162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * lib80211 crypt: host-based WEP encryption implementation for lib80211 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (c) 2002-2004, Jouni Malinen <j@w1.fi> 662306a36Sopenharmony_ci * Copyright (c) 2008, John W. Linville <linville@tuxdriver.com> 762306a36Sopenharmony_ci */ 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci#include <linux/err.h> 1062306a36Sopenharmony_ci#include <linux/fips.h> 1162306a36Sopenharmony_ci#include <linux/module.h> 1262306a36Sopenharmony_ci#include <linux/init.h> 1362306a36Sopenharmony_ci#include <linux/slab.h> 1462306a36Sopenharmony_ci#include <linux/random.h> 1562306a36Sopenharmony_ci#include <linux/scatterlist.h> 1662306a36Sopenharmony_ci#include <linux/skbuff.h> 1762306a36Sopenharmony_ci#include <linux/mm.h> 1862306a36Sopenharmony_ci#include <asm/string.h> 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci#include <net/lib80211.h> 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#include <crypto/arc4.h> 2362306a36Sopenharmony_ci#include <linux/crc32.h> 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ciMODULE_AUTHOR("Jouni Malinen"); 2662306a36Sopenharmony_ciMODULE_DESCRIPTION("lib80211 crypt: WEP"); 2762306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_cistruct lib80211_wep_data { 3062306a36Sopenharmony_ci u32 iv; 3162306a36Sopenharmony_ci#define WEP_KEY_LEN 13 3262306a36Sopenharmony_ci u8 key[WEP_KEY_LEN + 1]; 3362306a36Sopenharmony_ci u8 key_len; 3462306a36Sopenharmony_ci u8 key_idx; 3562306a36Sopenharmony_ci struct arc4_ctx tx_ctx; 3662306a36Sopenharmony_ci struct arc4_ctx rx_ctx; 3762306a36Sopenharmony_ci}; 3862306a36Sopenharmony_ci 3962306a36Sopenharmony_cistatic void *lib80211_wep_init(int keyidx) 4062306a36Sopenharmony_ci{ 4162306a36Sopenharmony_ci struct lib80211_wep_data *priv; 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_ci if (fips_enabled) 4462306a36Sopenharmony_ci return NULL; 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_ci priv = kzalloc(sizeof(*priv), GFP_ATOMIC); 4762306a36Sopenharmony_ci if (priv == NULL) 4862306a36Sopenharmony_ci return NULL; 4962306a36Sopenharmony_ci priv->key_idx = keyidx; 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci /* start WEP IV from a random value */ 5262306a36Sopenharmony_ci get_random_bytes(&priv->iv, 4); 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci return priv; 5562306a36Sopenharmony_ci} 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_cistatic void lib80211_wep_deinit(void *priv) 5862306a36Sopenharmony_ci{ 5962306a36Sopenharmony_ci kfree_sensitive(priv); 6062306a36Sopenharmony_ci} 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ci/* Add WEP IV/key info to a frame that has at least 4 bytes of headroom */ 6362306a36Sopenharmony_cistatic int lib80211_wep_build_iv(struct sk_buff *skb, int hdr_len, 6462306a36Sopenharmony_ci u8 *key, int keylen, void *priv) 6562306a36Sopenharmony_ci{ 6662306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 6762306a36Sopenharmony_ci u32 klen; 6862306a36Sopenharmony_ci u8 *pos; 6962306a36Sopenharmony_ci 7062306a36Sopenharmony_ci if (skb_headroom(skb) < 4 || skb->len < hdr_len) 7162306a36Sopenharmony_ci return -1; 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci pos = skb_push(skb, 4); 7462306a36Sopenharmony_ci memmove(pos, pos + 4, hdr_len); 7562306a36Sopenharmony_ci pos += hdr_len; 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci klen = 3 + wep->key_len; 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci wep->iv++; 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_ci /* Fluhrer, Mantin, and Shamir have reported weaknesses in the key 8262306a36Sopenharmony_ci * scheduling algorithm of RC4. At least IVs (KeyByte + 3, 0xff, N) 8362306a36Sopenharmony_ci * can be used to speedup attacks, so avoid using them. */ 8462306a36Sopenharmony_ci if ((wep->iv & 0xff00) == 0xff00) { 8562306a36Sopenharmony_ci u8 B = (wep->iv >> 16) & 0xff; 8662306a36Sopenharmony_ci if (B >= 3 && B < klen) 8762306a36Sopenharmony_ci wep->iv += 0x0100; 8862306a36Sopenharmony_ci } 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci /* Prepend 24-bit IV to RC4 key and TX frame */ 9162306a36Sopenharmony_ci *pos++ = (wep->iv >> 16) & 0xff; 9262306a36Sopenharmony_ci *pos++ = (wep->iv >> 8) & 0xff; 9362306a36Sopenharmony_ci *pos++ = wep->iv & 0xff; 9462306a36Sopenharmony_ci *pos++ = wep->key_idx << 6; 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci return 0; 9762306a36Sopenharmony_ci} 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci/* Perform WEP encryption on given skb that has at least 4 bytes of headroom 10062306a36Sopenharmony_ci * for IV and 4 bytes of tailroom for ICV. Both IV and ICV will be transmitted, 10162306a36Sopenharmony_ci * so the payload length increases with 8 bytes. 