@gibme/eapol
    Preparing search index...

    Class Frame

    EAPOL Key Frame - represents a complete EAPOL Key exchange message Used for WPA/WPA2/WPA3 4-way handshakes, group key handshakes, and Fast Transition (802.11r) operations.

    const frame = Frame.from(buffer);
    console.log(`Message ${frame.messageNumber} of 4-way handshake`);
    console.log(`Replay Counter: ${frame.replayCounter}`);
    console.log(`Has MIC: ${frame.hasMic}`);
    Index

    Constructors

    Accessors

    • get descriptor(): Descriptor

      Key Descriptor Type (identifies crypto suite: RC4, RSN, FT, etc.)

      Returns Descriptor

    • get encryptedKeyData(): Buffer

      Encrypted Key Data (if isEncrypted flag is set)

      Returns Buffer

    • get error(): ErrorKde | undefined

      Error KDE - handshake error information

      Returns ErrorKde | undefined

    • get ft(): Partial<Ft> | undefined

      Fast Transition Information Element (if present) - 802.11r FT params

      Returns Partial<Ft> | undefined

    • get gtk(): GtkKde | undefined

      GTK (Group Temporal Key) KDE - parsed group key for multicast/broadcast

      Returns GtkKde | undefined

    • get handshakeType(): "unknown" | "four-way" | "group-key"

      Identifies the type of key handshake

      • 'four-way': Standard WPA/WPA2/WPA3 4-way handshake for PTK
      • 'group-key': Group key handshake for GTK update
      • 'unknown': Unable to determine type

      Returns "unknown" | "four-way" | "group-key"

    • get hasAck(): boolean

      ACK flag - message is from authenticator (AP) to supplicant (STA)

      Returns boolean

    • get hasError(): boolean

      Error flag - indicates MIC failure or other error

      Returns boolean

    • get hasInstall(): boolean

      Install flag - indicates key should be installed

      Returns boolean

    • get hasMic(): boolean

      MIC flag - MIC field is valid and should be checked

      Returns boolean

    • get ies(): Ie[]

      Array of all parsed Information Elements (IEs)

      Returns Ie[]

    • get igtk(): IgtkKde | undefined

      IGTK (Integrity Group Temporal Key) KDE - parsed key for management frame protection

      Returns IgtkKde | undefined

    • get isEncrypted(): boolean

      Encrypted Data flag - Key Data field is encrypted

      Returns boolean

    • get isMessage1(): boolean

      Message 1 of 4-way handshake AP → STA: ANonce, no MIC

      Returns boolean

    • get isMessage2(): boolean

      Message 2 of 4-way handshake STA → AP: SNonce, RSN IE, MIC (but not Secure)

      Returns boolean

    • get isMessage3(): boolean

      Message 3 of 4-way handshake AP → STA: ANonce, GTK, RSN IE, Install, MIC

      Returns boolean

    • get isMessage4(): boolean

      Message 4 of 4-way handshake STA → AP: MIC, Secure (confirms PTK installation)

      Returns boolean

    • get isPairwise(): boolean

      Key Type flag - true for pairwise (PTK), false for group (GTK)

      Returns boolean

    • get isRequest(): boolean

      Request flag - supplicant requests new PTK/GTK

      Returns boolean

    • get isSecure(): boolean

      Secure flag - indicates PTK installed and secure comms established

      Returns boolean

    • get isSmk(): boolean

      SMK flag - Station-to-Station key message (TDLS)

      Returns boolean

    • get kdes(): Kde[]

      Array of all parsed Key Data Encapsulations (KDEs)

      Returns Kde[]

    • get keyId(): Buffer

      Key ID (8 bytes) - reserved field, usually zeros

      Returns Buffer

    • get keyIdKde(): KeyIdKde | undefined

      Key ID KDE - generic key identifier

      Returns KeyIdKde | undefined

    • get keyInfo(): KeyInfo

      Key Information field - contains all key flags and properties

      Returns KeyInfo

    • get keyIv(): Buffer

      Key IV (Initialization Vector) - 16 bytes, used for key encryption (mostly zeros in modern WPA)

      Returns Buffer

    • get keyLength(): number

      Key Length (2 bytes) - length of pairwise key (16 for TKIP, 16/32 for AES)

      Returns number

    • get keyNonce(): Buffer

      Key Nonce (32 bytes) - ANonce (from AP) or SNonce (from STA)

      Returns Buffer

    • get keyRsc(): Buffer

      Key RSC (Receive Sequence Counter) - 8 bytes, used for replay detection

      Returns Buffer

    • get keyVersion(): KeyVersion

      Key Descriptor Version from KeyInfo (indicates MIC/encryption algorithm)

      Returns KeyVersion

    • get macAddr(): MacAddrKde | undefined

      MAC Address KDE - peer MAC address (TDLS)

      Returns MacAddrKde | undefined

    • get mdid(): Buffer

      Mobility Domain ID (2 bytes) - shorthand accessor

      Returns Buffer

    • get messageNumber(): 2 | 1 | 3 | 4 | undefined

      Returns which message number (1-4) this frame represents in the 4-way handshake, or undefined if not part of 4-way handshake

