src/net/80211/wep.c

   1 /*
   2  * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
   3  *
   4  * This program is free software; you can redistribute it and/or
   5  * modify it under the terms of the GNU General Public License as
   6  * published by the Free Software Foundation; either version 2 of the
   7  * License, or any later version.
   8  *
   9  * This program is distributed in the hope that it will be useful, but
  10  * WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12  * General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License
  15  * along with this program; if not, write to the Free Software
  16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  17  * 02110-1301, USA.
  18  */
  19
  20 FILE_LICENCE ( GPL2_OR_LATER );
  21
  22 #include <ipxe/net80211.h>
  23 #include <ipxe/sec80211.h>
  24 #include <ipxe/crypto.h>
  25 #include <ipxe/arc4.h>
  26 #include <ipxe/crc32.h>
  27 #include <stdlib.h>
  28 #include <string.h>
  29 #include <errno.h>
  30
  31 /** @file
  32  *
  33  * The WEP wireless encryption method (insecure!)
  34  *
  35  * The data field in a WEP-encrypted packet contains a 3-byte
  36  * initialisation vector, one-byte Key ID field (only the bottom two
  37  * bits are ever used), encrypted data, and a 4-byte encrypted CRC of
  38  * the plaintext data, called the ICV. To decrypt it, the IV is
  39  * prepended to the shared key and the data stream (including ICV) is
  40  * run through the ARC4 stream cipher; if the ICV matches a CRC32
  41  * calculated on the plaintext, the packet is valid.
  42  *
  43  * For efficiency and code-size reasons, this file assumes it is
  44  * running on a little-endian machine.
  45  */
  46
  47 /** Length of WEP initialisation vector */
  48 #define WEP_IV_LEN      3
  49
  50 /** Length of WEP key ID byte */
  51 #define WEP_KID_LEN     1
  52
  53 /** Length of WEP ICV checksum */
  54 #define WEP_ICV_LEN     4
  55
  56 /** Maximum length of WEP key */
  57 #define WEP_MAX_KEY     16
  58
  59 /** Amount of data placed before the encrypted bytes */
  60 #define WEP_HEADER_LEN  4
  61
  62 /** Amount of data placed after the encrypted bytes */
  63 #define WEP_TRAILER_LEN 4
  64
  65 /** Total WEP overhead bytes */
  66 #define WEP_OVERHEAD    8
  67
  68 /** Context for WEP encryption and decryption */
  69 struct wep_ctx
  70 {
  71         /** Encoded WEP key
  72          *
  73          * The actual key bytes are stored beginning at offset 3, to
  74          * leave room for easily inserting the IV before a particular
  75          * operation.
  76          */
  77         u8 key[WEP_IV_LEN + WEP_MAX_KEY];
  78
  79         /** Length of WEP key (not including IV bytes) */
  80         int keylen;
  81
  82         /** ARC4 context */
  83         struct arc4_ctx arc4;
  84 };
  85
  86 /**
  87  * Initialize WEP algorithm
  88  *
  89  * @v crypto    802.11 cryptographic algorithm
  90  * @v key       WEP key to use
  91  * @v keylen    Length of WEP key
  92  * @v rsc       Initial receive sequence counter (unused)
  93  * @ret rc      Return status code
  94  *
  95  * Standard key lengths are 5 and 13 bytes; 16-byte keys are
  96  * occasionally supported as an extension to the standard.
  97  */
  98 static int wep_init ( struct net80211_crypto *crypto, const void *key,
  99                       int keylen, const void *rsc __unused )
 100 {
 101         struct wep_ctx *ctx = crypto->priv;
 102
 103         ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen );
 104         memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen );
 105
 106         return 0;
 107 }
 108
 109 /**
 110  * Encrypt packet using WEP
 111  *
 112  * @v crypto    802.11 cryptographic algorithm
 113  * @v iob       I/O buffer of plaintext packet
 114  * @ret eiob    Newly allocated I/O buffer for encrypted packet, or NULL
 115  *
 116  * If memory allocation fails, @c NULL is returned.
 117  */
 118 static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto,
 119                                         struct io_buffer *iob )
 120 {
 121         struct wep_ctx *ctx = crypto->priv;
 122         struct io_buffer *eiob;
 123         struct ieee80211_frame *hdr;
 124         const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
 125         int datalen = iob_len ( iob ) - hdrlen;
 126         int newlen = hdrlen + datalen + WEP_OVERHEAD;
 127         u32 iv, icv;
 128
 129         eiob = alloc_iob ( newlen );
 130         if ( ! eiob )
 131                 return NULL;
 132
 133         memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
 134         hdr = eiob->data;
 135         hdr->fc |= IEEE80211_FC_PROTECTED;
 136
 137         /* Calculate IV, put it in the header (with key ID byte = 0), and
 138            set it up at the start of the encryption key. */
 139         iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */
 140         memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN );
 141         memcpy ( ctx->key, &iv, WEP_IV_LEN );
 142
 143         /* Encrypt the data using RC4 */
 144         cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
 145                         ctx->keylen + WEP_IV_LEN );
 146         cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen,
 147                          iob_put ( eiob, datalen ), datalen );
 148
 149         /* Add ICV */
 150         icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
 151         cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv,
 152                          iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN );
 153
 154         return eiob;
 155 }
 156
 157 /**
 158  * Decrypt packet using WEP
 159  *
 160  * @v crypto    802.11 cryptographic algorithm
 161  * @v eiob      I/O buffer of encrypted packet
 162  * @ret iob     Newly allocated I/O buffer for plaintext packet, or NULL
 163  *
 164  * If a consistency check for the decryption fails (usually indicating
 165  * an invalid key), @c NULL is returned.
