ieee80211_crypto_wep.c revision 1.12.2.1
1 1.12.2.1 phil /*- 2 1.12.2.1 phil * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 1.12.2.1 phil * 4 1.12.2.1 phil * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 5 1.1 dyoung * All rights reserved. 6 1.1 dyoung * 7 1.1 dyoung * Redistribution and use in source and binary forms, with or without 8 1.1 dyoung * modification, are permitted provided that the following conditions 9 1.1 dyoung * are met: 10 1.1 dyoung * 1. Redistributions of source code must retain the above copyright 11 1.1 dyoung * notice, this list of conditions and the following disclaimer. 12 1.1 dyoung * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 dyoung * notice, this list of conditions and the following disclaimer in the 14 1.1 dyoung * documentation and/or other materials provided with the distribution. 15 1.1 dyoung * 16 1.1 dyoung * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 1.1 dyoung * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 1.1 dyoung * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 1.1 dyoung * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 1.1 dyoung * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 1.1 dyoung * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 1.1 dyoung * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 1.1 dyoung * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 1.1 dyoung * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 1.1 dyoung * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 1.1 dyoung */ 27 1.1 dyoung 28 1.1 dyoung #include <sys/cdefs.h> 29 1.12.2.1 phil __FBSDID("$FreeBSD$"); 30 1.1 dyoung 31 1.1 dyoung /* 32 1.1 dyoung * IEEE 802.11 WEP crypto support. 33 1.1 dyoung */ 34 1.12.2.1 phil #include "opt_wlan.h" 35 1.12.2.1 phil 36 1.1 dyoung #include <sys/param.h> 37 1.12.2.1 phil #include <sys/systm.h> 38 1.12.2.1 phil #include <sys/mbuf.h> 39 1.1 dyoung #include <sys/malloc.h> 40 1.1 dyoung #include <sys/kernel.h> 41 1.12.2.1 phil #include <sys/module.h> 42 1.1 dyoung #include <sys/endian.h> 43 1.1 dyoung 44 1.1 dyoung #include <sys/socket.h> 45 1.1 dyoung 46 1.1 dyoung #include <net/if.h> 47 1.1 dyoung #include <net/if_media.h> 48 1.12.2.1 phil #include <net/ethernet.h> 49 1.1 dyoung 50 1.1 dyoung #include <net80211/ieee80211_var.h> 51 1.1 dyoung 52 1.12.2.1 phil static void *wep_attach(struct ieee80211vap *, struct ieee80211_key *); 53 1.1 dyoung static void wep_detach(struct ieee80211_key *); 54 1.1 dyoung static int wep_setkey(struct ieee80211_key *); 55 1.12.2.1 phil static void wep_setiv(struct ieee80211_key *, uint8_t *); 56 1.12.2.1 phil static int wep_encap(struct ieee80211_key *, struct mbuf *); 57 1.12.2.1 phil static int wep_decap(struct ieee80211_key *, struct mbuf *, int); 58 1.3 dyoung static int wep_enmic(struct ieee80211_key *, struct mbuf *, int); 59 1.3 dyoung static int wep_demic(struct ieee80211_key *, struct mbuf *, int); 60 1.1 dyoung 61 1.12.2.1 phil static const struct ieee80211_cipher wep = { 62 1.1 dyoung .ic_name = "WEP", 63 1.1 dyoung .ic_cipher = IEEE80211_CIPHER_WEP, 64 1.1 dyoung .ic_header = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 65 1.1 