Re: [PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/29/2017 11:31 AM, Johannes Berg wrote:

Hi Arend,


Note that this (checking NEW_KEY) only works when you don't have
any split between AP/client cases. Not sure what's the case for
you.


Late response so hopefully you recall, but what do you mean by "any
split between AP/client cases"?


I meant the capability split - let's say you support 4-way-HS only for
client, but not for AP. Then you have to support the NEW_KEY command
for the AP case, even if you might not support non-offloaded 4-way-HS
for the client case.

So if something supports the following:

  * client: offloaded 4-way-HS only
  * AP: not offloaded 4-way-HS only

Then you have to support NEW_KEY (AP case) and then using NEW_KEY to
detect whether or not a wpa_s configuration option to not use offloaded
4-way-HS can be used will not work correctly.

I don't really see that this is a sensible configuration, but I could
imagine it existing if somebody "bolted on" AP functionality for a
client-side chipset or something like that.

Again, I think I'm happy to leave this up to you - this kind of
configuration option should really only be used for debugging anyway,
so just getting errors later is probably fine.


Hi Johannes,

I was thinking about adding a DOC section in nl80211.h:

/**
 * DOC: WPA/WPA2 temporal key exchange offload
 *
 * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
 * can indicate offload support of EAPOL handshakes for WPA/WPA2
 * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
 * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
 * this offload may reject the %NL80211_CMD_CONNECT when no preshared
 * key material is provided. For example when that driver does not
 * support setting the temporal keys through %NL80211_CMD_NEW_KEY.
 *
 * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
 * set by drivers indicating offload support of the PTK/GTK EAPOL
 * handshakes during 802.1X authentication. In order to use the offload
 * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
 * attribute flag. Drivers supporting this offload may reject the
 * %NL80211_CMD_CONNECT when the attribute flag is not present.
 */
Could add description for FT, ie. PMK-R0 handling as well. Do you think this change warrants a separate section or not. Any comments on the text itself are welcome. 

Regards,
Arend


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux