[PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload
Arend van Spriel
arend.vanspriel at broadcom.com
Fri Jun 2 04:19:13 PDT 2017
On 5/29/2017 11:31 AM, Johannes Berg wrote:
> Hi Arend,
>>> Note that this (checking NEW_KEY) only works when you don't have
>>> any split between AP/client cases. Not sure what's the case for
>> Late response so hopefully you recall, but what do you mean by "any
>> split between AP/client cases"?
> I meant the capability split - let's say you support 4-way-HS only for
> client, but not for AP. Then you have to support the NEW_KEY command
> for the AP case, even if you might not support non-offloaded 4-way-HS
> for the client case.
> So if something supports the following:
> * client: offloaded 4-way-HS only
> * AP: not offloaded 4-way-HS only
> Then you have to support NEW_KEY (AP case) and then using NEW_KEY to
> detect whether or not a wpa_s configuration option to not use offloaded
> 4-way-HS can be used will not work correctly.
> I don't really see that this is a sensible configuration, but I could
> imagine it existing if somebody "bolted on" AP functionality for a
> client-side chipset or something like that.
> Again, I think I'm happy to leave this up to you - this kind of
> configuration option should really only be used for debugging anyway,
> so just getting errors later is probably fine.
I was thinking about adding a DOC section in nl80211.h:
* DOC: WPA/WPA2 temporal key exchange offload
* By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
* can indicate offload support of EAPOL handshakes for WPA/WPA2
* preshared key authentication. In %NL80211_CMD_CONNECT the preshared
* key should be specified using %NL80211_ATTR_PMK. Drivers supporting
* this offload may reject the %NL80211_CMD_CONNECT when no preshared
* key material is provided. For example when that driver does not
* support setting the temporal keys through %NL80211_CMD_NEW_KEY.
* Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
* set by drivers indicating offload support of the PTK/GTK EAPOL
* handshakes during 802.1X authentication. In order to use the offload
* the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
* attribute flag. Drivers supporting this offload may reject the
* %NL80211_CMD_CONNECT when the attribute flag is not present.
Could add description for FT, ie. PMK-R0 handling as well. Do you think
this change warrants a separate section or not. Any comments on the text
itself are welcome.
More information about the Hostap