root/dev/ic/awi_wep.c

DEFINITIONS

1. arc4_ctxlen
2. arc4_setkey
3. arc4_encrypt
4. awi_wep_setnwkey
5. awi_wep_getnwkey
6. awi_wep_getalgo
7. awi_wep_setalgo
8. awi_wep_setkey
9. awi_wep_getkey
10. awi_wep_encrypt
11. awi_crc_init
12. awi_crc_update
13. awi_null_ctxlen
14. awi_null_setkey
15. awi_null_copy

    1 /*      $OpenBSD: awi_wep.c,v 1.13 2005/02/21 11:16:00 dlg Exp $        */
    2 /*      $NetBSD: awi_wep.c,v 1.2 2000/07/04 14:47:58 onoe Exp $ */
    4 /*
    5  * Copyright (c) 2000 The NetBSD Foundation, Inc.
    6  * All rights reserved.
    7  *
    8  * This code is derived from software contributed to The NetBSD Foundation
    9  * by Atsushi Onoe.
   10  *
   11  * Redistribution and use in source and binary forms, with or without
   12  * modification, are permitted provided that the following conditions
   13  * are met:
   14  * 1. Redistributions of source code must retain the above copyright
   15  *    notice, this list of conditions and the following disclaimer.
   16  * 2. Redistributions in binary form must reproduce the above copyright
   17  *    notice, this list of conditions and the following disclaimer in the
   18  *    documentation and/or other materials provided with the distribution.
   19  * 3. All advertising materials mentioning features or use of this software
   20  *    must display the following acknowledgement:
   21  *      This product includes software developed by the NetBSD
   22  *      Foundation, Inc. and its contributors.
   23  * 4. Neither the name of The NetBSD Foundation nor the names of its
   24  *    contributors may be used to endorse or promote products derived
   25  *    from this software without specific prior written permission.
   26  *
   27  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
   28  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
   29  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   30  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
   31  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   32  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   33  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   34  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   35  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   36  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   37  * POSSIBILITY OF SUCH DAMAGE.
   38  */
   40 /*
   41  * WEP support framework for the awi driver.
   42  *
   43  * No actual encryption capability is provided here, but any can be added
   44  * to awi_wep_algo table below.
   45  *
   46  * Note that IEEE802.11 specification states WEP uses RC4 with 40bit key,
   47  * which is a proprietary encryption algorithm available under license
   48  * from RSA Data Security Inc.  Using another algorithm, includes null
   49  * encryption provided here, the awi driver cannot be able to communicate
   50  * with other stations.
   51  */
   53 #include <sys/param.h>
   54 #include <sys/systm.h>
   55 #include <sys/kernel.h>
   56 #include <sys/mbuf.h>
   57 #include <sys/malloc.h>
   58 #include <sys/proc.h>
   59 #include <sys/socket.h>
   60 #include <sys/errno.h>
   61 #include <sys/sockio.h>
   62 #if defined(__FreeBSD__) && __FreeBSD__ >= 4
   63 #include <sys/bus.h>
   64 #else
   65 #include <sys/device.h>
   66 #endif
   68 #include <net/if.h>
   69 #include <net/if_dl.h>
   70 #ifdef __FreeBSD__
   71 #include <net/ethernet.h>
   72 #include <net/if_arp.h>
   73 #elif defined(__OpenBSD__)
   74 #include <netinet/in.h>
   75 #include <netinet/if_ether.h>
   76 #else
   77 #include <net/if_ether.h>
   78 #endif
   79 #include <net/if_media.h>
   80 #include <net80211/ieee80211.h>
   81 #include <net80211/ieee80211_ioctl.h>
   83 #include <machine/cpu.h>
   84 #include <machine/bus.h>
   85 #ifdef __FreeBSD__
   86 #include <machine/clock.h>
   87 #endif
   89 #if defined(__NetBSD__) || defined(__OpenBSD__)
   90 #include <dev/ic/am79c930reg.h>
   91 #include <dev/ic/am79c930var.h>
