diff options
author | Brian Gix <brian.gix@intel.com> | 2020-01-30 10:59:22 -0800 |
---|---|---|
committer | Brian Gix <brian.gix@intel.com> | 2020-01-30 11:03:47 -0800 |
commit | 17e97efc3fc48116509e97670288af5827b81747 (patch) | |
tree | 608b8fd90694539fdfd46e73968ca5e1c11cbfa5 /mesh/model.c | |
parent | 162bda48991d60c7b5890dc3be159d09563ce5ab (diff) | |
download | bluez-17e97efc3fc48116509e97670288af5827b81747.tar.gz |
mesh: Apply Replay Protection to all incoming packets
Replay Protection was only being applied against Application Keys,
but messages with Device Keys are just as vulnerable, and need to be
checked as well.
Diffstat (limited to 'mesh/model.c')
-rw-r--r-- | mesh/model.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/mesh/model.c b/mesh/model.c index 0018c7cff..92a00496c 100644 --- a/mesh/model.c +++ b/mesh/model.c @@ -608,7 +608,7 @@ static bool msg_send(struct mesh_node *node, bool credential, uint16_t src, iv_index = mesh_net_get_iv_index(net); - seq_num = mesh_net_get_seq_num(net); + seq_num = mesh_net_next_seq_num(net); if (!mesh_crypto_payload_encrypt(label, msg, out, msg_len, src, dst, key_aid, seq_num, iv_index, szmic, key)) { l_error("Failed to Encrypt Payload"); @@ -949,7 +949,7 @@ bool mesh_model_rx(struct mesh_node *node, bool szmict, uint32_t seq0, struct mesh_net *net = node_get_net(node); uint8_t num_ele; int decrypt_idx, i, ele_idx; - uint16_t addr; + uint16_t addr, crpl; struct mesh_virtual *decrypt_virt = NULL; bool result = false; bool is_subscription; @@ -997,14 +997,12 @@ bool mesh_model_rx(struct mesh_node *node, bool szmict, uint32_t seq0, /* print_packet("Clr Rx (pre-cache-check)", clear_text, size - 4); */ - if (key_aid != APP_AID_DEV) { - uint16_t crpl = node_get_crpl(node); + crpl = node_get_crpl(node); - if (net_msg_in_replay_cache(net, (uint16_t) decrypt_idx, src, - crpl, seq, iv_index)) { - result = true; - goto done; - } + if (net_msg_in_replay_cache(net, (uint16_t) decrypt_idx, src, + crpl, seq, iv_index)) { + result = true; + goto done; } print_packet("Clr Rx", clear_text, size - (szmict ? 8 : 4)); |