RSN: Ignore IGTK configuration errors with swapped KeyID values
There are number of deployed APs with broken PMF implementation where the IGTK KDE uses swapped bytes in the KeyID field (0x0400 and 0x0500 instead of 4 and 5). Such APs cannot be trusted to implement BIP correctly or provide a valid IGTK, so do not try to configure this key with swapped KeyID bytes. Instead, continue without configuring the IGTK so that the driver can drop any received group-addressed robust management frames due to missing keys. Normally, this error behavior would result in us disconnecting, but there are number of deployed APs with this broken behavior, so as an interoperability workaround, allow the connection to proceed. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
dfdabd917a
commit
824cb5a530
1 changed files with 21 additions and 3 deletions
|
@ -1058,10 +1058,28 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
|||
broadcast_ether_addr,
|
||||
keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
igtk->igtk, len) < 0) {
|
||||
if (keyidx == 0x0400 || keyidx == 0x0500) {
|
||||
/* Assume the AP has broken PMF implementation since it
|
||||
* seems to have swapped the KeyID bytes. The AP cannot
|
||||
* be trusted to implement BIP correctly or provide a
|
||||
* valid IGTK, so do not try to configure this key with
|
||||
* swapped KeyID bytes. Instead, continue without
|
||||
* configuring the IGTK so that the driver can drop any
|
||||
* received group-addressed robust management frames due
|
||||
* to missing keys.
|
||||
*
|
||||
* Normally, this error behavior would result in us
|
||||
* disconnecting, but there are number of deployed APs
|
||||
* with this broken behavior, so as an interoperability
|
||||
* workaround, allow the connection to proceed. */
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
||||
"WPA: Ignore IGTK configuration error due to invalid IGTK KeyID byte order");
|
||||
} else {
|
||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
"WPA: Failed to configure IGTK to the driver");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (wnm_sleep) {
|
||||
sm->igtk_wnm_sleep.igtk_len = len;
|
||||
|
|
Loading…
Reference in a new issue