Verify the MAC for secure wrapper frames

Change-Id: I15bd0da7a605631d3b3d64c380d0cb2b955d73a6
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>
Reviewed-by: Karsten Heimrich <karsten.heimrich@qt.io>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/knx/netip/qknxnetipendpointconnection.cpp b/src/knx/netip/qknxnetipendpointconnection.cpp
index 0028a74..9eb6bc4 100644
--- a/src/knx/netip/qknxnetipendpointconnection.cpp
+++ b/src/knx/netip/qknxnetipendpointconnection.cpp
@@ -301,6 +301,7 @@ QKnxNetIp::ServiceType
     case QKnxNetIp::ServiceType::TunnelingFeatureResponse:
         processFeatureFrame(frame);
         break;
+
     case QKnxNetIp::ServiceType::SecureWrapper: {
         qDebug() << "Received secure wrapper frame:" << frame;
 
@@ -308,6 +309,14 @@ QKnxNetIp::ServiceType
         if (!proxy.isValid())
             break;
 
+        auto mac = QKnxCryptographicEngine::computeMessageAuthenticationCode(m_deviceAuthHash,
+            frame.header(), proxy.secureSessionId(), m_xorX_Y);
+        auto decMac = QKnxCryptographicEngine::decryptMessageAuthenticationCode(m_deviceAuthHash,
+            proxy.messageAuthenticationCode());
+
+        if (decMac != mac)
+            break; // MAC could not be verified, bail out
+
         const auto sessionKey = QKnxCryptographicEngine::sessionKey(m_secureConfig
             .d->privateKey, m_serverPublicKey);