Two recent changes to MKA create a situation where a new MI is generated
every time a SAK Use parameter set is decoded. The first change moved
invalid key detection from ieee802_1x_decode_basic_body() to
ieee802_1x_kay_decode_mpkdu():
commit
db9ca18bbff1 ("mka: Do not ignore MKPDU parameter set decoding failures")
The second change forces the KaY to generate a new MI when an invalid
key is detected:
commit
a8aeaf41df95 ("mka: Change MI if key invalid")
The fix is to move generation of a new MI from the old invalid key
detection location to the new location.
Fixes: a8aeaf41df95 ("mka: Change MI if key invalid")
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
}
if (!found) {
wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
- if (!reset_participant_mi(participant))
- wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
- else
- wpa_printf(MSG_DEBUG,
- "KaY: Selected a new random MI: %s",
- mi_txt(participant->mi));
return -1;
}
if (os_memcmp(participant->lki.mi, body->lsrv_mi,
wpa_printf(MSG_INFO,
"KaY: Discarding Rx MKPDU: decode of parameter set type (%d) failed",
MKA_SAK_USE);
+ if (!reset_participant_mi(participant))
+ wpa_printf(MSG_DEBUG, "KaY: Could not update mi");
+ else
+ wpa_printf(MSG_DEBUG,
+ "KaY: Selected a new random MI: %s",
+ mi_txt(participant->mi));
return -1;
}
projects / thirdparty / hostap.git / commitdiff
