On 5/29/2017 11:31 AM, Johannes Berg wrote:
Hi Arend,
Note that this (checking NEW_KEY) only works when you don't have
any split between AP/client cases. Not sure what's the case for
you.
Late response so hopefully you recall, but what do you mean by "any
split between AP/client cases"?
I meant the capability split - let's say you support 4-way-HS only for
client, but not for AP. Then you have to support the NEW_KEY command
for the AP case, even if you might not support non-offloaded 4-way-HS
for the client case.
So if something supports the following:
* client: offloaded 4-way-HS only
* AP: not offloaded 4-way-HS only
Then you have to support NEW_KEY (AP case) and then using NEW_KEY to
detect whether or not a wpa_s configuration option to not use offloaded
4-way-HS can be used will not work correctly.
I don't really see that this is a sensible configuration, but I could
imagine it existing if somebody "bolted on" AP functionality for a
client-side chipset or something like that.
Again, I think I'm happy to leave this up to you - this kind of
configuration option should really only be used for debugging anyway,
so just getting errors later is probably fine.
Hi Johannes,
I was thinking about adding a DOC section in nl80211.h:
/**
* DOC: WPA/WPA2 temporal key exchange offload
*
* By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
* can indicate offload support of EAPOL handshakes for WPA/WPA2
* preshared key authentication. In %NL80211_CMD_CONNECT the preshared
* key should be specified using %NL80211_ATTR_PMK. Drivers supporting
* this offload may reject the %NL80211_CMD_CONNECT when no preshared
* key material is provided. For example when that driver does not
* support setting the temporal keys through %NL80211_CMD_NEW_KEY.
*
* Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
* set by drivers indicating offload support of the PTK/GTK EAPOL
* handshakes during 802.1X authentication. In order to use the offload
* the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
* attribute flag. Drivers supporting this offload may reject the
* %NL80211_CMD_CONNECT when the attribute flag is not present.
*/
Could add description for FT, ie. PMK-R0 handling as well. Do you think
this change warrants a separate section or not. Any comments on the text
itself are welcome.
Regards,
Arend
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap