diff options
author | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-02-05 10:56:28 +0100 |
---|---|---|
committer | Karsten Heimrich <karsten.heimrich@qt.io> | 2019-02-07 15:20:06 +0000 |
commit | a4badc560db5dbca2cfa75b35cf7f2f6d97b17ab (patch) | |
tree | cfa14f08cad4818c0987790025b33856f4675074 | |
parent | a7e6f57df21ec4f5ad0a814e19e6bf440a156610 (diff) |
Verify the MAC for secure wrapper frames
Change-Id: I15bd0da7a605631d3b3d64c380d0cb2b955d73a6
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
Reviewed-by: Karsten Heimrich <karsten.heimrich@qt.io>
-rw-r--r-- | src/knx/netip/qknxnetipendpointconnection.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/knx/netip/qknxnetipendpointconnection.cpp b/src/knx/netip/qknxnetipendpointconnection.cpp index 0028a74..9eb6bc4 100644 --- a/src/knx/netip/qknxnetipendpointconnection.cpp +++ b/src/knx/netip/qknxnetipendpointconnection.cpp @@ -301,6 +301,7 @@ QKnxNetIp::ServiceType case QKnxNetIp::ServiceType::TunnelingFeatureResponse: processFeatureFrame(frame); break; + case QKnxNetIp::ServiceType::SecureWrapper: { qDebug() << "Received secure wrapper frame:" << frame; @@ -308,6 +309,14 @@ QKnxNetIp::ServiceType if (!proxy.isValid()) break; + auto mac = QKnxCryptographicEngine::computeMessageAuthenticationCode(m_deviceAuthHash, + frame.header(), proxy.secureSessionId(), m_xorX_Y); + auto decMac = QKnxCryptographicEngine::decryptMessageAuthenticationCode(m_deviceAuthHash, + proxy.messageAuthenticationCode()); + + if (decMac != mac) + break; // MAC could not be verified, bail out + const auto sessionKey = QKnxCryptographicEngine::sessionKey(m_secureConfig .d->privateKey, m_serverPublicKey); |