 166  */
 167 static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto,
 168                                         struct io_buffer *eiob )
 169 {
 170         struct wep_ctx *ctx = crypto->priv;
 171         struct io_buffer *iob;
 172         struct ieee80211_frame *hdr;
 173         const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
 174         int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD;
 175         int newlen = hdrlen + datalen;
 176         u32 iv, icv, crc;
 177
 178         iob = alloc_iob ( newlen );
 179         if ( ! iob )
 180                 return NULL;
 181
 182         memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
 183         hdr = iob->data;
 184         hdr->fc &= ~IEEE80211_FC_PROTECTED;
 185
 186         /* Strip off IV and use it to initialize cryptosystem */
 187         memcpy ( &iv, eiob->data + hdrlen, 4 );
 188         iv &= 0xffffff;         /* ignore key ID byte */
 189         memcpy ( ctx->key, &iv, WEP_IV_LEN );
 190
 191         /* Decrypt the data using RC4 */
 192         cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
 193                         ctx->keylen + WEP_IV_LEN );
 194         cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
 195                          WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen );
 196
 197         /* Strip off ICV and verify it */
 198         cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
 199                          WEP_HEADER_LEN + datalen, &icv, WEP_ICV_LEN );
 200         crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
 201         if ( crc != icv ) {
 202                 DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n",
 203                        crypto, icv, crc );
 204                 free_iob ( iob );
 205                 return NULL;
 206         }
 207         return iob;
 208 }
 209
 210 /** WEP cryptosystem for 802.11 */
 211 struct net80211_crypto wep_crypto __net80211_crypto = {
 212         .algorithm = NET80211_CRYPT_WEP,
 213         .init = wep_init,
 214         .encrypt = wep_encrypt,
 215         .decrypt = wep_decrypt,
 216         .priv_len = sizeof ( struct wep_ctx ),
 217 };
 218
 219 /**
 220  * Initialize trivial 802.11 security handshaker
 221  *
 222  * @v dev       802.11 device
 223  * @v ctx       Security handshaker
 224  *
 225  * This simply fetches a WEP key from netX/key, and if it exists,
 226  * installs WEP cryptography on the 802.11 device. No real handshaking
 227  * is performed.
 228  */
 229 static int trivial_init ( struct net80211_device *dev )
 230 {
 231         u8 key[WEP_MAX_KEY];    /* support up to 128-bit keys */
 232         int len;
 233         int rc;
 234
 235         if ( dev->associating &&
 236              dev->associating->crypto == NET80211_CRYPT_NONE )
 237                 return 0;       /* no crypto? OK. */
 238
 239         len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
 240                                   &net80211_key_setting, key, WEP_MAX_KEY );
 241
 242         if ( len <= 0 ) {
 243                 DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev );
 244                 return -EACCES;
 245         }
 246
 247         /* Full 128-bit keys are a nonstandard extension, but they're
 248            utterly trivial to support, so we do. */
 249         if ( len != 5 && len != 13 && len != 16 ) {
 250                 DBGC ( dev, "802.11 %p invalid WEP key length %d\n",
 251                        dev, len );
 252                 return -EINVAL;
 253         }
 254
 255         DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 );
 256
 257         rc = sec80211_install ( &dev->crypto, NET80211_CRYPT_WEP, key, len,
 258                                 NULL );
 259         if ( rc < 0 )
 260                 return rc;
 261
 262         return 0;
 263 }
 264
 265 /**
 266  * Check for key change on trivial 802.11 security handshaker
 267  *
 268  * @v dev       802.11 device
 269  * @v ctx       Security handshaker
 270  */
 271 static int trivial_change_key ( struct net80211_device *dev )
 272 {
 273         u8 key[WEP_MAX_KEY];
 274         int len;
 275         int change = 0;
 276
 277         /* If going from WEP to clear, or something else to WEP, reassociate. */
 278         if ( ! dev->crypto || ( dev->crypto->init != wep_init ) )
 279                 change ^= 1;
 280
 281         len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
 282                                   &net80211_key_setting, key, WEP_MAX_KEY );
 283         if ( len <= 0 )
 284                 change ^= 1;
 285
 286         /* Changing crypto type => return nonzero to reassociate. */
 287         if ( change )
 288                 return -EINVAL;
 289
 290         /* Going from no crypto to still no crypto => nothing to do. */
 291         if ( len <= 0 )
 292                 return 0;
 293
 294         /* Otherwise, reinitialise WEP with new key. */
 295         return wep_init ( dev->crypto, key, len, NULL );
 296 }
 297
 298 /** Trivial 802.11 security handshaker */
 299 struct net80211_handshaker trivial_handshaker __net80211_handshaker = {
 300         .protocol = NET80211_SECPROT_NONE,
 301         .init = trivial_init,
 302         .change_key = trivial_change_key,
 303         .priv_len = 0,
 304 };