iPXE
wep.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  */
19 
20 FILE_LICENCE ( GPL2_OR_LATER );
21 
22 #include <ipxe/net80211.h>
23 #include <ipxe/sec80211.h>
24 #include <ipxe/crypto.h>
25 #include <ipxe/arc4.h>
26 #include <ipxe/crc32.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <errno.h>
30 
31 /** @file
32  *
33  * The WEP wireless encryption method (insecure!)
34  *
35  * The data field in a WEP-encrypted packet contains a 3-byte
36  * initialisation vector, one-byte Key ID field (only the bottom two
37  * bits are ever used), encrypted data, and a 4-byte encrypted CRC of
38  * the plaintext data, called the ICV. To decrypt it, the IV is
39  * prepended to the shared key and the data stream (including ICV) is
40  * run through the ARC4 stream cipher; if the ICV matches a CRC32
41  * calculated on the plaintext, the packet is valid.
42  *
43  * For efficiency and code-size reasons, this file assumes it is
44  * running on a little-endian machine.
45  */
46 
47 /** Length of WEP initialisation vector */
48 #define WEP_IV_LEN 3
49 
50 /** Length of WEP key ID byte */
51 #define WEP_KID_LEN 1
52 
53 /** Length of WEP ICV checksum */
54 #define WEP_ICV_LEN 4
55 
56 /** Maximum length of WEP key */
57 #define WEP_MAX_KEY 16
58 
59 /** Amount of data placed before the encrypted bytes */
60 #define WEP_HEADER_LEN 4
61 
62 /** Amount of data placed after the encrypted bytes */
63 #define WEP_TRAILER_LEN 4
64 
65 /** Total WEP overhead bytes */
66 #define WEP_OVERHEAD 8
67 
68 /** Context for WEP encryption and decryption */
69 struct wep_ctx
70 {
71  /** Encoded WEP key
72  *
73  * The actual key bytes are stored beginning at offset 3, to
74  * leave room for easily inserting the IV before a particular
75  * operation.
76  */
78 
79  /** Length of WEP key (not including IV bytes) */
80  int keylen;
81 
82  /** ARC4 context */
83  struct arc4_ctx arc4;
84 };
85 
86 /**
87  * Initialize WEP algorithm
88  *
89  * @v crypto 802.11 cryptographic algorithm
90  * @v key WEP key to use
91  * @v keylen Length of WEP key
92  * @v rsc Initial receive sequence counter (unused)
93  * @ret rc Return status code
94  *
95  * Standard key lengths are 5 and 13 bytes; 16-byte keys are
96  * occasionally supported as an extension to the standard.
97  */
98 static int wep_init ( struct net80211_crypto *crypto, const void *key,
99  int keylen, const void *rsc __unused )
100 {
101  struct wep_ctx *ctx = crypto->priv;
102 
103  ctx->keylen = ( keylen > WEP_MAX_KEY ? WEP_MAX_KEY : keylen );
104  memcpy ( ctx->key + WEP_IV_LEN, key, ctx->keylen );
105 
106  return 0;
107 }
108 
109 /**
110  * Encrypt packet using WEP
111  *
112  * @v crypto 802.11 cryptographic algorithm
113  * @v iob I/O buffer of plaintext packet
114  * @ret eiob Newly allocated I/O buffer for encrypted packet, or NULL
115  *
116  * If memory allocation fails, @c NULL is returned.
