2 * Routines for EAPOL 802.1X authentication header disassembly
3 * (From IEEE Draft P802.1X/D11; is there a later draft, or a
4 * final standard? If so, check it.)
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 #include <epan/packet.h>
33 #include "packet-ieee80211.h"
36 static int proto_eapol = -1;
37 static int hf_eapol_version = -1;
38 static int hf_eapol_type = -1;
39 static int hf_eapol_len = -1;
40 static int hf_eapol_keydes_type = -1;
41 static int hf_eapol_keydes_keylen = -1;
42 static int hf_eapol_keydes_replay_counter = -1;
43 static int hf_eapol_keydes_key_iv = -1;
44 static int hf_eapol_keydes_key_index_keytype = -1;
45 static int hf_eapol_keydes_key_index_indexnum = -1;
46 static int hf_eapol_keydes_key_signature = -1;
47 static int hf_eapol_keydes_key = -1;
49 static int hf_eapol_wpa_keydes_keyinfo = -1;
50 static int hf_eapol_wpa_keydes_keyinfo_keydes_ver = -1;
51 static int hf_eapol_wpa_keydes_keyinfo_key_type = -1;
52 static int hf_eapol_wpa_keydes_keyinfo_key_index = -1;
53 static int hf_eapol_wpa_keydes_keyinfo_install = -1;
54 static int hf_eapol_wpa_keydes_keyinfo_key_ack = -1;
55 static int hf_eapol_wpa_keydes_keyinfo_key_mic = -1;
56 static int hf_eapol_wpa_keydes_keyinfo_secure = -1;
57 static int hf_eapol_wpa_keydes_keyinfo_error = -1;
58 static int hf_eapol_wpa_keydes_keyinfo_request = -1;
59 static int hf_eapol_wpa_keydes_keyinfo_encr_key_data = -1;
60 static int hf_eapol_wpa_keydes_nonce = -1;
61 static int hf_eapol_wpa_keydes_rsc = -1;
62 static int hf_eapol_wpa_keydes_id = -1;
63 static int hf_eapol_wpa_keydes_mic = -1;
64 static int hf_eapol_wpa_keydes_datalen = -1;
65 static int hf_eapol_wpa_keydes_data = -1;
67 static gint ett_eapol = -1;
68 static gint ett_eapol_keydes_data = -1;
69 static gint ett_eapol_key_index = -1;
70 static gint ett_keyinfo = -1;
72 static dissector_handle_t eap_handle;
73 static dissector_handle_t data_handle;
75 #define EAPOL_HDR_LEN 4
79 #define EAPOL_LOGOFF 2
81 #define EAPOL_ENCAP_ASF_ALERT 4
83 #define EAPOL_RSN_KEY 2 /* TBD, may change in final IEEE 802.1X-REV
85 #define EAPOL_WPA_KEY 254
87 static const value_string eapol_type_vals[] = {
88 { EAP_PACKET, "EAP Packet" },
89 { EAPOL_START, "Start" },
90 { EAPOL_LOGOFF, "Logoff" },
92 { EAPOL_ENCAP_ASF_ALERT, "Encapsulated ASF Alert" },
96 static const value_string eapol_keydes_type_vals[] = {
97 { 1, "RC4 Descriptor" },
98 { EAPOL_RSN_KEY, "EAPOL RSN key" },
99 { EAPOL_WPA_KEY, "EAPOL WPA key" },
103 #define KEY_INFO_KEYDES_VER_MASK 0x0007
104 #define KEY_INFO_KEY_TYPE_MASK 0x0008
105 #define KEY_INFO_KEY_INDEX_MASK 0x0030
106 #define KEY_INFO_INSTALL_MASK 0x0040
107 #define KEY_INFO_KEY_ACK_MASK 0x0080
108 #define KEY_INFO_KEY_MIC_MASK 0x0100
109 #define KEY_INFO_SECURE_MASK 0x0200
110 #define KEY_INFO_ERROR_MASK 0x0400
111 #define KEY_INFO_REQUEST_MASK 0x0800
112 #define KEY_INFO_ENCR_KEY_DATA_MASK 0x1000
114 static const true_false_string keytype_tfs =
115 { "Unicast", "Broadcast" };
116 static const true_false_string tfs_keyinfo_key_type =
117 { "Pairwise key", "Group key" };
118 #define KEYDES_VER_TYPE1 0x01
119 #define KEYDES_VER_TYPE2 0x02
120 static const value_string keydes_ver[] = {
121 { KEYDES_VER_TYPE1, "HMAC-MD5 for MIC and RC4 for encryption" },
122 { KEYDES_VER_TYPE2, "AES-CBC-MAC for MIC and HMAC-SHA1 for encryption" },
127 dissect_eapol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
134 guint16 eapol_key_len, eapol_data_len;
137 proto_tree *ti = NULL;
138 proto_tree *eapol_tree = NULL;
139 proto_tree *keyinfo_item = NULL;
