From a8aeaf41df95ac6f979eb9014d0e2d17c46c671e Mon Sep 17 00:00:00 2001
From: Andrey Kartashev <andrey.kartashev@afconsult.com>
Date: Fri, 2 Nov 2018 19:02:20 +0100
Subject: [PATCH] mka: Change MI if key invalid

It is possible to get a situation where a peer removes the Key Server
from its live peers list but the server still thinks that the peer is
alive (e.g., high packet loss in one direction). In such a case, the Key
Server will continue to advertise Last Key but this peer will not be
able to set up SA as it has already deleted its key.

Change the peer MI which will force the Key Server to distribute a new
SAK.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
---
 src/pae/ieee802_1x_kay.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 8862a0a73..3b4c79b0f 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1385,6 +1385,7 @@ ieee802_1x_mka_decode_sak_use_body(
 		}
 		if (!found) {
 			wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
+			reset_participant_mi(participant);
 			return -1;
 		}
 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,
-- 
2.47.2