   92 #include <dev/ic/awireg.h>
   93 #include <dev/ic/awivar.h>
   94 #include <dev/rndvar.h>
   95 #endif
   97 #ifdef __OpenBSD__
   98 #include <dev/rndvar.h>
   99 #endif
  101 #ifdef __OpenBSD__
  102 #include <dev/rndvar.h>
  103 #endif
  105 #ifdef __NetBSD__
  106 #include <crypto/arc4/arc4.h>
  107 #endif
  109 #ifdef __FreeBSD__
  110 #include <dev/awi/am79c930reg.h>
  111 #include <dev/awi/am79c930var.h>
  112 #include <dev/awi/awireg.h>
  113 #include <dev/awi/awivar.h>
  115 #include <crypto/rc4/rc4.h>
  116 static __inline int
arc4_ctxlen(void)
  118 {
  119         return sizeof(struct rc4_state);
  120 }
  122 static __inline void
arc4_setkey(void *ctx, u_int8_t *key, int keylen)
  124 {
rc4_init(ctx, key, keylen);
  126 }
  128 static __inline void
arc4_encrypt(void *ctx, u_int8_t *dst, u_int8_t *src, int len)
  130 {
rc4_crypt(ctx, dst, src, len);
  132 }
  133 #endif
  135 static void awi_crc_init(void);
  136 static u_int32_t awi_crc_update(u_int32_t crc, u_int8_t *buf, int len);
  138 static int awi_null_ctxlen(void);
  139 static void awi_null_setkey(void *ctx, u_int8_t *key, int keylen);
  140 static void awi_null_copy(void *ctx, u_int8_t *dst, u_int8_t *src, int len);
  142 /* XXX: the order should be known to wiconfig/user */
  144 static struct awi_wep_algo awi_wep_algo[] = {
  145 /* 0: no wep */
  146         { "no" },       /* dummy for no wep */
  148 #if 0
  149 /* 1: normal wep (arc4) */
  150         { "arc4", arc4_ctxlen, arc4_setkey,
arc4_encrypt, arc4_encrypt },
  152 #endif
  153 /* 2: debug wep (null) */
  154         { "null", awi_null_ctxlen, awi_null_setkey,
awi_null_copy, awi_null_copy },
  156                         /* dummy for wep without encryption */
  157 };
  159 int
awi_wep_setnwkey(sc, nwkey)
  161         struct awi_softc *sc;
  162         struct ieee80211_nwkey *nwkey;
  163 {
  164         int i, len, error;
u_int8_t keybuf[AWI_MAX_KEYLEN];
  167         if (nwkey->i_defkid <= 0 ||
nwkey->i_defkid > IEEE80211_WEP_NKID)
  169                 return EINVAL;
error = 0;
  171         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  172                 if (nwkey->i_key[i].i_keydat == NULL)
  173                         continue;
len = nwkey->i_key[i].i_keylen;
  175                 if (len > sizeof(keybuf)) {
error = EINVAL;
  177                         break;
  178                 }
error = copyin(nwkey->i_key[i].i_keydat, keybuf, len);
  180                 if (error)
  181                         break;
error = awi_wep_setkey(sc, i, keybuf, len);
  183                 if (error)
  184                         break;
  185         }
  186         if (error == 0) {
sc->sc_wep_defkid = nwkey->i_defkid - 1;
error = awi_wep_setalgo(sc, nwkey->i_wepon);
  189                 if (error == 0 && sc->sc_enabled) {
awi_stop(sc);
error = awi_init(sc);
  192                 }
  193         }
  194         return error;
  195 }
  197 int
awi_wep_getnwkey(sc, nwkey)
  199         struct awi_softc *sc;
  200         struct ieee80211_nwkey *nwkey;
  201 {
  202         int i, len, error, suerr;
u_int8_t keybuf[AWI_MAX_KEYLEN];
nwkey->i_wepon = awi_wep_getalgo(sc);
nwkey->i_defkid = sc->sc_wep_defkid + 1;
  207         /* do not show any keys to non-root user */
  208 #ifdef __FreeBSD__
suerr = suser(curproc);
  210 #else
  211 #ifdef __OpenBSD__
suerr = suser(curproc, 0);
  213 #else
suerr = suser(curproc->p_ucred, &curproc->p_acflag);
  215 #endif
  216 #endif
error = 0;
  218         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  219                 if (nwkey->i_key[i].i_keydat == NULL)
  220                         continue;
  221                 if (suerr) {
error = suerr;
  223                         break;
  224                 }
len = sizeof(keybuf);
error = awi_wep_getkey(sc, i, keybuf, &len);
  227                 if (error)
  228                         break;
  229                 if (nwkey->i_key[i].i_keylen < len) {
error = ENOSPC;
