162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Software WEP encryption implementation 462306a36Sopenharmony_ci * Copyright 2002, Jouni Malinen <jkmaline@cc.hut.fi> 562306a36Sopenharmony_ci * Copyright 2003, Instant802 Networks, Inc. 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <linux/netdevice.h> 962306a36Sopenharmony_ci#include <linux/types.h> 1062306a36Sopenharmony_ci#include <linux/random.h> 1162306a36Sopenharmony_ci#include <linux/compiler.h> 1262306a36Sopenharmony_ci#include <linux/crc32.h> 1362306a36Sopenharmony_ci#include <linux/crypto.h> 1462306a36Sopenharmony_ci#include <linux/err.h> 1562306a36Sopenharmony_ci#include <linux/mm.h> 1662306a36Sopenharmony_ci#include <linux/scatterlist.h> 1762306a36Sopenharmony_ci#include <linux/slab.h> 1862306a36Sopenharmony_ci#include <asm/unaligned.h> 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci#include <net/mac80211.h> 2162306a36Sopenharmony_ci#include "ieee80211_i.h" 2262306a36Sopenharmony_ci#include "wep.h" 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_civoid ieee80211_wep_init(struct ieee80211_local *local) 2662306a36Sopenharmony_ci{ 2762306a36Sopenharmony_ci /* start WEP IV from a random value */ 2862306a36Sopenharmony_ci get_random_bytes(&local->wep_iv, IEEE80211_WEP_IV_LEN); 2962306a36Sopenharmony_ci} 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_cistatic inline bool ieee80211_wep_weak_iv(u32 iv, int keylen) 3262306a36Sopenharmony_ci{ 3362306a36Sopenharmony_ci /* 3462306a36Sopenharmony_ci * Fluhrer, Mantin, and Shamir have reported weaknesses in the 3562306a36Sopenharmony_ci * key scheduling algorithm of RC4. At least IVs (KeyByte + 3, 3662306a36Sopenharmony_ci * 0xff, N) can be used to speedup attacks, so avoid using them. 3762306a36Sopenharmony_ci */ 3862306a36Sopenharmony_ci if ((iv & 0xff00) == 0xff00) { 3962306a36Sopenharmony_ci u8 B = (iv >> 16) & 0xff; 4062306a36Sopenharmony_ci if (B >= 3 && B < 3 + keylen) 4162306a36Sopenharmony_ci return true; 4262306a36Sopenharmony_ci } 4362306a36Sopenharmony_ci return false; 4462306a36Sopenharmony_ci} 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_cistatic void ieee80211_wep_get_iv(struct ieee80211_local *local, 4862306a36Sopenharmony_ci int keylen, int keyidx, u8 *iv) 4962306a36Sopenharmony_ci{ 5062306a36Sopenharmony_ci local->wep_iv++; 5162306a36Sopenharmony_ci if (ieee80211_wep_weak_iv(local->wep_iv, keylen)) 5262306a36Sopenharmony_ci local->wep_iv += 0x0100; 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci if (!iv) 5562306a36Sopenharmony_ci return; 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_ci *iv++ = (local->wep_iv >> 16) & 0xff; 5862306a36Sopenharmony_ci *iv++ = (local->wep_iv >> 8) & 0xff; 5962306a36Sopenharmony_ci *iv++ = local->wep_iv & 0xff; 6062306a36Sopenharmony_ci *iv++ = keyidx << 6; 6162306a36Sopenharmony_ci} 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_cistatic u8 *ieee80211_wep_add_iv(struct ieee80211_local *local, 6562306a36Sopenharmony_ci struct sk_buff *skb, 6662306a36Sopenharmony_ci int keylen, int keyidx) 6762306a36Sopenharmony_ci{ 6862306a36Sopenharmony_ci struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 6962306a36Sopenharmony_ci struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 7062306a36Sopenharmony_ci unsigned int hdrlen; 7162306a36Sopenharmony_ci u8 *newhdr; 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED); 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_ci if (WARN_ON(skb_headroom(skb) < IEEE80211_WEP_IV_LEN)) 7662306a36Sopenharmony_ci return NULL; 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci hdrlen = ieee80211_hdrlen(hdr->frame_control); 7962306a36Sopenharmony_ci newhdr = skb_push(skb, IEEE80211_WEP_IV_LEN); 8062306a36Sopenharmony_ci memmove(newhdr, newhdr + IEEE80211_WEP_IV_LEN, hdrlen); 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_ci /* the HW only needs room for the IV, but not the actual IV */ 8362306a36Sopenharmony_ci if (info->control.hw_key && 8462306a36Sopenharmony_ci (info->control.hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) 8562306a36Sopenharmony_ci return newhdr + hdrlen; 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci ieee80211_wep_get_iv(local, keylen, keyidx, newhdr + hdrlen); 8862306a36Sopenharmony_ci return newhdr + hdrlen; 8962306a36Sopenharmony_ci} 9062306a36Sopenharmony_ci 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_cistatic void ieee80211_wep_remove_iv(struct ieee80211_local *local, 9362306a36Sopenharmony_ci struct sk_buff *skb, 9462306a36Sopenharmony_ci struct ieee80211_key *key) 9562306a36Sopenharmony_ci{ 9662306a36Sopenharmony_ci struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 9762306a36Sopenharmony_ci unsigned int hdrlen; 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci hdrlen = ieee80211_hdrlen(hdr->frame_control); 10062306a36Sopenharmony_ci memmove(skb->data + IEEE80211_WEP_IV_LEN, skb->data, hdrlen); 10162306a36Sopenharmony_ci skb_pull(skb, IEEE80211_WEP_IV_LEN); 10262306a36Sopenharmony_ci} 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_ci/* Perform WEP encryption using given key. data buffer must have tailroom 10662306a36Sopenharmony_ci * for 4-byte ICV. data_len must not include this ICV. Note: this function 10762306a36Sopenharmony_ci * does _not_ add IV. data = RC4(data | CRC32(data)) */ 10862306a36Sopenharmony_ciint ieee80211_wep_encrypt_data(struct arc4_ctx *ctx, u8 *rc4key, 10962306a36Sopenharmony_ci size_t klen, u8 *data, size_t data_len) 11062306a36Sopenharmony_ci{ 11162306a36Sopenharmony_ci __le32 icv; 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_ci icv = cpu_to_le32(~crc32_le(~0, data, data_len)); 11462306a36Sopenharmony_ci put_unaligned(icv, (__le32 *)(data + data_len)); 11562306a36Sopenharmony_ci 11662306a36Sopenharmony_ci arc4_setkey(ctx, rc4key, klen); 11762306a36Sopenharmony_ci arc4_crypt(ctx, data, data, data_len + IEEE80211_WEP_ICV_LEN); 11862306a36Sopenharmony_ci memzero_explicit(ctx, sizeof(*ctx)); 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci return 0; 12162306a36Sopenharmony_ci} 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci 12462306a36Sopenharmony_ci/* Perform WEP encryption on given skb. 4 bytes of extra space (IV) in the 12562306a36Sopenharmony_ci * beginning of the buffer 4 bytes of extra space (ICV) in the end of the 12662306a36Sopenharmony_ci * buffer will be added. Both IV and ICV will be transmitted, so the 12762306a36Sopenharmony_ci * payload length increases with 8 bytes. 12862306a36Sopenharmony_ci * 12962306a36Sopenharmony_ci * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data)) 13062306a36Sopenharmony_ci */ 13162306a36Sopenharmony_ciint ieee80211_wep_encrypt(struct ieee80211_local *local, 13262306a36Sopenharmony_ci struct sk_buff *skb, 13362306a36Sopenharmony_ci const u8 *key, int keylen, int keyidx) 13462306a36Sopenharmony_ci{ 13562306a36Sopenharmony_ci u8 *iv; 13662306a36Sopenharmony_ci size_t len; 13762306a36Sopenharmony_ci u8 rc4key[3 + WLAN_KEY_LEN_WEP104]; 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci if (WARN_ON(skb_tailroom(skb) < IEEE80211_WEP_ICV_LEN)) 14062306a36Sopenharmony_ci return -1; 14162306a36Sopenharmony_ci 14262306a36Sopenharmony_ci iv = ieee80211_wep_add_iv(local, skb, keylen, keyidx); 14362306a36Sopenharmony_ci if (!iv) 14462306a36Sopenharmony_ci return -1; 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ci len = skb->len - (iv + IEEE80211_WEP_IV_LEN - skb->data); 14762306a36Sopenharmony_ci 14862306a36Sopenharmony_ci /* Prepend 24-bit IV to RC4 key */ 14962306a36Sopenharmony_ci memcpy(rc4key, iv, 3); 15062306a36Sopenharmony_ci 15162306a36Sopenharmony_ci /* Copy rest of the WEP key (the secret part) */ 15262306a36Sopenharmony_ci memcpy(rc4key + 3, key, keylen); 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_ci /* Add room for ICV */ 15562306a36Sopenharmony_ci skb_put(skb, IEEE80211_WEP_ICV_LEN); 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci return ieee80211_wep_encrypt_data(&local->wep_tx_ctx, rc4key, keylen + 3, 15862306a36Sopenharmony_ci iv + IEEE80211_WEP_IV_LEN, len); 15962306a36Sopenharmony_ci} 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_ci 16262306a36Sopenharmony_ci/* Perform WEP decryption using given key. data buffer includes encrypted 16362306a36Sopenharmony_ci * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV. 16462306a36Sopenharmony_ci * Return 0 on success and -1 on ICV mismatch. */ 16562306a36Sopenharmony_ciint ieee80211_wep_decrypt_data(struct arc4_ctx *ctx, u8 *rc4key, 16662306a36Sopenharmony_ci size_t klen, u8 *data, size_t data_len) 16762306a36Sopenharmony_ci{ 16862306a36Sopenharmony_ci __le32 crc; 16962306a36Sopenharmony_ci 17062306a36Sopenharmony_ci arc4_setkey(ctx, rc4key, klen); 17162306a36Sopenharmony_ci arc4_crypt(ctx, data, data, data_len + IEEE80211_WEP_ICV_LEN); 17262306a36Sopenharmony_ci memzero_explicit(ctx, sizeof(*ctx)); 17362306a36Sopenharmony_ci 17462306a36Sopenharmony_ci crc = cpu_to_le32(~crc32_le(~0, data, data_len)); 17562306a36Sopenharmony_ci if (memcmp(&crc, data + data_len, IEEE80211_WEP_ICV_LEN) != 0) 17662306a36Sopenharmony_ci /* ICV mismatch */ 17762306a36Sopenharmony_ci return -1; 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_ci return 0; 18062306a36Sopenharmony_ci} 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci 18362306a36Sopenharmony_ci/* Perform WEP decryption on given skb. Buffer includes whole WEP part of 18462306a36Sopenharmony_ci * the frame: IV (4 bytes), encrypted payload (including SNAP header), 18562306a36Sopenharmony_ci * ICV (4 bytes). skb->len includes both IV and ICV. 18662306a36Sopenharmony_ci * 18762306a36Sopenharmony_ci * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on 18862306a36Sopenharmony_ci * failure. If frame is OK, IV and ICV will be removed, i.e., decrypted payload 18962306a36Sopenharmony_ci * is moved to the beginning of the skb and skb length will be reduced. 19062306a36Sopenharmony_ci */ 19162306a36Sopenharmony_cistatic int ieee80211_wep_decrypt(struct ieee80211_local *local, 19262306a36Sopenharmony_ci struct sk_buff *skb, 19362306a36Sopenharmony_ci struct ieee80211_key *key) 19462306a36Sopenharmony_ci{ 19562306a36Sopenharmony_ci u32 klen; 19662306a36Sopenharmony_ci u8 rc4key[3 + WLAN_KEY_LEN_WEP104]; 19762306a36Sopenharmony_ci u8 keyidx; 19862306a36Sopenharmony_ci struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 19962306a36Sopenharmony_ci unsigned int hdrlen; 20062306a36Sopenharmony_ci size_t len; 20162306a36Sopenharmony_ci int ret = 0; 20262306a36Sopenharmony_ci 20362306a36Sopenharmony_ci if (!ieee80211_has_protected(hdr->frame_control)) 20462306a36Sopenharmony_ci return -1; 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci hdrlen = ieee80211_hdrlen(hdr->frame_control); 20762306a36Sopenharmony_ci if (skb->len < hdrlen + IEEE80211_WEP_IV_LEN + IEEE80211_WEP_ICV_LEN) 20862306a36Sopenharmony_ci return -1; 20962306a36Sopenharmony_ci 21062306a36Sopenharmony_ci len = skb->len - hdrlen - IEEE80211_WEP_IV_LEN - IEEE80211_WEP_ICV_LEN; 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci keyidx = skb->data[hdrlen + 3] >> 6; 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci if (!key || keyidx != key->conf.keyidx) 21562306a36Sopenharmony_ci return -1; 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_ci klen = 3 + key->conf.keylen; 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_ci /* Prepend 24-bit IV to RC4 key */ 22062306a36Sopenharmony_ci memcpy(rc4key, skb->data + hdrlen, 3); 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci /* Copy rest of the WEP key (the secret part) */ 22362306a36Sopenharmony_ci memcpy(rc4key + 3, key->conf.key, key->conf.keylen); 22462306a36Sopenharmony_ci 22562306a36Sopenharmony_ci if (ieee80211_wep_decrypt_data(&local->wep_rx_ctx, rc4key, klen, 22662306a36Sopenharmony_ci skb->data + hdrlen + 22762306a36Sopenharmony_ci IEEE80211_WEP_IV_LEN, len)) 22862306a36Sopenharmony_ci ret = -1; 22962306a36Sopenharmony_ci 23062306a36Sopenharmony_ci /* Trim ICV */ 23162306a36Sopenharmony_ci skb_trim(skb, skb->len - IEEE80211_WEP_ICV_LEN); 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_ci /* Remove IV */ 23462306a36Sopenharmony_ci memmove(skb->data + IEEE80211_WEP_IV_LEN, skb->data, hdrlen); 23562306a36Sopenharmony_ci skb_pull(skb, IEEE80211_WEP_IV_LEN); 23662306a36Sopenharmony_ci 23762306a36Sopenharmony_ci return ret; 23862306a36Sopenharmony_ci} 23962306a36Sopenharmony_ci 24062306a36Sopenharmony_ciieee80211_rx_result 24162306a36Sopenharmony_ciieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx) 24262306a36Sopenharmony_ci{ 24362306a36Sopenharmony_ci struct sk_buff *skb = rx->skb; 24462306a36Sopenharmony_ci struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 24562306a36Sopenharmony_ci struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 24662306a36Sopenharmony_ci __le16 fc = hdr->frame_control; 24762306a36Sopenharmony_ci 24862306a36Sopenharmony_ci if (!ieee80211_is_data(fc) && !ieee80211_is_auth(fc)) 24962306a36Sopenharmony_ci return RX_CONTINUE; 25062306a36Sopenharmony_ci 25162306a36Sopenharmony_ci if (!(status->flag & RX_FLAG_DECRYPTED)) { 25262306a36Sopenharmony_ci if (skb_linearize(rx->skb)) 25362306a36Sopenharmony_ci return RX_DROP_UNUSABLE; 25462306a36Sopenharmony_ci if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) 25562306a36Sopenharmony_ci return RX_DROP_UNUSABLE; 25662306a36Sopenharmony_ci } else if (!(status->flag & RX_FLAG_IV_STRIPPED)) { 25762306a36Sopenharmony_ci if (!pskb_may_pull(rx->skb, ieee80211_hdrlen(fc) + 25862306a36Sopenharmony_ci IEEE80211_WEP_IV_LEN)) 25962306a36Sopenharmony_ci return RX_DROP_UNUSABLE; 26062306a36Sopenharmony_ci ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 26162306a36Sopenharmony_ci /* remove ICV */ 26262306a36Sopenharmony_ci if (!(status->flag & RX_FLAG_ICV_STRIPPED) && 26362306a36Sopenharmony_ci pskb_trim(rx->skb, rx->skb->len - IEEE80211_WEP_ICV_LEN)) 26462306a36Sopenharmony_ci return RX_DROP_UNUSABLE; 26562306a36Sopenharmony_ci } 26662306a36Sopenharmony_ci 26762306a36Sopenharmony_ci return RX_CONTINUE; 26862306a36Sopenharmony_ci} 26962306a36Sopenharmony_ci 27062306a36Sopenharmony_cistatic int wep_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 27162306a36Sopenharmony_ci{ 27262306a36Sopenharmony_ci struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 27362306a36Sopenharmony_ci struct ieee80211_key_conf *hw_key = info->control.hw_key; 27462306a36Sopenharmony_ci 27562306a36Sopenharmony_ci if (!hw_key) { 27662306a36Sopenharmony_ci if (ieee80211_wep_encrypt(tx->local, skb, tx->key->conf.key, 27762306a36Sopenharmony_ci tx->key->conf.keylen, 27862306a36Sopenharmony_ci tx->key->conf.keyidx)) 27962306a36Sopenharmony_ci return -1; 28062306a36Sopenharmony_ci } else if ((hw_key->flags & IEEE80211_KEY_FLAG_GENERATE_IV) || 28162306a36Sopenharmony_ci (hw_key->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)) { 28262306a36Sopenharmony_ci if (!ieee80211_wep_add_iv(tx->local, skb, 28362306a36Sopenharmony_ci tx->key->conf.keylen, 28462306a36Sopenharmony_ci tx->key->conf.keyidx)) 28562306a36Sopenharmony_ci return -1; 28662306a36Sopenharmony_ci } 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_ci return 0; 28962306a36Sopenharmony_ci} 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ciieee80211_tx_result 29262306a36Sopenharmony_ciieee80211_crypto_wep_encrypt(struct ieee80211_tx_data *tx) 29362306a36Sopenharmony_ci{ 29462306a36Sopenharmony_ci struct sk_buff *skb; 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci ieee80211_tx_set_protected(tx); 29762306a36Sopenharmony_ci 29862306a36Sopenharmony_ci skb_queue_walk(&tx->skbs, skb) { 29962306a36Sopenharmony_ci if (wep_encrypt_skb(tx, skb) < 0) { 30062306a36Sopenharmony_ci I802_DEBUG_INC(tx->local->tx_handlers_drop_wep); 30162306a36Sopenharmony_ci return TX_DROP; 30262306a36Sopenharmony_ci } 30362306a36Sopenharmony_ci } 30462306a36Sopenharmony_ci 30562306a36Sopenharmony_ci return TX_CONTINUE; 30662306a36Sopenharmony_ci} 307