117  */
118 static struct io_buffer * wep_encrypt ( struct net80211_crypto *crypto,
119  struct io_buffer *iob )
120 {
121  struct wep_ctx *ctx = crypto->priv;
122  struct io_buffer *eiob;
123  struct ieee80211_frame *hdr;
124  const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
125  int datalen = iob_len ( iob ) - hdrlen;
126  int newlen = hdrlen + datalen + WEP_OVERHEAD;
127  u32 iv, icv;
128 
129  eiob = alloc_iob ( newlen );
130  if ( ! eiob )
131  return NULL;
132 
133  memcpy ( iob_put ( eiob, hdrlen ), iob->data, hdrlen );
134  hdr = eiob->data;
136 
137  /* Calculate IV, put it in the header (with key ID byte = 0), and
138  set it up at the start of the encryption key. */
139  iv = random() & 0xffffff; /* IV in bottom 3 bytes, top byte = KID = 0 */
140  memcpy ( iob_put ( eiob, WEP_HEADER_LEN ), &iv, WEP_HEADER_LEN );
141  memcpy ( ctx->key, &iv, WEP_IV_LEN );
142 
143  /* Encrypt the data using RC4 */
144  cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
145  ctx->keylen + WEP_IV_LEN );
146  cipher_encrypt ( &arc4_algorithm, &ctx->arc4, iob->data + hdrlen,
147  iob_put ( eiob, datalen ), datalen );
148 
149  /* Add ICV */
150  icv = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
151  cipher_encrypt ( &arc4_algorithm, &ctx->arc4, &icv,
152  iob_put ( eiob, WEP_ICV_LEN ), WEP_ICV_LEN );
153 
154  return eiob;
155 }
156 
157 /**
158  * Decrypt packet using WEP
159  *
160  * @v crypto 802.11 cryptographic algorithm
161  * @v eiob I/O buffer of encrypted packet
162  * @ret iob Newly allocated I/O buffer for plaintext packet, or NULL
163  *
164  * If a consistency check for the decryption fails (usually indicating
165  * an invalid key), @c NULL is returned.
166  */
167 static struct io_buffer * wep_decrypt ( struct net80211_crypto *crypto,
168  struct io_buffer *eiob )
169 {
170  struct wep_ctx *ctx = crypto->priv;
171  struct io_buffer *iob;
172  struct ieee80211_frame *hdr;
173  const int hdrlen = IEEE80211_TYP_FRAME_HEADER_LEN;
174  int datalen = iob_len ( eiob ) - hdrlen - WEP_OVERHEAD;
175  int newlen = hdrlen + datalen;
176  u32 iv, icv, crc;
177 
178  iob = alloc_iob ( newlen );
179  if ( ! iob )
180  return NULL;
181 
182  memcpy ( iob_put ( iob, hdrlen ), eiob->data, hdrlen );
183  hdr = iob->data;
184  hdr->fc &= ~IEEE80211_FC_PROTECTED;
185 
186  /* Strip off IV and use it to initialize cryptosystem */
187  memcpy ( &iv, eiob->data + hdrlen, 4 );
188  iv &= 0xffffff; /* ignore key ID byte */
189  memcpy ( ctx->key, &iv, WEP_IV_LEN );
190 
191  /* Decrypt the data using RC4 */
192  cipher_setkey ( &arc4_algorithm, &ctx->arc4, ctx->key,
193  ctx->keylen + WEP_IV_LEN );
194  cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
195  WEP_HEADER_LEN, iob_put ( iob, datalen ), datalen );
196 
197  /* Strip off ICV and verify it */
198  cipher_decrypt ( &arc4_algorithm, &ctx->arc4, eiob->data + hdrlen +
200  crc = ~crc32_le ( ~0, iob->data + hdrlen, datalen );
201  if ( crc != icv ) {
202  DBGC ( crypto, "WEP %p CRC mismatch: expect %08x, get %08x\n",
203  crypto, icv, crc );
204  free_iob ( iob );
205  return NULL;
206  }
207  return iob;
208 }
209 
210 /** WEP cryptosystem for 802.11 */
211 struct net80211_crypto wep_crypto __net80211_crypto = {
213  .init = wep_init,
214  .encrypt = wep_encrypt,
215  .decrypt = wep_decrypt,
216  .priv_len = sizeof ( struct wep_ctx ),
217 };
218 
219 /**
220  * Initialize trivial 802.11 security handshaker
221  *
222  * @v dev 802.11 device
223  * @v ctx Security handshaker
224  *
225  * This simply fetches a WEP key from netX/key, and if it exists,
226  * installs WEP cryptography on the 802.11 device. No real handshaking
227  * is performed.
228  */
229 static int trivial_init ( struct net80211_device *dev )
230 {
231  u8 key[WEP_MAX_KEY]; /* support up to 128-bit keys */
232  int len;
233  int rc;
234 
235  if ( dev->associating &&
237  return 0; /* no crypto? OK. */
238 
240  &net80211_key_setting, key, WEP_MAX_KEY );
241 
242  if ( len <= 0 ) {
243  DBGC ( dev, "802.11 %p cannot do WEP without a key\n", dev );
244  return -EACCES;
245  }
246 
247  /* Full 128-bit keys are a nonstandard extension, but they're
248  utterly trivial to support, so we do. */
249  if ( len != 5 && len != 13 && len != 16 ) {
250  DBGC ( dev, "802.11 %p invalid WEP key length %d\n",
251  dev, len );
252  return -EINVAL;
253  }
254 
255  DBGC ( dev, "802.11 %p installing %d-bit WEP\n", dev, len * 8 );
256 
258  NULL );
259  if ( rc < 0 )
260  return rc;
261 
262  return 0;
263 }
264 
265 /**
266  * Check for key change on trivial 802.11 security handshaker
267  *
268  * @v dev 802.11 device
269  * @v ctx Security handshaker
270  */
271 static int trivial_change_key ( struct net80211_device *dev )
272 {
273  u8 key[WEP_MAX_KEY];
274  int len;
275  int change = 0;
276 
277  /* If going from WEP to clear, or something else to WEP, reassociate. */
278  if ( ! dev->crypto || ( dev->crypto->init != wep_init ) )
279  change ^= 1;
280 
282  &net80211_key_setting, key, WEP_MAX_KEY );
283  if ( len <= 0 )
284  change ^= 1;
285 
286  /* Changing crypto type => return nonzero to reassociate. */
287  if ( change )
288  return -EINVAL;
289 
290  /* Going from no crypto to still no crypto => nothing to do. */
291  if ( len <= 0 )
292  return 0;
293 
294  /* Otherwise, reinitialise WEP with new key. */
295  return wep_init ( dev->crypto, key, len, NULL );
296 }
297 
298 /** Trivial 802.11 security handshaker */
299 struct net80211_handshaker trivial_handshaker __net80211_handshaker = {
301  .init = trivial_init,
302  .change_key = trivial_change_key,
303  .priv_len = 0,
304 };
#define EINVAL
Invalid argument.
Definition: errno.h:428
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
enum net80211_crypto_alg crypto
Cryptographic algorithm used on the network.
Definition: net80211.h:1087
#define iob_put(iobuf, len)
Definition: iobuf.h:120
No security handshaking.
Definition: net80211.h:102
Error codes.
struct golan_inbox_hdr hdr
Message header.
Definition: CIB_PRM.h:28
Definition: arc4.h:10
void free_iob(struct io_buffer *iobuf)
Free I/O buffer.
Definition: iobuf.c:146
#define WEP_MAX_KEY
Maximum length of WEP key.
Definition: wep.c:57
#define DBGC(...)
Definition: compiler.h:505
An 802.11 data or management frame without QoS or WDS header fields.
Definition: ieee80211.h:300
FILE_LICENCE(GPL2_OR_LATER)
#define WEP_IV_LEN
Length of WEP initialisation vector.
Definition: wep.c:48
int fetch_raw_setting(struct settings *settings, const struct setting *setting, void *data, size_t len)
Fetch value of setting.
Definition: settings.c:803
Cryptographic API.
#define EACCES
Permission denied.
Definition: errno.h:298
Network protected with WEP (awful RC4-based system)
Definition: net80211.h:145
int(* init)(struct net80211_crypto *crypto, const void *key, int keylen, const void *rsc)
Initialize cryptosystem using a given key.
Definition: net80211.h:707
struct io_buffer * alloc_iob(size_t len)
Allocate I/O buffer.
Definition: iobuf.c:129
static struct settings * netdev_settings(struct net_device *netdev)
Get per-netdevice configuration settings block.
Definition: netdevice.h:583
Definitions for general secured-network routines.
u32 crc32_le(u32 seed, const void *data, size_t len)
Calculate 32-bit little-endian CRC checksum.
Definition: crc32.c:39
#define cipher_encrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:248
#define WEP_HEADER_LEN
Amount of data placed before the encrypted bytes.