140 proto_tree *keyinfo_tree = NULL;
141 proto_tree *key_index_tree, *keydes_tree;
144 if (check_col(pinfo->cinfo, COL_PROTOCOL))
145 col_set_str(pinfo->cinfo, COL_PROTOCOL, "EAPOL");
146 if (check_col(pinfo->cinfo, COL_INFO))
147 col_clear(pinfo->cinfo, COL_INFO);
150 ti = proto_tree_add_item(tree, proto_eapol, tvb, 0, -1, FALSE);
151 eapol_tree = proto_item_add_subtree(ti, ett_eapol);
153 proto_tree_add_item(eapol_tree, hf_eapol_version, tvb, offset, 1, FALSE);
157 eapol_type = tvb_get_guint8(tvb, offset);
159 proto_tree_add_uint(eapol_tree, hf_eapol_type, tvb, offset, 1, eapol_type);
160 if (check_col(pinfo->cinfo, COL_INFO))
161 col_add_str(pinfo->cinfo, COL_INFO,
162 val_to_str(eapol_type, eapol_type_vals, "Unknown type (0x%02X)"));
165 eapol_len = tvb_get_ntohs(tvb, offset);
166 len = EAPOL_HDR_LEN + eapol_len;
167 set_actual_length(tvb, len);
169 proto_item_set_len(ti, len);
170 proto_tree_add_uint(eapol_tree, hf_eapol_len, tvb, offset, 2, eapol_len);
174 switch (eapol_type) {
177 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
178 call_dissector(eap_handle, next_tvb, pinfo, eapol_tree);
183 keydesc_type = tvb_get_guint8(tvb, offset);
184 proto_tree_add_item(eapol_tree, hf_eapol_keydes_type, tvb, offset, 1, FALSE);
186 if (keydesc_type == EAPOL_WPA_KEY || keydesc_type == EAPOL_RSN_KEY) {
187 keyinfo = tvb_get_ntohs(tvb, offset);
189 proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_keyinfo, tvb,
192 keyinfo_tree = proto_item_add_subtree(keyinfo_item, ett_keyinfo);
193 proto_tree_add_uint(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_keydes_ver, tvb, offset, 2, keyinfo);
194 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_type, tvb, offset, 2, keyinfo);
195 proto_tree_add_uint(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_index, tvb, offset, 2, keyinfo);
196 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_install, tvb, offset, 2, keyinfo);
197 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_ack, tvb, offset, 2, keyinfo);
198 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_key_mic, tvb, offset, 2, keyinfo);
199 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_secure, tvb, offset, 2, keyinfo);
200 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_error, tvb, offset, 2, keyinfo);
201 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_request, tvb, offset, 2, keyinfo);
202 proto_tree_add_boolean(keyinfo_tree, hf_eapol_wpa_keydes_keyinfo_encr_key_data, tvb, offset, 2, keyinfo);
205 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset,
206 2, tvb_get_ntohs(tvb, offset));
208 proto_tree_add_item(eapol_tree, hf_eapol_keydes_replay_counter, tvb,
211 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_nonce, tvb, offset,
214 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_iv, tvb,
217 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_rsc, tvb, offset,
220 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_id, tvb, offset, 8,
223 proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_mic, tvb, offset,
226 eapol_data_len = tvb_get_ntohs(tvb, offset);
227 proto_tree_add_uint(eapol_tree, hf_eapol_wpa_keydes_datalen, tvb,
228 offset, 2, eapol_data_len);
230 if (eapol_data_len != 0) {
231 ti = proto_tree_add_item(eapol_tree, hf_eapol_wpa_keydes_data,
232 tvb, offset, eapol_data_len, FALSE);
233 if ((keyinfo & KEY_INFO_ENCR_KEY_DATA_MASK) ||
234 !(keyinfo & KEY_INFO_KEY_TYPE_MASK)) {
235 /* RSN: EAPOL-Key Key Data is encrypted.
236 * WPA: Group Keys use encrypted Key Data.
