xref: /freebsd/sys/net80211/ieee80211_crypto_wep.c (revision 168fce73b59d6023cab45d063a452551a1f2103e)
1 /*-
2  * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28 
29 /*
30  * IEEE 802.11 WEP crypto support.
31  */
32 #include "opt_wlan.h"
33 
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/mbuf.h>
37 #include <sys/malloc.h>
38 #include <sys/kernel.h>
39 #include <sys/module.h>
40 #include <sys/endian.h>
41 
42 #include <sys/socket.h>
43 
44 #include <net/if.h>
45 #include <net/if_media.h>
46 #include <net/ethernet.h>
47 
48 #include <net80211/ieee80211_var.h>
49 
50 static	void *wep_attach(struct ieee80211vap *, struct ieee80211_key *);
51 static	void wep_detach(struct ieee80211_key *);
52 static	int wep_setkey(struct ieee80211_key *);
53 static	void wep_setiv(struct ieee80211_key *, uint8_t *);
54 static	int wep_encap(struct ieee80211_key *, struct mbuf *);
55 static	int wep_decap(struct ieee80211_key *, struct mbuf *, int);
56 static	int wep_enmic(struct ieee80211_key *, struct mbuf *, int);
57 static	int wep_demic(struct ieee80211_key *, struct mbuf *, int);
58 
59 static const struct ieee80211_cipher wep = {
60 	.ic_name	= "WEP",
61 	.ic_cipher	= IEEE80211_CIPHER_WEP,
62 	.ic_header	= IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN,
63 	.ic_trailer	= IEEE80211_WEP_CRCLEN,
64 	.ic_miclen	= 0,
65 	.ic_attach	= wep_attach,
66 	.ic_detach	= wep_detach,
67 	.ic_setkey	= wep_setkey,
68 	.ic_setiv	= wep_setiv,
69 	.ic_encap	= wep_encap,
70 	.ic_decap	= wep_decap,
71 	.ic_enmic	= wep_enmic,
72 	.ic_demic	= wep_demic,
73 };
74 
75 static	int wep_encrypt(struct ieee80211_key *, struct mbuf *, int hdrlen);
76 static	int wep_decrypt(struct ieee80211_key *, struct mbuf *, int hdrlen);
77 
78 struct wep_ctx {
79 	struct ieee80211vap *wc_vap;	/* for diagnostics+statistics */
80 	struct ieee80211com *wc_ic;
81 	uint32_t	wc_iv;		/* initial vector for crypto */
82 };
83 
84 /* number of references from net80211 layer */
85 static	int nrefs = 0;
86 
87 static void *
88 wep_attach(struct ieee80211vap *vap, struct ieee80211_key *k)
89 {
90 	struct wep_ctx *ctx;
91 
92 	ctx = (struct wep_ctx *) IEEE80211_MALLOC(sizeof(struct wep_ctx),
93 		M_80211_CRYPTO, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
94 	if (ctx == NULL) {
95 		vap->iv_stats.is_crypto_nomem++;
96 		return NULL;
97 	}
98 
99 	ctx->wc_vap = vap;
100 	ctx->wc_ic = vap->iv_ic;
101 	get_random_bytes(&ctx->wc_iv, sizeof(ctx->wc_iv));
102 	nrefs++;			/* NB: we assume caller locking */
103 	return ctx;
104 }
105 
106 static void
107 wep_detach(struct ieee80211_key *k)
108 {
109 	struct wep_ctx *ctx = k->wk_private;
110 
111 	IEEE80211_FREE(ctx, M_80211_CRYPTO);
112 	KASSERT(nrefs > 0, ("imbalanced attach/detach"));
113 	nrefs--;			/* NB: we assume caller locking */
114 }
115 
116 static int
117 wep_setkey(struct ieee80211_key *k)
118 {
119 	return k->wk_keylen >= 40/NBBY;
120 }
121 
122 static void
123 wep_setiv(struct ieee80211_key *k, uint8_t *ivp)
124 {
125 	struct wep_ctx *ctx = k->wk_private;
126 	struct ieee80211vap *vap = ctx->wc_vap;
127 	uint32_t iv;
128 	uint8_t keyid;
129 
130 	keyid = ieee80211_crypto_get_keyid(vap, k) << 6;
131 
132 	/*
133 	 * XXX
134 	 * IV must not duplicate during the lifetime of the key.
