iPXE
wep.c
Go to the documentation of this file.
00001 /*
00002  * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
00003  *
00004  * This program is free software; you can redistribute it and/or
00005  * modify it under the terms of the GNU General Public License as
00006  * published by the Free Software Foundation; either version 2 of the
00007  * License, or any later version.
00008  *
00009  * This program is distributed in the hope that it will be useful, but
00010  * WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  * General Public License for more details.
00013  *
00014  * You should have received a copy of the GNU General Public License
00015  * along with this program; if not, write to the Free Software
00016  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00017  * 02110-1301, USA.
00018  */
00019 
00020 FILE_LICENCE ( GPL2_OR_LATER );
00021 
00022 #include <ipxe/net80211.h>
00023 #include <ipxe/sec80211.h>
00024 #include <ipxe/crypto.h>
00025 #include <ipxe/arc4.h>
00026 #include <ipxe/crc32.h>
00027 #include <stdlib.h>
00028 #include <string.h>
00029 #include <errno.h>
00030 
00031 /** @file
00032  *
00033  * The WEP wireless encryption method (insecure!)
00034  *
00035  * The data field in a WEP-encrypted packet contains a 3-byte
00036  * initialisation vector, one-byte Key ID field (only the bottom two
00037  * bits are ever used), encrypted data, and a 4-byte encrypted CRC of
00038  * the plaintext data, called the ICV. To decrypt it, the IV is
00039  * prepended to the shared key and the data stream (including ICV) is
00040  * run through the ARC4 stream cipher; if the ICV matches a CRC32
00041  * calculated on the plaintext, the packet is valid.
00042  *
00043  * For efficiency and code-size reasons, this file assumes it is
00044  * running on a little-endian machine.
00045  */
00046 
00047 /** Length of WEP initialisation vector */
00048 #define WEP_IV_LEN      3
00049 
00050 /** Length of WEP key ID byte */
00051 #define WEP_KID_LEN     1
00052 
00053 /** Length of WEP ICV checksum */
00054 #define WEP_ICV_LEN     4
00055 
00056 /** Maximum length of WEP key */
00057 #define WEP_MAX_KEY     16
00058 
00059 /** Amount of data placed before the encrypted bytes */
00060 #define WEP_HEADER_LEN  4
00061 
00062 /** Amount of data placed after the encrypted bytes */
00063 #define WEP_TRAILER_LEN 4
00064 
00065 /** Total WEP overhead bytes */
00066 #define WEP_OVERHEAD    8
00067 
00068 /** Context for WEP encryption and decryption */
00069 struct wep_ctx
00070 {
00071         /** Encoded WEP key
00072          *
00073          * The actual key bytes are stored beginning at offset 3, to
00074          * leave room for easily inserting the IV before a particular
00075          * operation.
00076          */
00077         u8 key[WEP_IV_LEN + WEP_MAX_KEY];
00078 
00079         /** Length of WEP key (not including IV bytes) */
00080         int keylen;
00081 
00082         /** ARC4 context */
00083         struct arc4_ctx arc4;
00084 };
00085 
00086 /**
00087  * Initialize WEP algorithm
00088  *
00089  * @v crypto    802.11 cryptographic algorithm
00090  * @v key       WEP key to use
00091  * @v keylen    Length of WEP key
00092  * @v rsc       Initial receive sequence counter (unused)
00093  * @ret rc      Return status code
00094  *
00095  * Standard key lengths are 5 and 13 bytes; 16-byte keys are
00096  * occasionally supported as an extension to the standard.
00097  */
00098 static int wep_init ( struct net80211_crypto *crypto, const void *key,
00099                       int keylen, const void *rsc __unused )
00100 {
00101         struct wep_ctx *ctx = crypto->priv;
00102 
00103         ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen );
00104         memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen );
00105 
00106         return 0;
00107 }
00108 
00109 /**
00110  * Encrypt packet using WEP
00111  *
00112  * @v crypto    802.11 cryptographic algorithm
00113  * @v iob       I/O buffer of plaintext packet
00114  * @ret eiob    Newly allocated I/O buffer for encrypted packet, or NULL
00115  *
00116  * If memory allocation fails, @c NULL is returned.
00117  */
00118 static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto,
00119                                         struct io_buffer *iob )
00120 {
00121         struct wep_ctx *ctx = crypto->priv;
00122         struct io_buffer *eiob;
00123         struct ieee80211_frame *hdr;
00124         const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
00125         int datalen = iob_len ( iob ) - hdrlen;
00126         int newlen = hdrlen + datalen + WEP_OVERHEAD;
00127         u32 iv, icv;
00128 
00129         eiob = alloc_iob ( newlen );
00130         if ( ! eiob )
00131                 return NULL;
00132 
00133         memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
00134         hdr = eiob->data;
00135         hdr->fc |= IEEE80211_FC_PROTECTED;
00136 
00137         /* Calculate IV, put it in the header (with key ID byte = 0), and
00138            set it up at the start of the encryption key. */
00139         iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */
00140         memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN );
00141         memcpy ( ctx->key, &iv, WEP_IV_LEN );
00142 
00143         /* Encrypt the data using RC4 */
00144         cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
00145                         ctx->keylen + WEP_IV_LEN );
00146         cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen,
00147                          iob_put ( eiob, datalen ), datalen );
00148 
00149         /* Add ICV */
00150         icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
00151         cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv,
00152                          iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN );
00153 
00154         return eiob;
00155 }
00156 
00157 /**
00158  * Decrypt packet using WEP
00159  *
00160  * @v crypto    802.11 cryptographic algorithm
00161  * @v eiob      I/O buffer of encrypted packet
00162  * @ret iob     Newly allocated I/O buffer for plaintext packet, or NULL
00163  *
00164  * If a consistency check for the decryption fails (usually indicating
00165  * an invalid key), @c NULL is returned.
