Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 30c2897179
Branches Tags
krackattacks
/
wpa_supplicant
/
todo.txt

todo.txt 5.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. To do:
    2. 

  2. - add support for WPA with ap_scan=0 (update selected cipher etc. based on
    3. 

  3.   AssocInfo; make sure these match with configuration)
    4. 

  4. - consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
    5. 

  5.   authentication has been completed (cache scard data based on serial#(?)
    6. 

  6.   and try to optimize next connection if the same card is present for next
    7. 

  7.   auth)
    8. 

  8. - on disconnect event, could try to associate with another AP if one is
    9. 

  9.   present in scan results; would need to update scan results periodically..
    10. 

  10. - if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
    11. 

  11.   ssid->proto fields to avoid detecting downgrade attacks when the driver
    12. 

  12.   is not reporting RSN IE, but msg 3/4 has one
    13. 

  13. - Cisco AP and non-zero keyidx for unicast -> map to broadcast
    14. 

  14.   (actually, this already works with driver_ndis; so maybe just change
    15. 

  15.   driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
    16. 

  16.   for unicast); worked also with Host AP driver and madwifi
    17. 

  17. - IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
    18. 

  18.   to see unencrypted EAPOL-Key frames at all..
    19. 

  19. - EAP-PAX with PAX_SEC
    20. 

  20. - EAP (RFC 3748)
    21. 

  21.   * OTP Extended Responses (Sect. 5.5)
    22. 

  22. - test what happens if authenticator sends EAP-Success before real EAP
    23. 

  23.   authentication ("canned" Success); this should be ignored based on
    24. 

  24.   RFC 3748 Sect. 4.2
    25. 

  25. - test compilation with gcc -W options (more warnings?)
    26. 

  26.   (Done once; number of unused function arguments still present)
    27. 

  27. - add proper support for using dot11RSNAConfigSATimeout
    28. 

  28. - ctrl_iface: get/set/remove blob
    29. 

  29. - use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
    30. 

  30.   web pages including the same information.. i.e., have this information only
    31. 

  31.   in one page; how to build a PDF file with all the SGML included?
    32. 

  32. - EAP-POTP/RSA SecurID profile (RFC 4793)
    33. 

  33. - document wpa_gui build and consider adding it to 'make install'
    34. 

  34. - test madwifi with pairwise=TKIP group=WEP104
    35. 

  35. - possibility to link in WPA Authenticator state machine to wpa_supplicant
    36. 

  36.   (new PeerKey handshake, WPA2/IEEE 802.11 (RSN) IBSS)
    37. 

  37. - consider merging hostapd and wpa_supplicant PMKSA cache implementations
    38. 

  38. - consider redesigning pending EAP requests (identity/password/otp from
    39. 

  39.   ctrl_iface) by moving the retrying of the previous request into EAP
    40. 

  40.   state machine so that EAPOL state machine is not needed for this
    41. 

  41. - rfc4284.txt (network selection for eap)
    42. 

  42. - www pages about configuring wpa_supplicant:
    43. 

  43.   * global options (ap_scan, ctrl_interfaces) based on OS/driver
    44. 

  44.   * network block
    45. 

  45.   * key_mgmt selection
    46. 

  46.   * WPA parameters
    47. 

  47.   * EAP options (one page for each method)
    48. 

  48.   * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
    49. 

  49.     generate example configuration
    50. 

  50. - error path in rsn_preauth_init: should probably deinit l2_packet handlers
    51. 

  51.   if something fails; does something else need deinit?
    52. 

  52. - consider moving SIM card functionality (IMSI fetching) away from eap.c;
    53. 

  53.   this should likely happen before EAP is initialized for authentication;
    54. 

  54.   now IMSI is read only after receiving EAP-Identity/Request, but since it is
    55. 

  55.   really needed for all cases, reading IMSI and generating Identity string
    56. 

  56.   could very well be done before EAP has been started
    57. 

  57. - try to work around race in receiving association event and first EAPOL
    58. 

  58.   message
    59. 

  59. - try to work around race in configuring PTK and sending msg 4/4 (some NDIS
    60. 

  60.   drivers with ndiswrapper end up not being able to complete 4-way handshake
    61. 

  61.   in some cases; extra delay before setting the key seems to help)
    62. 

  62. - add wpa_secure_memzero() macro and secure implementation (volatile u8*) to
    63. 

  63.   clear memory; this would be used to clear temporary buffers containing
    64. 

  64.   private data (e.g., keys); the macro can be defined to NOP in order to save
    65. 

  65.   space (i.e., no code should depend on the macro doing something)
    66. 

  66. - make sure that TLS session cache is not shared between EAP types or if it
    67. 

  67.   is, that the cache entries are bound to only one EAP type; e.g., cache entry
    68. 

  68.   created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
    69. 

  69. - consider moving eap_tls_build_ack() call into eap_tls_process_helper()
    70. 

  70.   (it seems to be called always if helper returns 1)
    71. 

  71.   * could need to modify eap_{ttls,peap,fast}_decrypt to do same
    72. 

  72. - add support for fetching full user cert chain from Windows certificate
    73. 

  73.   stores even when there are intermediate CA certs that are not in the
    74. 

  74.   configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
    75. 

  75. - clean up common.[ch]
    76. 

  76. - change TLS/crypto library interface to use a structure of function
    77. 

  77.   pointers and helper inline functions (like driver_ops) instead of
    78. 

  78.   requiring every TLS wrapper to implement all functions
    79. 

  79. - add support for encrypted configuration fields (e.g., password, psk,
    80. 

  80.   passphrase, pin)
    81. 

  81. - wpa_gui: add support for setting and showing priority
    82. 

  82. - cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data
    83. 

  83.   phases should be able to use the same functions for this;
    84. 

  84.   the last step in processing sent should be this code and rest of the code
    85. 

  85.   should not need to care about fragmentation at all
    86. 

  86. - test EAP-FAST peer with OpenSSL and verify that fallback to full handshake
    87. 

  87.   (ServerHello followed by something else than ChangeCipherSpec)
    88.