2 * Routines for EAPOL 802.1X authentication header disassembly
3 * (From IEEE Draft P802.1X/D11; is there a later draft, or a
4 * final standard? If so, check it.)
6 * $Id: packet-eapol.c,v 1.13 2003/06/03 01:20:14 gerald Exp $
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
33 #include "packet-ieee8023.h"
34 #include "packet-ipx.h"
35 #include "packet-llc.h"
38 static int proto_eapol = -1;
39 static int hf_eapol_version = -1;
40 static int hf_eapol_type = -1;
41 static int hf_eapol_len = -1;
42 static int hf_eapol_keydes_type = -1;
43 static int hf_eapol_keydes_keylen = -1;
44 static int hf_eapol_keydes_replay_counter = -1;
45 static int hf_eapol_keydes_key_iv = -1;
46 static int hf_eapol_keydes_key_index_keytype = -1;
47 static int hf_eapol_keydes_key_index_indexnum = -1;
48 static int hf_eapol_keydes_key_signature = -1;
49 static int hf_eapol_keydes_key = -1;
51 static int hf_eapol_wpa_keydes_keyinfo = -1;
52 static int hf_eapol_wpa_keydes_nonce = -1;
53 static int hf_eapol_wpa_keydes_rsc = -1;
54 static int hf_eapol_wpa_keydes_id = -1;
55 static int hf_eapol_wpa_keydes_mic = -1;
56 static int hf_eapol_wpa_keydes_datalen = -1;
57 static int hf_eapol_wpa_keydes_data = -1;
59 static int tag_number = -1;
60 static int tag_length = -1;
61 static int tag_interpretation = -1;
63 static gint ett_eapol = -1;
64 static gint ett_eapol_key_index = -1;
66 static dissector_handle_t eap_handle;
67 static dissector_handle_t data_handle;
69 #define EAPOL_HDR_LEN 4
73 #define EAPOL_LOGOFF 2
75 #define EAPOL_ENCAP_ASF_ALERT 4
77 #define EAPOL_WPA_KEY 254
79 static const value_string eapol_type_vals[] = {
80 { EAP_PACKET, "EAP Packet" },
81 { EAPOL_START, "Start" },
82 { EAPOL_LOGOFF, "Logoff" },
84 { EAPOL_ENCAP_ASF_ALERT, "Encapsulated ASF Alert" },
88 static const value_string eapol_keydes_type_vals[] = {
89 { 1, "RC4 Descriptor" },
90 { EAPOL_WPA_KEY, "EAPOL WPA key" },
94 static const true_false_string keytype_tfs =
95 { "Unicast", "Broadcast" };
97 extern void dissect_vendor_specific_ie(proto_tree * tree, tvbuff_t * tvb,
98 int offset, int tag_number, int tag_length, int tag_interpretation);
101 dissect_eapol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
108 guint16 eapol_key_len, eapol_data_len;
110 proto_tree *ti = NULL;
111 proto_tree *eapol_tree = NULL;
112 proto_tree *key_index_tree;
115 if (check_col(pinfo->cinfo, COL_PROTOCOL))
116 col_set_str(pinfo->cinfo, COL_PROTOCOL, "EAPOL");
117 if (check_col(pinfo->cinfo, COL_INFO))
118 col_clear(pinfo->cinfo, COL_INFO);
121 ti = proto_tree_add_item(tree, proto_eapol, tvb, 0, -1, FALSE);
122 eapol_tree = proto_item_add_subtree(ti, ett_eapol);
124 proto_tree_add_item(eapol_tree, hf_eapol_version, tvb, offset, 1, FALSE);
128 eapol_type = tvb_get_guint8(tvb, offset);
130 proto_tree_add_uint(eapol_tree, hf_eapol_type, tvb, offset, 1, eapol_type);
131 if (check_col(pinfo->cinfo, COL_INFO))
132 col_add_str(pinfo->cinfo, COL_INFO,
133 val_to_str(eapol_type, eapol_type_vals, "Unknown type (0x%02X)"));
136 eapol_len = tvb_get_ntohs(tvb, offset);
137 len = EAPOL_HDR_LEN + eapol_len;
138 set_actual_length(tvb, len);
140 proto_item_set_len(ti, len);
141 proto_tree_add_uint(eapol_tree, hf_eapol_len, tvb, offset, 2, eapol_len);
145 switch (eapol_type) {
148 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
149 call_dissector(eap_handle, next_tvb, pinfo, eapol_tree);
154 keydesc_type = tvb_get_guint8(tvb, offset);
155 proto_tree_add_item(eapol_tree, hf_eapol_keydes_type, tvb, offset, 1, FALSE);
157 if (keydesc_type == EAPOL_WPA_KEY) {
158 proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_keyinfo, tvb,
159 offset, 2, tvb_get_ntohs(tvb, offset));
161 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset,
162 2, tvb_get_ntohs(tvb, offset));
164 proto_tree_add_item(eapol_tree, hf_eapol_keydes_replay_counter, tvb,
167 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_nonce, tvb, offset,
170 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_iv, tvb,
173 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_rsc, tvb, offset,
176 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_id, tvb, offset, 8,
179 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_mic, tvb, offset,
182 eapol_data_len = tvb_get_ntohs(tvb, offset);
183 proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_datalen, tvb,
184 offset, 2, eapol_data_len);
186 if (eapol_data_len != 0) {
187 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_data,
188 tvb, offset, eapol_data_len, FALSE);
189 dissect_vendor_specific_ie(eapol_tree, tvb, offset,
190 tag_number, tag_length, tag_interpretation);
191 offset += eapol_data_len;
195 eapol_key_len = tvb_get_ntohs(tvb, offset);
196 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset, 2, eapol_key_len);
198 proto_tree_add_item(eapol_tree, hf_eapol_keydes_replay_counter, tvb,
201 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_iv, tvb,
204 key_index = tvb_get_guint8(tvb, offset);
205 ti = proto_tree_add_text(eapol_tree, tvb, offset, 1,
206 "Key Index: %s, index %u",
207 (key_index & 0x80) ? "unicast" : "broadcast",
209 key_index_tree = proto_item_add_subtree(ti, ett_eapol_key_index);
210 proto_tree_add_boolean(eapol_tree, hf_eapol_keydes_key_index_keytype,
211 tvb, offset, 1, key_index);
212 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_key_index_indexnum,
213 tvb, offset, 1, key_index);
215 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_signature, tvb,
218 if (eapol_key_len != 0)
219 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key, tvb, offset,
220 eapol_key_len, FALSE);
225 case EAPOL_ENCAP_ASF_ALERT: /* XXX - is this an SNMP trap? */
227 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
228 call_dissector(data_handle, next_tvb, pinfo, eapol_tree);
234 proto_register_eapol(void)
236 static hf_register_info hf[] = {
237 { &hf_eapol_version, {
238 "Version", "eapol.version", FT_UINT8, BASE_DEC,
239 NULL, 0x0, "", HFILL }},
241 "Type", "eapol.type", FT_UINT8, BASE_DEC,
242 VALS(eapol_type_vals), 0x0, "", HFILL }},
244 "Length", "eapol.len", FT_UINT16, BASE_DEC,
245 NULL, 0x0, "Length", HFILL }},
246 { &hf_eapol_keydes_type, {
247 "Descriptor Type", "eapol.keydes.type", FT_UINT8, BASE_DEC,
