1 /* src/p80211/p80211wep.c 2 * 3 * WEP encode/decode for P80211. 4 * 5 * Copyright (C) 2002 AbsoluteValue Systems, Inc. All Rights Reserved. 6 * -------------------------------------------------------------------- 7 * 8 * linux-wlan 9 * 10 * The contents of this file are subject to the Mozilla Public 11 * License Version 1.1 (the "License"); you may not use this file 12 * except in compliance with the License. You may obtain a copy of 13 * the License at http://www.mozilla.org/MPL/ 14 * 15 * Software distributed under the License is distributed on an "AS 16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or 17 * implied. See the License for the specific language governing 18 * rights and limitations under the License. 19 * 20 * Alternatively, the contents of this file may be used under the 21 * terms of the GNU Public License version 2 (the "GPL"), in which 22 * case the provisions of the GPL are applicable instead of the 23 * above. If you wish to allow the use of your version of this file 24 * only under the terms of the GPL and not to allow others to use 25 * your version of this file under the MPL, indicate your decision 26 * by deleting the provisions above and replace them with the notice 27 * and other provisions required by the GPL. If you do not delete 28 * the provisions above, a recipient may use your version of this 29 * file under either the MPL or the GPL. 30 * 31 * -------------------------------------------------------------------- 32 * 33 * Inquiries regarding the linux-wlan Open Source project can be 34 * made directly to: 35 * 36 * AbsoluteValue Systems Inc. 37 * info@linux-wlan.com 38 * http://www.linux-wlan.com 39 * 40 * -------------------------------------------------------------------- 41 * 42 * Portions of the development of this software were funded by 43 * Intersil Corporation as part of PRISM(R) chipset product development. 44 * 45 * -------------------------------------------------------------------- 46 */ 47 48 /*================================================================*/ 49 /* System Includes */ 50 51 #include <linux/netdevice.h> 52 #include <linux/wireless.h> 53 #include <linux/random.h> 54 #include <linux/kernel.h> 55 56 57 #include "p80211hdr.h" 58 #include "p80211types.h" 59 #include "p80211msg.h" 60 #include "p80211conv.h" 61 #include "p80211netdev.h" 62 63 #define WEP_KEY(x) (((x) & 0xC0) >> 6) 64 65 static const u32 wep_crc32_table[256] = { 66 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 67 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, 68 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 69 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, 70 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, 71 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, 72 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 73 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, 74 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, 75 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, 76 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 77 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, 78 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, 79 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, 80 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 81 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, 82 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, 83 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, 84 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 85 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, 86 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, 87 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, 88 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 89 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, 90 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, 91 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, 92 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, 93 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, 94 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, 95 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, 96 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 97 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, 98 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, 99 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, 100 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 101 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, 102 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, 103 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, 104 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 