dyoung .ic_trailer = IEEE80211_WEP_CRCLEN, 66 1.1 dyoung .ic_miclen = 0, 67 1.1 dyoung .ic_attach = wep_attach, 68 1.1 dyoung .ic_detach = wep_detach, 69 1.1 dyoung .ic_setkey = wep_setkey, 70 1.12.2.1 phil .ic_setiv = wep_setiv, 71 1.1 dyoung .ic_encap = wep_encap, 72 1.1 dyoung .ic_decap = wep_decap, 73 1.1 dyoung .ic_enmic = wep_enmic, 74 1.1 dyoung .ic_demic = wep_demic, 75 1.1 dyoung }; 76 1.1 dyoung 77 1.1 dyoung static int wep_encrypt(struct ieee80211_key *, struct mbuf *, int hdrlen); 78 1.1 dyoung static int wep_decrypt(struct ieee80211_key *, struct mbuf *, int hdrlen); 79 1.1 dyoung 80 1.1 dyoung struct wep_ctx { 81 1.12.2.1 phil struct ieee80211vap *wc_vap; /* for diagnostics+statistics */ 82 1.12.2.1 phil struct ieee80211com *wc_ic; 83 1.12.2.1 phil uint32_t wc_iv; /* initial vector for crypto */ 84 1.1 dyoung }; 85 1.1 dyoung 86 1.12.2.1 phil /* number of references from net80211 layer */ 87 1.12.2.1 phil static int nrefs = 0; 88 1.12.2.1 phil 89 1.1 dyoung static void * 90 1.12.2.1 phil wep_attach(struct ieee80211vap *vap, struct ieee80211_key *k) 91 1.1 dyoung { 92 1.1 dyoung struct wep_ctx *ctx; 93 1.1 dyoung 94 1.12.2.1 phil ctx = (struct wep_ctx *) IEEE80211_MALLOC(sizeof(struct wep_ctx), 95 1.12.2.1 phil M_80211_CRYPTO, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 96 1.1 dyoung if (ctx == NULL) { 97 1.12.2.1 phil vap->iv_stats.is_crypto_nomem++; 98 1.1 dyoung return NULL; 99 1.1 dyoung } 100 1.1 dyoung 101 1.12.2.1 phil ctx->wc_vap = vap; 102 1.12.2.1 phil ctx->wc_ic = vap->iv_ic; 103 1.1 dyoung get_random_bytes(&ctx->wc_iv, sizeof(ctx->wc_iv)); 104 1.12.2.1 phil nrefs++; /* NB: we assume caller locking */ 105 1.1 dyoung return ctx; 106 1.1 dyoung } 107 1.1 dyoung 108 1.1 dyoung static void 109 1.1 dyoung wep_detach(struct ieee80211_key *k) 110 1.1 dyoung { 111 1.1 dyoung struct wep_ctx *ctx = k->wk_private; 112 1.1 dyoung 113 1.12.2.1 phil IEEE80211_FREE(ctx, M_80211_CRYPTO); 114 1.12.2.1 phil KASSERT(nrefs > 0, ("imbalanced attach/detach")); 115 1.12.2.1 phil nrefs--; /* NB: we assume caller locking */ 116 1.1 dyoung } 117 1.1 dyoung 118 1.1 dyoung static int 119 1.1 dyoung wep_setkey(struct ieee80211_key *k) 120 1.1 dyoung { 121 1.1 dyoung return k->wk_keylen >= 40/NBBY; 122 1.1 dyoung } 123 1.1 dyoung 124 1.12.2.1 phil static void 125 1.12.2.1 phil wep_setiv(struct ieee80211_key *k, uint8_t *ivp) 126 1.1 dyoung { 127 1.1 dyoung struct wep_ctx *ctx = k->wk_private; 128 1.12.2.1 phil struct ieee80211vap *vap = ctx->wc_vap; 129 1.12.2.1 phil uint32_t iv; 130 1.12.2.1 phil uint8_t keyid; 131 1.1 dyoung 132 1.12.2.1 phil keyid = ieee80211_crypto_get_keyid(vap, k) << 6; 133 1.1 dyoung 134 1.1 dyoung /* 135 1.1 dyoung * XXX 136 1.1 dyoung * IV must not duplicate during the lifetime of the key. 137 1.1 dyoung * But no mechanism to renew keys is defined in IEEE 802.11 138 1.1 dyoung * for WEP. And the IV may be duplicated at other stations 139 1.1 dyoung * because the session key itself is shared. So we use a 140 1.1 dyoung * pseudo random IV for now, though it is not the right way. 141 1.1 dyoung * 142 1.1 dyoung * NB: Rather than use a strictly random IV we select a 143 1.1 dyoung * random one to start and then increment the value for 144 1.1 dyoung * each frame. This is an explicit tradeoff between 145 1.1 dyoung * overhead and security. Given the basic insecurity of 146 1.1 dyoung * WEP this seems worthwhile. 