mesh: Indicate OPN_RJCT event if AES-SIV decrypt fails

REVmc/D6.0 14.5.5.2.2 (Processing Mesh Peering Open frames for AMPE)
mandates the OPN_RJCT event to be invoked if AES-SIV decryption for
received Mesh Peering Open frame fails. This allows a Mesh Peering Close
frame to be sent in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2016-06-28 22:45:41 +03:00
parent e8afaad7fd
commit 1f2f3f1c4a
2 changed files with 18 additions and 8 deletions

View file

@ -1144,14 +1144,24 @@ void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
if (!sta->my_lid) if (!sta->my_lid)
mesh_mpm_init_link(wpa_s, sta); mesh_mpm_init_link(wpa_s, sta);
if ((mconf->security & MESH_CONF_SEC_AMPE) && if (mconf->security & MESH_CONF_SEC_AMPE) {
mesh_rsn_process_ampe(wpa_s, sta, &elems, int res;
res = mesh_rsn_process_ampe(wpa_s, sta, &elems,
&mgmt->u.action.category, &mgmt->u.action.category,
peer_mgmt_ie.chosen_pmk, peer_mgmt_ie.chosen_pmk,
ies, ie_len)) { ies, ie_len);
wpa_printf(MSG_DEBUG, "MPM: RSN process rejected frame"); if (res) {
wpa_printf(MSG_DEBUG,
"MPM: RSN process rejected frame (res=%d)",
res);
if (action_field == PLINK_OPEN && res == -2) {
/* AES-SIV decryption failed */
mesh_mpm_fsm(wpa_s, sta, OPN_RJCT);
}
return; return;
} }
}
if (sta->plink_state == PLINK_BLOCKED) { if (sta->plink_state == PLINK_BLOCKED) {
wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED"); wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED");

View file

@ -653,7 +653,7 @@ int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
if (aes_siv_decrypt(sta->aek, crypt, crypt_len, 3, if (aes_siv_decrypt(sta->aek, crypt, crypt_len, 3,
aad, aad_len, ampe_buf)) { aad, aad_len, ampe_buf)) {
wpa_printf(MSG_ERROR, "Mesh RSN: frame verification failed!"); wpa_printf(MSG_ERROR, "Mesh RSN: frame verification failed!");
ret = -1; ret = -2;
goto free; goto free;
} }