DPP: Terminate PKEX exchange on detection of a mismatching code

Clean up the pending PKEX exchange if Commit-Reveal Request processing
indicates a mismatch in the PKEX code. Previously, the this case was
silently ignored and the session was left in pending state that
prevented new PKEX exchanges from getting initated. Now, a new attempt
is allowed to be initiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 0aabc617ddf30db5ddc5000c4154149e3fdd7c11..f8fbc176b20019c6d347a5694cbf1552f68fc68e 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -1132,6 +1132,11 @@ hostapd_dpp_rx_pkex_commit_reveal_req(struct hostapd_data *hapd, const u8 *src,
        msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
        if (!msg) {
                wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
+               if (hapd->dpp_pkex->failed) {
+                       wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
+                       dpp_pkex_free(hapd->dpp_pkex);
+                       hapd->dpp_pkex = NULL;
+               }
                return;
        }
 

diff --git a/src/common/dpp.c b/src/common/dpp.c
index b08a81bf2bae690a7fddd1d3bc4b90f0fe9b5bfb..478ae53ff5d22389cc08d3d630b97aa83a0a1fff 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -6454,6 +6454,7 @@ struct wpabuf * dpp_pkex_rx_commit_reveal_req(struct dpp_pkex *pkex,
                            2, addr, len, unwrapped) < 0) {
                dpp_pkex_fail(pkex,
                              "AES-SIV decryption failed - possible PKEX code mismatch");
+               pkex->failed = 1;
                goto fail;
        }
        wpa_hexdump(MSG_DEBUG, "DPP: AES-SIV cleartext",

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 9186a158839581e74e2dd136814e51133c3a54e8..87131f5fdca11b96dbebba93a0e9b4a4087a7027 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -1556,6 +1556,11 @@ wpas_dpp_rx_pkex_commit_reveal_req(struct wpa_supplicant *wpa_s, const u8 *src,
        msg = dpp_pkex_rx_commit_reveal_req(pkex, hdr, buf, len);
        if (!msg) {
                wpa_printf(MSG_DEBUG, "DPP: Failed to process the request");
+               if (pkex->failed) {
+                       wpa_printf(MSG_DEBUG, "DPP: Terminate PKEX exchange");
+                       dpp_pkex_free(wpa_s->dpp_pkex);
+                       wpa_s->dpp_pkex = NULL;
+               }
                return;
        }