147 1.1 dyoung */ 148 1.1 dyoung 149 1.1 dyoung /* 150 1.1 dyoung * Skip 'bad' IVs from Fluhrer/Mantin/Shamir: 151 1.1 dyoung * (B, 255, N) with 3 <= B < 16 and 0 <= N <= 255 152 1.1 dyoung */ 153 1.1 dyoung iv = ctx->wc_iv; 154 1.1 dyoung if ((iv & 0xff00) == 0xff00) { 155 1.1 dyoung int B = (iv & 0xff0000) >> 16; 156 1.1 dyoung if (3 <= B && B < 16) 157 1.1 dyoung iv += 0x0100; 158 1.1 dyoung } 159 1.1 dyoung ctx->wc_iv = iv + 1; 160 1.1 dyoung 161 1.1 dyoung /* 162 1.1 dyoung * NB: Preserve byte order of IV for packet 163 1.1 dyoung * sniffers; it doesn't matter otherwise. 164 1.1 dyoung */ 165 1.1 dyoung #if _BYTE_ORDER == _BIG_ENDIAN 166 1.1 dyoung ivp[0] = iv >> 0; 167 1.1 dyoung ivp[1] = iv >> 8; 168 1.1 dyoung ivp[2] = iv >> 16; 169 1.1 dyoung #else 170 1.1 dyoung ivp[2] = iv >> 0; 171 1.1 dyoung ivp[1] = iv >> 8; 172 1.1 dyoung ivp[0] = iv >> 16; 173 1.1 dyoung #endif 174 1.1 dyoung ivp[3] = keyid; 175 1.12.2.1 phil } 176 1.12.2.1 phil 177 1.12.2.1 phil /* 178 1.12.2.1 phil * Add privacy headers appropriate for the specified key. 179 1.12.2.1 phil */ 180 1.12.2.1 phil static int 181 1.12.2.1 phil wep_encap(struct ieee80211_key *k, struct mbuf *m) 182 1.12.2.1 phil { 183 1.12.2.1 phil struct wep_ctx *ctx = k->wk_private; 184 1.12.2.1 phil struct ieee80211com *ic = ctx->wc_ic; 185 1.12.2.1 phil struct ieee80211_frame *wh; 186 1.12.2.1 phil uint8_t *ivp; 187 1.12.2.1 phil int hdrlen; 188 1.12.2.1 phil int is_mgmt; 189 1.12.2.1 phil 190 1.12.2.1 phil hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); 191 1.12.2.1 phil wh = mtod(m, struct ieee80211_frame *); 192 1.12.2.1 phil is_mgmt = IEEE80211_IS_MGMT(wh); 193 1.12.2.1 phil 194 1.12.2.1 phil /* 195 1.12.2.1 phil * Check to see if IV is required. 196 1.12.2.1 phil */ 197 1.12.2.1 phil if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOIVMGT)) 198 1.12.2.1 phil return 1; 199 1.12.2.1 phil if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOIV)) 200 1.12.2.1 phil return 1; 201 1.1 dyoung 202 1.1 dyoung /* 203 1.12.2.1 phil * Copy down 802.11 header and add the IV + KeyID. 204 1.1 dyoung */ 205 1.12.2.1 phil M_PREPEND(m, wep.ic_header, M_NOWAIT); 206 1.12.2.1 phil if (m == NULL) 207 1.12.2.1 phil return 0; 208 1.12.2.1 phil ivp = mtod(m, uint8_t *); 209 1.12.2.1 phil ovbcopy(ivp + wep.ic_header, ivp, hdrlen); 210 1.12.2.1 phil ivp += hdrlen; 211 1.12.2.1 phil 212 1.12.2.1 phil wep_setiv(k, ivp); 213 1.12.2.1 phil 214 1.12.2.1 phil /* 215 1.12.2.1 phil * Finally, do software encrypt if needed. 216 1.12.2.1 phil */ 217 1.12.2.1 phil if ((k->wk_flags & IEEE80211_KEY_SWENCRYPT) && 218 1.1 dyoung !wep_encrypt(k, m, hdrlen)) 219 1.1 dyoung return 0; 220 1.1 dyoung 221 1.1 dyoung return 1; 222 1.1 dyoung } 223 1.1 dyoung 224 1.1 dyoung /* 225 1.1 dyoung * Add MIC to the frame as needed. 