135 	 * But no mechanism to renew keys is defined in IEEE 802.11
136 	 * for WEP.  And the IV may be duplicated at other stations
137 	 * because the session key itself is shared.  So we use a
138 	 * pseudo random IV for now, though it is not the right way.
139 	 *
140 	 * NB: Rather than use a strictly random IV we select a
141 	 * random one to start and then increment the value for
142 	 * each frame.  This is an explicit tradeoff between
143 	 * overhead and security.  Given the basic insecurity of
144 	 * WEP this seems worthwhile.
145 	 */
146 
147 	/*
148 	 * Skip 'bad' IVs from Fluhrer/Mantin/Shamir:
149 	 * (B, 255, N) with 3 <= B < 16 and 0 <= N <= 255
150 	 */
151 	iv = ctx->wc_iv;
152 	if ((iv & 0xff00) == 0xff00) {
153 		int B = (iv & 0xff0000) >> 16;
154 		if (3 <= B && B < 16)
155 			iv += 0x0100;
156 	}
157 	ctx->wc_iv = iv + 1;
158 
159 	/*
160 	 * NB: Preserve byte order of IV for packet
161 	 *     sniffers; it doesn't matter otherwise.
162 	 */
163 #if _BYTE_ORDER == _BIG_ENDIAN
164 	ivp[0] = iv >> 0;
165 	ivp[1] = iv >> 8;
166 	ivp[2] = iv >> 16;
167 #else
168 	ivp[2] = iv >> 0;
169 	ivp[1] = iv >> 8;
170 	ivp[0] = iv >> 16;
171 #endif
172 	ivp[3] = keyid;
173 }
174 
175 /*
176  * Add privacy headers appropriate for the specified key.
177  */
178 static int
179 wep_encap(struct ieee80211_key *k, struct mbuf *m)
180 {
181 	struct wep_ctx *ctx = k->wk_private;
182 	struct ieee80211com *ic = ctx->wc_ic;
183 	uint8_t *ivp;
184 	int hdrlen;
185 
186 	hdrlen = ieee80211_hdrspace(ic, mtod(m, void *));
187 
188 	/*
189 	 * Copy down 802.11 header and add the IV + KeyID.
190 	 */
191 	M_PREPEND(m, wep.ic_header, M_NOWAIT);
192 	if (m == NULL)
193 		return 0;
194 	ivp = mtod(m, uint8_t *);
195 	ovbcopy(ivp + wep.ic_header, ivp, hdrlen);
196 	ivp += hdrlen;
197 
198 	wep_setiv(k, ivp);
199 
200 	/*
201 	 * Finally, do software encrypt if needed.
202 	 */
203 	if ((k->wk_flags & IEEE80211_KEY_SWENCRYPT) &&
204 	    !wep_encrypt(k, m, hdrlen))
205 		return 0;
206 
207 	return 1;
208 }
209 
210 /*
211  * Add MIC to the frame as needed.
212  */
213 static int
214 wep_enmic(struct ieee80211_key *k, struct mbuf *m, int force)
215 {
216 
217 	return 1;
218 }
219 
220 /*
221  * Validate and strip privacy headers (and trailer) for a
222  * received frame.  If necessary, decrypt the frame using
223  * the specified key.
224  */
225 static int
226 wep_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
227 {
228 	struct wep_ctx *ctx = k->wk_private;
229 	struct ieee80211vap *vap = ctx->wc_vap;
230 	struct ieee80211_frame *wh;
231 
232 	wh = mtod(m, struct ieee80211_frame *);
233 
234 	/*
235 	 * Check if the device handled the decrypt in hardware.
236 	 * If so we just strip the header; otherwise we need to
237 	 * handle the decrypt in software.
238 	 */
239 	if ((k->wk_flags & IEEE80211_KEY_SWDECRYPT) &&
240 	    !wep_decrypt(k, m, hdrlen)) {
241 		IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2,
242 		    "%s", "WEP ICV mismatch on decrypt");
243 		vap->iv_stats.is_rx_wepfail++;
244 		return 0;
245 	}
246 
247 	/*
248 	 * Copy up 802.11 header and strip crypto bits.
249 	 */
250 	ovbcopy(mtod(m, void *), mtod(m, uint8_t *) + wep.ic_header, hdrlen);
251 	m_adj(m, wep.ic_header);
252 	m_adj(m, -wep.ic_trailer);
253 
254 	return 1;
255 }
256 
257 /*
258  * Verify and strip MIC from the frame.
259  */
260 static int
261 wep_demic(struct ieee80211_key *k, struct mbuf *skb, int force)
262 {
263 	return 1;
264 }
265 
266 static const uint32_t crc32_table[256] = {
267 	0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
268 	0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
269 	0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
270 	0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
271 	0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
272 	0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
273 	0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
274 	0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
275 	0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
276 	0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
277 	0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
278 	0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
279 	0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
280 	0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
281 	0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
282 	0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
283 	0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
284 	0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
285 	0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
286 	0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
287 	0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
288 	0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
289 	0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
290 	0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
291 	0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
292 	0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
293 	0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
294 	0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
295 	0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
296 	0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
297 	0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
298 	0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
299 	0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
300 	0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
301 	0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
302 	0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
303 	0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
304 	0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
305 	0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
306 	0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
307 	0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
308 	0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
309 	0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
310 	0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
311 	0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
312 	0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
313 	0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
314 	0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
315 	0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
316 	0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
317 	0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
318 	0x2d02ef8dL
319 };
320 
321 static int
322 wep_encrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen)
323 {
324 #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0)
325 	struct wep_ctx *ctx = key->wk_private;
326 	struct ieee80211vap *vap = ctx->wc_vap;
327 	struct mbuf *m = m0;
328 	uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
329 	uint8_t icv[IEEE80211_WEP_CRCLEN];
330 	uint32_t i, j, k, crc;
331 	size_t buflen, data_len;
332 	uint8_t S[256];
333 	uint8_t *pos;
334 	u_int off, keylen;
335 
336 	vap->iv_stats.is_crypto_wep++;
337 
338 	/* NB: this assumes the header was pulled up */
339 	memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN);
340 	memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen);
341 
342 	/* Setup RC4 state */
343 	for (i = 0; i < 256; i++)
344 		S[i] = i;
