1 /* 2 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * Alternatively, this software may be distributed under the terms of the 17 * GNU General Public License ("GPL") version 2 as published by the Free 18 * Software Foundation. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * $FreeBSD: src/sys/net80211/ieee80211_crypto_wep.c,v 1.7.2.1 2005/12/22 19:02:08 sam Exp $ 32 * $DragonFly: src/sys/netproto/802_11/wlan_wep/ieee80211_crypto_wep.c,v 1.5 2007/05/07 14:12:16 sephe Exp $ 33 */ 34 35 /* 36 * IEEE 802.11 WEP crypto support. 37 */ 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/mbuf.h> 41 #include <sys/malloc.h> 42 #include <sys/kernel.h> 43 #include <sys/module.h> 44 #include <sys/endian.h> 45 46 #include <sys/socket.h> 47 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/if_media.h> 51 #include <net/ethernet.h> 52 53 #include <netproto/802_11/ieee80211_var.h> 54 55 static void *wep_attach(struct ieee80211com *, struct ieee80211_key *); 56 static void wep_detach(struct ieee80211_key *); 57 static int wep_setkey(struct ieee80211_key *); 58 static int wep_encap(struct ieee80211_key *, struct mbuf *, uint8_t keyid); 59 static int wep_decap(struct ieee80211_key *, struct mbuf *, int hdrlen); 60 static int wep_enmic(struct ieee80211_key *, struct mbuf *, int); 61 static int wep_demic(struct ieee80211_key *, struct mbuf *, int); 62 static int wep_getiv(struct ieee80211_key *, struct ieee80211_crypto_iv *, 63 uint8_t); 64 static int wep_update(struct ieee80211_key *, 65 const struct ieee80211_crypto_iv *, 66 const struct ieee80211_frame *); 67 68 static const struct ieee80211_cipher wep = { 69 .ic_name = "WEP", 70 .ic_cipher = IEEE80211_CIPHER_WEP, 71 .ic_header = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN, 72 .ic_trailer = IEEE80211_WEP_CRCLEN, 73 .ic_miclen = 0, 74 .ic_attach = wep_attach, 75 .ic_detach = wep_detach, 76 .ic_setkey = wep_setkey, 77 .ic_encap = wep_encap, 78 .ic_decap = wep_decap, 79 .ic_enmic = wep_enmic, 80 .ic_demic = wep_demic, 81 .ic_getiv = wep_getiv, 82 .ic_update = wep_update 83 }; 84 85 static int wep_encrypt(struct ieee80211_key *, struct mbuf *, int hdrlen); 86 static int wep_decrypt(struct ieee80211_key *, struct mbuf *, int hdrlen); 87 88 struct wep_ctx { 89 struct ieee80211com *wc_ic; /* for diagnostics */ 90 uint32_t wc_iv; /* initial vector for crypto */ 91 }; 92 93 /* number of references from net80211 layer */ 94 static int nrefs = 0; 95 96 static void * 97 wep_attach(struct ieee80211com *ic, struct ieee80211_key *k) 98 { 99 struct wep_ctx *ctx; 100 101 ctx = kmalloc(sizeof(struct wep_ctx), M_DEVBUF, M_NOWAIT | M_ZERO); 102 if (ctx == NULL) { 103 ic->ic_stats.is_crypto_nomem++; 104 return NULL; 105 } 106 107 ctx->wc_ic = ic; 108 get_random_bytes(&ctx->wc_iv, sizeof(ctx->wc_iv)); 109 nrefs++; /* NB: we assume caller locking */ 110 return ctx; 111 } 112 113 static void 114 wep_detach(struct ieee80211_key *k) 115 { 116 struct wep_ctx *ctx = k->wk_private; 117 118 FREE(ctx, M_DEVBUF); 119 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 120 nrefs--; /* NB: we assume caller locking */ 121 } 122 123 static int 124 wep_setkey(struct ieee80211_key *k) 125 { 126 return k->wk_keylen >= 40/NBBY; 127 } 128 129 /* 130 * Add privacy headers appropriate for the specified key. 131 */ 132 static int 133 wep_encap(struct ieee80211_key *k, struct mbuf *m, uint8_t keyid) 134 { 135 struct wep_ctx *ctx = k->wk_private; 136 struct ieee80211com *ic = ctx->wc_ic; 137 uint32_t iv; 138 uint8_t *ivp; 139 int hdrlen; 140 141 hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); 142 143 /* 144 * Copy down 802.11 header and add the IV + KeyID. 