On 4/4/2018 12:36 PM, Johannes Berg wrote:

Started working on this and actually the "weird flags thing" is done for
a reason. Maybe the reason was because it is done like that in the
CMD_CONNECT case, but the better reason is that we need to return
-EINVAL for "no-fils-offload-support, any-fils-param" *and*
"fils-offload-support, not-all-fils-param".

Ok, fair enough.

I added a comment for this in the patch.

Also there is a DOC section about FILS shared key authentication
offload" so I suppose that should be extended as well.

So looking at the DOC section I am reading the following:

   * When FILS shared key authentication is completed, driver needs to
provide the
   * below additional parameters to userspace.
   *    %NL80211_ATTR_FILS_KEK - used for key renewal
   *    %NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM - used in further EAP-RP exchanges
   *    %NL80211_ATTR_PMKID - used to identify the PMKSA used/generated
   *    %Nl80211_ATTR_PMK - used to update PMKSA cache in userspace
   * The PMKSA can be maintained in userspace persistently so that it can
be used
   * later after reboots or wifi turn off/on also.

So to me it seems we need these for the ROAM event as well. Agree?

Maybe not all of them, you could be using the same PMKSA, but yes, I
tend to agree.

I would argue that for the scenario where you do CMD_CONNECT(auth=open) and CMD_UPDATE_CONNECT_PARAMS(auth=fils-sk) the ROAM event should provide all the above. From what I understand from my colleagues this is a supported scenario.


Reply via email to