SAE: Fix PMKSA cache entry search for FT-SAE case

Previously, PMKSA cache entries were search for AKM=SAE and that did not
find an entry that was created with FT-SAE when trying to use FT-SAE
again. That resulted in having to use full SAE authentication instead of
the faster PMKSA caching alternative.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index e475978554634a7fa3d5acc4d03009776615cfe3..b0fb62bb0e67d35f120f8b15d5520a2599e486b6 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -638,7 +638,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_SAE
        if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
            pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0,
-                                   NULL, WPA_KEY_MGMT_SAE) == 0) {
+                                   NULL,
+                                   wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE ?
+                                   WPA_KEY_MGMT_FT_SAE :
+                                   WPA_KEY_MGMT_SAE) == 0) {
                wpa_dbg(wpa_s, MSG_DEBUG,
                        "PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
                wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);