226 1.1 dyoung */ 227 1.1 dyoung static int 228 1.11 maxv wep_enmic(struct ieee80211_key *k, struct mbuf *m, int force) 229 1.1 dyoung { 230 1.1 dyoung 231 1.1 dyoung return 1; 232 1.1 dyoung } 233 1.1 dyoung 234 1.1 dyoung /* 235 1.1 dyoung * Validate and strip privacy headers (and trailer) for a 236 1.1 dyoung * received frame. If necessary, decrypt the frame using 237 1.1 dyoung * the specified key. 238 1.1 dyoung */ 239 1.1 dyoung static int 240 1.3 dyoung wep_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen) 241 1.1 dyoung { 242 1.1 dyoung struct wep_ctx *ctx = k->wk_private; 243 1.12.2.1 phil struct ieee80211vap *vap = ctx->wc_vap; 244 1.1 dyoung struct ieee80211_frame *wh; 245 1.12.2.1 phil const struct ieee80211_rx_stats *rxs; 246 1.1 dyoung 247 1.1 dyoung wh = mtod(m, struct ieee80211_frame *); 248 1.1 dyoung 249 1.12.2.1 phil rxs = ieee80211_get_rx_params_ptr(m); 250 1.12.2.1 phil 251 1.12.2.1 phil if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP)) 252 1.12.2.1 phil goto finish; 253 1.12.2.1 phil 254 1.1 dyoung /* 255 1.1 dyoung * Check if the device handled the decrypt in hardware. 256 1.1 dyoung * If so we just strip the header; otherwise we need to 257 1.1 dyoung * handle the decrypt in software. 258 1.1 dyoung */ 259 1.12.2.1 phil if ((k->wk_flags & IEEE80211_KEY_SWDECRYPT) && 260 1.1 dyoung !wep_decrypt(k, m, hdrlen)) { 261 1.12.2.1 phil IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, 262 1.12.2.1 phil "%s", "WEP ICV mismatch on decrypt"); 263 1.12.2.1 phil vap->iv_stats.is_rx_wepfail++; 264 1.1 dyoung return 0; 265 1.1 dyoung } 266 1.1 dyoung 267 1.1 dyoung /* 268 1.1 dyoung * Copy up 802.11 header and strip crypto bits. 269 1.1 dyoung */ 270 1.12.2.1 phil ovbcopy(mtod(m, void *), mtod(m, uint8_t *) + wep.ic_header, hdrlen); 271 1.1 dyoung m_adj(m, wep.ic_header); 272 1.12.2.1 phil 273 1.12.2.1 phil finish: 274 1.12.2.1 phil /* XXX TODO: do we have to strip this for offload devices? */ 275 1.1 dyoung m_adj(m, -wep.ic_trailer); 276 1.1 dyoung 277 1.1 dyoung return 1; 278 1.1 dyoung } 279 1.1 dyoung 280 1.1 dyoung /* 281 1.1 dyoung * Verify and strip MIC from the frame. 282 1.1 dyoung */ 283 1.1 dyoung static int 284 1.12.2.1 phil wep_demic(struct ieee80211_key *k, struct mbuf *skb, int force) 285 1.1 dyoung { 286 1.1 dyoung return 1; 287 1.1 dyoung } 288 1.1 dyoung 289 1.1 dyoung static const uint32_t crc32_table[256] = { 290 1.1 dyoung 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 291 1.1 dyoung 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, 292 1.1 dyoung 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 293 1.1 dyoung 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, 294 1.1 dyoung 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, 295 1.1 dyoung 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, 296 1.1 dyoung 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 297 1.1 dyoung 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, 298 1.1 dyoung 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, 299 1.1 dyoung 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, 300 1.1 dyoung 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 301 1.1 dyoung 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, 302 1.1 dyoung 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, 303 