2018-02-23 17:43:29 +00:00
|
|
|
/* dot11decrypt_wep.c
|
2007-01-12 00:54:13 +00:00
|
|
|
*
|
|
|
|
* Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
|
|
|
|
* Copyright (c) 2006 CACE Technologies, Davis (California)
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
2018-03-08 10:18:49 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2007-01-12 00:54:13 +00:00
|
|
|
*/
|
|
|
|
|
2012-09-20 01:29:52 +00:00
|
|
|
#include "config.h"
|
2011-02-17 23:11:49 +00:00
|
|
|
|
2007-01-08 21:19:46 +00:00
|
|
|
/************************************************************************/
|
|
|
|
/* File includes */
|
|
|
|
|
2011-09-13 18:36:46 +00:00
|
|
|
#include <glib.h>
|
2011-09-12 08:23:15 +00:00
|
|
|
#include "crc32.h"
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-08 21:19:46 +00:00
|
|
|
/************************************************************************/
|
2011-09-12 08:23:15 +00:00
|
|
|
/* Note: copied from net80211/ieee80211_airpdcap_tkip.c */
|
|
|
|
#define S_SWAP(a,b) { guint8 t = S[a]; S[a] = S[b]; S[b] = t; }
|
2006-12-05 21:06:09 +00:00
|
|
|
|
2007-01-08 21:19:46 +00:00
|
|
|
/* Note: copied from FreeBSD source code, RELENG 6, */
|
|
|
|
/* sys/net80211/ieee80211_crypto_wep.c, 391 */
|
2018-02-23 17:43:29 +00:00
|
|
|
int Dot11DecryptWepDecrypt(
|
2011-09-12 08:23:15 +00:00
|
|
|
const guchar *seed,
|
2006-12-27 23:05:55 +00:00
|
|
|
const size_t seed_len,
|
2011-09-12 08:23:15 +00:00
|
|
|
guchar *cypher_text,
|
2006-12-27 23:05:55 +00:00
|
|
|
const size_t data_len)
|
2006-12-05 21:06:09 +00:00
|
|
|
{
|
2011-09-12 08:23:15 +00:00
|
|
|
guint32 i, j, k, crc;
|
|
|
|
guint8 S[256];
|
|
|
|
guint8 icv[4];
|
2006-12-05 21:06:09 +00:00
|
|
|
size_t buflen;
|
|
|
|
|
2007-05-20 22:40:35 +00:00
|
|
|
/* Generate key stream (RC4 Pseudo-Random Number Generator) */
|
2006-12-05 21:06:09 +00:00
|
|
|
for (i = 0; i < 256; i++)
|
2011-09-12 08:23:15 +00:00
|
|
|
S[i] = (guint8)i;
|
2006-12-05 21:06:09 +00:00
|
|
|
for (j = i = 0; i < 256; i++) {
|
|
|
|
j = (j + S[i] + seed[i % seed_len]) & 0xff;
|
|
|
|
S_SWAP(i, j);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Apply RC4 to data and compute CRC32 over decrypted data */
|
2011-09-12 08:23:15 +00:00
|
|
|
crc = ~(guint32)0;
|
2006-12-05 21:06:09 +00:00
|
|
|
buflen = data_len;
|
|
|
|
|
|
|
|
for (i = j = k = 0; k < buflen; k++) {
|
|
|
|
i = (i + 1) & 0xff;
|
|
|
|
j = (j + S[i]) & 0xff;
|
|
|
|
S_SWAP(i, j);
|
|
|
|
*cypher_text ^= S[(S[i] + S[j]) & 0xff];
|
2011-10-03 04:53:17 +00:00
|
|
|
crc = crc32_ccitt_table_lookup((crc ^ *cypher_text) & 0xff) ^ (crc >> 8);
|
2006-12-05 21:06:09 +00:00
|
|
|
cypher_text++;
|
|
|
|
}
|
|
|
|
|
|
|
|
crc = ~crc;
|
|
|
|
|
|
|
|
/* Encrypt little-endian CRC32 and verify that it matches with the received ICV */
|
2011-09-12 08:23:15 +00:00
|
|
|
icv[0] = (guint8)crc;
|
|
|
|
icv[1] = (guint8)(crc >> 8);
|
|
|
|
icv[2] = (guint8)(crc >> 16);
|
|
|
|
icv[3] = (guint8)(crc >> 24);
|
2006-12-05 21:06:09 +00:00
|
|
|
for (k = 0; k < 4; k++) {
|
|
|
|
i = (i + 1) & 0xff;
|
|
|
|
j = (j + S[i]) & 0xff;
|
|
|
|
S_SWAP(i, j);
|
|
|
|
if ((icv[k] ^ S[(S[i] + S[j]) & 0xff]) != *cypher_text++) {
|
|
|
|
/* ICV mismatch - drop frame */
|
2018-02-23 17:43:29 +00:00
|
|
|
return 1/*DOT11DECRYPT_RET_UNSUCCESS*/;
|
2006-12-05 21:06:09 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-02-23 17:43:29 +00:00
|
|
|
return 0/*DOT11DECRYPT_RET_SUCCESS*/;
|
2006-12-27 23:05:55 +00:00
|
|
|
}
|
2014-10-14 15:12:16 +00:00
|
|
|
|
|
|
|
/*
|
2019-07-26 18:43:17 +00:00
|
|
|
* Editor modelines - https://www.wireshark.org/tools/modelines.html
|
2014-10-14 15:12:16 +00:00
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|