mka: Change MI if key invalid

It is possible to get a situation where a peer removes the Key Server from its live peers list but the server still thinks that the peer is alive (e.g., high packet loss in one direction). In such a case, the Key Server will continue to advertise Last Key but this peer will not be able to set up SA as it has already deleted its key. Change the peer MI which will force the Key Server to distribute a new SAK. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
6 years ago · a8aeaf41df
parent c20cc5833e
commit a8aeaf41df
1 changed files with 1 additions and 0 deletions
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@ -1385,6 +1385,7 @@ ieee802_1x_mka_decode_sak_use_body(
 		}
 		if (!found) {
 			wpa_printf(MSG_INFO, "KaY: Latest key is invalid");
+			reset_participant_mi(participant);
 			return -1;
 		}
 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,