Re: [PATCH] cfg80211: support 4-way handshake offloading for WPA/WPA2-PSK

[Arend Van Spriel <arend.vanspriel@broadcom.com>]

On 3-3-2017 13:20, Johannes Berg wrote:
> On Thu, 2017-02-23 at 16:26 +0530, Jithu Jance wrote:
>> On Thu, Feb 23, 2017 at 4:10 PM, Arend Van Spriel
>> <arend.vanspriel@broadcom.com> wrote:
>>>
>>> Ehm. Looking at the code in wpa_supplicant_event_assoc() it would
>>> be
>>> better to use NL80211_CMD_EAPOL_PORT_VALID event to cover both
>>> WPA/WPA2-PSK and 8021X.
>>
>> Yes. IMHO, the assoc/reassoc ind should move the state to
>> WPA_ASSOCIATED and a separate event like
>> NL80211_CMD_EAPOL_PORT_VALID/AUTHORIZED should move the connection
>> state to WPA_COMPLETED.
> 
> That seems reasonable.
> 
> Avi just looked also at distinguishing if/when fresh 1X authentication
> is required, particularly with roaming. For that, he's suggesting to
> add a flag AUTHORIZED to the ROAMED event.
> 
> We could, possibly, have a PORT_AUTHORIZED event for that as well, but
> it'd be more complicated, since then you'd have to wait for that and if
> it doesn't come time out - or we'd need a "PORT_UNAUTHORIZED" or
> "PLEASE_START_1X" instead? None of that really seems like such a great
> idea.
> 
> Perhaps instead it'd make sense to instead include the new AUTHORIZED
> flag in the CONNECT_RESULT as well, if authorized? I basically see 3
> valid cases:
> 
>  * connection successful with authorized port
>  * connection successful with need for 1X handshake (non-offloaded)
>  * connection failed
> 
> Why should we have the case of
>  * association successful but 4-way-HS failed
> 
> separately?

I suppose there is no functional behavior that needs to done upon
association regardless 4-way HS result, ie. obtaining assoc ie info is
only useful if 4-way HS succeeds. I agree using the flag should be
sufficient.

Regards,
Arend