105 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, 106 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, 107 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, 108 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 109 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, 110 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, 111 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, 112 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 113 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, 114 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, 115 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, 116 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 117 0x2d02ef8dL 118 }; 119 120 /* keylen in bytes! */ 121 122 int wep_change_key(wlandevice_t *wlandev, int keynum, u8 *key, int keylen) 123 { 124 if (keylen < 0) 125 return -1; 126 if (keylen >= MAX_KEYLEN) 127 return -1; 128 if (key == NULL) 129 return -1; 130 if (keynum < 0) 131 return -1; 132 if (keynum >= NUM_WEPKEYS) 133 return -1; 134 135 136 wlandev->wep_keylens[keynum] = keylen; 137 memcpy(wlandev->wep_keys[keynum], key, keylen); 138 139 return 0; 140 } 141 142 /* 143 * 4-byte IV at start of buffer, 4-byte ICV at end of buffer. 144 * if successful, buf start is payload begin, length -= 8; 145 */ 146 int wep_decrypt(wlandevice_t *wlandev, u8 *buf, u32 len, int key_override, 147 u8 *iv, u8 *icv) 148 { 149 u32 i, j, k, crc, keylen; 150 u8 s[256], key[64], c_crc[4]; 151 u8 keyidx; 152 153 /* Needs to be at least 8 bytes of payload */ 154 if (len <= 0) 155 return -1; 156 157 /* initialize the first bytes of the key from the IV */ 158 key[0] = iv[0]; 159 key[1] = iv[1]; 160 key[2] = iv[2]; 161 keyidx = WEP_KEY(iv[3]); 162 163 if (key_override >= 0) 164 keyidx = key_override; 165 166 if (keyidx >= NUM_WEPKEYS) 167 return -2; 168 169 keylen = wlandev->wep_keylens[keyidx]; 170 171 if (keylen == 0) 172 return -3; 173 174 /* copy the rest of the key over from the designated key */ 175 memcpy(key + 3, wlandev->wep_keys[keyidx], keylen); 176 177 keylen += 3; /* add in IV bytes */ 178 179 180 /* set up the RC4 state */ 181 for (i = 0; i < 256; i++) 182 s[i] = i; 183 j = 0; 184 for (i = 0; i < 256; i++) { 185 j = (j + s[i] + key[i % keylen]) & 0xff; 186 swap(i, j); 187 } 188 189 /* Apply the RC4 to the data, update the CRC32 */ 190 crc = ~0; 191 i = 0; 192 j = 0; 193 for (k = 0; k < len; k++) { 194 i = (i + 1) & 0xff; 195 j = (j + s[i]) & 0xff; 196 swap(i, j); 197 buf[k] ^= s[(s[i] + s[j]) & 0xff]; 198 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8); 199 } 200 crc = ~crc; 201 202 /* now let's check the crc */ 203 c_crc[0] = crc; 204 c_crc[1] = crc >> 8; 205 c_crc[2] = crc >> 16; 206 c_crc[3] = crc >> 24; 207 208 for (k = 0; k < 4; k++) { 209 i = (i + 1) & 0xff; 210 j = (j + s[i]) & 0xff; 211 swap(i, j); 212 if ((c_crc[k] ^ s[(s[i] + s[j]) & 0xff]) != icv[k]) 213 return -(4 | (k << 4)); /* ICV mismatch */ 214 } 215 216 return 0; 217 } 218 219 /* encrypts in-place. */ 220 int wep_encrypt(wlandevice_t *wlandev, u8 *buf, u8 *dst, u32 len, int keynum, 221 u8 *iv, u8 *icv) 222 { 223 u32 i, j, k, crc, keylen; 224 u8 s[256], key[64]; 225 226 /* no point in WEPping an empty frame */ 227 if (len <= 0) 228 return -1; 229 230 /* we need to have a real key.. */ 231 if (keynum >= NUM_WEPKEYS) 232 return -2; 233 keylen = wlandev->wep_keylens[keynum]; 234 if (keylen <= 0) 235 return -3; 236 237 /* use a random IV. And skip known weak ones. */ 238 get_random_bytes(iv, 3); 239 while ((iv[1] == 0xff) && (iv[0] >= 3) && (iv[0] < keylen)) 240 get_random_bytes(iv, 3); 241 242 iv[3] = (keynum & 0x03) << 6; 243 244 key[0] = iv[0]; 245 key[1] = iv[1]; 246 key[2] = iv[2]; 247 248 /* copy the rest of the key over from the designated key */ 249 memcpy(key + 3, wlandev->wep_keys[keynum], keylen); 250 251 keylen += 3; /* add in IV bytes */ 252 253 /* set up the RC4 state */ 254 for (i = 0; i < 256; i++) 255 s[i] = i; 256 j = 0; 257 for (i = 0; i < 256; i++) { 258 j = (j + s[i] + key[i % keylen]) & 0xff; 259 swap(i, j); 260 } 261 262 /* Update CRC32 then apply RC4 to the data */ 263 crc = ~0; 264 i = 0; 265 j = 0; 266 for (k = 0; k < len; k++) { 267 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8); 268 i = (i + 1) & 0xff; 269 j = (j + s[i]) & 0xff; 270 swap(i, j); 271 dst[k] = buf[k] ^ s[(s[i] + s[j]) & 0xff]; 272 } 273 crc = ~crc; 274 275 /* now let's encrypt the crc */ 276 icv[0] = crc; 277 icv[1] = crc >> 8; 278 icv[2] = crc >> 16; 279 icv[3] = crc >> 24; 280 281 for (k = 0; k < 4; k++) { 282 i = (i + 1) & 0xff; 283 j = (j + s[i]) & 0xff; 284 swap(i, j); 285 icv[k] ^= s[(s[i] + s[j]) & 0xff]; 286 } 287 288 return 0; 289 } 290