1 /* src/p80211/p80211wep.c
2 *
3 * WEP encode/decode for P80211.
4 *
5 * Copyright (C) 2002 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
19 *
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 */
47
48 /*================================================================*/
49 /* System Includes */
50
51 #include <linux/netdevice.h>
52 #include <linux/wireless.h>
53 #include <linux/random.h>
54 #include <linux/kernel.h>
55
56 /* #define WEP_DEBUG */
57
58 #include "p80211hdr.h"
59 #include "p80211types.h"
60 #include "p80211msg.h"
61 #include "p80211conv.h"
62 #include "p80211netdev.h"
63
64 #define WEP_KEY(x) (((x) & 0xC0) >> 6)
65
66 static const u32 wep_crc32_table[256] = {
67 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
68 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
69 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
70 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
71 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
72 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
73 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
74 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
75 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
76 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
77 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
78 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
79 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
80 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
81 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
82 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
83 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
84 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
85 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
86 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
87 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
88 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
89 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
90 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
91 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
92 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
93 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
94 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
95 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
96 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
97 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
98 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
99 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
100 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
101 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
102 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
103 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
104 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
105 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
106 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
107 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
108 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
109 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
110 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
111 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
112 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
113 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
114 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
115 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
116 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
117 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
118 0x2d02ef8dL
119 };
120
121 /* keylen in bytes! */
122
wep_change_key(wlandevice_t * wlandev,int keynum,u8 * key,int keylen)123 int wep_change_key(wlandevice_t *wlandev, int keynum, u8 *key, int keylen)
124 {
125 if (keylen < 0)
126 return -1;
127 if (keylen >= MAX_KEYLEN)
128 return -1;
129 if (key == NULL)
130 return -1;
131 if (keynum < 0)
132 return -1;
133 if (keynum >= NUM_WEPKEYS)
134 return -1;
135
136 #ifdef WEP_DEBUG
137 printk(KERN_DEBUG
138 "WEP key %d len %d = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
139 keynum, keylen, key[0], key[1], key[2], key[3], key[4], key[5],
140 key[6], key[7]);
