2 * Software WEP encryption implementation
3 * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi>
4 * Copyright 2003, Instant802 Networks, Inc.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 #include <linux/netdevice.h>
12 #include <linux/types.h>
13 #include <linux/random.h>
14 #include <linux/compiler.h>
15 #include <linux/crc32.h>
16 #include <linux/crypto.h>
17 #include <linux/err.h>
19 #include <linux/scatterlist.h>
20 #include <linux/slab.h>
21 #include <asm/unaligned.h>
23 #include <net/mac80211.h>
24 #include "ieee80211_i.h"
28 int ieee80211_wep_init(struct ieee80211_local
*local
)
30 /* start WEP IV from a random value */
31 get_random_bytes(&local
->wep_iv
, WEP_IV_LEN
);
33 local
->wep_tx_tfm
= crypto_alloc_blkcipher("ecb(arc4)", 0,
35 if (IS_ERR(local
->wep_tx_tfm
))
36 return PTR_ERR(local
->wep_tx_tfm
);
38 local
->wep_rx_tfm
= crypto_alloc_blkcipher("ecb(arc4)", 0,
40 if (IS_ERR(local
->wep_rx_tfm
)) {
41 crypto_free_blkcipher(local
->wep_tx_tfm
);
42 return PTR_ERR(local
->wep_rx_tfm
);
48 void ieee80211_wep_free(struct ieee80211_local
*local
)
50 crypto_free_blkcipher(local
->wep_tx_tfm
);
51 crypto_free_blkcipher(local
->wep_rx_tfm
);
54 static inline bool ieee80211_wep_weak_iv(u32 iv
, int keylen
)
57 * Fluhrer, Mantin, and Shamir have reported weaknesses in the
58 * key scheduling algorithm of RC4. At least IVs (KeyByte + 3,
59 * 0xff, N) can be used to speedup attacks, so avoid using them.
61 if ((iv
& 0xff00) == 0xff00) {
62 u8 B
= (iv
>> 16) & 0xff;
63 if (B
>= 3 && B
< 3 + keylen
)
70 static void ieee80211_wep_get_iv(struct ieee80211_local
*local
,
71 int keylen
, int keyidx
, u8
*iv
)
74 if (ieee80211_wep_weak_iv(local
->wep_iv
, keylen
))
75 local
->wep_iv
+= 0x0100;
80 *iv
++ = (local
->wep_iv
>> 16) & 0xff;
81 *iv
++ = (local
->wep_iv
>> 8) & 0xff;
82 *iv
++ = local
->wep_iv
& 0xff;
87 static u8
*ieee80211_wep_add_iv(struct ieee80211_local
*local
,
89 int keylen
, int keyidx
)
91 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
95 hdr
->frame_control
|= cpu_to_le16(IEEE80211_FCTL_PROTECTED
);
97 if (WARN_ON(skb_tailroom(skb
) < WEP_ICV_LEN
||
98 skb_headroom(skb
) < WEP_IV_LEN
))
101 hdrlen
= ieee80211_hdrlen(hdr
->frame_control
);
102 newhdr
= skb_push(skb
, WEP_IV_LEN
);
103 memmove(newhdr
, newhdr
+ WEP_IV_LEN
, hdrlen
);
104 ieee80211_wep_get_iv(local
, keylen
, keyidx
, newhdr
+ hdrlen
);
105 return newhdr
+ hdrlen
;
109 static void ieee80211_wep_remove_iv(struct ieee80211_local
*local
,
111 struct ieee80211_key
*key
)
113 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
116 hdrlen
= ieee80211_hdrlen(hdr
->frame_control
);
117 memmove(skb
->data
+ WEP_IV_LEN
, skb
->data
, hdrlen
);
118 skb_pull(skb
, WEP_IV_LEN
);
122 /* Perform WEP encryption using given key. data buffer must have tailroom
123 * for 4-byte ICV. data_len must not include this ICV. Note: this function
124 * does _not_ add IV. data = RC4(data | CRC32(data)) */
125 void ieee80211_wep_encrypt_data(struct crypto_blkcipher
*tfm
, u8
*rc4key
,
126 size_t klen
, u8
*data
, size_t data_len
)
128 struct blkcipher_desc desc
= { .tfm
= tfm
};
129 struct scatterlist sg
;
132 icv
= cpu_to_le32(~crc32_le(~0, data
, data_len
));
133 put_unaligned(icv
, (__le32
*)(data
+ data_len
));
135 crypto_blkcipher_setkey(tfm
, rc4key
, klen
);
136 sg_init_one(&sg
, data
, data_len
+ WEP_ICV_LEN
);
137 crypto_blkcipher_encrypt(&desc
, &sg
, &sg
, sg
.length
);
141 /* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the
142 * beginning of the buffer 4 bytes of extra space (ICV) in the end of the
143 * buffer will be added. Both IV and ICV will be transmitted, so the
144 * payload length increases with 8 bytes.
