xref: /openbmc/linux/net/mac80211/wep.c (revision b6dcefde)
1 /*
2  * Software WEP encryption implementation
3  * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
4  * Copyright 2003, Instant802 Networks, Inc.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  */
10 
11 #include <linux/netdevice.h>
12 #include <linux/types.h>
13 #include <linux/random.h>
14 #include <linux/compiler.h>
15 #include <linux/crc32.h>
16 #include <linux/crypto.h>
17 #include <linux/err.h>
18 #include <linux/mm.h>
19 #include <linux/scatterlist.h>
20 #include <asm/unaligned.h>
21 
22 #include <net/mac80211.h>
23 #include "ieee80211_i.h"
24 #include "wep.h"
25 
26 
27 int ieee80211_wep_init(struct ieee80211_local *local)
28 {
29 	/* start WEP IV from a random value */
30 	get_random_bytes(&local->wep_iv, WEP_IV_LEN);
31 
32 	local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
33 						CRYPTO_ALG_ASYNC);
34 	if (IS_ERR(local->wep_tx_tfm))
35 		return PTR_ERR(local->wep_tx_tfm);
36 
37 	local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
38 						CRYPTO_ALG_ASYNC);
39 	if (IS_ERR(local->wep_rx_tfm)) {
40 		crypto_free_blkcipher(local->wep_tx_tfm);
41 		return PTR_ERR(local->wep_rx_tfm);
42 	}
43 
44 	return 0;
45 }
46 
47 void ieee80211_wep_free(struct ieee80211_local *local)
48 {
49 	crypto_free_blkcipher(local->wep_tx_tfm);
50 	crypto_free_blkcipher(local->wep_rx_tfm);
51 }
52 
53 static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen)
54 {
55 	/*
56 	 * Fluhrer, Mantin, and Shamir have reported weaknesses in the
57 	 * key scheduling algorithm of RC4. At least IVs (KeyByte + 3,
58 	 * 0xff, N) can be used to speedup attacks, so avoid using them.
59 	 */
60 	if ((iv & 0xff00) == 0xff00) {
61 		u8 B = (iv >> 16) & 0xff;
62 		if (B >= 3 && B < 3 + keylen)
63 			return true;
64 	}
65 	return false;
66 }
67 
68 
69 static void ieee80211_wep_get_iv(struct ieee80211_local *local,
70 				 int keylen, int keyidx, u8 *iv)
71 {
72 	local->wep_iv++;
73 	if (ieee80211_wep_weak_iv(local->wep_iv, keylen))
74 		local->wep_iv += 0x0100;
75 
76 	if (!iv)
77 		return;
78 
79 	*iv++ = (local->wep_iv >> 16) & 0xff;
80 	*iv++ = (local->wep_iv >> 8) & 0xff;
81 	*iv++ = local->wep_iv & 0xff;
82 	*iv++ = keyidx << 6;
83 }
84 
85 
86 static u8 *ieee80211_wep_add_iv(struct ieee80211_local *local,
87 				struct sk_buff *skb,
88 				int keylen, int keyidx)
89 {
90 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
91 	unsigned int hdrlen;
92 	u8 *newhdr;
93 
94 	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
95 
96 	if (WARN_ON(skb_tailroom(skb) < WEP_ICV_LEN ||
97 		    skb_headroom(skb) < WEP_IV_LEN))
98 		return NULL;
99 
100 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
101 	newhdr = skb_push(skb, WEP_IV_LEN);
102 	memmove(newhdr, newhdr + WEP_IV_LEN, hdrlen);
103 	ieee80211_wep_get_iv(local, keylen, keyidx, newhdr + hdrlen);
104 	return newhdr + hdrlen;
105 }
106 
107 
108 static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
109 				    struct sk_buff *skb,
110 				    struct ieee80211_key *key)
111 {
112 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
113 	unsigned int hdrlen;
114 
115 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
116 	memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
117 	skb_pull(skb, WEP_IV_LEN);
118 }
119 
120 
121 /* Perform WEP encryption using given key. data buffer must have tailroom
122  * for 4-byte ICV. data_len must not include this ICV. Note: this function
123  * does _not_ add IV. data = RC4(data | CRC32(data)) */
124 void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
125 				size_t klen, u8 *data, size_t data_len)
126 {
127 	struct blkcipher_desc desc = { .tfm = tfm };
128 	struct scatterlist sg;
129 	__le32 icv;
130 
131 	icv = cpu_to_le32(~crc32_le(~0, data, data_len));
132 	put_unaligned(icv, (__le32 *)(data + data_len));
133 
134 	crypto_blkcipher_setkey(tfm, rc4key, klen);
135 	sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
136 	crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
137 }
138 
139 
140 /* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the
141  * beginning of the buffer 4 bytes of extra space (ICV) in the end of the
142  * buffer will be added. Both IV and ICV will be transmitted, so the
143  * payload length increases with 8 bytes.
