mka: Change MI if key invalid

It is possible to get a situation where a peer removes the Key Server
from its live peers list but the server still thinks that the peer is
alive (e.g., high packet loss in one direction). In such a case, the Key
Server will continue to advertise Last Key but this peer will not be
able to set up SA as it has already deleted its key.

Change the peer MI which will force the Key Server to distribute a new
SAK.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 8862a0a736ed6bca92302fe5b88fcc9b11d3fcc4..3b4c79b0f206144fae8d6bc3b84fe0740df6d595 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1385,6 +1385,7 @@ ieee802_1x_mka_decode_sak_use_body(
                }
                if (!found) {
                        wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
+                       reset_participant_mi(participant);
                        return -1;
                }
                if (os_memcmp(participant->lki.mi, body->lsrv_mi,