      Returns 2 | 1 | 3 | 4 | undefined

    • get mic(): Buffer

      MIC (Message Integrity Code) - 16 bytes, authenticates the frame

      Returns Buffer

    • get mobilityDomain(): MobilityDomain | undefined

      Mobility Domain IE (if present) - identifies FT roaming domain

      Returns MobilityDomain | undefined

    • get nonce(): NonceKde | undefined

      Nonce KDE - additional nonce value

      Returns NonceKde | undefined

    • get pmkid(): PmkidKde | undefined

      PMKID KDE - Pairwise Master Key Identifier for fast roaming

      Returns PmkidKde | undefined

    • get replayCounter(): bigint

      Replay Counter (8 bytes) - monotonically increasing counter for replay protection

      Returns bigint

    • get rsn(): Rsn | undefined

      RSN Information Element (if present) - WPA2/WPA3 security params

      Returns Rsn | undefined

    • get smk(): SmkKde | undefined

      SMK KDE - Station-to-Station Master Key (TDLS)

      Returns SmkKde | undefined

    • get type(): Type

      EAPOL frame type (typically 0x03 for EAPOL-Key)

      Returns Type

    • get version(): Version

      EAPOL protocol version (0x01, 0x02, or 0x03)

      Returns Version

    • get wpa(): Wpa | undefined

      WPA Information Element (if present) - legacy WPA/TKIP params

      Returns Wpa | undefined

    • get zeroedFrame(): Buffer

      Copy of frame with MIC field zeroed out Used for MIC calculation/verification

      Returns Buffer

    Methods

    • Returns boolean

    • Validates the EAPOL Key Frame structure and content

      Performs comprehensive validation including:

      • EAPOL version and descriptor version compatibility
      • Key Information flag consistency (per 802.11 spec)
      • Message-specific requirements (Messages 1-4)
      • Replay counter validation
      • IE/KDE structure validation (RSN, WPA, IGTK, GTK, etc.)
      • Nonce and MIC presence requirements

      Returns { errors: string[]; valid: boolean }

      Object containing validation status and list of errors

      const frame = Frame.from(buffer);
      const result = frame.validate();

      if (!result.valid) {
      console.error('Frame validation failed:');
      result.errors.forEach(err => console.error(` - ${err}`));
      }
    • Parses an EAPOL Key Frame from a buffer or hex string

      This method handles complete EAPOL frames including

      • EAPOL header (version, type, length)
      • Key descriptor fields
      • Key Information flags
      • Nonces and MIC
      • Key Data (RSN IE, WPA IE, KDEs, etc.)

      The parser is resilient and will scan up to 512 bytes to find the EAPOL header if it's not at the start of the buffer (e.g., if preceded by 802.11 headers).

      Parameters

      • blob: string | Buffer<ArrayBufferLike>

        Buffer or hex string containing the EAPOL frame

      • OptionalbufferEncoding: BufferEncoding

        Optional encoding if blob is a string (default: 'hex')

      Returns Frame

      Parsed Frame object

      Error if blob does not contain a valid EAPOL Key Frame

      // From hex string
      const frame = Frame.from('0203005f...', 'hex');

      // From buffer
      const frame = Frame.from(buffer);

      // Check message type
      if (frame.isMessage1) {
      console.log('ANonce:', frame.keyNonce.toString('hex'));
      }
    • Protected

      Extract Error from KDE body

      Parameters

      • body: Buffer

      Returns ErrorKde | undefined

    • Protected

      Parses FT sub-elements

      Parameters

      • body: Buffer

      Returns {
          aNonce: Buffer;
          elements: Ie[];
          mic: Buffer;
          micControl: number;
          sNonce: Buffer;
      }

    • Protected

      Extract GTK from KDE body

      Parameters

      • body: Buffer

      Returns GtkKde | undefined

    • Protected

      Extract IGTK from KDE body

      Parameters

      • body: Buffer

      Returns IgtkKde | undefined

    • Protected

      Extract Key ID from KDE body

      Parameters

      • body: Buffer

      Returns KeyIdKde | undefined

    • Protected

      Extract Lifetime from KDE body

      Parameters

      • body: Buffer

      Returns LifetimeKde | undefined

    • Protected

      Extract MAC Address from KDE body

      Parameters

      • body: Buffer

      Returns MacAddrKde | undefined

    • Protected

      Extract Multiband GTK from KDE body

      Parameters

      • body: Buffer

      Returns MultibandGtkKde | undefined

    • Protected

      Extract Multiband Key ID from KDE body

      Parameters

      • body: Buffer

      Returns MultibandKeyIdKde | undefined

    • Protected

      Extract Nonce from KDE body

      Parameters

      • body: Buffer

      Returns NonceKde | undefined

    • Protected

      Extract PMKID from KDE body

      Parameters

      • body: Buffer

      Returns PmkidKde | undefined

    • Protected

      Parses out the RSN capabilities

      Parameters

      • capabilities: number

      Returns RsnCapabilities

    • Protected

      Parses RSN sub-elements

      Parameters

      • body: Buffer

      Returns Rsn

    • Protected

      Extract SMK from KDE body

      Parameters

      • body: Buffer

      Returns SmkKde | undefined

    • Protected

      Parses WPA sub-elements (legacy WPA/TKIP with Microsoft OUI)

      Parameters

      • body: Buffer

      Returns Wpa