On 4/4/2018 12:36 PM, Johannes Berg wrote:
Hi,
Started working on this and actually the "weird flags thing" is done for
a reason. Maybe the reason was because it is done like that in the
CMD_CONNECT case, but the better reason is that we need to return
-EINVAL for "no-fils-offload-support, any-fils-param" *and*
"fils-offload-support, not-all-fils-param".
Ok, fair enough.
I added a comment for this in the patch.
Also there is a DOC section about FILS shared key authentication
offload" so I suppose that should be extended as well.
So looking at the DOC section I am reading the following:
* When FILS shared key authentication is completed, driver needs to
provide the
* below additional parameters to userspace.
* %NL80211_ATTR_FILS_KEK - used for key renewal
* %NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM - used in further EAP-RP exchanges
* %NL80211_ATTR_PMKID - used to identify the PMKSA used/generated
* %Nl80211_ATTR_PMK - used to update PMKSA cache in userspace
* The PMKSA can be maintained in userspace persistently so that it can
be used
* later after reboots or wifi turn off/on also.
So to me it seems we need these for the ROAM event as well. Agree?
Maybe not all of them, you could be using the same PMKSA, but yes, I
tend to agree.
I would argue that for the scenario where you do CMD_CONNECT(auth=open)
and CMD_UPDATE_CONNECT_PARAMS(auth=fils-sk) the ROAM event should
provide all the above. From what I understand from my colleagues this is
a supported scenario.
Regards,
Arend