  231                         break;
  232                 }
nwkey->i_key[i].i_keylen = len;
error = copyout(keybuf, nwkey->i_key[i].i_keydat, len);
  235                 if (error)
  236                         break;
  237         }
  238         return error;
  239 }
  241 int
awi_wep_getalgo(sc)
  243         struct awi_softc *sc;
  244 {
  246         if (sc->sc_wep_algo == NULL)
  247                 return 0;
  248         return sc->sc_wep_algo - awi_wep_algo;
  249 }
  251 int
awi_wep_setalgo(sc, algo)
  253         struct awi_softc *sc;
  254         int algo;
  255 {
  256         struct awi_wep_algo *awa;
  257         int ctxlen;
awi_crc_init(); /* XXX: not belongs here */
  260         if (algo < 0 || algo >= sizeof(awi_wep_algo)/sizeof(awi_wep_algo[0]))
  261                 return EINVAL;
awa = &awi_wep_algo[algo];
  263         if (awa->awa_name == NULL)
  264                 return EINVAL;
  265         if (awa->awa_ctxlen == NULL) {
awa = NULL;
ctxlen = 0;
  268         } else
ctxlen = awa->awa_ctxlen();
  270         if (sc->sc_wep_ctx != NULL) {
free(sc->sc_wep_ctx, M_DEVBUF);
sc->sc_wep_ctx = NULL;
  273         }
  274         if (ctxlen) {
sc->sc_wep_ctx = malloc(ctxlen, M_DEVBUF, M_NOWAIT);
  276                 if (sc->sc_wep_ctx == NULL)
  277                         return ENOMEM;
  278         }
sc->sc_wep_algo = awa;
  280         return 0;
  281 }
  283 int
awi_wep_setkey(sc, kid, key, keylen)
  285         struct awi_softc *sc;
  286         int kid;
  287         unsigned char *key;
  288         int keylen;
  289 {
  291         if (kid < 0 || kid >= IEEE80211_WEP_NKID)
  292                 return EINVAL;
  293         if (keylen < 0 || keylen + IEEE80211_WEP_IVLEN > AWI_MAX_KEYLEN)
  294                 return EINVAL;
sc->sc_wep_keylen[kid] = keylen;
  296         if (keylen > 0)
memcpy(sc->sc_wep_key[kid] + IEEE80211_WEP_IVLEN, key, keylen);
  298         return 0;
  299 }
  301 int
awi_wep_getkey(sc, kid, key, keylen)
  303         struct awi_softc *sc;
  304         int kid;
  305         unsigned char *key;
  306         int *keylen;
  307 {
  309         if (kid < 0 || kid >= IEEE80211_WEP_NKID)
  310                 return EINVAL;
  311         if (*keylen < sc->sc_wep_keylen[kid])
  312                 return ENOSPC;
  313         *keylen = sc->sc_wep_keylen[kid];
  314         if (*keylen > 0)
memcpy(key, sc->sc_wep_key[kid] + IEEE80211_WEP_IVLEN, *keylen);
  316         return 0;
  317 }
  319 struct mbuf *
awi_wep_encrypt(sc, m0, txflag)
  321         struct awi_softc *sc;
  322         struct mbuf *m0;
  323         int txflag;
  324 {
  325         struct mbuf *m, *n, *n0;
  326         struct ieee80211_frame *wh;
  327         struct awi_wep_algo *awa;
  328         int left, len, moff, noff, keylen, kid;
u_int32_t iv, crc;
u_int8_t *key, *ivp;
  331         void *ctx;
u_int8_t crcbuf[IEEE80211_WEP_CRCLEN];
n0 = NULL;
awa = sc->sc_wep_algo;
  336         if (awa == NULL)
  337                 goto fail;
ctx = sc->sc_wep_ctx;
m = m0;
left = m->m_pkthdr.len;
MGET(n, M_DONTWAIT, m->m_type);
n0 = n;
  343         if (n == NULL)
  344                 goto fail;
M_DUP_PKTHDR(n, m);
len = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN +
IEEE80211_WEP_CRCLEN;
  348         if (txflag) {
n->m_pkthdr.len += len;
  350         } else {
wh = mtod(n, struct ieee80211_frame *);
n->m_pkthdr.len -= len;
left -= len;
  354         }
n->m_len = MHLEN;
  356         if (n->m_pkthdr.len >= MINCLSIZE) {
MCLGET(n, M_DONTWAIT);
  358                 if (n->m_flags & M_EXT)
n->m_len = n->m_ext.ext_size;
  360         }
len = sizeof(struct ieee80211_frame);
memcpy(mtod(n, caddr_t), mtod(m, caddr_t), len);
left -= len;
moff = len;
noff = len;
  366         if (txflag) {
kid = sc->sc_wep_defkid;
wh = mtod(n, struct ieee80211_frame *);
wh->i_fc[1] |= IEEE80211_FC1_WEP;
iv = arc4random();
  371                 /*
  372                  * store IV, byte order is not the matter since it's random.