345 	j = 0;
346 	keylen = key->wk_keylen + IEEE80211_WEP_IVLEN;
347 	for (i = 0; i < 256; i++) {
348 		j = (j + S[i] + rc4key[i % keylen]) & 0xff;
349 		S_SWAP(i, j);
350 	}
351 
352 	off = hdrlen + wep.ic_header;
353 	data_len = m->m_pkthdr.len - off;
354 
355 	/* Compute CRC32 over unencrypted data and apply RC4 to data */
356 	crc = ~0;
357 	i = j = 0;
358 	pos = mtod(m, uint8_t *) + off;
359 	buflen = m->m_len - off;
360 	for (;;) {
361 		if (buflen > data_len)
362 			buflen = data_len;
363 		data_len -= buflen;
364 		for (k = 0; k < buflen; k++) {
365 			crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8);
366 			i = (i + 1) & 0xff;
367 			j = (j + S[i]) & 0xff;
368 			S_SWAP(i, j);
369 			*pos++ ^= S[(S[i] + S[j]) & 0xff];
370 		}
371 		if (m->m_next == NULL) {
372 			if (data_len != 0) {		/* out of data */
373 				IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
374 				    ether_sprintf(mtod(m0,
375 					struct ieee80211_frame *)->i_addr2),
376 				    "out of data for WEP (data_len %zu)",
377 				    data_len);
378 				/* XXX stat */
379 				return 0;
380 			}
381 			break;
382 		}
383 		m = m->m_next;
384 		pos = mtod(m, uint8_t *);
385 		buflen = m->m_len;
386 	}
387 	crc = ~crc;
388 
389 	/* Append little-endian CRC32 and encrypt it to produce ICV */
390 	icv[0] = crc;
391 	icv[1] = crc >> 8;
392 	icv[2] = crc >> 16;
393 	icv[3] = crc >> 24;
394 	for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) {
395 		i = (i + 1) & 0xff;
396 		j = (j + S[i]) & 0xff;
397 		S_SWAP(i, j);
398 		icv[k] ^= S[(S[i] + S[j]) & 0xff];
399 	}
400 	return m_append(m0, IEEE80211_WEP_CRCLEN, icv);
401 #undef S_SWAP
402 }
403 
404 static int
405 wep_decrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen)
406 {
407 #define S_SWAP(a,b) do { uint8_t t = S[a]; S[a] = S[b]; S[b] = t; } while(0)
408 	struct wep_ctx *ctx = key->wk_private;
409 	struct ieee80211vap *vap = ctx->wc_vap;
410 	struct mbuf *m = m0;
411 	uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
412 	uint8_t icv[IEEE80211_WEP_CRCLEN];
413 	uint32_t i, j, k, crc;
414 	size_t buflen, data_len;
415 	uint8_t S[256];
416 	uint8_t *pos;
417 	u_int off, keylen;
418 
419 	vap->iv_stats.is_crypto_wep++;
420 
421 	/* NB: this assumes the header was pulled up */
422 	memcpy(rc4key, mtod(m, uint8_t *) + hdrlen, IEEE80211_WEP_IVLEN);
423 	memcpy(rc4key + IEEE80211_WEP_IVLEN, key->wk_key, key->wk_keylen);
424 
425 	/* Setup RC4 state */
426 	for (i = 0; i < 256; i++)
427 		S[i] = i;
428 	j = 0;
429 	keylen = key->wk_keylen + IEEE80211_WEP_IVLEN;
430 	for (i = 0; i < 256; i++) {
431 		j = (j + S[i] + rc4key[i % keylen]) & 0xff;
432 		S_SWAP(i, j);
433 	}
434 
435 	off = hdrlen + wep.ic_header;
436 	data_len = m->m_pkthdr.len - (off + wep.ic_trailer);
437 
438 	/* Compute CRC32 over unencrypted data and apply RC4 to data */
439 	crc = ~0;
440 	i = j = 0;
441 	pos = mtod(m, uint8_t *) + off;
442 	buflen = m->m_len - off;
443 	for (;;) {
444 		if (buflen > data_len)
445 			buflen = data_len;
446 		data_len -= buflen;
447 		for (k = 0; k < buflen; k++) {
448 			i = (i + 1) & 0xff;
449 			j = (j + S[i]) & 0xff;
450 			S_SWAP(i, j);
451 			*pos ^= S[(S[i] + S[j]) & 0xff];
452 			crc = crc32_table[(crc ^ *pos) & 0xff] ^ (crc >> 8);
453 			pos++;
454 		}
455 		m = m->m_next;
456 		if (m == NULL) {
457 			if (data_len != 0) {		/* out of data */
458 				IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
459 				    mtod(m0, struct ieee80211_frame *)->i_addr2,
460 				    "out of data for WEP (data_len %zu)",
461 				    data_len);
462 				return 0;
463 			}
464 			break;
465 		}
466 		pos = mtod(m, uint8_t *);
467 		buflen = m->m_len;
468 	}
469 	crc = ~crc;
470 
471 	/* Encrypt little-endian CRC32 and verify that it matches with
472 	 * received ICV */
473 	icv[0] = crc;
474 	icv[1] = crc >> 8;
475 	icv[2] = crc >> 16;
476 	icv[3] = crc >> 24;
477 	for (k = 0; k < IEEE80211_WEP_CRCLEN; k++) {
478 		i = (i + 1) & 0xff;
479 		j = (j + S[i]) & 0xff;
480 		S_SWAP(i, j);
481 		/* XXX assumes ICV is contiguous in mbuf */
482 		if ((icv[k] ^ S[(S[i] + S[j]) & 0xff]) != *pos++) {
483 			/* ICV mismatch - drop frame */
484 			return 0;
485 		}
486 	}
487 	return 1;
488 #undef S_SWAP
489 }
490 
491 /*
492  * Module glue.
493  */
494 IEEE80211_CRYPTO_MODULE(wep, 1);
495