wpa-supplicant questions

Bar, Eitan eitanb
Thu Sep 8 00:46:21 PDT 2005

Hi Jouni,

Thanks for the response :)

Regarding Pre-authentication, a few more questions:

1. When the driver generates the EVENT_PMKID_CANDIDATE event, this is
done per BSSID, right? Meaning the driver should parse scan results, for
APs with same SSID, and generate EVENT_PMKID_CANDIDATE event per AP?

2. Does the driver have to wait for a SET-PMKID (pre-auth complete) to
be called before issuing a new EVENT_PMKID_CANDIDATE event? Or can it
send a few events as a bunch and then wait for all results?

3. Can the driver called EVENT_PMKID_CANDIDATE with current (connected)

4. Regarding pre-auth failure, I will probably modify the event handler
to start a timeout per BSSID and then notify the driver of failure. I
currently need this since it is a driver requirement (host CPU must be
informed of end of pre-authentication process so it would be able to
power-down if idle).
Besides timeout of a request, is there a specific fail message sent by
APs in case of pre-auth failure?



-----Original Message-----
From: hostap-bounces+eitanb=ti.com at shmoo.com
[mailto:hostap-bounces+eitanb=ti.com at shmoo.com] On Behalf Of Jouni
Sent: Thursday, September 08, 2005 10:24 AM
To: hostap at shmoo.com
Subject: Re: wpa-supplicant questions

On Wed, Sep 07, 2005 at 07:48:49PM +0300, Bar, Eitan wrote:

> 1.	Does OpenSSL have to be compiled and linked along wpa-supplicant
> even if only WPA(2)-PSK is used?

No, wpa_supplicant includes internal implementation for MD5/SHA1/AES
that will be used if not TLS library is linked in (e.g., if no EAP
method is selected in .config).

> 3.	In case my driver "needs" to be responsible for AP (BSSID)
> selection, setting ap_scan=2 in the config file should do the trick,
> right?

Yes as long as the driver_*.c code for the driver knows how to configure
the driver properly for this.

> 4.	After successful connection with WPA-PSK (for example), If my
> driver performs roaming to another WPA-PSK AP, is it enough for my
> driver to simply signal the wpa-supplicant of the roaming-event
> EVENT_ASSOC event ? Will the wpa-supplicant then simply initiate EAPOL
> sequence accordingly (of course after Get-WPA-IE etc etc)?


> 5.	Can somebody please explain sequence of events with
> pre-authentication?
> 	a.	Who initiates pre-authenticaion? (driver request or
> wpa-supplicant performs this alone?)

wpa_supplicant initiates pre-authentication based on information from
the driver.

> 	b.	If wpa-supplicant initiates this, does it still do so if
> "ap-scan=2"? Since list of other APs with same SSID can only be
> retrieved through get-scan-results API

Yes, but with ap_scan=2 the driver has to be generating
EVENT_PMKID_CANDIDATE events since wpa_supplicant does not get knowledge
about pre-authentication candidates from scan results in this case.

> 	d.	Can the driver be notified of success/failure of
> pre-authenticaion process? (I mean besides set-pmkid per AP)

I'm not aware of any need for doing this. Success is indeed notified
by setting PMKID for the matching BSSID. What would the driver do with
separate notification?

> 	e.	In which cases flush_pmkid and remove_pmkid are called?

flush_pmkid is not currently called by wpa_supplicant core code, but it
could end up being used whenever wpa_supplicant is terminated.
remove_pmkid is used when there is no room for new PMKSA entries or if a
PMKSA entry expires.

Jouni Malinen                                            PGP id EFC895FA
HostAP mailing list
HostAP at shmoo.com

More information about the Hostap mailing list