1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
4  * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
88 wep_attach(struct ieee80211vap *vap, struct ieee80211_key *k)  in wep_attach()  argument
95 		vap->iv_stats.is_crypto_nomem++;  in wep_attach()
99 	ctx->wc_vap = vap;  in wep_attach()
100 	ctx->wc_ic = vap->iv_ic;  in wep_attach()
101 	net80211_get_random_bytes(&ctx->wc_iv, sizeof(ctx->wc_iv));  in wep_attach()
107 wep_detach(struct ieee80211_key *k)  in wep_detach()  argument
109 	struct wep_ctx *ctx = k->wk_private;  in wep_detach()
113 	nrefs--;			/* NB: we assume caller locking */  in wep_detach()
117 wep_setkey(struct ieee80211_key *k)  in wep_setkey()  argument
119 	return k->wk_keylen >= 40/NBBY;  in wep_setkey()
123 wep_setiv(struct ieee80211_key *k, uint8_t *ivp)  in wep_setiv()  argument
125 	struct wep_ctx *ctx = k->wk_private;  in wep_setiv()
126 	struct ieee80211vap *vap = ctx->wc_vap;  in wep_setiv()
130 	keyid = ieee80211_crypto_get_keyid(vap, k) << 6;  in wep_setiv()
135 	 * But no mechanism to renew keys is defined in IEEE 802.11  in wep_setiv()
141 	 * random one to start and then increment the value for  in wep_setiv()
151 	iv = ctx->wc_iv;  in wep_setiv()
157 	ctx->wc_iv = iv + 1;  in wep_setiv()
179 wep_encap(struct ieee80211_key *k, struct mbuf *m)  in wep_encap()  argument
181 	struct wep_ctx *ctx = k->wk_private;  in wep_encap()
182 	struct ieee80211com *ic = ctx->wc_ic;  in wep_encap()
193 	 * Check to see if IV is required.  in wep_encap()
195 	if (is_mgmt && (k->wk_flags & IEEE80211_KEY_NOIVMGT))  in wep_encap()
197 	if ((! is_mgmt) && (k->wk_flags & IEEE80211_KEY_NOIV))  in wep_encap()
210 	wep_setiv(k, ivp);  in wep_encap()
215 	if ((k->wk_flags & IEEE80211_KEY_SWENCRYPT) &&  in wep_encap()
216 	    !wep_encrypt(k, m, hdrlen))  in wep_encap()
223  * Add MIC to the frame as needed.
226 wep_enmic(struct ieee80211_key *k, struct mbuf *m, int force)  in wep_enmic()  argument
238 wep_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)  in wep_decap()  argument
240 	struct wep_ctx *ctx = k->wk_private;  in wep_decap()
241 	struct ieee80211vap *vap = ctx->wc_vap;  in wep_decap()
246 	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))  in wep_decap()
251 	 * If so we just strip the header; otherwise we need to  in wep_decap()
254 	if ((k->wk_flags & IEEE80211_KEY_SWDECRYPT) &&  in wep_decap()
255 	    !wep_decrypt(k, m, hdrlen)) {  in wep_decap()
261 		IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2,  in wep_decap()
263 		vap->iv_stats.is_rx_wepfail++;  in wep_decap()
274 	/* XXX TODO: do we have to strip this for offload devices? */  in wep_decap()
275 	m_adj(m, -wep.ic_trailer);  in wep_decap()
284 wep_demic(struct ieee80211_key *k, struct mbuf *skb, int force)  in wep_demic()  argument
348 	struct wep_ctx *ctx = key->wk_private;  in wep_encrypt()
349 	struct ieee80211vap *vap = ctx->wc_vap;  in wep_encrypt()
353 	uint32_t i, j, k, crc;  in wep_encrypt()  local
359 	vap->iv_stats.is_crypto_wep++;  in wep_encrypt()
363 	memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen);  in wep_encrypt()
368 	j = 0;  in wep_encrypt()
369 	keylen = key->wk_keylen + IEEE80211_WEP_IVLEN;  in wep_encrypt()
371 		j = (j + S[i] + rc4key[i % keylen]) & 0xff;  in wep_encrypt()
372 		S_SWAP(i, j);  in wep_encrypt()
376 	data_len = m->m_pkthdr.len - off;  in wep_encrypt()
378 	/* Compute CRC32 over unencrypted data and apply RC4 to data */  in wep_encrypt()
380 	i = j = 0;  in wep_encrypt()
382 	buflen = m->m_len - off;  in wep_encrypt()
386 		data_len -= buflen;  in wep_encrypt()
387 		for (k = 0; k < buflen; k++) {  in wep_encrypt()
390 			j = (j + S[i]) & 0xff;  in wep_encrypt()
391 			S_SWAP(i, j);  in wep_encrypt()
392 			*pos++ ^= S[(S[i] + S[j]) & 0xff];  in wep_encrypt()
394 		if (m->m_next == NULL) {  in wep_encrypt()
398 					struct ieee80211_frame *)->i_addr2),  in wep_encrypt()
406 		m = m->m_next;  in wep_encrypt()
408 		buflen = m->m_len;  in wep_encrypt()
412 	/* Append little-endian CRC32 and encrypt it to produce ICV */  in wep_encrypt()
417 	for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) {  in wep_encrypt()
419 		j = (j + S[i]) & 0xff;  in wep_encrypt()
420 		S_SWAP(i, j);  in wep_encrypt()
421 		icv[k] ^= S[(S[i] + S[j]) & 0xff];  in wep_encrypt()
431 	struct wep_ctx *ctx = key->wk_private;  in wep_decrypt()
432 	struct ieee80211vap *vap = ctx->wc_vap;  in wep_decrypt()
436 	uint32_t i, j, k, crc;  in wep_decrypt()  local
442 	vap->iv_stats.is_crypto_wep++;  in wep_decrypt()
446 	memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen);  in wep_decrypt()
451 	j = 0;  in wep_decrypt()
452 	keylen = key->wk_keylen + IEEE80211_WEP_IVLEN;  in wep_decrypt()
454 		j = (j + S[i] + rc4key[i % keylen]) & 0xff;  in wep_decrypt()
455 		S_SWAP(i, j);  in wep_decrypt()
459 	data_len = m->m_pkthdr.len - (off + wep.ic_trailer);  in wep_decrypt()
461 	/* Compute CRC32 over unencrypted data and apply RC4 to data */  in wep_decrypt()
463 	i = j = 0;  in wep_decrypt()
465 	buflen = m->m_len - off;  in wep_decrypt()
469 		data_len -= buflen;  in wep_decrypt()
470 		for (k = 0; k < buflen; k++) {  in wep_decrypt()
472 			j = (j + S[i]) & 0xff;  in wep_decrypt()
473 			S_SWAP(i, j);  in wep_decrypt()
474 			*pos ^= S[(S[i] + S[j]) & 0xff];  in wep_decrypt()
478 		m = m->m_next;  in wep_decrypt()
482 				    mtod(m0, struct ieee80211_frame *)->i_addr2,  in wep_decrypt()
490 		buflen = m->m_len;  in wep_decrypt()
494 	/* Encrypt little-endian CRC32 and verify that it matches with  in wep_decrypt()
500 	for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) {  in wep_decrypt()
502 		j = (j + S[i]) & 0xff;  in wep_decrypt()
503 		S_SWAP(i, j);  in wep_decrypt()
505 		if ((icv[k] ^ S[(S[i] + S[j]) & 0xff]) != *pos++) {  in wep_decrypt()
506 			/* ICV mismatch - drop frame */  in wep_decrypt()