237 * Cannot parse this without knowing the key. */
239 keydes_tree = proto_item_add_subtree(ti, ett_eapol_keydes_data);
240 ieee_80211_add_tagged_parameters(tvb, offset, keydes_tree,
246 eapol_key_len = tvb_get_ntohs(tvb, offset);
247 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset, 2, eapol_key_len);
249 proto_tree_add_item(eapol_tree, hf_eapol_keydes_replay_counter, tvb,
252 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_iv, tvb,
255 key_index = tvb_get_guint8(tvb, offset);
256 ti = proto_tree_add_text(eapol_tree, tvb, offset, 1,
257 "Key Index: %s, index %u",
258 (key_index & 0x80) ? "unicast" : "broadcast",
260 key_index_tree = proto_item_add_subtree(ti, ett_eapol_key_index);
261 proto_tree_add_boolean(eapol_tree, hf_eapol_keydes_key_index_keytype,
262 tvb, offset, 1, key_index);
263 proto_tree_add_uint(eapol_tree, hf_eapol_keydes_key_index_indexnum,
264 tvb, offset, 1, key_index);
266 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_signature, tvb,
269 if (eapol_key_len != 0)
270 proto_tree_add_item(eapol_tree, hf_eapol_keydes_key, tvb, offset,
271 eapol_key_len, FALSE);
276 case EAPOL_ENCAP_ASF_ALERT: /* XXX - is this an SNMP trap? */
278 next_tvb = tvb_new_subset(tvb, offset, -1, -1);
279 call_dissector(data_handle, next_tvb, pinfo, eapol_tree);
285 proto_register_eapol(void)
287 static hf_register_info hf[] = {
288 { &hf_eapol_version, {
289 "Version", "eapol.version", FT_UINT8, BASE_DEC,
290 NULL, 0x0, "", HFILL }},
292 "Type", "eapol.type", FT_UINT8, BASE_DEC,
293 VALS(eapol_type_vals), 0x0, "", HFILL }},
295 "Length", "eapol.len", FT_UINT16, BASE_DEC,
296 NULL, 0x0, "Length", HFILL }},
297 { &hf_eapol_keydes_type, {
298 "Descriptor Type", "eapol.keydes.type", FT_UINT8, BASE_DEC,
299 VALS(eapol_keydes_type_vals), 0x0, "Key Descriptor Type", HFILL }},
300 { &hf_eapol_keydes_keylen, {
301 "Key Length", "eapol.keydes.keylen", FT_UINT16, BASE_DEC,
302 NULL, 0x0, "Key Length", HFILL }},
303 { &hf_eapol_keydes_replay_counter, {
304 "Replay Counter", "eapol.keydes.replay_counter", FT_UINT64, BASE_DEC,
305 NULL, 0x0, "Replay Counter", HFILL }},
306 { &hf_eapol_keydes_key_iv, {
307 "Key IV", "eapol.keydes.key_iv", FT_BYTES, BASE_NONE,
308 NULL, 0x0, "Key Initialization Vector", HFILL }},
309 { &hf_eapol_keydes_key_index_keytype, {
310 "Key Type", "eapol.keydes.index.keytype", FT_BOOLEAN, 8,
311 TFS(&keytype_tfs), 0x80, "Key Type (unicast/broadcast)", HFILL }},
312 { &hf_eapol_keydes_key_index_indexnum, {
313 "Index Number", "eapol.keydes.index.indexnum", FT_UINT8, BASE_DEC,
314 NULL, 0x7F, "Key Index number", HFILL }},
315 { &hf_eapol_keydes_key_signature, {
316 "Key Signature", "eapol.keydes.key_signature", FT_BYTES, BASE_NONE,
317 NULL, 0x0, "Key Signature", HFILL }},
318 { &hf_eapol_keydes_key, {
319 "Key", "eapol.keydes.key", FT_BYTES, BASE_NONE,
320 NULL, 0x0, "Key", HFILL }},
322 { &hf_eapol_wpa_keydes_keyinfo, {
323 "Key Information", "eapol.keydes.key_info", FT_UINT16,
324 BASE_HEX, NULL, 0x0, "WPA key info", HFILL }},
326 { &hf_eapol_wpa_keydes_keyinfo_keydes_ver, {
327 "Key Descriptor Version",
328 "eapol.keydes.key_info.keydes_ver",
329 FT_UINT16, BASE_DEC, VALS(&keydes_ver),
330 KEY_INFO_KEYDES_VER_MASK,
331 "Key Descriptor Version Type", HFILL }},