146 * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data))
148 int ieee80211_wep_encrypt(struct ieee80211_local
*local
,
150 const u8
*key
, int keylen
, int keyidx
)
154 u8 rc4key
[3 + WLAN_KEY_LEN_WEP104
];
156 iv
= ieee80211_wep_add_iv(local
, skb
, keylen
, keyidx
);
160 len
= skb
->len
- (iv
+ WEP_IV_LEN
- skb
->data
);
162 /* Prepend 24-bit IV to RC4 key */
163 memcpy(rc4key
, iv
, 3);
165 /* Copy rest of the WEP key (the secret part) */
166 memcpy(rc4key
+ 3, key
, keylen
);
168 /* Add room for ICV */
169 skb_put(skb
, WEP_ICV_LEN
);
171 ieee80211_wep_encrypt_data(local
->wep_tx_tfm
, rc4key
, keylen
+ 3,
172 iv
+ WEP_IV_LEN
, len
);
178 /* Perform WEP decryption using given key. data buffer includes encrypted
179 * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
180 * Return 0 on success and -1 on ICV mismatch. */
181 int ieee80211_wep_decrypt_data(struct crypto_blkcipher
*tfm
, u8
*rc4key
,
182 size_t klen
, u8
*data
, size_t data_len
)
184 struct blkcipher_desc desc
= { .tfm
= tfm
};
185 struct scatterlist sg
;
188 crypto_blkcipher_setkey(tfm
, rc4key
, klen
);
189 sg_init_one(&sg
, data
, data_len
+ WEP_ICV_LEN
);
190 crypto_blkcipher_decrypt(&desc
, &sg
, &sg
, sg
.length
);
192 crc
= cpu_to_le32(~crc32_le(~0, data
, data_len
));
193 if (memcmp(&crc
, data
+ data_len
, WEP_ICV_LEN
) != 0)
201 /* Perform WEP decryption on given skb. Buffer includes whole WEP part of
202 * the frame: IV (4 bytes), encrypted payload (including SNAP header),
203 * ICV (4 bytes). skb->len includes both IV and ICV.
205 * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on
206 * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload
207 * is moved to the beginning of the skb and skb length will be reduced.
209 static int ieee80211_wep_decrypt(struct ieee80211_local
*local
,
211 struct ieee80211_key
*key
)
216 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
221 if (!ieee80211_has_protected(hdr
->frame_control
))
224 hdrlen
= ieee80211_hdrlen(hdr
->frame_control
);
225 if (skb
->len
< hdrlen
+ WEP_IV_LEN
+ WEP_ICV_LEN
)
228 len
= skb
->len
- hdrlen
- WEP_IV_LEN
- WEP_ICV_LEN
;
230 keyidx
= skb
->data
[hdrlen
+ 3] >> 6;
232 if (!key
|| keyidx
!= key
->conf
.keyidx
|| key
->conf
.alg
!= ALG_WEP
)
235 klen
= 3 + key
->conf
.keylen
;
237 rc4key
= kmalloc(klen
, GFP_ATOMIC
);
241 /* Prepend 24-bit IV to RC4 key */
242 memcpy(rc4key
, skb
->data
+ hdrlen
, 3);
244 /* Copy rest of the WEP key (the secret part) */
245 memcpy(rc4key
+ 3, key
->conf
.key
, key
->conf
.keylen
);
247 if (ieee80211_wep_decrypt_data(local
->wep_rx_tfm
, rc4key
, klen
,
248 skb
->data
+ hdrlen
+ WEP_IV_LEN
,
255 skb_trim(skb
, skb
->len
- WEP_ICV_LEN
);
258 memmove(skb
->data
+ WEP_IV_LEN
, skb
->data
, hdrlen
);
259 skb_pull(skb
, WEP_IV_LEN
);
265 bool ieee80211_wep_is_weak_iv(struct sk_buff
*skb
, struct ieee80211_key
*key
)
267 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
272 if (!ieee80211_has_protected(hdr
->frame_control
))
275 hdrlen
= ieee80211_hdrlen(hdr
->frame_control
);
276 ivpos
= skb
->data
+ hdrlen
;
277 iv
= (ivpos
[0] << 16) | (ivpos
[1] << 8) | ivpos
[2];
279 return ieee80211_wep_weak_iv(iv
, key
->conf
.keylen
);
283 ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data
*rx
)
285 struct sk_buff
*skb
= rx
->skb
;
286 struct ieee80211_rx_status
*status
= IEEE80211_SKB_RXCB(skb
);
287 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
289 if (!ieee80211_is_data(hdr
->frame_control
) &&
290 !ieee80211_is_auth(hdr
->frame_control
))
293 if (!(status
->flag
& RX_FLAG_DECRYPTED
)) {
294 if (ieee80211_wep_decrypt(rx
->local
, rx
->skb
, rx
->key
))
295 return RX_DROP_UNUSABLE
;
296 } else if (!(status
->flag
& RX_FLAG_IV_STRIPPED
)) {
297 ieee80211_wep_remove_iv(rx
->local
, rx
->skb
, rx
->key
);
299 skb_trim(rx
->skb
, rx
->skb
->len
- WEP_ICV_LEN
);
305 static int wep_encrypt_skb(struct ieee80211_tx_data
*tx
, struct sk_buff
*skb
)
307 struct ieee80211_tx_info
*info
= IEEE80211_SKB_CB(skb
);
309 if (!info
->control
.hw_key
) {
310 if (ieee80211_wep_encrypt(tx
->local
, skb
, tx
->key
->conf
.key
,
311 tx
->key
->conf
.keylen
,
312 tx
->key
->conf
.keyidx
))
314 } else if (info
->control
.hw_key
->flags
&
315 IEEE80211_KEY_FLAG_GENERATE_IV
) {
316 if (!ieee80211_wep_add_iv(tx
->local
, skb
,
317 tx
->key
->conf
.keylen
,
318 tx
->key
->conf
.keyidx
))
326 ieee80211_crypto_wep_encrypt(struct ieee80211_tx_data
*tx
)
330 ieee80211_tx_set_protected(tx
);
334 if (wep_encrypt_skb(tx
, skb
) < 0) {
335 I802_DEBUG_INC(tx
->local
->tx_handlers_drop_wep
);
338 } while ((skb
= skb
->next
));