00166  */
00167 static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto,
00168                                         struct io_buffer *eiob )
00169 {
00170         struct wep_ctx *ctx = crypto->priv;
00171         struct io_buffer *iob;
00172         struct ieee80211_frame *hdr;
00173         const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
00174         int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD;
00175         int newlen = hdrlen + datalen;
00176         u32 iv, icv, crc;
00177 
00178         iob = alloc_iob ( newlen );
00179         if ( ! iob )
00180                 return NULL;
00181 
00182         memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
00183         hdr = iob->data;
00184         hdr->fc &= ~IEEE80211_FC_PROTECTED;
00185 
00186         /* Strip off IV and use it to initialize cryptosystem */
00187         memcpy ( &iv, eiob->data + hdrlen, 4 );
00188         iv &= 0xffffff;         /* ignore key ID byte */
00189         memcpy ( ctx->key, &iv, WEP_IV_LEN );
00190 
00191         /* Decrypt the data using RC4 */
00192         cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
00193                         ctx->keylen + WEP_IV_LEN );
00194         cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
00195                          WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen );
00196 
00197         /* Strip off ICV and verify it */
00198         cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
00199                          WEP_HEADER_LEN + datalen, &icv, WEP_ICV_LEN );
00200         crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
00201         if ( crc != icv ) {
00202                 DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n",
00203                        crypto, icv, crc );
00204                 free_iob ( iob );
00205                 return NULL;
00206         }
00207         return iob;
00208 }
00209 
00210 /** WEP cryptosystem for 802.11 */
00211 struct net80211_crypto wep_crypto __net80211_crypto = {
00212         .algorithm = NET80211_CRYPT_WEP,
00213         .init = wep_init,
00214         .encrypt = wep_encrypt,
00215         .decrypt = wep_decrypt,
00216         .priv_len = sizeof ( struct wep_ctx ),
00217 };
00218 
00219 /**
00220  * Initialize trivial 802.11 security handshaker
00221  *
00222  * @v dev       802.11 device
00223  * @v ctx       Security handshaker
00224  *
00225  * This simply fetches a WEP key from netX/key, and if it exists,
00226  * installs WEP cryptography on the 802.11 device. No real handshaking
00227  * is performed.
00228  */
00229 static int trivial_init ( struct net80211_device *dev )
00230 {
00231         u8 key[WEP_MAX_KEY];    /* support up to 128-bit keys */
00232         int len;
00233         int rc;
00234 
00235         if ( dev->associating &&
00236              dev->associating->crypto == NET80211_CRYPT_NONE )
00237                 return 0;       /* no crypto? OK. */
00238 
00239         len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
00240                                   &net80211_key_setting, key, WEP_MAX_KEY );
00241 
00242         if ( len <= 0 ) {
00243                 DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev );
00244                 return -EACCES;
00245         }
00246 
00247         /* Full 128-bit keys are a nonstandard extension, but they're
00248            utterly trivial to support, so we do. */
00249         if ( len != 5 && len != 13 && len != 16 ) {
00250                 DBGC ( dev, "802.11 %p invalid WEP key length %d\n",
00251                        dev, len );
00252                 return -EINVAL;
00253         }
00254 
00255         DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 );
00256 
00257         rc = sec80211_install ( &dev->crypto, NET80211_CRYPT_WEP, key, len,
00258                                 NULL );
00259         if ( rc < 0 )
00260                 return rc;
00261 
00262         return 0;
00263 }
00264 
00265 /**
00266  * Check for key change on trivial 802.11 security handshaker
00267  *
00268  * @v dev       802.11 device
00269  * @v ctx       Security handshaker
00270  */
00271 static int trivial_change_key ( struct net80211_device *dev )
00272 {
00273         u8 key[WEP_MAX_KEY];
00274         int len;
00275         int change = 0;
00276 
00277         /* If going from WEP to clear, or something else to WEP, reassociate. */
00278         if ( ! dev->crypto || ( dev->crypto->init != wep_init ) )
00279                 change ^= 1;
00280 
00281         len = fetch_raw_setting ( netdev_settings ( dev->netdev ),
00282                                   &net80211_key_setting, key, WEP_MAX_KEY );
00283         if ( len <= 0 )
00284                 change ^= 1;
00285 
00286         /* Changing crypto type => return nonzero to reassociate. */
00287         if ( change )
00288                 return -EINVAL;
00289 
00290         /* Going from no crypto to still no crypto => nothing to do. */
00291         if ( len <= 0 )
00292                 return 0;
00293 
00294         /* Otherwise, reinitialise WEP with new key. */
00295         return wep_init ( dev->crypto, key, len, NULL );
00296 }
00297 
00298 /** Trivial 802.11 security handshaker */
00299 struct net80211_handshaker trivial_handshaker __net80211_handshaker = {
00300         .protocol = NET80211_SECPROT_NONE,
00301         .init = trivial_init,
00302         .change_key = trivial_change_key,
00303         .priv_len = 0,
00304 };