From 824cb5a530a8fc07666f940f104353458f257612 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 16 Apr 2019 12:06:28 +0300
Subject: [PATCH] RSN: Ignore IGTK configuration errors with swapped KeyID
 values

There are number of deployed APs with broken PMF implementation where
the IGTK KDE uses swapped bytes in the KeyID field (0x0400 and 0x0500
instead of 4 and 5). Such APs cannot be trusted to implement BIP
correctly or provide a valid IGTK, so do not try to configure this key
with swapped KeyID bytes. Instead, continue without configuring the IGTK
so that the driver can drop any received group-addressed robust
management frames due to missing keys.

Normally, this error behavior would result in us disconnecting, but
there are number of deployed APs with this broken behavior, so as an
interoperability workaround, allow the connection to proceed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/rsn_supp/wpa.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index eabe88bc0..899a43089 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1058,9 +1058,27 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
 			   broadcast_ether_addr,
 			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
 			   igtk->igtk, len) < 0) {
-		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-			"WPA: Failed to configure IGTK to the driver");
-		return -1;
+		if (keyidx == 0x0400 || keyidx == 0x0500) {
+			/* Assume the AP has broken PMF implementation since it
+			 * seems to have swapped the KeyID bytes. The AP cannot
+			 * be trusted to implement BIP correctly or provide a
+			 * valid IGTK, so do not try to configure this key with
+			 * swapped KeyID bytes. Instead, continue without
+			 * configuring the IGTK so that the driver can drop any
+			 * received group-addressed robust management frames due
+			 * to missing keys.
+			 *
+			 * Normally, this error behavior would result in us
+			 * disconnecting, but there are number of deployed APs
+			 * with this broken behavior, so as an interoperability
+			 * workaround, allow the connection to proceed. */
+			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+				"WPA: Ignore IGTK configuration error due to invalid IGTK KeyID byte order");
+		} else {
+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+				"WPA: Failed to configure IGTK to the driver");
+			return -1;
+		}
 	}
 
 	if (wnm_sleep) {
-- 
2.39.2