From: Johannes Berg <johannes@sipsolutions.net>
To: Jouni Malinen <jouni@qca.qualcomm.com>
Cc: linux-wireless@vger.kernel.org, "Kanchanapally,
Vidyullatha" <vkanchan@qti.qualcomm.com>
Subject: Re: [RFC v2] cfg80211: Add support for FILS shared key authentication offload
Date: Tue, 14 Mar 2017 15:01:57 +0100 [thread overview]
Message-ID: <1489500117.10872.7.camel@sipsolutions.net> (raw)
In-Reply-To: <1489054141-7848-1-git-send-email-jouni@qca.qualcomm.com>
> + /* 802.11ai */
> + WLAN_STATUS_FILS_AUTHENTICATION_FAILURE = 108,
> + WLAN_STATUS_UNKNOWN_AUTHENTICATION_SERVER = 109,
Not sure I see much value in that comment there, but whatever :)
> * caching.
> *
> * @bssid: The AP's BSSID.
> - * @pmkid: The PMK material itself.
> + * @pmkid: The identifer to refer a PMKSA.
typo - identifier
> + * @pmk: The PMK for the PMKSA identified by @pmkid. This is used
> for key
> + * derivation by a FILS STA. Otherwise, %NULL.
> + * @pmk_len: Length of the @pmk. The length of @pmk can differ
> depending on
> + * the hash algorithm used to generate this.
> + * @ssid: SSID to specify the ESS within which a PMKSA is valid.
> + * @ssid_len: Length of the @ssid in octets.
> + * @cache_id: Unsigned 16 bit identifier advertized by an AP
> identifying the
> + * scope of PMKSA. This is valid only if @ssid_len is non-
> zero.
> */
> struct cfg80211_pmksa {
> const u8 *bssid;
> const u8 *pmkid;
> + const u8 *pmk;
> + size_t pmk_len;
> + const u8 *ssid;
> + size_t ssid_len;
> + u16 cache_id;
> };
So I'm really still a bit confused by this.
For 802.1X, we decided that using the PMKSA cache to convey the PMK
from the host to the device (after doing the handshake) was a bad idea.
Can you explain why this is different for FILS?
Or wait - I'll attempt myself. In this case, it really *is* a cache,
since the firmware will be able to use any of them?
> /**
> + * struct cfg80211_connect_resp_params - Connection response params
I like this, but I think it'd be good to split it out into a separate
patch.
> +struct cfg80211_connect_resp_params {
> + int status;
> + u8 bssid[ETH_ALEN];
Is there a reason for this to be the value rather than a pointer? I'm
not really sure it actually matters, but the fields below are pointers
too (and kinda have to be) so why the difference?
(Ok, so on 64-bit systems this is smaller, but it's actually easier to
assign a pointer than to memcpy())
> /**
> + * DOC: FILS shared key authentication offload
Thanks :)
johannes
prev parent reply other threads:[~2017-03-14 14:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-09 10:09 [RFC v2] cfg80211: Add support for FILS shared key authentication offload Jouni Malinen
2017-03-14 14:01 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1489500117.10872.7.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=jouni@qca.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
--cc=vkanchan@qti.qualcomm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).