  373                  * assuming IEEE80211_WEP_IVLEN is 3
  374                  */
ivp = mtod(n, u_int8_t *) + noff;
ivp[0] = (iv >> 16) & 0xff;
ivp[1] = (iv >> 8) & 0xff;
ivp[2] = iv & 0xff;
ivp[3] = kid & 0x03;    /* clear pad and keyid */
noff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
  381         } else {
ivp = mtod(m, u_int8_t *) + moff;
moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
kid = ivp[IEEE80211_WEP_IVLEN] & 0x03;
  385         }
key = sc->sc_wep_key[kid];
keylen = sc->sc_wep_keylen[kid];
  388         /* assuming IEEE80211_WEP_IVLEN is 3 */
key[0] = ivp[0];
key[1] = ivp[1];
key[2] = ivp[2];
awa->awa_setkey(ctx, key, IEEE80211_WEP_IVLEN + keylen);
  394         /* encrypt with calculating CRC */
crc = ~0;
  396         while (left > 0) {
len = m->m_len - moff;
  398                 if (len == 0) {
m = m->m_next;
moff = 0;
  401                         continue;
  402                 }
  403                 if (len > n->m_len - noff) {
len = n->m_len - noff;
  405                         if (len == 0) {
MGET(n->m_next, M_DONTWAIT, n->m_type);
  407                                 if (n->m_next == NULL)
  408                                         goto fail;
n = n->m_next;
n->m_len = MLEN;
  411                                 if (left >= MINCLSIZE) {
MCLGET(n, M_DONTWAIT);
  413                                         if (n->m_flags & M_EXT)
n->m_len = n->m_ext.ext_size;
  415                                 }
noff = 0;
  417                                 continue;
  418                         }
  419                 }
  420                 if (len > left)
len = left;
  422                 if (txflag) {
awa->awa_encrypt(ctx, mtod(n, caddr_t) + noff,
mtod(m, caddr_t) + moff, len);
crc = awi_crc_update(crc, mtod(m, caddr_t) + moff, len);
  426                 } else {
awa->awa_decrypt(ctx, mtod(n, caddr_t) + noff,
mtod(m, caddr_t) + moff, len);
crc = awi_crc_update(crc, mtod(n, caddr_t) + noff, len);
  430                 }
left -= len;
moff += len;
noff += len;
  434         }
crc = ~crc;
  436         if (txflag) {
LE_WRITE_4(crcbuf, crc);
  438                 if (n->m_len >= noff + sizeof(crcbuf))
n->m_len = noff + sizeof(crcbuf);
  440                 else {
n->m_len = noff;
MGET(n->m_next, M_DONTWAIT, n->m_type);
  443                         if (n->m_next == NULL)
  444                                 goto fail;
n = n->m_next;
n->m_len = sizeof(crcbuf);
noff = 0;
  448                 }
awa->awa_encrypt(ctx, mtod(n, caddr_t) + noff, crcbuf,
  450                     sizeof(crcbuf));
  451         } else {
n->m_len = noff;
noff = 0;
  454                 for (; noff < sizeof(crcbuf); noff += len, m = m->m_next) {
  455                         if (m->m_len < moff + len)
len = m->m_len - moff;
  457                         if (len == 0)
  458                                 continue;
awa->awa_decrypt(ctx, crcbuf + noff,
mtod(m, caddr_t) + moff, len);
  461                 }
  462                 if (crc != LE_READ_4(crcbuf))
  463                         goto fail;
  464         }
m_freem(m0);
  466         return n0;
fail:
m_freem(m0);
m_freem(n0);
  471         return NULL;
  472 }
  474 /*
  475  * CRC 32 -- routine from RFC 2083
  476  */
  478 /* Table of CRCs of all 8-bit messages */
  479 static u_int32_t awi_crc_table[256];
  480 static int awi_crc_table_computed = 0;
  482 /* Make the table for a fast CRC. */
  483 static void
awi_crc_init()
  485 {
u_int32_t c;
  487         int n, k;
  489         if (awi_crc_table_computed)
  490                 return;
  491         for (n = 0; n < 256; n++) {
c = (u_int32_t)n;
  493                 for (k = 0; k < 8; k++) {
  494                         if (c & 1)
c = 0xedb88320UL ^ (c >> 1);
  496                         else
c = c >> 1;
  498                 }
awi_crc_table[n] = c;
  500         }
awi_crc_table_computed = 1;
  502 }
  504 /*
  505  * Update a running CRC with the bytes buf[0..len-1]--the CRC
  506  * should be initialized to all 1's, and the transmitted value
  507  * is the 1's complement of the final running CRC
  508  */
  510 static u_int32_t
awi_crc_update(crc, buf, len)
u_int32_t crc;
u_int8_t *buf;
  514         int len;
  515 {
u_int8_t *endbuf;
  518         for (endbuf = buf + len; buf < endbuf; buf++)
crc = awi_crc_table[(crc ^ *buf) & 0xff] ^ (crc >> 8);
  520         return crc;
  521 }
  523 /*
  524  * Null -- do nothing but copy.
  525  */
  527 static int
awi_null_ctxlen()
  529 {
  531         return 0;
  532 }
  534 static void
awi_null_setkey(ctx, key, keylen)
  536         void *ctx;
u_char *key;
  538         int keylen;
  539 {
  540 }
  542 static void
awi_null_copy(ctx, dst, src, len)
  544         void *ctx;
u_char *dst;
u_char *src;
  547         int len;
  548 {
memcpy(dst, src, len);
  551 }