1 /* src/p80211/p80211wep.c
2 *
3 * WEP encode/decode for P80211.
4 *
5 * Copyright (C) 2002 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
19 *
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 */
47
48 /*================================================================*/
49 /* System Includes */
50
51 #include <linux/netdevice.h>
52 #include <linux/wireless.h>
53 #include <linux/random.h>
54 #include <linux/kernel.h>
55 #include "p80211hdr.h"
56 #include "p80211types.h"
57 #include "p80211msg.h"
58 #include "p80211conv.h"
59 #include "p80211netdev.h"
60
61 #define WEP_KEY(x) (((x) & 0xC0) >> 6)
62
63 static const u32 wep_crc32_table[256] = {
64 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
65 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
66 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
67 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
68 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
69 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
70 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
71 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
72 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
73 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
74 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
75 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
76 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
77 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
78 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
79 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
80 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
81 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
82 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
83 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
84 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
85 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
86 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
87 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
88 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
89 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
90 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
91 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
92 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
93 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
94 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
95 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
96 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
97 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
98 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
99 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
100 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
101 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
102 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
103 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
104 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
105 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
106 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
107 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
108 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
109 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
110 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
111 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
112 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
113 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
114 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
115 0x2d02ef8dL
116 };
117
118 /* keylen in bytes! */
119
wep_change_key(struct wlandevice * wlandev,int keynum,u8 * key,int keylen)120 int wep_change_key(struct wlandevice *wlandev, int keynum, u8 *key, int keylen)
121 {
122 if (keylen < 0)
123 return -1;
124 if (keylen >= MAX_KEYLEN)
125 return -1;
126 if (!key)
127 return -1;
128 if (keynum < 0)
129 return -1;
130 if (keynum >= NUM_WEPKEYS)
131 return -1;
132
133 wlandev->wep_keylens[keynum] = keylen;
134 memcpy(wlandev->wep_keys[keynum], key, keylen);
135
136 return 0;
137 }
138
139 /*
140 * 4-byte IV at start of buffer, 4-byte ICV at end of buffer.
141 * if successful, buf start is payload begin, length -= 8;
142 */
wep_decrypt(struct wlandevice * wlandev,u8 * buf,u32 len,int key_override,u8 * iv,u8 * icv)143 int wep_decrypt(struct wlandevice *wlandev, u8 *buf, u32 len, int key_override,
144 u8 *iv, u8 *icv)
145 {
146 u32 i, j, k, crc, keylen;
147 u8 s[256], key[64], c_crc[4];
148 u8 keyidx;
149
150 /* Needs to be at least 8 bytes of payload */
151 if (len <= 0)
152 return -1;
153
154 /* initialize the first bytes of the key from the IV */
155 key[0] = iv[0];
156 key[1] = iv[1];
157 key[2] = iv[2];
158 keyidx = WEP_KEY(iv[3]);
159
160 if (key_override >= 0)
161 keyidx = key_override;
162
163 if (keyidx >= NUM_WEPKEYS)
164 return -2;
165
166 keylen = wlandev->wep_keylens[keyidx];
167
168 if (keylen == 0)
169 return -3;
170
171 /* copy the rest of the key over from the designated key */
172 memcpy(key + 3, wlandev->wep_keys[keyidx], keylen);
173
174 keylen += 3; /* add in IV bytes */
175
176 /* set up the RC4 state */
177 for (i = 0; i < 256; i++)
178 s[i] = i;
179 j = 0;
180 for (i = 0; i < 256; i++) {
181 j = (j + s[i] + key[i % keylen]) & 0xff;
182 swap(i, j);
183 }
184
185 /* Apply the RC4 to the data, update the CRC32 */
186 crc = ~0;
187 i = 0;
188 j = 0;
189 for (k = 0; k < len; k++) {
190 i = (i + 1) & 0xff;
191 j = (j + s[i]) & 0xff;
192 swap(i, j);
193 buf[k] ^= s[(s[i] + s[j]) & 0xff];
194 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8);
195 }
196 crc = ~crc;
197
198 /* now let's check the crc */
199 c_crc[0] = crc;
200 c_crc[1] = crc >> 8;
201 c_crc[2] = crc >> 16;
202 c_crc[3] = crc >> 24;
203
204 for (k = 0; k < 4; k++) {
205 i = (i + 1) & 0xff;
206 j = (j + s[i]) & 0xff;
207 swap(i, j);
208 if ((c_crc[k] ^ s[(s[i] + s[j]) & 0xff]) != icv[k])
209 return -(4 | (k << 4)); /* ICV mismatch */
210 }
211
212 return 0;
213 }
214
215 /* encrypts in-place. */
wep_encrypt(struct wlandevice * wlandev,u8 * buf,u8 * dst,u32 len,int keynum,u8 * iv,u8 * icv)216 int wep_encrypt(struct wlandevice *wlandev, u8 *buf,
217 u8 *dst, u32 len, int keynum, u8 *iv, u8 *icv)
218 {
219 u32 i, j, k, crc, keylen;
220 u8 s[256], key[64];
221
222 /* no point in WEPping an empty frame */
223 if (len <= 0)
224 return -1;
225
226 /* we need to have a real key.. */
227 if (keynum >= NUM_WEPKEYS)
228 return -2;
229 keylen = wlandev->wep_keylens[keynum];
230 if (keylen <= 0)
231 return -3;
232
233 /* use a random IV. And skip known weak ones. */
234 get_random_bytes(iv, 3);
235 while ((iv[1] == 0xff) && (iv[0] >= 3) && (iv[0] < keylen))
236 get_random_bytes(iv, 3);
237
238 iv[3] = (keynum & 0x03) << 6;
239
240 key[0] = iv[0];
241 key[1] = iv[1];
242 key[2] = iv[2];
243
244 /* copy the rest of the key over from the designated key */
245 memcpy(key + 3, wlandev->wep_keys[keynum], keylen);
246
247 keylen += 3; /* add in IV bytes */
248
249 /* set up the RC4 state */
250 for (i = 0; i < 256; i++)
251 s[i] = i;
252 j = 0;
253 for (i = 0; i < 256; i++) {
254 j = (j + s[i] + key[i % keylen]) & 0xff;
255 swap(i, j);
256 }
257
258 /* Update CRC32 then apply RC4 to the data */
259 crc = ~0;
260 i = 0;
261 j = 0;
262 for (k = 0; k < len; k++) {
263 crc = wep_crc32_table[(crc ^ buf[k]) & 0xff] ^ (crc >> 8);
264 i = (i + 1) & 0xff;
265 j = (j + s[i]) & 0xff;
266 swap(i, j);
267 dst[k] = buf[k] ^ s[(s[i] + s[j]) & 0xff];
268 }
269 crc = ~crc;
270
271 /* now let's encrypt the crc */
272 icv[0] = crc;
273 icv[1] = crc >> 8;
274 icv[2] = crc >> 16;
275 icv[3] = crc >> 24;
276
277 for (k = 0; k < 4; k++) {
278 i = (i + 1) & 0xff;
279 j = (j + s[i]) & 0xff;
280 swap(i, j);
281 icv[k] ^= s[(s[i] + s[j]) & 0xff];
282 }
283
284 return 0;
285 }
286