145 */ 146 M_PREPEND(m, wep.ic_header, MB_DONTWAIT); 147 if (m == NULL) 148 return 0; 149 ivp = mtod(m, uint8_t *); 150 ovbcopy(ivp + wep.ic_header, ivp, hdrlen); 151 ivp += hdrlen; 152 153 /* 154 * XXX 155 * IV must not duplicate during the lifetime of the key. 156 * But no mechanism to renew keys is defined in IEEE 802.11 157 * for WEP. And the IV may be duplicated at other stations 158 * because the session key itself is shared. So we use a 159 * pseudo random IV for now, though it is not the right way. 160 * 161 * NB: Rather than use a strictly random IV we select a 162 * random one to start and then increment the value for 163 * each frame. This is an explicit tradeoff between 164 * overhead and security. Given the basic insecurity of 165 * WEP this seems worthwhile. 166 */ 167 168 /* 169 * Skip 'bad' IVs from Fluhrer/Mantin/Shamir: 170 * (B, 255, N) with 3 <= B < 16 and 0 <= N <= 255 171 */ 172 iv = ctx->wc_iv; 173 if ((iv & 0xff00) == 0xff00) { 174 int B = (iv & 0xff0000) >> 16; 175 if (3 <= B && B < 16) 176 iv += 0x0100; 177 } 178 ctx->wc_iv = iv + 1; 179 180 /* 181 * NB: Preserve byte order of IV for packet 182 * sniffers; it doesn't matter otherwise. 183 */ 184 #if _BYTE_ORDER == _BIG_ENDIAN 185 ivp[0] = iv >> 0; 186 ivp[1] = iv >> 8; 187 ivp[2] = iv >> 16; 188 #else 189 ivp[2] = iv >> 0; 190 ivp[1] = iv >> 8; 191 ivp[0] = iv >> 16; 192 #endif 193 ivp[3] = keyid; 194 195 /* 196 * Finally, do software encrypt if neeed. 197 */ 198 if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) && 199 !wep_encrypt(k, m, hdrlen)) 200 return 0; 201 202 return 1; 203 } 204 205 /* 206 * Add MIC to the frame as needed. 207 */ 208 static int 209 wep_enmic(struct ieee80211_key *k, struct mbuf *m, int force) 210 { 211 return 1; 212 } 213 214 /* 215 * Validate and strip privacy headers (and trailer) for a 216 * received frame. If necessary, decrypt the frame using 217 * the specified key. 218 */ 219 static int 220 wep_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen) 221 { 222 struct wep_ctx *ctx = k->wk_private; 223 struct ieee80211_frame *wh; 224 225 wh = mtod(m, struct ieee80211_frame *); 226 227 /* 228 * Check if the device handled the decrypt in hardware. 229 * If so we just strip the header; otherwise we need to 230 * handle the decrypt in software. 231 */ 232 if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) && 233 !wep_decrypt(k, m, hdrlen)) { 234 IEEE80211_DPRINTF(ctx->wc_ic, IEEE80211_MSG_CRYPTO, 235 "[%6D] WEP ICV mismatch on decrypt\n", 236 wh->i_addr2, ":"); 237 ctx->wc_ic->ic_stats.is_rx_wepfail++; 238 return 0; 239 } 240 241 /* 242 * Copy up 802.11 header and strip crypto bits. 243 */ 244 ovbcopy(mtod(m, void *), mtod(m, uint8_t *) + wep.ic_header, hdrlen); 245 m_adj(m, wep.ic_header); 246 m_adj(m, -wep.ic_trailer); 247 248 return 1; 249 } 250 251 static int 252 wep_update(struct ieee80211_key *k, const struct ieee80211_crypto_iv *iv, 253 const struct ieee80211_frame *wh) 254 { 255 return 1; 256 } 257 258 /* 259 * Verify and strip MIC from the frame. 260 */ 261 static int 262 wep_demic(struct ieee80211_key *k, struct mbuf *skb, int force) 263 { 264 return 1; 265 } 266 267 static int 268 wep_getiv(struct ieee80211_key *k, struct ieee80211_crypto_iv *ivp, 269 uint8_t keyid) 270 { 271 struct wep_ctx *ctx = k->wk_private; 272 uint32_t iv; 273 274 /* 275 * Skip 'bad' IVs from Fluhrer/Mantin/Shamir: 276 * (B, 255, N) with 3 <= B < 16 and 0 <= N <= 255 277 */ 278 iv = ctx->wc_iv; 279 if ((iv & 0xff00) == 0xff00) { 280 int B = (iv & 0xff0000) >> 16; 281 if (3 <= B && B < 16) 282 iv += 0x0100; 283 } 284 ctx->wc_iv = iv + 1; 285 286 /* 287 * NB: Preserve byte order of IV for packet 288 * sniffers; it doesn't matter otherwise. 289 */ 290 #if _BYTE_ORDER == _BIG_ENDIAN 291 ivp->ic_iv[0] = iv >> 0; 292 ivp->ic_iv[1] = iv >> 8; 293 ivp->ic_iv[2] = iv >> 16; 294 #else 295 ivp->ic_iv[2] = iv >> 0; 296 ivp->ic_iv[1] = iv >> 8; 297 ivp->ic_iv[0] = iv >> 16; 298 #endif 299 ivp->ic_iv[3] = keyid; 300 301 return 1; 302 } 303 304 static const uint32_t crc32_table[256] = { 305 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 306 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, 307 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 308 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, 309 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, 310 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, 311 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 312 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, 313 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, 314 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, 315 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 316 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, 317 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, 318 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, 319 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 320 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, 321 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, 322 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, 323 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 324 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, 325 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, 326 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, 327 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 328 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, 329 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, 330 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, 331 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, 332 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, 333 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, 334 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, 335 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 336 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, 337 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, 338 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, 339 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 340 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, 341 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, 342 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, 343 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 344 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, 345 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, 346 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, 347 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 348 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, 349 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, 350 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, 351 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 352 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, 353 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, 354 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, 355 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 356 0x2d02ef8dL 357 }; 358 359 static int 360 wep_encrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen) 361 { 362 #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0) 363 struct wep_ctx *ctx = key->wk_private; 364 struct mbuf *m = m0; 365 uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; 366 uint8_t icv[IEEE80211_WEP_CRCLEN]; 367 uint32_t i, j, k, crc; 368 size_t buflen, data_len; 369 uint8_t S[256]; 370 uint8_t *pos; 371 u_int off, keylen; 372 373 ctx->wc_ic->ic_stats.is_crypto_wep++; 374 375 /* NB: this assumes the header was pulled up */ 376 memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN); 377 memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen); 378 379 /* Setup RC4 state */ 380 for (i = 0; i < 256; i++) 381 S[i] = i; 382 j = 0; 383 keylen = key->wk_keylen + IEEE80211_WEP_IVLEN; 384 for (i = 0; i < 256; i++) { 385 j = (j + S[i] + rc4key[i % keylen]) & 0xff; 386 S_SWAP(i, j); 387 } 388 389 off = hdrlen + wep.ic_header; 390 data_len = m->m_pkthdr.len - off; 391 392 /* Compute CRC32 over unencrypted data and apply RC4 to data */ 393 crc = ~0; 394 i = j = 0; 395 pos = mtod(m, uint8_t *) + off; 396 buflen = m->m_len - off; 397 for (;;) { 398 if (buflen > data_len) 399 buflen = data_len; 400 data_len -= buflen; 401 for (k = 0; k < buflen; k++) { 402 crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8); 403 i = (i + 1) & 0xff; 404 j = (j + S[i]) & 0xff; 405 S_SWAP(i, j); 406 *pos++ ^= S[(S[i] + S[j]) & 0xff]; 407 } 408 if (m->m_next == NULL) { 409 if (data_len != 0) { /* out of data */ 410 IEEE80211_DPRINTF(ctx->wc_ic, 411 IEEE80211_MSG_CRYPTO, 412 "[%6D] out of data for WEP " 413 "(data_len %zu)\n", 414 mtod(m0, struct ieee80211_frame *)->i_addr2, 415 ":", data_len); 416 return 0; 417 } 418 break; 419 } 420 m = m->m_next; 421 pos = mtod(m, uint8_t *); 422 buflen = m->m_len; 423 } 424 crc = ~crc; 425 426 /* Append little-endian CRC32 and encrypt it to produce ICV */ 427 icv[0] = crc; 428 icv[1] = crc >> 8; 429 icv[2] = crc >> 16; 430 icv[3] = crc >> 24; 431 for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) { 432 i = (i + 1) & 0xff; 433 j = (j + S[i]) & 0xff; 434 S_SWAP(i, j); 435 icv[k] ^= S[(S[i] + S[j]) & 0xff]; 436 } 437 return ieee80211_mbuf_append(m0, IEEE80211_WEP_CRCLEN, icv); 438 #undef S_SWAP 439 } 440 441 static int 442 wep_decrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen) 443 { 444 #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0) 445 struct wep_ctx *ctx = key->wk_private; 446 struct mbuf *m = m0; 447 uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; 448 uint8_t icv[IEEE80211_WEP_CRCLEN]; 449 uint32_t i, j, k, crc; 450 size_t buflen, data_len; 451 uint8_t S[256]; 452 uint8_t *pos; 453 u_int off, keylen; 454 455 ctx->wc_ic->ic_stats.is_crypto_wep++; 456 457 /* NB: this assumes the header was pulled up */ 458 memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN); 459 memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen); 460 461 /* Setup RC4 state */ 462 for (i = 0; i < 256; i++) 463 S[i] = i; 464 j = 0; 465 keylen = key->wk_keylen + IEEE80211_WEP_IVLEN; 466 for (i = 0; i < 256; i++) { 467 j = (j + S[i] + rc4key[i % keylen]) & 0xff; 468 S_SWAP(i, j); 469 } 470 471 off = hdrlen + wep.ic_header; 472 data_len = m->m_pkthdr.len - (off + wep.ic_trailer), 473 474 /* Compute CRC32 over unencrypted data and apply RC4 to data */ 475 crc = ~0; 476 i = j = 0; 477 pos = mtod(m, uint8_t *) + off; 478 buflen = m->m_len - off; 479 for (;;) { 480 if (buflen > data_len) 481 buflen = data_len; 482 data_len -= buflen; 483 for (k = 0; k < buflen; k++) { 484 i = (i + 1) & 0xff; 485 j = (j + S[i]) & 0xff; 486 S_SWAP(i, j); 487 *pos ^= S[(S[i] + S[j]) & 0xff]; 488 crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8); 489 pos++; 490 } 491 m = m->m_next; 492 if (m == NULL) { 493 if (data_len != 0) { /* out of data */ 494 IEEE80211_DPRINTF(ctx->wc_ic, 495 IEEE80211_MSG_CRYPTO, 496 "[%s] out of data for WEP " 497 "(data_len %zu)\n", 498 mtod(m0, struct ieee80211_frame *)->i_addr2, 499 ":", data_len); 500 return 0; 501 } 502 break; 503 } 504 pos = mtod(m, uint8_t *); 505 buflen = m->m_len; 506 } 507 crc = ~crc; 508 509 /* Encrypt little-endian CRC32 and verify that it matches with 510 * received ICV */ 511 icv[0] = crc; 512 icv[1] = crc >> 8; 513 icv[2] = crc >> 16; 514 icv[3] = crc >> 24; 515 for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) { 516 i = (i + 1) & 0xff; 517 j = (j + S[i]) & 0xff; 518 S_SWAP(i, j); 519 /* XXX assumes ICV is contiguous in mbuf */ 520 if ((icv[k] ^ S[(S[i] + S[j]) & 0xff]) != *pos++) { 521 /* ICV mismatch - drop frame */ 522 return 0; 523 } 524 } 525 return 1; 526 #undef S_SWAP 527 } 528 529 /* 530 * Module glue. 531 */ 532 static int 533 wep_modevent(module_t mod, int type, void *unused) 534 { 535 switch (type) { 536 case MOD_LOAD: 537 ieee80211_crypto_register(&wep); 538 return 0; 539 case MOD_UNLOAD: 540 if (nrefs) { 541 kprintf("wlan_wep: still in use (%u dynamic refs)\n", 542 nrefs); 543 return EBUSY; 544 } 545 ieee80211_crypto_unregister(&wep); 546 return 0; 547 } 548 return EINVAL; 549 } 550 551 static moduledata_t wep_mod = { 552 "wlan_wep", 553 wep_modevent, 554 0 555 }; 556 DECLARE_MODULE(wlan_wep, wep_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST); 557 MODULE_VERSION(wlan_wep, 1); 558 MODULE_DEPEND(wlan_wep, wlan, 1, 1, 1); 559