From: Johannes Berg <johannes@sipsolutions.net>
To: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>,
"hostap@lists.infradead.org" <hostap@lists.infradead.org>
Subject: Re: [PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload
Date: Fri, 09 Jun 2017 11:08:04 +0200 [thread overview]
Message-ID: <1496999284.2424.7.camel@sipsolutions.net> (raw)
In-Reply-To: <d41f58e9-b12e-9e52-a0fb-b674d278353b@broadcom.com> (sfid-20170603_100839_987129_9FE5CC46)
Hi Arend,
Sorry about the delay.
> > Then you have to support NEW_KEY (AP case) and then using NEW_KEY
> > to
> > detect whether or not a wpa_s configuration option to not use
> > offloaded
> > 4-way-HS can be used will not work correctly.
> >
> > I don't really see that this is a sensible configuration, but I
> > could
> > imagine it existing if somebody "bolted on" AP functionality for a
> > client-side chipset or something like that.
> So I want to get back to this as to assure we have the same
> understanding. First off, the proposed offloads are STA-only.
Right. But we at least also want to have them for AP mode, which
answers your below question.
> So if a
> driver supports STA and AP mode and the 4-way-HS offload, we could
> already have the case you describe here. So not really a "bolted on"
> scenario I would say.
But if you say you don't have it in AP mode, or you didn't even think
about it in AP mode yet, then I think you're right and the "bolted on"
part doesn't really apply (*).
However, this does mean that checking for NEW_KEY support _isn't_
sufficient to understand whether or not the device also supports doing
the 4-way-HS in the host, because the device might _not_ support that
in client mode, yet implement NEW_KEY for AP mode, right?
In any case - I don't think this changes much my opinion. I think that
newer wpa_s should always use the offload where available, and if
there's a debug option to turn that off, and that debug option causes
failures because the driver rejects the NEW_KEY command, rather than
causing an up-front configuration failure because wpa_s knows that the
NEW_KEY wouldn't be supported, then I don't think for a debug option
that makes a big difference. For something that higher layers might
need to set, it would make a difference - but that's not at stake here.
johannes
(*) my line of thinking was that if you have the necessary state
machine for client in the firmware, then it's not a huge step to also
have it for AP, since you have the crypto primitives for it
next prev parent reply other threads:[~2017-06-09 9:08 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-03 10:42 [PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 1/9] cfg80211: support 4-way handshake offloading for WPA/WPA2-PSK Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 2/9] cfg80211: support 4-way handshake offloading for 802.1X Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 3/9] nl80211: add authorized flag to CONNECT event Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 4/9] nl80211: add authorized flag to ROAM event Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 5/9] nl80211: remove desciption about request from NL80211_CMD_ROAM Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 6/9] brcmfmac: support 4-way handshake offloading for WPA/WPA2-PSK Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 7/9] brcmfmac: support 4-way handshake offloading for 802.1X Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 8/9] brcmfmac: switch to using cfg80211_connect_done() Arend van Spriel
2017-05-03 10:42 ` [PATCH V2 9/9] brcmfmac: provide port authorized state in CONNECT event Arend van Spriel
2017-05-17 14:19 ` [PATCH V2 0/9] nl80211: add support for PTK/GTK handshake offload Johannes Berg
2017-05-18 8:18 ` Arend Van Spriel
2017-05-18 9:22 ` Johannes Berg
2017-05-18 10:29 ` Arend Van Spriel
2017-05-18 10:40 ` Johannes Berg
2017-05-18 12:48 ` Arend Van Spriel
2017-05-19 10:21 ` Johannes Berg
2017-05-22 10:14 ` Arend van Spriel
2017-05-22 10:28 ` Johannes Berg
2017-05-29 9:18 ` Arend van Spriel
2017-05-29 9:31 ` Johannes Berg
2017-06-02 11:19 ` Arend van Spriel
2017-06-02 13:56 ` Johannes Berg
2017-06-03 8:08 ` Arend van Spriel
2017-06-09 9:08 ` Johannes Berg [this message]
2017-06-09 10:34 ` Arend van Spriel
2017-06-09 10:59 ` Johannes Berg
2017-06-09 11:21 ` Arend van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1496999284.2424.7.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=arend.vanspriel@broadcom.com \
--cc=hostap@lists.infradead.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.