FILS: Fix EAPOL-Key request generation

The Encrypted Key Data field need to be set to 1 whenever using an AEAD
cipher. Without this, the Authenticator would discard the EAPOL-Key
request frame when using FILS.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 6797d65d639afc42f9f7f8323560123ec534be9a..1d20b5e2bf451c34c3968fdcebf29add0a5e8f2a 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -232,6 +232,12 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
                return;
        }
 
+       if (!sm->ptk_set) {
+               wpa_printf(MSG_INFO,
+                          "WPA: No PTK derived yet - cannot send EAPOL-Key Request");
+               return;
+       }
+
        if (wpa_use_akm_defined(sm->key_mgmt))
                ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
        else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
@@ -253,10 +259,11 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
                       sm->proto == WPA_PROTO_OSEN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info = WPA_KEY_INFO_REQUEST | ver;
-       if (sm->ptk_set)
-               key_info |= WPA_KEY_INFO_SECURE;
-       if (sm->ptk_set && mic_len)
+       key_info |= WPA_KEY_INFO_SECURE;
+       if (mic_len)
                key_info |= WPA_KEY_INFO_MIC;
+       else
+               key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
        if (error)
                key_info |= WPA_KEY_INFO_ERROR;
        if (pairwise)