mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-01 11:48:23 -05:00
ec1020512c
Split the auth=none option into three: open, WEP, WEP with shared key to allow the user specify WEP with shared key authentication. In addition, fix static WEP key edits to be enabled only when using static WEP keys (i.e., not for IEEE 802.1X).
92 lines
5.0 KiB
Plaintext
92 lines
5.0 KiB
Plaintext
To do:
|
|
- hostap: try other roaming modes
|
|
NOTE: current mode (manual roaming) does not really roam at all..
|
|
Firmware did not notice the current AP disappearing..
|
|
- add support for WPA with ap_scan=0 (update selected cipher etc. based on
|
|
AssocInfo; make sure these match with configuration)
|
|
- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
|
|
authentication has been completed (cache scard data based on serial#(?)
|
|
and try to optimize next connection if the same card is present for next
|
|
auth)
|
|
- on disconnect event, could try to associate with another AP if one is
|
|
present in scan results; would need to update scan results periodically..
|
|
- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
|
|
ssid->proto fields to avoid detecting downgrade attacks when the driver
|
|
is not reporting RSN IE, but msg 3/4 has one
|
|
- Cisco AP and non-zero keyidx for unicast -> map to broadcast
|
|
(actually, this already works with driver_ndis; so maybe just change
|
|
driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
|
|
for unicast); worked also with Host AP driver and madwifi
|
|
- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
|
|
to see unencrypted EAPOL-Key frames at all..
|
|
- EAP-PAX with PAX_SEC
|
|
- EAP (RFC 3748)
|
|
* OTP Extended Responses (Sect. 5.5)
|
|
- test what happens if authenticator sends EAP-Success before real EAP
|
|
authentication ("canned" Success); this should be ignored based on
|
|
RFC 3748 Sect. 4.2
|
|
- test compilation with gcc -W options (more warnings?)
|
|
(Done once; number of unused function arguments still present)
|
|
- add proper support for using dot11RSNAConfigSATimeout
|
|
- ctrl_iface: get/set/remove blob
|
|
- use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
|
|
web pages including the same information.. i.e., have this information only
|
|
in one page; how to build a PDF file with all the SGML included?
|
|
- EAP-POTP/RSA SecurID profile (RFC 4793)
|
|
- document wpa_gui build and consider adding it to 'make install'
|
|
- test madwifi with pairwise=TKIP group=WEP104
|
|
- possibility to link in WPA Authenticator state machine to wpa_supplicant
|
|
(new PeerKey handshake, WPA2/IEEE 802.11 (RSN) IBSS)
|
|
- consider merging hostapd and wpa_supplicant PMKSA cache implementations
|
|
- consider redesigning pending EAP requests (identity/password/otp from
|
|
ctrl_iface) by moving the retrying of the previous request into EAP
|
|
state machine so that EAPOL state machine is not needed for this
|
|
- rfc4284.txt (network selection for eap)
|
|
- www pages about configuring wpa_supplicant:
|
|
* global options (ap_scan, ctrl_interfaces) based on OS/driver
|
|
* network block
|
|
* key_mgmt selection
|
|
* WPA parameters
|
|
* EAP options (one page for each method)
|
|
* "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
|
|
generate example configuration
|
|
- error path in rsn_preauth_init: should probably deinit l2_packet handlers
|
|
if something fails; does something else need deinit?
|
|
- consider moving SIM card functionality (IMSI fetching) away from eap.c;
|
|
this should likely happen before EAP is initialized for authentication;
|
|
now IMSI is read only after receiving EAP-Identity/Request, but since it is
|
|
really needed for all cases, reading IMSI and generating Identity string
|
|
could very well be done before EAP has been started
|
|
- try to work around race in receiving association event and first EAPOL
|
|
message
|
|
- add wpa_secure_memzero() macro and secure implementation (volatile u8*) to
|
|
clear memory; this would be used to clear temporary buffers containing
|
|
private data (e.g., keys); the macro can be defined to NOP in order to save
|
|
space (i.e., no code should depend on the macro doing something)
|
|
- make sure that TLS session cache is not shared between EAP types or if it
|
|
is, that the cache entries are bound to only one EAP type; e.g., cache entry
|
|
created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
|
|
- consider moving eap_tls_build_ack() call into eap_tls_process_helper()
|
|
(it seems to be called always if helper returns 1)
|
|
* could need to modify eap_{ttls,peap,fast}_decrypt to do same
|
|
- add support for fetching full user cert chain from Windows certificate
|
|
stores even when there are intermediate CA certs that are not in the
|
|
configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
|
|
|
|
|
|
0.7.x branch:
|
|
- clean up common.[ch]
|
|
- change TLS/crypto library interface to use a structure of function
|
|
pointers and helper inline functions (like driver_ops) instead of
|
|
requiring every TLS wrapper to implement all functions
|
|
- add support for encrypted configuration fields (e.g., password, psk,
|
|
passphrase, pin)
|
|
- wpa_gui: add support for setting and showing priority
|
|
|
|
- cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data
|
|
phases should be able to use the same functions for this;
|
|
the last step in processing sent should be this code and rest of the code
|
|
should not need to care about fragmentation at all
|
|
- test EAP-FAST peer with OpenSSL and verify that fallback to full handshake
|
|
(ServerHello followed by something else than ChangeCipherSpec)
|