From patchwork Fri Nov  2 18:02:20 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrey Kartashev <a.s.kartashev@gmail.com>
X-Patchwork-Id: 992485
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="J0HdRWNd";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Px/qRXsF"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 42mqhn4TlHzB4XK
	for <incoming@patchwork.ozlabs.org>;
	Sat,  3 Nov 2018 05:04:25 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=/HFRzGnLimvcZLlcStlT0dAAPfN0nT7zKKsqSkR/Ytc=;
	b=J0HdRWNds6PgkXSiHWeEW5C1jA
	bvf9UV0rGBQ/JYzbdXYgWjye7y5WNPh4G7XZ89ecJAfxsG9SdAuTvV63RGFx0FkzLhuZdF37moVy8
	gE5njnP1rY7Dw4O9q9gxHNp6nXVV8Unf+5WbJItm+9UjDxPw5U1gUjSzhtxoC4CDa//6stYCD8KX/
	bKvXvPx8ChoM2vPQiSx/udXt1dKBLhrQMAL9pWQghlAqnNGT5XzrX5uMv0QCGhuizg+jgf9yCJOsV
	OhM9PI1wBODVypDqpSO6jCLMQj9XQuPd0VFmYPLjzS58e2hrrTzqsAbcHZmeY59SDXJRH8Wn3Bzeu
	8QYj5r4Q==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1gIdnp-0003nY-Iq; Fri, 02 Nov 2018 18:04:13 +0000
Received: from mail-lf1-x144.google.com ([2a00:1450:4864:20::144])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1gIdn1-0002XB-5e
	for hostap@lists.infradead.org; Fri, 02 Nov 2018 18:03:24 +0000
Received: by mail-lf1-x144.google.com with SMTP id m18-v6so1902308lfl.11
	for <hostap@lists.infradead.org>;
	Fri, 02 Nov 2018 11:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ZizTfrBJNekPH2gTAd3YQYTmtpoJ03FouM8zKewuAGE=;
	b=Px/qRXsFAf2+o4qNUuoyDUstWQ6qCs477KRv1stFjEM8Y5JdFjGCOFuIJSH2OpMJah
	9hB5eRoqUIfJh6xMFrkftzwa0WAo3Gs3KFq2/XB6Q0hdIxTXG2CUn3ZolbMtQy8VTp+D
	5BX5r6a7u4ZlVXqtsOEwqskBk3okBXsEsKgs6TpQVpJ3LvC9l4H2akmC5sMn0NxzVSdv
	RR/gf9bRaUrrN/JaAHhLoSqvy8bW0eUNOJV4ru0kXbp2nLojn3BB4FIKZqPtBPOZUnbY
	//ooqC+oQh1yV9fkeE2uWhuL8Qzn0cvFu9AhgExcxjDKPE6ifIe2T/hEEG8wUJQed6v5
	biTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZizTfrBJNekPH2gTAd3YQYTmtpoJ03FouM8zKewuAGE=;
	b=Io5IdYlRXrhMLbQep7wz88ErRasY/r6MPdzCn95hpeGXbgCusCnmoZG/KMyiNKTiKg
	CUwZFFNgTZIJJwURnmGjSmCUIrB46NKwecl1w07c0nfYcEpIBtUn/ZQcQyOa+3bcuhbk
	CN9Qc9Twfiu+xUwhu4qlNjlcpGuQ/loWa+M7oMnmb3jTjxsioKrHrLfo02ae8CL38897
	0AJESwc6bL06IX9j0Fw3f4fRkUiVGWE72n68OSdcic+4szIVk4DL1Pu2j328W79SPq8B
	LLAMKZeptUf96XS1jcsRzcvJYIyXVRvPmaMVG8k/fa3dkZ8+6BZdWUfqmO4rmQPzKAhq
	3B7w==
X-Gm-Message-State: AGRZ1gIx12Pj45BDGlEV4Wwfh09zIQO1nyh4BXmuX72D4KEiRCEZn0IC
	qo3cNvIoeXoAHvkaWEDYyFgxT46I
X-Google-Smtp-Source: 
 AJdET5dn+CVqICl4SWzJO4YkO2RJsalLoSIfgWS8iA0msyol2roQ5RQprl063gLl5pHYWVeLOvn6GQ==
X-Received: by 2002:a19:ae03:: with SMTP id f3mr1662276lfc.86.1541181790661;
	Fri, 02 Nov 2018 11:03:10 -0700 (PDT)
Received: from localhost.localdomain ([194.103.244.100])
	by smtp.gmail.com with ESMTPSA id
	a9sm1002595lfa.19.2018.11.02.11.03.09
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 02 Nov 2018 11:03:09 -0700 (PDT)
From: Andrey Kartashev <a.s.kartashev@gmail.com>
To: hostap@lists.infradead.org
Subject: [PATCH 8/8] mka: Change MI if key invalid
Date: Fri,  2 Nov 2018 19:02:20 +0100
Message-Id: <20181102180220.20948-8-a.s.kartashev@gmail.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181102180220.20948-1-a.s.kartashev@gmail.com>
References: <20181102180220.20948-1-a.s.kartashev@gmail.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20181102_110323_210682_4B749CB3 
X-CRM114-Status: GOOD (  12.69  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no trust [2a00:1450:4864:20:0:0:0:144 listed in]
	[list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (a.s.kartashev[at]gmail.com)
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Andrey Kartashev <andrey.kartashev@afconsult.com>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Andrey Kartashev <andrey.kartashev@afconsult.com>

It is possible to get situation when peer remove Key Server from its
live peers list but server still think that peer is alive (e.g. hight
packets loose in one direction). In such case Key Server will continue
to advertise Last Key but this peer will not be able to setup SA as it
is already delete its key.
This patch change the peer MI which will force Key Server to distribute
new SAK.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
---
 src/pae/ieee802_1x_kay.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index eac908415..daac099ed 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1356,6 +1356,7 @@ ieee802_1x_mka_decode_sak_use_body(
 		}
 		if (!found) {
 			wpa_printf(MSG_WARNING, "KaY: Latest key is invalid");
+			reset_participant_mi(participant);
 			return -1;
 		}
 		if (os_memcmp(participant->lki.mi, body->lsrv_mi,