144  *
145  * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data))
146  */
147 int ieee80211_wep_encrypt(struct ieee80211_local *local,
148 			  struct sk_buff *skb,
149 			  const u8 *key, int keylen, int keyidx)
150 {
151 	u8 *iv;
152 	size_t len;
153 	u8 rc4key[3 + WLAN_KEY_LEN_WEP104];
154 
155 	iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx);
156 	if (!iv)
157 		return -1;
158 
159 	len = skb->len - (iv + WEP_IV_LEN - skb->data);
160 
161 	/* Prepend 24-bit IV to RC4 key */
162 	memcpy(rc4key, iv, 3);
163 
164 	/* Copy rest of the WEP key (the secret part) */
165 	memcpy(rc4key + 3, key, keylen);
166 
167 	/* Add room for ICV */
168 	skb_put(skb, WEP_ICV_LEN);
169 
170 	ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, keylen + 3,
171 				   iv + WEP_IV_LEN, len);
172 
173 	return 0;
174 }
175 
176 
177 /* Perform WEP decryption using given key. data buffer includes encrypted
178  * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
179  * Return 0 on success and -1 on ICV mismatch. */
180 int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
181 			       size_t klen, u8 *data, size_t data_len)
182 {
183 	struct blkcipher_desc desc = { .tfm = tfm };
184 	struct scatterlist sg;
185 	__le32 crc;
186 
187 	crypto_blkcipher_setkey(tfm, rc4key, klen);
188 	sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
189 	crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
190 
191 	crc = cpu_to_le32(~crc32_le(~0, data, data_len));
192 	if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
193 		/* ICV mismatch */
194 		return -1;
195 
196 	return 0;
197 }
198 
199 
200 /* Perform WEP decryption on given skb. Buffer includes whole WEP part of
201  * the frame: IV (4 bytes), encrypted payload (including SNAP header),
202  * ICV (4 bytes). skb->len includes both IV and ICV.
203  *
204  * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on
205  * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload
206  * is moved to the beginning of the skb and skb length will be reduced.
207  */
208 static int ieee80211_wep_decrypt(struct ieee80211_local *local,
209 				 struct sk_buff *skb,
210 				 struct ieee80211_key *key)
211 {
212 	u32 klen;
213 	u8 *rc4key;
214 	u8 keyidx;
215 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
216 	unsigned int hdrlen;
217 	size_t len;
218 	int ret = 0;
219 
220 	if (!ieee80211_has_protected(hdr->frame_control))
221 		return -1;
222 
223 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
224 	if (skb->len < hdrlen + WEP_IV_LEN + WEP_ICV_LEN)
225 		return -1;
226 
227 	len = skb->len - hdrlen - WEP_IV_LEN - WEP_ICV_LEN;
228 
229 	keyidx = skb->data[hdrlen + 3] >> 6;
230 
231 	if (!key || keyidx != key->conf.keyidx || key->conf.alg != ALG_WEP)
232 		return -1;
233 
234 	klen = 3 + key->conf.keylen;
235 
236 	rc4key = kmalloc(klen, GFP_ATOMIC);
237 	if (!rc4key)
238 		return -1;
239 
240 	/* Prepend 24-bit IV to RC4 key */
241 	memcpy(rc4key, skb->data + hdrlen, 3);
242 
243 	/* Copy rest of the WEP key (the secret part) */
244 	memcpy(rc4key + 3, key->conf.key, key->conf.keylen);
245 
246 	if (ieee80211_wep_decrypt_data(local->wep_rx_tfm, rc4key, klen,
247 				       skb->data + hdrlen + WEP_IV_LEN,
248 				       len))
249 		ret = -1;
250 
251 	kfree(rc4key);
252 
253 	/* Trim ICV */
254 	skb_trim(skb, skb->len - WEP_ICV_LEN);
255 
256 	/* Remove IV */
257 	memmove(skb->data + WEP_IV_LEN, skb->data, hdrlen);
258 	skb_pull(skb, WEP_IV_LEN);
259 
260 	return ret;
261 }
262 
263 
264 bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key)
265 {
266 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
267 	unsigned int hdrlen;
268 	u8 *ivpos;
269 	u32 iv;
270 
271 	if (!ieee80211_has_protected(hdr->frame_control))
272 		return false;
273 
274 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
275 	ivpos = skb->data + hdrlen;
276 	iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
277 
278 	return ieee80211_wep_weak_iv(iv, key->conf.keylen);
279 }
280 
281 ieee80211_rx_result
282 ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
283 {
284 	struct sk_buff *skb = rx->skb;
285 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
286 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
287 
288 	if (!ieee80211_is_data(hdr->frame_control) &&
289 	    !ieee80211_is_auth(hdr->frame_control))
290 		return RX_CONTINUE;
291 
292 	if (!(status->flag & RX_FLAG_DECRYPTED)) {
293 		if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
294 			return RX_DROP_UNUSABLE;
295 	} else if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
296 		ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
297 		/* remove ICV */
298 		skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN);
299 	}
300 
301 	return RX_CONTINUE;
302 }
303 
304 static int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
305 {
306 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
307 
308 	if (!(tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
309 		if (ieee80211_wep_encrypt(tx->local, skb, tx->key->conf.key,
310 					  tx->key->conf.keylen,
311 					  tx->key->conf.keyidx))
312 			return -1;
313 	} else {
314 		info->control.hw_key = &tx->key->conf;
315 		if (tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) {
316 			if (!ieee80211_wep_add_iv(tx->local, skb,
317 						  tx->key->conf.keylen,
318 						  tx->key->conf.keyidx))
319 				return -1;
320 		}
321 	}
322 	return 0;
323 }
324 
325 ieee80211_tx_result
326 ieee80211_crypto_wep_encrypt(struct ieee80211_tx_data *tx)
327 {
328 	struct sk_buff *skb;
329 
330 	ieee80211_tx_set_protected(tx);
331 
332 	skb = tx->skb;
333 	do {
334 		if (wep_encrypt_skb(tx, skb) < 0) {
335 			I802_DEBUG_INC(tx->local->tx_handlers_drop_wep);
336 			return TX_DROP;
337 		}
338 	} while ((skb = skb->next));
339 
340 	return TX_CONTINUE;
341 }
342