[PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload

Arend van Spriel arend.vanspriel at broadcom.com
Fri Jun 2 04:19:13 PDT 2017

On 5/29/2017 11:31 AM, Johannes Berg wrote:
> Hi Arend,
>>> Note that this (checking NEW_KEY) only works when you don't have
>>> any split between AP/client cases. Not sure what's the case for
>>> you.
>> Late response so hopefully you recall, but what do you mean by "any
>> split between AP/client cases"?
> I meant the capability split - let's say you support 4-way-HS only for
> client, but not for AP. Then you have to support the NEW_KEY command
> for the AP case, even if you might not support non-offloaded 4-way-HS
> for the client case.
> So if something supports the following:
>   * client: offloaded 4-way-HS only
>   * AP: not offloaded 4-way-HS only
> Then you have to support NEW_KEY (AP case) and then using NEW_KEY to
> detect whether or not a wpa_s configuration option to not use offloaded
> 4-way-HS can be used will not work correctly.
> I don't really see that this is a sensible configuration, but I could
> imagine it existing if somebody "bolted on" AP functionality for a
> client-side chipset or something like that.
> Again, I think I'm happy to leave this up to you - this kind of
> configuration option should really only be used for debugging anyway,
> so just getting errors later is probably fine.

Hi Johannes,

I was thinking about adding a DOC section in nl80211.h:

  * DOC: WPA/WPA2 temporal key exchange offload
  * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
  * can indicate offload support of EAPOL handshakes for WPA/WPA2
  * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
  * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
  * this offload may reject the %NL80211_CMD_CONNECT when no preshared
  * key material is provided. For example when that driver does not
  * support setting the temporal keys through %NL80211_CMD_NEW_KEY.
  * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
  * set by drivers indicating offload support of the PTK/GTK EAPOL
  * handshakes during 802.1X authentication. In order to use the offload
  * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
  * attribute flag. Drivers supporting this offload may reject the
  * %NL80211_CMD_CONNECT when the attribute flag is not present.

Could add description for FT, ie. PMK-R0 handling as well. Do you think 
this change warrants a separate section or not. Any comments on the text 
itself are welcome.


More information about the Hostap mailing list