Definition: wep.c:60
enum net80211_crypto_alg algorithm
The cryptographic algorithm implemented.
Definition: net80211.h:692
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static void const void size_t keylen
Definition: crypto.h:233
struct net80211_crypto * crypto
802.11 cryptosystem for our current network
Definition: net80211.h:940
u8 key[WEP_IV_LEN+WEP_MAX_KEY]
Encoded WEP key.
Definition: wep.c:77
#define IEEE80211_TYP_FRAME_HEADER_LEN
Frame header length for frames we might work with.
Definition: ieee80211.h:60
#define WEP_OVERHEAD
Total WEP overhead bytes.
Definition: wep.c:66
u8 rsc[8]
Receive sequence counter for GTK.
Definition: wpa.h:69
enum net80211_security_proto protocol
The security handshaking protocol implemented.
Definition: net80211.h:567
u16 datalen
Length of the data field in bytes, network byte order.
Definition: wpa.h:84
int sec80211_install(struct net80211_crypto **which, enum net80211_crypto_alg crypt, const void *key, int len, const void *rsc)
Install 802.11 cryptosystem.
Definition: sec80211.c:113
#define IEEE80211_FC_PROTECTED
802.11 Frame Control field: Protected flag
Definition: ieee80211.h:264
Context for WEP encryption and decryption.
Definition: wep.c:69
The iPXE 802.11 MAC layer.
int keylen
Length of WEP key (not including IV bytes)
Definition: wep.c:80
static size_t iob_len(struct io_buffer *iobuf)
Calculate length of data in an I/O buffer.
Definition: iobuf.h:155
Structure encapsulating the complete state of an 802.11 device.
Definition: net80211.h:786
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
No security, an "Open" network.
Definition: net80211.h:131
long int random(void)
Generate a pseudo-random number between 0 and 2147483647L or 2147483562?
Definition: random.c:31
static struct io_buffer * wep_decrypt(struct net80211_crypto *crypto, struct io_buffer *eiob)
Decrypt packet using WEP.
Definition: wep.c:167
#define cipher_decrypt(cipher, ctx, src, dst, len)
Definition: crypto.h:258
struct net80211_wlan * associating
Network with which we are associating.
Definition: net80211.h:866
Interface to an 802.11 security handshaking protocol.
Definition: net80211.h:564
void * priv
Private data for the algorithm to store key and state info.
Definition: net80211.h:766
static int wep_init(struct net80211_crypto *crypto, const void *key, int keylen, const void *rsc __unused)
Initialize WEP algorithm.
Definition: wep.c:98
static int trivial_init(struct net80211_device *dev)
Initialize trivial 802.11 security handshaker.
Definition: wep.c:229
struct cipher_algorithm arc4_algorithm
Definition: arc4.c:118
#define __unused
Declare a variable or data structure as unused.
Definition: compiler.h:573
struct net_device * netdev
The net_device that wraps us.
Definition: net80211.h:789
struct net80211_handshaker trivial_handshaker __net80211_handshaker
Trivial 802.11 security handshaker.
Definition: wep.c:299
#define WEP_ICV_LEN
Length of WEP ICV checksum.
Definition: wep.c:54
uint32_t len
Length.
Definition: ena.h:14
static void const void * iv
Definition: crypto.h:238
void * data
Start of data.
Definition: iobuf.h:48
static struct io_buffer * wep_encrypt(struct net80211_crypto *crypto, struct io_buffer *iob)
Encrypt packet using WEP.
Definition: wep.c:118
struct net80211_crypto wep_crypto __net80211_crypto
WEP cryptosystem for 802.11.
Definition: wep.c:211
static int trivial_change_key(struct net80211_device *dev)
Check for key change on trivial 802.11 security handshaker.
Definition: wep.c:271
Interface to an 802.11 cryptosystem.
Definition: net80211.h:689
struct arc4_ctx arc4
ARC4 context.
Definition: wep.c:83
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
String functions.
uint8_t u8
Definition: stdint.h:19
union @382 key
Sense key.
Definition: crypto.h:284
uint32_t u32
Definition: stdint.h:23
A persistent I/O buffer.
Definition: iobuf.h:33