141 #endif
142
143 wlandev->wep_keylens[keynum] = keylen;
144 memcpy(wlandev->wep_keys[keynum], key, keylen);
145
146 return 0;
147 }
148
149 /*
150 4-byte IV at start of buffer, 4-byte ICV at end of buffer.
151 if successful, buf start is payload begin, length -= 8;
152 */
wep_decrypt(wlandevice_t * wlandev,u8 * buf,u32 len,int key_override,u8 * iv,u8 * icv)153 int wep_decrypt(wlandevice_t *wlandev, u8 *buf, u32 len, int key_override,
154 u8 *iv, u8 *icv)
155 {
156 u32 i, j, k, crc, keylen;
157 u8 s[256], key[64], c_crc[4];
158 u8 keyidx;
159
160 /* Needs to be at least 8 bytes of payload */
161 if (len <= 0)
162 return -1;
163
164 /* initialize the first bytes of the key from the IV */
165 key[0] = iv[0];
166 key[1] = iv[1];
167 key[2] = iv[2];
168 keyidx = WEP_KEY(iv[3]);
169
170 if (key_override >= 0)
171 keyidx = key_override;
172
173 if (keyidx >= NUM_WEPKEYS)
174 return -2;
175
176 keylen = wlandev->wep_keylens[keyidx];
177
178 if (keylen == 0)
179 return -3;
180
181 /* copy the rest of the key over from the designated key */
182 memcpy(key + 3, wlandev->wep_keys[keyidx], keylen);
183
184 keylen += 3; /* add in IV bytes */
185
186 #ifdef WEP_DEBUG
187 printk(KERN_DEBUG
188 "D %d: %02x %02x %02x (%d %d) %02x:%02x:%02x:%02x:%02x\n", len,
189 key[0], key[1], key[2], keyidx, keylen, key[3], key[4], key[5],
190 key[6], key[7]);
191 #endif
192
193 /* set up the RC4 state */
194 for (i = 0; i < 256; i++)
195 s[i] = i;
196 j = 0;
197 for (i = 0; i < 256; i++) {
198 j = (j + s[i] + key[i % keylen]) & 0xff;
199 swap(i, j);
200 }
201
202 /* Apply the RC4 to the data, update the CRC32 */
203 crc = ~0;
204 i = j = 0;
205 for (k = 0; k < len; k++) {
206 i = (i + 1) & 0xff;
207 j = (j + s[i]) & 0xff;
208 swap(i, j);
209 buf[k] ^= s[(s[i] + s[j]) & 0xff];
210 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8);
211 }
212 crc = ~crc;
213
214 /* now let's check the crc */
215 c_crc[0] = crc;
216 c_crc[1] = crc >> 8;
217 c_crc[2] = crc >> 16;
218 c_crc[3] = crc >> 24;
219
220 for (k = 0; k < 4; k++) {
221 i = (i + 1) & 0xff;
222 j = (j + s[i]) & 0xff;
223 swap(i, j);
224 if ((c_crc[k] ^ s[(s[i] + s[j]) & 0xff]) != icv[k])
225 return -(4 | (k << 4)); /* ICV mismatch */
226 }
227
228 return 0;
229 }
230
231 /* encrypts in-place. */
wep_encrypt(wlandevice_t * wlandev,u8 * buf,u8 * dst,u32 len,int keynum,u8 * iv,u8 * icv)232 int wep_encrypt(wlandevice_t *wlandev, u8 *buf, u8 *dst, u32 len, int keynum,
233 u8 *iv, u8 *icv)
234 {
235 u32 i, j, k, crc, keylen;
236 u8 s[256], key[64];
237
238 /* no point in WEPping an empty frame */
239 if (len <= 0)
240 return -1;
241
242 /* we need to have a real key.. */
243 if (keynum >= NUM_WEPKEYS)
244 return -2;
245 keylen = wlandev->wep_keylens[keynum];
246 if (keylen <= 0)
247 return -3;
248
249 /* use a random IV. And skip known weak ones. */
250 get_random_bytes(iv, 3);
251 while ((iv[1] == 0xff) && (iv[0] >= 3) && (iv[0] < keylen))
252 get_random_bytes(iv, 3);
253
254 iv[3] = (keynum & 0x03) << 6;
255
256 key[0] = iv[0];
257 key[1] = iv[1];
258 key[2] = iv[2];
259
260 /* copy the rest of the key over from the designated key */
261 memcpy(key + 3, wlandev->wep_keys[keynum], keylen);
262
263 keylen += 3; /* add in IV bytes */
264
265 #ifdef WEP_DEBUG
266 printk(KERN_DEBUG
267 "E %d (%d/%d %d) %02x %02x %02x %02x:%02x:%02x:%02x:%02x\n", len,
268 iv[3], keynum, keylen, key[0], key[1], key[2], key[3], key[4],
269 key[5], key[6], key[7]);
270 #endif
271
272 /* set up the RC4 state */
273 for (i = 0; i < 256; i++)
274 s[i] = i;
275 j = 0;
276 for (i = 0; i < 256; i++) {
277 j = (j + s[i] + key[i % keylen]) & 0xff;
278 swap(i, j);
279 }
280
281 /* Update CRC32 then apply RC4 to the data */
282 crc = ~0;
283 i = j = 0;
284 for (k = 0; k < len; k++) {
285 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8);
286 i = (i + 1) & 0xff;
287 j = (j + s[i]) & 0xff;
288 swap(i, j);
289 dst[k] = buf[k] ^ s[(s[i] + s[j]) & 0xff];
290 }
291 crc = ~crc;
292
293 /* now let's encrypt the crc */
294 icv[0] = crc;
295 icv[1] = crc >> 8;
296 icv[2] = crc >> 16;
297 icv[3] = crc >> 24;
298
299 for (k = 0; k < 4; k++) {
300 i = (i + 1) & 0xff;
301 j = (j + s[i]) & 0xff;
302 swap(i, j);
303 icv[k] ^= s[(s[i] + s[j]) & 0xff];
304 }
305
306 return 0;
307 }
308