[PATCH] MFP: Clear IGTK

[Kel Modderman]

On Thursday 08 October 2009 14:14:16 Masashi Honma wrote:
> Hello.
> 
> The fourth and fifth keys are used as IGTK for management frame
> protection. This patch clears theses keys.
> 
> 
> diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
> index 37a1927..896f989 100644
> --- a/wpa_supplicant/wpa_supplicant.c
> +++ b/wpa_supplicant/wpa_supplicant.c
> @@ -457,6 +457,10 @@ void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
>  	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
>  	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
>  	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
> +#ifdef CONFIG_IEEE80211W
> +	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
> +	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
> +#endif /* CONFIG_IEEE80211W */
>  	if (addr) {
>  		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
>  				0);
> 
> 
> I have tested with linux kernel 2.6.31.2.

Some people are encountering this (ipw2200, Linux 2.6.33-rc7 in my case):
---
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=4 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Invalid argument
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=5 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Invalid argument
Driver did not support SIOCSIWENCODEEXT
---

This has caused a small amount of concern and questions about why these
new messages appear in wpa_supplicant 0.6.10 and not in 0.6.9. Is this
something not all drivers support?

Thanks, Kel.