On Thu, Feb 13, 2020 at 04:32:44PM +0000, Sergey Matyukevich wrote: > Thanks for clarification. Lets assume that we would like to support > at least pure OWE or SAE configuration for the time being. Then > what do you think about the change along the following lines: > > diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c > @@ -4202,6 +4202,12 @@ static int wpa_driver_nl80211_set_ap(void *priv, > suites[num_suites++] = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; > if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) > suites[num_suites++] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; > + if (num_suites < NL80211_MAX_NR_AKM_SUITES && > + params->key_mgmt_suites & WPA_KEY_MGMT_SAE) > + suites[num_suites++] = RSN_AUTH_KEY_MGMT_SAE; > + if (num_suites < NL80211_MAX_NR_AKM_SUITES && > + params->key_mgmt_suites & WPA_KEY_MGMT_OWE) > + suites[num_suites++] = RSN_AUTH_KEY_MGMT_OWE; > if (num_suites && > nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32), > suites)) This can result in conflicting configuration since anything beyond NL80211_MAX_NR_AKM_SUITES would be ignored from kernel side configuration while hostapd internally would have additional AKMs enabled. I don't think this would be a good thing to do. Really, this needs cfg80211 to be extended to allow more AKM suites to be configured. If any workaround is needed before that happens, I think the only acceptable approach would be to allow cases where only one or two AKMs are enabled in the configuration. In other words, wpa_driver_nl80211_set_ap() could be extended with SAE and OWE (and other AKM suites for that matter) as long as it does not pass NL80211_ATTR_AKM_SUITES, to the kernel if more than NL80211_MAX_NR_AKM_SUITES suites are enabled. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
