From: Andrey Kartashev <andrey.kartashev@afconsult.com>
Date: Fri, 2 Nov 2018 18:02:20 +0000 (+0100)
Subject: mka: Change MI if key invalid
X-Git-Tag: hostap_2_8~691
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8aeaf41df95;p=thirdparty%2Fhostap.git

mka: Change MI if key invalid

It is possible to get a situation where a peer removes the Key Server
from its live peers list but the server still thinks that the peer is
alive (e.g., high packet loss in one direction). In such a case, the Key
Server will continue to advertise Last Key but this peer will not be
able to set up SA as it has already deleted its key.

Change the peer MI which will force the Key Server to distribute a new
SAK.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
---

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 8862a0a73..3b4c79b0f 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1385,6 +1385,7 @@ ieee802_1x_mka_decode_sak_use_body(
 		}
 		if (!found) {
 			wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
+			reset_participant_mi(participant);
 			return -1;
 		}
 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,