1 /* $OpenBSD: ieee80211_crypto_wep.c,v 1.14 2015/11/24 13:45:06 mpi Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * This code implements Wired Equivalent Privacy (WEP) defined in 21 * IEEE Std 802.11-2007 section 8.2.1. 22 */ 23 24 #include <sys/param.h> 25 #include <sys/systm.h> 26 #include <sys/mbuf.h> 27 #include <sys/malloc.h> 28 #include <sys/kernel.h> 29 #include <sys/socket.h> 30 #include <sys/endian.h> 31 32 #include <net/if.h> 33 #include <net/if_dl.h> 34 #include <net/if_media.h> 35 36 #include <netinet/in.h> 37 #include <netinet/if_ether.h> 38 39 #include <net80211/ieee80211_var.h> 40 #include <net80211/ieee80211_crypto.h> 41 42 #include <crypto/arc4.h> 43 44 /* WEP software crypto context */ 45 struct ieee80211_wep_ctx { 46 struct rc4_ctx rc4; 47 u_int32_t iv; 48 }; 49 50 /* 51 * Initialize software crypto context. This function can be overridden 52 * by drivers doing hardware crypto. 53 */ 54 int 55 ieee80211_wep_set_key(struct ieee80211com *ic, struct ieee80211_key *k) 56 { 57 struct ieee80211_wep_ctx *ctx; 58 59 ctx = malloc(sizeof(*ctx), M_DEVBUF, M_NOWAIT | M_ZERO); 60 if (ctx == NULL) 61 return ENOMEM; 62 k->k_priv = ctx; 63 return 0; 64 } 65 66 void 67 ieee80211_wep_delete_key(struct ieee80211com *ic, struct ieee80211_key *k) 68 { 69 if (k->k_priv != NULL) 70 free(k->k_priv, M_DEVBUF, 0); 71 k->k_priv = NULL; 72 } 73 74 /* shortcut */ 75 #define IEEE80211_WEP_HDRLEN \ 76 (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) 77 78 struct mbuf * 79 ieee80211_wep_encrypt(struct ieee80211com *ic, struct mbuf *m0, 80 struct ieee80211_key *k) 81 { 82 struct ieee80211_wep_ctx *ctx = k->k_priv; 83 u_int8_t wepseed[16]; 84 const struct ieee80211_frame *wh; 85 struct mbuf *n0, *m, *n; 86 u_int8_t *ivp, *icvp; 87 u_int32_t iv, crc; 88 int left, moff, noff, len, hdrlen; 89 90 MGET(n0, M_DONTWAIT, m0->m_type); 91 if (n0 == NULL) 92 goto nospace; 93 if (m_dup_pkthdr(n0, m0, M_DONTWAIT)) 94 goto nospace; 95 n0->m_pkthdr.len += IEEE80211_WEP_HDRLEN; 96 n0->m_len = MHLEN; 97 if (n0->m_pkthdr.len >= MINCLSIZE - IEEE80211_WEP_CRCLEN) { 98 MCLGET(n0, M_DONTWAIT); 99 if (n0->m_flags & M_EXT) 100 n0->m_len = n0->m_ext.ext_size; 101 } 102 if (n0->m_len > n0->m_pkthdr.len) 103 n0->m_len = n0->m_pkthdr.len; 104 105 /* copy 802.11 header */ 106 wh = mtod(m0, struct ieee80211_frame *); 107 hdrlen = ieee80211_get_hdrlen(wh); 108 memcpy(mtod(n0, caddr_t), wh, hdrlen); 109 110 /* select a new IV for every MPDU */ 111 iv = (ctx->iv != 0) ? ctx->iv : arc4random(); 112 /* skip weak IVs from Fluhrer/Mantin/Shamir */ 113 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) 114 iv += 0x000100; 115 ctx->iv = iv + 1; 116 ivp = mtod(n0, u_int8_t *) + hdrlen; 117 ivp[0] = iv; 118 ivp[1] = iv >> 8; 119 ivp[2] = iv >> 16; 120 ivp[3] = k->k_id << 6; 121 122 /* compute WEP seed: concatenate IV and WEP Key */ 123 memcpy(wepseed, ivp, IEEE80211_WEP_IVLEN); 124 memcpy(wepseed + IEEE80211_WEP_IVLEN, k->k_key, k->k_len); 125 rc4_keysetup(&ctx->rc4, wepseed, IEEE80211_WEP_IVLEN + k->k_len); 126 127 /* encrypt frame body and compute WEP ICV */ 128 m = m0; 129 n = n0; 130 moff = hdrlen; 131 noff = hdrlen + IEEE80211_WEP_HDRLEN; 132 left = m0->m_pkthdr.len - moff; 133 crc = ~0; 134 while (left > 0) { 135 if (moff == m->m_len) { 136 /* nothing left to copy from m */ 137 m = m->m_next; 138 moff = 0; 139 } 140 if (noff == n->m_len) { 141 /* n is full and there's more data to copy */ 142 MGET(n->m_next, M_DONTWAIT, n->m_type); 143 if (n->m_next == NULL) 144 goto nospace; 145 n = n->m_next; 146 n->m_len = MLEN; 147 if (left >= MINCLSIZE - IEEE80211_WEP_CRCLEN) { 148 MCLGET(n, M_DONTWAIT); 149 if (n->m_flags & M_EXT) 150 n->m_len = n->m_ext.ext_size; 151 } 152 if (n->m_len > left) 153 n->m_len = left; 154 noff = 0; 155 } 156 len = min(m->m_len - moff, n->m_len - noff); 157 158 crc = ether_crc32_le_update(crc, mtod(m, caddr_t) + moff, len); 159 rc4_crypt(&ctx->rc4, mtod(m, caddr_t) + moff, 160 mtod(n, caddr_t) + noff, len); 161 162 moff += len; 163 noff += len; 164 left -= len; 165 } 166 167 /* reserve trailing space for WEP ICV */ 168 if (M_TRAILINGSPACE(n) < IEEE80211_WEP_CRCLEN) { 169 MGET(n->m_next, M_DONTWAIT, n->m_type); 170 if (n->m_next == NULL) 171 goto nospace; 172 n = n->m_next; 173 n->m_len = 0; 174 } 175 176 /* finalize WEP ICV */ 177 icvp = mtod(n, caddr_t) + n->m_len; 178 crc = ~crc; 179 icvp[0] = crc; 180 icvp[1] = crc >> 8; 181 icvp[2] = crc >> 16; 182 icvp[3] = crc >> 24; 183 rc4_crypt(&ctx->rc4, icvp, icvp, IEEE80211_WEP_CRCLEN); 184 n->m_len += IEEE80211_WEP_CRCLEN; 185 n0->m_pkthdr.len += IEEE80211_WEP_CRCLEN; 186 187 m_freem(m0); 188 return n0; 189 nospace: 190 ic->ic_stats.is_tx_nombuf++; 191 m_freem(m0); 192 m_freem(n0); 193 return NULL; 194 } 195 196 struct mbuf * 197 ieee80211_wep_decrypt(struct ieee80211com *ic, struct mbuf *m0, 198 struct ieee80211_key *k) 199 { 200 struct ieee80211_wep_ctx *ctx = k->k_priv; 201 struct ieee80211_frame *wh; 202 u_int8_t wepseed[16]; 203 u_int32_t crc, crc0; 204 u_int8_t *ivp; 205 struct mbuf *n0, *m, *n; 206 int hdrlen, left, moff, noff, len; 207 208 wh = mtod(m0, struct ieee80211_frame *); 209 hdrlen = ieee80211_get_hdrlen(wh); 210 211 if (m0->m_pkthdr.len < hdrlen + IEEE80211_WEP_TOTLEN) { 212 m_freem(m0); 213 return NULL; 214 } 215 216 /* concatenate IV and WEP Key */ 217 ivp = (u_int8_t *)wh + hdrlen; 218 memcpy(wepseed, ivp, IEEE80211_WEP_IVLEN); 219 memcpy(wepseed + IEEE80211_WEP_IVLEN, k->k_key, k->k_len); 220 rc4_keysetup(&ctx->rc4, wepseed, IEEE80211_WEP_IVLEN + k->k_len); 221 222 MGET(n0, M_DONTWAIT, m0->m_type); 223 if (n0 == NULL) 224 goto nospace; 225 if (m_dup_pkthdr(n0, m0, M_DONTWAIT)) 226 goto nospace; 227 n0->m_pkthdr.len -= IEEE80211_WEP_TOTLEN; 228 n0->m_len = MHLEN; 229 if (n0->m_pkthdr.len >= MINCLSIZE) { 230 MCLGET(n0, M_DONTWAIT); 231 if (n0->m_flags & M_EXT) 232 n0->m_len = n0->m_ext.ext_size; 233 } 234 if (n0->m_len > n0->m_pkthdr.len) 235 n0->m_len = n0->m_pkthdr.len; 236 237 /* copy 802.11 header and clear protected bit */ 238 memcpy(mtod(n0, caddr_t), wh, hdrlen); 239 wh = mtod(n0, struct ieee80211_frame *); 240 wh->i_fc[1] &= ~IEEE80211_FC1_PROTECTED; 241 242 /* decrypt frame body and compute WEP ICV */ 243 m = m0; 244 n = n0; 245 moff = hdrlen + IEEE80211_WEP_HDRLEN; 246 noff = hdrlen; 247 left = n0->m_pkthdr.len - noff; 248 crc = ~0; 249 while (left > 0) { 250 if (moff == m->m_len) { 251 /* nothing left to copy from m */ 252 m = m->m_next; 253 moff = 0; 254 } 255 if (noff == n->m_len) { 256 /* n is full and there's more data to copy */ 257 MGET(n->m_next, M_DONTWAIT, n->m_type); 258 if (n->m_next == NULL) 259 goto nospace; 260 n = n->m_next; 261 n->m_len = MLEN; 262 if (left >= MINCLSIZE) { 263 MCLGET(n, M_DONTWAIT); 264 if (n->m_flags & M_EXT) 265 n->m_len = n->m_ext.ext_size; 266 } 267 if (n->m_len > left) 268 n->m_len = left; 269 noff = 0; 270 } 271 len = min(m->m_len - moff, n->m_len - noff); 272 273 rc4_crypt(&ctx->rc4, mtod(m, caddr_t) + moff, 274 mtod(n, caddr_t) + noff, len); 275 crc = ether_crc32_le_update(crc, mtod(n, caddr_t) + noff, len); 276 277 moff += len; 278 noff += len; 279 left -= len; 280 } 281 282 /* decrypt ICV and compare it with calculated ICV */ 283 m_copydata(m, moff, IEEE80211_WEP_CRCLEN, (caddr_t)&crc0); 284 rc4_crypt(&ctx->rc4, (caddr_t)&crc0, (caddr_t)&crc0, 285 IEEE80211_WEP_CRCLEN); 286 crc = ~crc; 287 if (crc != letoh32(crc0)) { 288 ic->ic_stats.is_rx_decryptcrc++; 289 m_freem(m0); 290 m_freem(n0); 291 return NULL; 292 } 293 294 m_freem(m0); 295 return n0; 296 nospace: 297 ic->ic_stats.is_rx_nombuf++; 298 m_freem(m0); 299 m_freem(n0); 300 return NULL; 301 } 302