332 { &hf_eapol_wpa_keydes_keyinfo_key_type, {
334 "eapol.keydes.key_info.key_type",
335 FT_BOOLEAN, 16, TFS(&tfs_keyinfo_key_type),
336 KEY_INFO_KEY_TYPE_MASK,
337 "Key Type (Pairwise or Group)", HFILL }},
338 { &hf_eapol_wpa_keydes_keyinfo_key_index, {
340 "eapol.keydes.key_info.key_index",
341 FT_UINT16, BASE_DEC, NULL,
342 KEY_INFO_KEY_INDEX_MASK,
343 "Key Index (0-3) (RSN: Reserved)", HFILL }},
344 { &hf_eapol_wpa_keydes_keyinfo_install, {
346 "eapol.keydes.key_info.install",
347 FT_BOOLEAN, 16, TFS(&flags_set_truth),
348 KEY_INFO_INSTALL_MASK,
349 "Install flag", HFILL }},
350 { &hf_eapol_wpa_keydes_keyinfo_key_ack, {
352 "eapol.keydes.key_info.key_ack",
353 FT_BOOLEAN, 16, TFS(&flags_set_truth),
354 KEY_INFO_KEY_ACK_MASK,
355 "Key Ack flag", HFILL }},
356 { &hf_eapol_wpa_keydes_keyinfo_key_mic, {
358 "eapol.keydes.key_info.key_mic",
359 FT_BOOLEAN, 16, TFS(&flags_set_truth),
360 KEY_INFO_KEY_MIC_MASK,
361 "Key MIC flag", HFILL }},
362 { &hf_eapol_wpa_keydes_keyinfo_secure, {
364 "eapol.keydes.key_info.secure",
365 FT_BOOLEAN, 16, TFS(&flags_set_truth),
366 KEY_INFO_SECURE_MASK,
367 "Secure flag", HFILL }},
368 { &hf_eapol_wpa_keydes_keyinfo_error, {
370 "eapol.keydes.key_info.error",
371 FT_BOOLEAN, 16, TFS(&flags_set_truth),
373 "Error flag", HFILL }},
374 { &hf_eapol_wpa_keydes_keyinfo_request, {
376 "eapol.keydes.key_info.request",
377 FT_BOOLEAN, 16, TFS(&flags_set_truth),
378 KEY_INFO_REQUEST_MASK,
379 "Request flag", HFILL }},
380 { &hf_eapol_wpa_keydes_keyinfo_encr_key_data, {
381 "Encrypted Key Data flag",
382 "eapol.keydes.key_info.encr_key_data",
383 FT_BOOLEAN, 16, TFS(&flags_set_truth),
384 KEY_INFO_ENCR_KEY_DATA_MASK,
385 "Encrypted Key Data flag", HFILL }},
386 { &hf_eapol_wpa_keydes_nonce, {
387 "Nonce", "eapol.keydes.nonce", FT_BYTES, BASE_NONE,
388 NULL, 0x0, "WPA Key Nonce", HFILL }},
389 { &hf_eapol_wpa_keydes_rsc, {
390 "WPA Key RSC", "eapol.keydes.rsc", FT_BYTES, BASE_NONE, NULL,
391 0x0, "WPA Key Receive Sequence Counter", HFILL }},
392 { &hf_eapol_wpa_keydes_id, {
393 "WPA Key ID", "eapol.keydes.id", FT_BYTES, BASE_NONE, NULL,
394 0x0, "WPA Key ID(RSN Reserved)", HFILL }},
395 { &hf_eapol_wpa_keydes_mic, {
396 "WPA Key MIC", "eapol.keydes.mic", FT_BYTES, BASE_NONE, NULL,
397 0x0, "WPA Key Message Integrity Check", HFILL }},
398 { &hf_eapol_wpa_keydes_datalen, {
399 "WPA Key Length", "eapol.keydes.datalen", FT_UINT16, BASE_DEC,
400 NULL, 0x0, "WPA Key Data Length", HFILL }},
401 { &hf_eapol_wpa_keydes_data, {
402 "WPA Key", "eapol.keydes.data", FT_BYTES, BASE_NONE,
403 NULL, 0x0, "WPA Key Data", HFILL }},
405 static gint *ett[] = {
407 &ett_eapol_keydes_data,
412 proto_eapol = proto_register_protocol("802.1x Authentication", "EAPOL", "eapol");
413 proto_register_field_array(proto_eapol, hf, array_length(hf));
414 proto_register_subtree_array(ett, array_length(ett));
418 proto_reg_handoff_eapol(void)
420 dissector_handle_t eapol_handle;
423 * Get handles for the EAP and raw data dissectors.
425 eap_handle = find_dissector("eap");
426 data_handle = find_dissector("data");
428 eapol_handle = create_dissector_handle(dissect_eapol, proto_eapol);
429 dissector_add("ethertype", ETHERTYPE_EAPOL, eapol_handle);
430 dissector_add("ethertype", ETHERTYPE_RSN_PREAUTH, eapol_handle);