From: Jouni Malinen <j@w1.fi>
Date: Sun, 28 Jan 2024 16:56:47 +0000 (+0200)
Subject: FILS: Fix EAPOL-Key request generation
X-Git-Tag: hostap_2_11~400
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f60fcdd886b7b9c0f4aebfe2425fa2f1d10ff18;p=thirdparty%2Fhostap.git

FILS: Fix EAPOL-Key request generation

The Encrypted Key Data field need to be set to 1 whenever using an AEAD
cipher. Without this, the Authenticator would discard the EAPOL-Key
request frame when using FILS.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 6797d65d6..1d20b5e2b 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -232,6 +232,12 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
 		return;
 	}
 
+	if (!sm->ptk_set) {
+		wpa_printf(MSG_INFO,
+			   "WPA: No PTK derived yet - cannot send EAPOL-Key Request");
+		return;
+	}
+
 	if (wpa_use_akm_defined(sm->key_mgmt))
 		ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
 	else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
@@ -253,10 +259,11 @@ void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise)
 		       sm->proto == WPA_PROTO_OSEN) ?
 		EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
 	key_info = WPA_KEY_INFO_REQUEST | ver;
-	if (sm->ptk_set)
-		key_info |= WPA_KEY_INFO_SECURE;
-	if (sm->ptk_set && mic_len)
+	key_info |= WPA_KEY_INFO_SECURE;
+	if (mic_len)
 		key_info |= WPA_KEY_INFO_MIC;
+	else
+		key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
 	if (error)
 		key_info |= WPA_KEY_INFO_ERROR;
 	if (pairwise)