FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)

This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used. This needs to move the EAPOL-Key msg
2/4 RSN element processing to happen only after the PTK has been derived
and validated. That is done for all AKMs to avoid extra complexity with
having to maintain two code paths for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index da92639..1cc78d7 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -262,6 +262,7 @@ ifdef CONFIG_FILS
 L_CFLAGS += -DCONFIG_FILS
 NEED_CRC32=y
 NEED_SHA384=y
+NEED_AES_SIV=y
 endif
 
 ifdef CONFIG_WNM
@@ -743,6 +744,9 @@ ifneq ($(CONFIG_TLS), openssl)
 AESOBJS += src/crypto/aes-cbc.c
 endif
 endif
+ifdef NEED_AES_SIV
+AESOBJS += src/crypto/aes-siv.c
+endif
 ifdef NEED_AES_DEC
 ifdef CONFIG_INTERNAL_AES
 AESOBJS += src/crypto/aes-internal-dec.c
diff --git a/hostapd/Makefile b/hostapd/Makefile
index 61daf0d..044c8c0 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -309,6 +309,7 @@ ifdef CONFIG_FILS
 CFLAGS += -DCONFIG_FILS
 NEED_CRC32=y
 NEED_SHA384=y
+NEED_AES_SIV=y
 endif
 
 ifdef CONFIG_WNM
@@ -783,6 +784,9 @@ ifneq ($(CONFIG_TLS), openssl)
 AESOBJS += ../src/crypto/aes-cbc.o
 endif
 endif
+ifdef NEED_AES_SIV
+AESOBJS += ../src/crypto/aes-siv.o
+endif
 ifdef NEED_AES_DEC
 ifdef CONFIG_INTERNAL_AES
 AESOBJS += ../src/crypto/aes-internal-dec.o