FT: Disable PMKSA cache for FT-IEEE8021X

wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 01a46dc..7c0ac87 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -198,7 +198,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
                        wpa_hexdump_key(MSG_DEBUG, "WPA: PMK from EAPOL state "
                                        "machines", sm->pmk, pmk_len);
                        sm->pmk_len = pmk_len;
-                       if (sm->proto == WPA_PROTO_RSN) {
+                       if (sm->proto == WPA_PROTO_RSN &&
+                           !wpa_key_mgmt_ft(sm->key_mgmt)) {
                                pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len,
                                                src_addr, sm->own_addr,
                                                sm->network_ctx, sm->key_mgmt);
@@ -227,7 +228,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
                }
        }
 
-       if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
+       if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) &&
+           !wpa_key_mgmt_ft(sm->key_mgmt)) {
                /* Send EAPOL-Start to trigger full EAP authentication. */
                u8 *buf;
                size_t buflen;