey) SerializeTo(b gopacket.SerializeBuffer, opts gopacket.SerializeOptions) error { |
| buf, err := b.PrependBytes(eapolKeyFrameLen + len(ek.EncryptedKeyData)) |
| if err != nil { |
| return err |
| } |
| |
| buf[0] = byte(ek.KeyDescriptorType) |
| |
| var info uint16 |
| info |= uint16(ek.KeyDescriptorVersion) |
| info |= uint16(ek.KeyType) << 3 |
| info |= uint16(ek.KeyIndex) << 4 |
| if ek.Install { |
| info |= 0x0040 |
| } |
| if ek.KeyACK { |
| info |= 0x0080 |
| } |
| if ek.KeyMIC { |
| info |= 0x0100 |
| } |
| if ek.Secure { |
| info |= 0x0200 |
| } |
| if ek.MICError { |
| info |= 0x0400 |
| } |
| if ek.Request { |
| info |= 0x0800 |
| } |
| if ek.HasEncryptedKeyData { |
| info |= 0x1000 |
| } |
| if ek.SMKMessage { |
| info |= 0x2000 |
| } |
| binary.BigEndian.PutUint16(buf[1:3], info) |
| |
| binary.BigEndian.PutUint16(buf[3:5], ek.KeyLength) |
| binary.BigEndian.PutUint64(buf[5:13], ek.ReplayCounter) |
| |
| copy(buf[13:45], ek.Nonce) |
| copy(buf[45:61], ek.IV) |
| binary.BigEndian.PutUint64(buf[61:69], ek.RSC) |
| binary.BigEndian.PutUint64(buf[69:77], ek.ID) |
| copy(buf[77:93], ek.MIC) |
| |
| binary.BigEndian.PutUint16(buf[93:95], ek.KeyDataLength) |
| if len(ek.EncryptedKeyData) > 0 { |
| copy(buf[95:95+len(ek.EncryptedKeyData)], ek.EncryptedKeyData) |
| } |
| |
| return nil |
| } |
| |
| func decodeEAPOLKey(data []byte, p gopacket.PacketBuilder) error { |
| ek := &EAPOLKey{} |
| return decodingLayerDecoder(ek, data, p) |
| } |