1.1 dyoung 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, 304 1.1 dyoung 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 305 1.1 dyoung 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, 306 1.1 dyoung 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, 307 1.1 dyoung 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, 308 1.1 dyoung 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 309 1.1 dyoung 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, 310 1.1 dyoung 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, 311 1.1 dyoung 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, 312 1.1 dyoung 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 313 1.1 dyoung 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, 314 1.1 dyoung 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, 315 1.1 dyoung 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, 316 1.1 dyoung 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, 317 1.1 dyoung 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, 318 1.1 dyoung 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, 319 1.1 dyoung 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, 320 1.1 dyoung 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 321 1.1 dyoung 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, 322 1.1 dyoung 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, 323 1.1 dyoung 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, 324 1.1 dyoung 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 325 1.1 dyoung 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, 326 1.1 dyoung 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, 327 1.1 dyoung 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, 328 1.1 dyoung 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 329 1.1 dyoung 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, 330 1.1 dyoung 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, 331 1.1 dyoung 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, 332 1.1 dyoung 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 333 1.1 dyoung 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, 334 1.1 dyoung 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, 335 1.1 dyoung 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, 336 1.1 dyoung 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 337 1.1 dyoung 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, 338 1.1 dyoung 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, 339 1.1 dyoung 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, 340 1.1 dyoung 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 341 1.1 dyoung 0x2d02ef8dL 342 1.1 dyoung }; 343 1.1 dyoung 344 1.1 dyoung static int 345 1.1 dyoung wep_encrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen) 346 1.1 dyoung { 347 1.1 dyoung #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0) 348 1.1 dyoung struct wep_ctx *ctx = key->wk_private; 349 1.12.2.1 phil struct ieee80211vap *vap = ctx->wc_vap; 350 1.1 dyoung struct mbuf *m = m0; 351 1.12.2.1 phil uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; 352 1.1 dyoung uint8_t icv[IEEE80211_WEP_CRCLEN]; 