10262306a36Sopenharmony_ci * 10362306a36Sopenharmony_ci * WEP frame payload: IV + TX key idx, RC4(data), ICV = RC4(CRC32(data)) 10462306a36Sopenharmony_ci */ 10562306a36Sopenharmony_cistatic int lib80211_wep_encrypt(struct sk_buff *skb, int hdr_len, void *priv) 10662306a36Sopenharmony_ci{ 10762306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 10862306a36Sopenharmony_ci u32 crc, klen, len; 10962306a36Sopenharmony_ci u8 *pos, *icv; 11062306a36Sopenharmony_ci u8 key[WEP_KEY_LEN + 3]; 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci /* other checks are in lib80211_wep_build_iv */ 11362306a36Sopenharmony_ci if (skb_tailroom(skb) < 4) 11462306a36Sopenharmony_ci return -1; 11562306a36Sopenharmony_ci 11662306a36Sopenharmony_ci /* add the IV to the frame */ 11762306a36Sopenharmony_ci if (lib80211_wep_build_iv(skb, hdr_len, NULL, 0, priv)) 11862306a36Sopenharmony_ci return -1; 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci /* Copy the IV into the first 3 bytes of the key */ 12162306a36Sopenharmony_ci skb_copy_from_linear_data_offset(skb, hdr_len, key, 3); 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci /* Copy rest of the WEP key (the secret part) */ 12462306a36Sopenharmony_ci memcpy(key + 3, wep->key, wep->key_len); 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_ci len = skb->len - hdr_len - 4; 12762306a36Sopenharmony_ci pos = skb->data + hdr_len + 4; 12862306a36Sopenharmony_ci klen = 3 + wep->key_len; 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci /* Append little-endian CRC32 over only the data and encrypt it to produce ICV */ 13162306a36Sopenharmony_ci crc = ~crc32_le(~0, pos, len); 13262306a36Sopenharmony_ci icv = skb_put(skb, 4); 13362306a36Sopenharmony_ci icv[0] = crc; 13462306a36Sopenharmony_ci icv[1] = crc >> 8; 13562306a36Sopenharmony_ci icv[2] = crc >> 16; 13662306a36Sopenharmony_ci icv[3] = crc >> 24; 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_ci arc4_setkey(&wep->tx_ctx, key, klen); 13962306a36Sopenharmony_ci arc4_crypt(&wep->tx_ctx, pos, pos, len + 4); 14062306a36Sopenharmony_ci 14162306a36Sopenharmony_ci return 0; 14262306a36Sopenharmony_ci} 14362306a36Sopenharmony_ci 14462306a36Sopenharmony_ci/* Perform WEP decryption on given buffer. Buffer includes whole WEP part of 14562306a36Sopenharmony_ci * the frame: IV (4 bytes), encrypted payload (including SNAP header), 14662306a36Sopenharmony_ci * ICV (4 bytes). len includes both IV and ICV. 14762306a36Sopenharmony_ci * 14862306a36Sopenharmony_ci * Returns 0 if frame was decrypted successfully and ICV was correct and -1 on 14962306a36Sopenharmony_ci * failure. If frame is OK, IV and ICV will be removed. 15062306a36Sopenharmony_ci */ 15162306a36Sopenharmony_cistatic int lib80211_wep_decrypt(struct sk_buff *skb, int hdr_len, void *priv) 15262306a36Sopenharmony_ci{ 15362306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 15462306a36Sopenharmony_ci u32 crc, klen, plen; 15562306a36Sopenharmony_ci u8 key[WEP_KEY_LEN + 3]; 15662306a36Sopenharmony_ci u8 keyidx, *pos, icv[4]; 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_ci if (skb->len < hdr_len + 8) 15962306a36Sopenharmony_ci return -1; 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_ci pos = skb->data + hdr_len; 16262306a36Sopenharmony_ci key[0] = *pos++; 16362306a36Sopenharmony_ci key[1] = *pos++; 16462306a36Sopenharmony_ci key[2] = *pos++; 16562306a36Sopenharmony_ci keyidx = *pos++ >> 6; 16662306a36Sopenharmony_ci if (keyidx != wep->key_idx) 16762306a36Sopenharmony_ci return -1; 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_ci klen = 3 + wep->key_len; 17062306a36Sopenharmony_ci 17162306a36Sopenharmony_ci /* Copy rest of the WEP key (the secret part) */ 17262306a36Sopenharmony_ci memcpy(key + 3, wep->key, wep->key_len); 17362306a36Sopenharmony_ci 17462306a36Sopenharmony_ci /* Apply RC4 to data and compute CRC32 over decrypted data */ 17562306a36Sopenharmony_ci plen = skb->len - hdr_len - 8; 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ci arc4_setkey(&wep->rx_ctx, key, klen); 17862306a36Sopenharmony_ci arc4_crypt(&wep->rx_ctx, pos, pos, plen + 4); 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci crc = ~crc32_le(~0, pos, plen); 18162306a36Sopenharmony_ci icv[0] = crc; 18262306a36Sopenharmony_ci icv[1] = crc >> 8; 18362306a36Sopenharmony_ci icv[2] = crc >> 16; 18462306a36Sopenharmony_ci icv[3] = crc >> 24; 18562306a36Sopenharmony_ci if (memcmp(icv, pos + plen, 4) != 0) { 18662306a36Sopenharmony_ci /* ICV mismatch - drop frame */ 18762306a36Sopenharmony_ci return -2; 18862306a36Sopenharmony_ci } 18962306a36Sopenharmony_ci 19062306a36Sopenharmony_ci /* Remove IV and ICV */ 19162306a36Sopenharmony_ci memmove(skb->data + 4, skb->data, hdr_len); 19262306a36Sopenharmony_ci skb_pull(skb, 4); 19362306a36Sopenharmony_ci skb_trim(skb, skb->len - 4); 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_ci return 0; 19662306a36Sopenharmony_ci} 19762306a36Sopenharmony_ci 19862306a36Sopenharmony_cistatic int lib80211_wep_set_key(void *key, int len, u8 * seq, void *priv) 19962306a36Sopenharmony_ci{ 20062306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_ci if (len < 0 || len > WEP_KEY_LEN) 20362306a36Sopenharmony_ci return -1; 20462306a36Sopenharmony_ci 20562306a36Sopenharmony_ci memcpy(wep->key, key, len); 20662306a36Sopenharmony_ci wep->key_len = len; 20762306a36Sopenharmony_ci 20862306a36Sopenharmony_ci return 0; 20962306a36Sopenharmony_ci} 21062306a36Sopenharmony_ci 21162306a36Sopenharmony_cistatic int lib80211_wep_get_key(void *key, int len, u8 * seq, void *priv) 21262306a36Sopenharmony_ci{ 21362306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci if (len < wep->key_len) 21662306a36Sopenharmony_ci return -1; 21762306a36Sopenharmony_ci 21862306a36Sopenharmony_ci memcpy(key, wep->key, wep->key_len); 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_ci return wep->key_len; 22162306a36Sopenharmony_ci} 22262306a36Sopenharmony_ci 22362306a36Sopenharmony_cistatic void lib80211_wep_print_stats(struct seq_file *m, void *priv) 22462306a36Sopenharmony_ci{ 22562306a36Sopenharmony_ci struct lib80211_wep_data *wep = priv; 22662306a36Sopenharmony_ci seq_printf(m, "key[%d] alg=WEP len=%d\n", wep->key_idx, wep->key_len); 22762306a36Sopenharmony_ci} 22862306a36Sopenharmony_ci 22962306a36Sopenharmony_cistatic struct lib80211_crypto_ops lib80211_crypt_wep = { 23062306a36Sopenharmony_ci .name = "WEP", 23162306a36Sopenharmony_ci .init = lib80211_wep_init, 23262306a36Sopenharmony_ci .deinit = lib80211_wep_deinit, 23362306a36Sopenharmony_ci .encrypt_mpdu = lib80211_wep_encrypt, 23462306a36Sopenharmony_ci .decrypt_mpdu = lib80211_wep_decrypt, 23562306a36Sopenharmony_ci .encrypt_msdu = NULL, 23662306a36Sopenharmony_ci .decrypt_msdu = NULL, 23762306a36Sopenharmony_ci .set_key = lib80211_wep_set_key, 23862306a36Sopenharmony_ci .get_key = lib80211_wep_get_key, 23962306a36Sopenharmony_ci .print_stats = lib80211_wep_print_stats, 24062306a36Sopenharmony_ci .extra_mpdu_prefix_len = 4, /* IV */ 24162306a36Sopenharmony_ci .extra_mpdu_postfix_len = 4, /* ICV */ 24262306a36Sopenharmony_ci .owner = THIS_MODULE, 24362306a36Sopenharmony_ci}; 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_cistatic int __init lib80211_crypto_wep_init(void) 24662306a36Sopenharmony_ci{ 24762306a36Sopenharmony_ci return lib80211_register_crypto_ops(&lib80211_crypt_wep); 24862306a36Sopenharmony_ci} 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_cistatic void __exit lib80211_crypto_wep_exit(void) 25162306a36Sopenharmony_ci{ 25262306a36Sopenharmony_ci lib80211_unregister_crypto_ops(&lib80211_crypt_wep); 25362306a36Sopenharmony_ci} 25462306a36Sopenharmony_ci 25562306a36Sopenharmony_cimodule_init(lib80211_crypto_wep_init); 25662306a36Sopenharmony_cimodule_exit(lib80211_crypto_wep_exit); 257