248 VALS(eapol_keydes_type_vals), 0x0, "Key Descriptor Type", HFILL }},
249 { &hf_eapol_keydes_keylen, {
250 "Key Length", "eapol.keydes.keylen", FT_UINT16, BASE_DEC,
251 NULL, 0x0, "Key Length", HFILL }},
252 { &hf_eapol_keydes_replay_counter, {
253 "Replay Counter", "eapol.keydes.replay_counter", FT_UINT64, BASE_DEC,
254 NULL, 0x0, "Replay Counter", HFILL }},
255 { &hf_eapol_keydes_key_iv, {
256 "Key IV", "eapol.keydes.key_iv", FT_BYTES, BASE_NONE,
257 NULL, 0x0, "Key Initialization Vector", HFILL }},
258 { &hf_eapol_keydes_key_index_keytype, {
259 "Key Type", "eapol.keydes.index.keytype", FT_BOOLEAN, 8,
260 TFS(&keytype_tfs), 0x80, "Key Type (unicast/broadcast)", HFILL }},
261 { &hf_eapol_keydes_key_index_indexnum, {
262 "Index Number", "eapol.keydes.index.indexnum", FT_UINT8, BASE_DEC,
263 NULL, 0x7F, "Key Index number", HFILL }},
264 { &hf_eapol_keydes_key_signature, {
265 "Key Signature", "eapol.keydes.key_signature", FT_BYTES, BASE_NONE,
266 NULL, 0x0, "Key Signature", HFILL }},
267 { &hf_eapol_keydes_key, {
268 "Key", "eapol.keydes.key", FT_BYTES, BASE_NONE,
269 NULL, 0x0, "Key", HFILL }},
271 { &hf_eapol_wpa_keydes_keyinfo, {
272 "Key Information", "eapol.keydes.key_info", FT_UINT16,
273 BASE_HEX, NULL, 0x0, "WPA key info", HFILL }},
274 { &hf_eapol_wpa_keydes_nonce, {
275 "Nonce", "eapol.keydes.nonce", FT_BYTES, BASE_NONE,
276 NULL, 0x0, "WPA Key Nonce", HFILL }},
277 { &hf_eapol_wpa_keydes_rsc, {
278 "WPA Key RSC", "eapol.keydes.rsc", FT_BYTES, BASE_NONE, NULL,
279 0x0, "WPA Key Receive Sequence Counter", HFILL }},
280 { &hf_eapol_wpa_keydes_id, {
281 "WPA Key ID", "eapol,keydes.id", FT_BYTES, BASE_NONE, NULL,
282 0x0, "WPA Key ID", HFILL }},
283 { &hf_eapol_wpa_keydes_mic, {
284 "WPA Key MIC", "eapol.keydes.mic", FT_BYTES, BASE_NONE, NULL,
285 0x0, "WPA Key Message Integrity Check", HFILL }},
286 { &hf_eapol_wpa_keydes_datalen, {
287 "WPA Key Length", "eapol.keydes.datalen", FT_UINT16, BASE_DEC,
288 NULL, 0x0, "WPA Key Data Length", HFILL }},
289 { &hf_eapol_wpa_keydes_data, {
290 "WPA Key", "eapol.keydes.data", FT_BYTES, BASE_NONE,
291 NULL, 0x0, "WPA Key Data", HFILL }},
294 "WPA Key Interpretation", "eapol.keydes.data.wpaie",
295 FT_UINT16, BASE_DEC, NULL, 0x0, "Element ID", HFILL }},
297 "WPA Key Interpretation", "eapol.keydes.data.wpaie",
298 FT_UINT16, BASE_DEC, NULL, 0, "Length of tag", HFILL }},
299 {&tag_interpretation, {
300 "WPA Key Interpretation", "eapol.keydes.data.wpaie",
301 FT_STRING, BASE_NONE, NULL, 0, "Interpretation of tag", HFILL }}
303 static gint *ett[] = {
308 proto_eapol = proto_register_protocol("802.1x Authentication", "EAPOL", "eapol");
309 proto_register_field_array(proto_eapol, hf, array_length(hf));
310 proto_register_subtree_array(ett, array_length(ett));
314 proto_reg_handoff_eapol(void)
316 dissector_handle_t eapol_handle;
319 * Get handles for the EAP and raw data dissectors.
321 eap_handle = find_dissector("eap");
322 data_handle = find_dissector("data");
324 eapol_handle = create_dissector_handle(dissect_eapol, proto_eapol);
325 dissector_add("ethertype", ETHERTYPE_EAPOL, eapol_handle);