FILS: Update EAPOL-Key RX rules for FILS (AP)

Key Descriptor Version 0 is used with FILS and Key Info MIC field is set
to 0 with AEAD ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index ede4a5883350f5d5460a9888b8405ada3c320b39..28343d1fdf925de6d0d7cb001a9d093f770a1e74 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -989,6 +989,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
                        if (wpa_use_aes_cmac(sm) &&
                            sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN &&
                            !wpa_key_mgmt_suite_b(sm->wpa_key_mgmt) &&
+                           !wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
                            ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
                                wpa_auth_logger(wpa_auth, sm->addr,
                                                LOGGER_WARNING,
@@ -1243,12 +1244,22 @@ continue_processing:
                return;
        }
 
-       if (!(key_info & WPA_KEY_INFO_MIC)) {
+       if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
+           !(key_info & WPA_KEY_INFO_MIC)) {
                wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
                                "received invalid EAPOL-Key: Key MIC not set");
                return;
        }
 
+#ifdef CONFIG_FILS
+       if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
+           (key_info & WPA_KEY_INFO_MIC)) {
+               wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+                               "received invalid EAPOL-Key: Key MIC set");
+               return;
+       }
+#endif /* CONFIG_FILS */
+
        sm->MICVerified = FALSE;
        if (sm->PTK_valid && !sm->update_snonce) {
                if (wpa_verify_key_mic(sm->wpa_key_mgmt, &sm->PTK, data,