epan/dissectors/packet-rf4ce-secur.h

   1 /* packet-rf4ce-secur.h
   2  * Security related functions and objects for RF4CE dissector
   3  * Copyright (C) Atmosic 2023
   4  *
   5  * Wireshark - Network traffic analyzer
   6  * By Gerald Combs <gerald@wireshark.org>
   7  * Copyright 1998 Gerald Combs
   8  *
   9  * SPDX-License-Identifier: GPL-2.0-or-later
  10  */
  11
  12 #ifndef PACKET_RF4CE_SECUR_H
  13 #define PACKET_RF4CE_SECUR_H
  14
  15 #include <stdbool.h>
  16 #include "config.h"
  17 #include <epan/packet.h>
  18 #include <epan/expert.h>
  19 #include <epan/uat.h>
  20 #include <epan/value_string.h>
  21
  22 #define RF4CE_IEEE_ADDR_LEN                 8
  23 #define RF4CE_SHORT_ADDR_LEN                2
  24
  25 #define RF4CE_MIN_NWK_LENGTH                5
  26 #define RF4CE_MAX_NWK_LENGTH                148
  27
  28 #define RF4CE_VENDOR_SECRET_STORAGE_SIZE    64
  29 #define RF4CE_NWK_KEY_STORAGE_SIZE          64
  30 #define RF4CE_ADDR_TABLE_SIZE               (RF4CE_NWK_KEY_STORAGE_SIZE * 2)
  31
  32 #define RF4CE_NWK_KEY_SEED_DATA_LENGTH      80
  33
  34 #define RF4CE_CCM_M                         4
  35 #define RF4CE_CCM_L                         2
  36 #define RF4CE_CCM_NONCE_LEN                 (15 - RF4CE_CCM_L)
  37 #define RF4CE_SECUR_CONTROL                 5
  38 #define SEC_STR_LEN                         16
  39 #define KEY_LEN                             SEC_STR_LEN
  40
  41 typedef struct keypair_context_s {
  42     uint8_t nwk_key_seed_latest[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
  43     uint8_t nwk_key_seed_prev[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
  44     uint8_t nwk_key_seed[RF4CE_NWK_KEY_SEED_DATA_LENGTH];
  45     uint8_t controller_addr[RF4CE_IEEE_ADDR_LEN];
  46     uint8_t target_addr[RF4CE_IEEE_ADDR_LEN];
  47     uint8_t nwk_key_exchange_transfer_expected;
  48     uint8_t nwk_key_exchange_transfer_received;
  49 } keypair_context_t;
  50
  51 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH    8
  52 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH    8
  53
  54 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_AB_LENGTH   \
  55     (RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH       \
  56      + RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH)
  57
  58 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_TAG_A_LENGTH     4
  59 #define RF4CE_PROFILE_CMD_KEY_EXCHANGE_TAG_B_LENGTH     4
  60
  61 #define RF4CE_KEY_EXCHANGE_CONTEXT_LENGTH               9
  62 #define RF4CE_KEY_EXCHANGE_LABEL_LENGTH                 (2 * (RF4CE_IEEE_ADDR_LEN))
  63
  64 #define RF4CE_CMAC_ARG_2_LENGTH         \
  65     (RF4CE_KEY_EXCHANGE_CONTEXT_LENGTH  \
  66      + RF4CE_KEY_EXCHANGE_LABEL_LENGTH  \
  67      + KEY_LEN)
  68
  69 /* RF4CE GDP 2.0 spec, part 7.4.2 Key generation
  70  * Context shall be set to the ASCII representation of the nine character string (including a space
  71  * after "RF4CE" but without quotes and without null termination) "RF4CE GDP".
  72  */
  73 #define CONTEXT_STR         "RF4CE GDP"
  74 #define CONTEXT_STR_LEN     9
  75
  76 extern uint8_t DEFAULT_SECRET[SEC_STR_LEN];
  77
  78 typedef struct key_exchange_context_s {
  79     uint8_t rand_a[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_A_LENGTH];
  80     uint8_t rand_b[RF4CE_PROFILE_CMD_KEY_EXCHANGE_RAND_B_LENGTH];
  81     uint8_t mac_a[RF4CE_IEEE_ADDR_LEN]; /* target address     */
  82     uint8_t mac_b[RF4CE_IEEE_ADDR_LEN]; /* controller address */
  83     bool is_proc_started;
  84 } key_exchange_context_t;
  85
  86 void rf4ce_aes_cmac(unsigned char *input, unsigned long length, unsigned char *key, unsigned char *mac_value);
  87
  88 typedef struct addr_entry_s {
  89     uint8_t ieee_addr[RF4CE_IEEE_ADDR_LEN];
  90     uint16_t short_addr;
  91     bool is_used;
  92 } addr_entry_t;
  93
  94 typedef struct nwk_key_entry_s {
  95     uint8_t nwk_key[KEY_LEN];
  96     addr_entry_t *controller_addr_ent;
  97     addr_entry_t *target_addr_ent;
  98     bool key_from_gui;
  99     bool is_used;
 100     bool is_pairing_key;
 101 } nwk_key_entry_t;
 102
 103 typedef struct vendor_secret_entry_s {
 104     uint8_t secret[SEC_STR_LEN];
 105     bool is_used;
 106 } vendor_secret_entry_t;
 107
 108 typedef struct uat_security_record_s {
 109     char *sec_str;
 110     uint8_t type;
 111     char *label;
 112 } uat_security_record_t;
 113
 114 void keypair_context_init(const uint8_t *controller_ieee, const uint8_t *target_ieee, uint8_t expected_transfer_count);
 115 void keypair_context_update_seed(uint8_t *seed, uint8_t seed_seqn);
 116
 117 void nwk_key_storage_add_entry(uint8_t *nwk_key, addr_entry_t *controller_addr_ent, addr_entry_t *target_addr_ent, bool key_from_gui, bool is_pairing_key);
 118 void nwk_key_storage_release_entry(uint8_t *nwk_key, bool key_from_gui);
 119
 120 void rf4ce_addr_table_add_addrs(const void *ieee_addr, uint16_t short_addr);
 121 bool rf4ce_addr_table_get_ieee_addr(uint8_t *ieee_addr, packet_info *pinfo, bool is_src);
 122 addr_entry_t *rf4ce_addr_table_get_addr_entry_by_ieee(uint8_t *ieee_addr);
 123
 124 void key_exchange_context_init(void);
 125
 126 void key_exchange_context_start_procedure(void);
 127 void key_exchange_context_stop_procedure(void);
 128 bool key_exchange_context_is_procedure_started(void);
 129
 130 void key_exchange_context_set_rand_a(uint8_t *rand_a);
 131 void key_exchange_context_set_rand_b(uint8_t *rand_b);
 132
 133 void key_exchange_context_set_mac_a(uint8_t *mac_a);
 134 void key_exchange_context_set_mac_b(uint8_t *mac_b);
 135
 136 void key_exchange_calc_key(uint32_t tag_b_pack);
 137
 138 void vendor_secret_storage_add_entry(uint8_t *secret);
 139 void vendor_secret_storage_release_entry(uint8_t *secret);
 140
 141 void rf4ce_secur_cleanup(void);
 142
 143 bool decrypt_data(
 144     const uint8_t *in,
 145     uint8_t *out,
 146     uint16_t payload_offset,
 147     uint16_t *len,
 148     uint8_t src_ieee[RF4CE_IEEE_ADDR_LEN],
 149     uint8_t dst_ieee[RF4CE_IEEE_ADDR_LEN]);
 150
 151 #endif /* PACKET_RF4CE_SECUR_H */