Return-path: Received: from out1-smtp.messagingengine.com ([66.111.4.25]:56209 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750830AbdE1Vaa (ORCPT ); Sun, 28 May 2017 17:30:30 -0400 Date: Mon, 29 May 2017 07:30:25 +1000 From: "Tobin C. Harding" To: Dan Williams Cc: Johannes Berg , linux-wireless@vger.kernel.org Subject: Re: WPA and WPA2 Message-ID: <20170528213025.GA4233@eros> (sfid-20170528_233409_473910_375CBE08) References: <20170524072750.GI8158@eros> <20170524073459.GJ8158@eros> <1495644240.12939.3.camel@redhat.com> <1495649200.20833.1.camel@sipsolutions.net> <20170524224014.GC2319@eros> <1495734353.12839.2.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <1495734353.12839.2.camel@redhat.com> Sender: linux-wireless-owner@vger.kernel.org List-ID: On Thu, May 25, 2017 at 12:45:53PM -0500, Dan Williams wrote: > On Thu, 2017-05-25 at 08:40 +1000, Tobin C. Harding wrote: > > On Wed, May 24, 2017 at 08:06:40PM +0200, Johannes Berg wrote: > > > Just a small correction: > > > > > > On Wed, 2017-05-24 at 11:44 -0500, Dan Williams wrote: > > > > > > > > For RSN, they are 1 = PMK, 2 = GMK, 3 = GMK2, 4 seems unused. > > > > > > PTK and GTK, and in theory you could have more than two GTKs but > > > that's > > > not usually done. > > > > Excuse my ignorance but why do you say PTK and GTK here? Who > > generates > > the transient keys, hardware, firmware or software? Is this device > > specific or is there a *normal* way? > > > > From the nomenclature in the WEXT driver I thought the driver > > supplied the > > master keys to the firmware and transient keys were generated at the > > firmware layer or lower. > > Usually the supplicant supplies only the PTK/GTK to the driver at the > right times (like during the 4-way handshake). It looks like the > driver only refers to PMK/GMK when using the rx_seq[] bits, while the > actual WPA keys are probably the PTK/GTK. > > While it's not the best example, see > drivers/net/wireless/marvell/libertas/cfg.c and lbs_cfg_connect() and > lbs_cfg_add_key(). That should translate fairly well to the ks7010 > driver. The important parts you'll get from nl80211 are > add_key/del_key and set_default_key. The connect hook gets called > first to tell the driver to start the auth/assoc process to a given AP, > and that's where you'd set up the general stuff like whether or not > you'll use WEP or WPA, what the SSID/BSSID are, whether PSK or > EAPOL/802.1x, rates, etc. Then after that you'll get the add_key hook > that actually sends the real keys to the driver when the supplicant has > calculated them. > > > Dan Awesome, thanks Dan