353 1.1 dyoung uint32_t i, j, k, crc; 354 1.1 dyoung size_t buflen, data_len; 355 1.1 dyoung uint8_t S[256]; 356 1.1 dyoung uint8_t *pos; 357 1.1 dyoung u_int off, keylen; 358 1.1 dyoung 359 1.12.2.1 phil vap->iv_stats.is_crypto_wep++; 360 1.1 dyoung 361 1.12.2.1 phil /* NB: this assumes the header was pulled up */ 362 1.12.2.1 phil memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN); 363 1.1 dyoung memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen); 364 1.1 dyoung 365 1.1 dyoung /* Setup RC4 state */ 366 1.1 dyoung for (i = 0; i < 256; i++) 367 1.1 dyoung S[i] = i; 368 1.1 dyoung j = 0; 369 1.1 dyoung keylen = key->wk_keylen + IEEE80211_WEP_IVLEN; 370 1.1 dyoung for (i = 0; i < 256; i++) { 371 1.1 dyoung j = (j + S[i] + rc4key[i % keylen]) & 0xff; 372 1.1 dyoung S_SWAP(i, j); 373 1.1 dyoung } 374 1.1 dyoung 375 1.1 dyoung off = hdrlen + wep.ic_header; 376 1.1 dyoung data_len = m->m_pkthdr.len - off; 377 1.1 dyoung 378 1.1 dyoung /* Compute CRC32 over unencrypted data and apply RC4 to data */ 379 1.1 dyoung crc = ~0; 380 1.1 dyoung i = j = 0; 381 1.1 dyoung pos = mtod(m, uint8_t *) + off; 382 1.1 dyoung buflen = m->m_len - off; 383 1.1 dyoung for (;;) { 384 1.1 dyoung if (buflen > data_len) 385 1.1 dyoung buflen = data_len; 386 1.1 dyoung data_len -= buflen; 387 1.1 dyoung for (k = 0; k < buflen; k++) { 388 1.1 dyoung crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8); 389 1.1 dyoung i = (i + 1) & 0xff; 390 1.1 dyoung j = (j + S[i]) & 0xff; 391 1.1 dyoung S_SWAP(i, j); 392 1.1 dyoung *pos++ ^= S[(S[i] + S[j]) & 0xff]; 393 1.1 dyoung } 394 1.1 dyoung if (m->m_next == NULL) { 395 1.1 dyoung if (data_len != 0) { /* out of data */ 396 1.12.2.1 phil IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 397 1.1 dyoung ether_sprintf(mtod(m0, 398 1.1 dyoung struct ieee80211_frame *)->i_addr2), 399 1.12.2.1 phil "out of data for WEP (data_len %zu)", 400 1.1 dyoung data_len); 401 1.12.2.1 phil /* XXX stat */ 402 1.1 dyoung return 0; 403 1.1 dyoung } 404 1.1 dyoung break; 405 1.1 dyoung } 406 1.1 dyoung m = m->m_next; 407 1.1 dyoung pos = mtod(m, uint8_t *); 408 1.1 dyoung buflen = m->m_len; 409 1.1 dyoung } 410 1.1 dyoung crc = ~crc; 411 1.1 dyoung 412 1.1 dyoung /* Append little-endian CRC32 and encrypt it to produce ICV */ 413 1.1 dyoung icv[0] = crc; 414 1.1 dyoung icv[1] = crc >> 8; 415 1.1 dyoung icv[2] = crc >> 16; 416 1.1 dyoung icv[3] = crc >> 24; 417 1.1 dyoung for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) { 418 1.1 dyoung i = (i + 1) & 0xff; 419 1.1 dyoung j = (j + S[i]) & 0xff; 420 1.1 dyoung S_SWAP(i, j); 421 1.1 dyoung icv[k] ^= S[(S[i] + S[j]) & 0xff]; 422 1.1 dyoung } 423 1.1 dyoung return m_append(m0, IEEE80211_WEP_CRCLEN, icv); 424 1.1 dyoung #undef S_SWAP 425 1.1 dyoung } 426 1.1 dyoung 427 1.1 dyoung static int 428 1.1 dyoung wep_decrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen) 429 1.1 dyoung { 430 1.1 dyoung #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0) 431 1.1 dyoung struct wep_ctx *ctx = key->wk_private; 432 1.12.2.1 phil struct ieee80211vap *vap = ctx->wc_vap; 433 1.1 dyoung struct mbuf *m = m0; 434 1.12.2.1 phil uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; 435 1.1 dyoung uint8_t icv[IEEE80211_WEP_CRCLEN]; 436 1.1 dyoung uint32_t i, j, k, crc; 437 1.1 dyoung size_t buflen, data_len; 438 1.1 dyoung uint8_t S[256]; 439 1.1 dyoung uint8_t *pos; 440 1.1 dyoung u_int off, keylen; 441 1.1 dyoung 442 1.12.2.1 phil vap->iv_stats.is_crypto_wep++; 443 1.1 dyoung 444 1.1 dyoung /* NB: this assumes the header was pulled up */ 445 1.12.2.1 phil memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN); 446 1.1 dyoung memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen); 447 1.1 dyoung 448 1.1 dyoung /* Setup RC4 state */ 449 1.1 dyoung for (i = 0; i < 256; i++) 450 1.1 dyoung S[i] = i; 451 1.1 dyoung j = 0; 452 1.1 dyoung keylen = key->wk_keylen + IEEE80211_WEP_IVLEN; 453 1.1 dyoung for (i = 0; i < 256; i++) { 454 1.1 dyoung j = (j + S[i] + rc4key[i % keylen]) & 0xff; 455 1.1 dyoung S_SWAP(i, j); 456 1.1 dyoung } 457 1.1 dyoung 458 1.1 dyoung off = hdrlen + wep.ic_header; 459 1.9 christos data_len = m->m_pkthdr.len - (off + wep.ic_trailer); 460 1.1 dyoung 461 1.1 dyoung /* Compute CRC32 over unencrypted data and apply RC4 to data */ 462 1.1 dyoung crc = ~0; 463 1.1 dyoung i = j = 0; 464 1.1 dyoung pos = mtod(m, uint8_t *) + off; 465 1.1 dyoung buflen = m->m_len - off; 466 1.1 dyoung for (;;) { 467 1.1 dyoung if (buflen > data_len) 468 1.1 dyoung buflen = data_len; 469 1.1 dyoung data_len -= buflen; 470 1.1 dyoung for (k = 0; k < buflen; k++) { 471 1.1 dyoung i = (i + 1) & 0xff; 472 1.1 dyoung j = (j + S[i]) & 0xff; 473 1.1 dyoung S_SWAP(i, j); 474 1.1 dyoung *pos ^= S[(S[i] + S[j]) & 0xff]; 475 1.1 dyoung crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8); 476 1.1 dyoung pos++; 477 1.1 dyoung } 478 1.1 dyoung m = m->m_next; 479 1.1 dyoung if (m == NULL) { 480 1.1 dyoung if (data_len != 0) { /* out of data */ 481 1.12.2.1 phil IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 482 1.12.2.1 phil mtod(m0, struct ieee80211_frame *)->i_addr2, 483 1.12.2.1 phil "out of data for WEP (data_len %zu)", 484 1.1 dyoung data_len); 485 1.1 dyoung return 0; 486 1.1 dyoung } 487 1.1 dyoung break; 488 1.1 dyoung } 489 1.1 dyoung pos = mtod(m, uint8_t *); 490 1.1 dyoung buflen = m->m_len; 491 1.1 dyoung } 492 1.1 dyoung crc = ~crc; 493 1.1 dyoung 494 1.12.2.1 phil /* Encrypt little-endian CRC32 and verify that it matches with 495 1.12.2.1 phil * received ICV */ 496 1.1 dyoung icv[0] = crc; 497 1.1 dyoung icv[1] = crc >> 8; 498 1.1 dyoung icv[2] = crc >> 16; 499 1.1 dyoung icv[3] = crc >> 24; 500 1.1 dyoung for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) { 501 1.1 dyoung i = (i + 1) & 0xff; 502 1.1 dyoung j = (j + S[i]) & 0xff; 503 1.1 dyoung S_SWAP(i, j); 504 1.1 dyoung /* XXX assumes ICV is contiguous in mbuf */ 505 1.1 dyoung if ((icv[k] ^ S[(S[i] + S[j]) & 0xff]) != *pos++) { 506 1.1 dyoung /* ICV mismatch - drop frame */ 507 1.1 dyoung return 0; 508 1.1 dyoung } 509 1.1 dyoung } 510 1.1 dyoung return 1; 511 1.1 dyoung #undef S_SWAP 512 1.1 dyoung } 513 1.4 skrll 514 1.12.2.1 phil /* 515 1.12.2.1 phil * Module glue. 516 1.12.2.1 phil */ 517 1.12.2.1 phil IEEE80211_CRYPTO_MODULE(wep, 1); 518
Indexes created Tue Sep 30 20:09:53 GMT 2025