DPP: Terminate PKEX exchange on detection of a mismatching code
Clean up the pending PKEX exchange if Commit-Reveal Request processing indicates a mismatch in the PKEX code. Previously, the this case was silently ignored and the session was left in pending state that prevented new PKEX exchanges from getting initated. Now, a new attempt is allowed to be initiated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
fc0efa2a1e
commit
039b8e7369
3 changed files with 11 additions and 0 deletions
|
@ -1132,6 +1132,11 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
|
||||||
msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
|
msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
|
||||||
if (!msg) {
|
if (!msg) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
|
wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
|
||||||
|
if (hapd->dpp_pkex->failed) {
|
||||||
|
wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
|
||||||
|
dpp_pkex_free(hapd->dpp_pkex);
|
||||||
|
hapd->dpp_pkex = NULL;
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6454,6 +6454,7 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
|
||||||
2, addr, len, unwrapped) < 0) {
|
2, addr, len, unwrapped) < 0) {
|
||||||
dpp_pkex_fail(pkex,
|
dpp_pkex_fail(pkex,
|
||||||
"AES-SIV decryption failed - possible PKEX code mismatch");
|
"AES-SIV decryption failed - possible PKEX code mismatch");
|
||||||
|
pkex->failed = 1;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
|
wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",
|
||||||
|
|
|
@ -1556,6 +1556,11 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
|
||||||
msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
|
msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
|
||||||
if (!msg) {
|
if (!msg) {
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
|
wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
|
||||||
|
if (pkex->failed) {
|
||||||
|
wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
|
||||||
|
dpp_pkex_free(wpa_s->dpp_pkex);
|
||||||
|
wpa_s->dpp_pkex = NULL;
|
||||||
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue