FT: Allow cached XXKey/MPMK to be used if new XXKey is not available

This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 7dcb1043bfcc4b7e0dd7d702d010b1aff6cd945a..41592511ed198655054d0172214ea65aca3320fb 100644 (file)
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -18,6 +18,7 @@
 #include "drivers/driver.h"
 #include "wpa.h"
 #include "wpa_i.h"
+#include "pmksa_cache.h"
 
 #ifdef CONFIG_IEEE80211R
 
@@ -27,15 +28,23 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
        u8 ptk_name[WPA_PMK_NAME_LEN];
        const u8 *anonce = key->key_nonce;
        int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
-
-       if (sm->xxkey_len == 0) {
+       const u8 *mpmk;
+       size_t mpmk_len;
+
+       if (sm->xxkey_len > 0) {
+               mpmk = sm->xxkey;
+               mpmk_len = sm->xxkey_len;
+       } else if (sm->cur_pmksa) {
+               mpmk = sm->cur_pmksa->pmk;
+               mpmk_len = sm->cur_pmksa->pmk_len;
+       } else {
                wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
                           "derivation");
                return -1;
        }
 
        sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
-       if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
+       if (wpa_derive_pmk_r0(mpmk, mpmk_len, sm->ssid,
                              sm->ssid_len, sm->mobility_domain,
                              sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
                              sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)