1829 |
|
|
1830 |
|
if (sm->proto == WPA_PROTO_RSN && |
1831 |
|
(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { |
1832 |
+ |
/* |
1833 |
+ |
* Only decrypt the Key Data field if the frame's authenticity |
1834 |
+ |
* was verified. When using AES-SIV (FILS), the MIC flag is not |
1835 |
+ |
* set, so this check should only be performed if mic_len != 0 |
1836 |
+ |
* which is the case in this code branch. |
1837 |
+ |
*/ |
1838 |
+ |
if (!(key_info & WPA_KEY_INFO_MIC)) { |
1839 |
+ |
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
1840 |
+ |
"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); |
1841 |
+ |
goto out; |
1842 |
+ |
} |
1843 |
|
if (wpa_supplicant_decrypt_key_data(sm, key, ver)) |
1844 |
|
goto out; |
1845 |
|
extra_len = WPA_GET_BE16(key->key_data_length); |