diff --git a/src/eapol.c b/src/eapol.c
index 0a8e1816..0876449d 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -29,3 +29,35 @@
 
 #include "eapol.h"
 
+bool eapol_verify(const uint8_t *data, size_t len)
+{
+	struct eapol_key *ek;
+	uint16_t key_data_len;
+
+	if (len < sizeof(struct eapol_key))
+		return false;
+
+	ek = (struct eapol_key *) data;
+
+	if (ek->protocol_version != EAPOL_PROTOCOL_VERSION_2001 &&
+			ek->protocol_version != EAPOL_PROTOCOL_VERSION_2004)
+		return false;
+
+	if (ek->packet_type != 3)
+		return false;
+
+	switch (ek->descriptor_type) {
+	case EAPOL_DESCRIPTOR_TYPE_RC4:
+	case EAPOL_DESCRIPTOR_TYPE_80211:
+	case EAPOL_DESCRIPTOR_TYPE_WPA:
+		break;
+	default:
+		return false;
+	}
+
+	key_data_len = L_BE16_TO_CPU(ek->key_data_len);
+	if (len < sizeof(struct eapol_key) + key_data_len)
+		return false;
+
+	return true;
+}
diff --git a/src/eapol.h b/src/eapol.h
index 8e7c5a7f..7b965a26 100644
--- a/src/eapol.h
+++ b/src/eapol.h
@@ -92,3 +92,5 @@ struct eapol_key {
 	__be16 key_data_len;
 	uint8_t key_data[0];
 } __attribute__ ((packed));
+
+bool eapol_verify(const uint8_t *data, size_t len);