FILS: Update EAPOL-Key RX rules for FILS (AP)

Key Descriptor Version 0 is used with FILS and Key Info MIC field is set to 0 with AEAD ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-03 00:48:47 +03:00 · 2015-09-03 00:48:47 +03:00 · b986648389
commit b986648389
parent 352caf006a
1 changed files with 12 additions and 1 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -989,6 +989,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 			if (wpa_use_aes_cmac(sm) &&
 			    sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
 			    !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
+			    !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
 			    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
 				wpa_auth_logger(wpa_auth, sm->addr,
 						LOGGER_WARNING,
@ -1243,12 +1244,22 @@ continue_processing:
 		return;
 	}

-	if (!(key_info & WPA_KEY_INFO_MIC)) {
+	if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
+	    !(key_info & WPA_KEY_INFO_MIC)) {
 		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
 				"received invalid EAPOL-Key: Key MIC not set");
 		return;
 	}

+#ifdef CONFIG_FILS
+	if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
+	    (key_info & WPA_KEY_INFO_MIC)) {
+		wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+				"received invalid EAPOL-Key: Key MIC set");
+		return;
+	}
+#endif /* CONFIG_FILS */
+
 	sm->MICVerified = FALSE;
 	if (sm->PTK_valid && !sm->update_snonce) {
 		if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,