diff options
author | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-03-15 14:33:28 +0100 |
---|---|---|
committer | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-03-28 08:47:44 +0000 |
commit | 6e42fdfbd03754a80c432c3e234489e7e3a2e4b1 (patch) | |
tree | 684087404abff225c588047c76ab914889f905bc | |
parent | 2914fea53080aa38c678edaef9edf3c9cf6b525c (diff) |
Fix computing the MAC for secure wrapper frames
Change-Id: I56638f36274e7a172bb985ce5b19e330f0ffa2cf
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
Reviewed-by: Karsten Heimrich <karsten.heimrich@qt.io>
-rw-r--r-- | src/knx/netip/qknxnetipendpointconnection.cpp | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/knx/netip/qknxnetipendpointconnection.cpp b/src/knx/netip/qknxnetipendpointconnection.cpp index e4c7c00..0317d8c 100644 --- a/src/knx/netip/qknxnetipendpointconnection.cpp +++ b/src/knx/netip/qknxnetipendpointconnection.cpp @@ -313,21 +313,22 @@ QKnxNetIp::ServiceType if (!proxy.isValid()) break; - auto mac = QKnxCryptographicEngine::computeMessageAuthenticationCode(m_deviceAuthHash, - frame.header(), proxy.secureSessionId(), m_xorX_Y); - auto decMac = QKnxCryptographicEngine::decryptMessageAuthenticationCode(m_deviceAuthHash, - proxy.messageAuthenticationCode()); + const auto seqNumber = proxy.sequenceNumber(); + const auto serialNumber = proxy.serialNumber(); + const auto messageTag = proxy.messageTag(); + const auto sessionKey = QKnxCryptographicEngine::sessionKey(m_secureConfig.d->privateKey, + m_serverPublicKey); + const auto decData = QKnxCryptographicEngine::decryptSecureWrapperPayload(sessionKey, + proxy.encapsulatedFrame(), seqNumber, serialNumber, messageTag); + + const auto mac = QKnxCryptographicEngine::computeMessageAuthenticationCode(sessionKey, + frame.header(), proxy.secureSessionId(), decData, seqNumber, serialNumber, messageTag); + const auto decMac = QKnxCryptographicEngine::decryptMessageAuthenticationCode(sessionKey, + proxy.messageAuthenticationCode(), seqNumber, serialNumber, messageTag); if (decMac != mac) break; // MAC could not be verified, bail out - const auto sessionKey = QKnxCryptographicEngine::sessionKey(m_secureConfig - .d->privateKey, m_serverPublicKey); - - auto decData = QKnxCryptographicEngine::decryptSecureWrapperPayload(sessionKey, - proxy.encapsulatedFrame(), proxy.sequenceNumber(), proxy.serialNumber(), - proxy.messageTag()); - return processReceivedFrame(QKnxNetIpFrame::fromBytes(decData)); } break; |