Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9474b3a4e4
Branches Tags
krackattacks
/
wpa_supplicant
/
todo.txt

todo.txt 5.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. To do:
    2. 

  2. - hostap: try other roaming modes
    3. 

  3.   NOTE: current mode (manual roaming) does not really roam at all..
    4. 

  4.   Firmware did not notice the current AP disappearing..
    5. 

  5. - add support for WPA with ap_scan=0 (update selected cipher etc. based on
    6. 

  6.   AssocInfo; make sure these match with configuration)
    7. 

  7. - consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
    8. 

  8.   authentication has been completed (cache scard data based on serial#(?)
    9. 

  9.   and try to optimize next connection if the same card is present for next
    10. 

  10.   auth)
    11. 

  11. - on disconnect event, could try to associate with another AP if one is
    12. 

  12.   present in scan results; would need to update scan results periodically..
    13. 

  13. - if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
    14. 

  14.   ssid->proto fields to avoid detecting downgrade attacks when the driver
    15. 

  15.   is not reporting RSN IE, but msg 3/4 has one
    16. 

  16. - Cisco AP and non-zero keyidx for unicast -> map to broadcast
    17. 

  17.   (actually, this already works with driver_ndis; so maybe just change
    18. 

  18.   driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
    19. 

  19.   for unicast); worked also with Host AP driver and madwifi
    20. 

  20. - IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
    21. 

  21.   to see unencrypted EAPOL-Key frames at all..
    22. 

  22. - EAP-PAX with PAX_SEC
    23. 

  23. - EAP (RFC 3748)
    24. 

  24.   * OTP Extended Responses (Sect. 5.5)
    25. 

  25. - test what happens if authenticator sends EAP-Success before real EAP
    26. 

  26.   authentication ("canned" Success); this should be ignored based on
    27. 

  27.   RFC 3748 Sect. 4.2
    28. 

  28. - test compilation with gcc -W options (more warnings?)
    29. 

  29.   (Done once; number of unused function arguments still present)
    30. 

  30. - add proper support for using dot11RSNAConfigSATimeout
    31. 

  31. - ctrl_iface: get/set/remove blob
    32. 

  32. - use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
    33. 

  33.   web pages including the same information.. i.e., have this information only
    34. 

  34.   in one page; how to build a PDF file with all the SGML included?
    35. 

  35. - EAP-POTP/RSA SecurID profile (RFC 4793)
    36. 

  36. - document wpa_gui build and consider adding it to 'make install'
    37. 

  37. - test madwifi with pairwise=TKIP group=WEP104
    38. 

  38. - possibility to link in WPA Authenticator state machine to wpa_supplicant
    39. 

  39.   (new PeerKey handshake, WPA2/IEEE 802.11 (RSN) IBSS)
    40. 

  40. - consider merging hostapd and wpa_supplicant PMKSA cache implementations
    41. 

  41. - consider redesigning pending EAP requests (identity/password/otp from
    42. 

  42.   ctrl_iface) by moving the retrying of the previous request into EAP
    43. 

  43.   state machine so that EAPOL state machine is not needed for this
    44. 

  44. - rfc4284.txt (network selection for eap)
    45. 

  45. - www pages about configuring wpa_supplicant:
    46. 

  46.   * global options (ap_scan, ctrl_interfaces) based on OS/driver
    47. 

  47.   * network block
    48. 

  48.   * key_mgmt selection
    49. 

  49.   * WPA parameters
    50. 

  50.   * EAP options (one page for each method)
    51. 

  51.   * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
    52. 

  52.     generate example configuration
    53. 

  53. - error path in rsn_preauth_init: should probably deinit l2_packet handlers
    54. 

  54.   if something fails; does something else need deinit?
    55. 

  55. - consider moving SIM card functionality (IMSI fetching) away from eap.c;
    56. 

  56.   this should likely happen before EAP is initialized for authentication;
    57. 

  57.   now IMSI is read only after receiving EAP-Identity/Request, but since it is
    58. 

  58.   really needed for all cases, reading IMSI and generating Identity string
    59. 

  59.   could very well be done before EAP has been started
    60. 

  60. - try to work around race in receiving association event and first EAPOL
    61. 

  61.   message
    62. 

  62. - helper function to do memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN)
    63. 

  63. - add wpa_secure_memzero() macro and secure implementation (volatile u8*) to
    64. 

  64.   clear memory; this would be used to clear temporary buffers containing
    65. 

  65.   private data (e.g., keys); the macro can be defined to NOP in order to save
    66. 

  66.   space (i.e., no code should depend on the macro doing something)
    67. 

  67. - make sure that TLS session cache is not shared between EAP types or if it
    68. 

  68.   is, that the cache entries are bound to only one EAP type; e.g., cache entry
    69. 

  69.   created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
    70. 

  70. - consider moving eap_tls_build_ack() call into eap_tls_process_helper()
    71. 

  71.   (it seems to be called always if helper returns 1)
    72. 

  72.   * could need to modify eap_{ttls,peap,fast}_decrypt to do same
    73. 

  73. - add support for fetching full user cert chain from Windows certificate
    74. 

  74.   stores even when there are intermediate CA certs that are not in the
    75. 

  75.   configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
    76. 

  76. 

  77. 

  78. 0.6.x branch:
    79. 

  79. - clean up common.[ch]
    80. 

  80. - change TLS/crypto library interface to use a structure of function
    81. 

  81.   pointers and helper inline functions (like driver_ops) instead of
    82. 

  82.   requiring every TLS wrapper to implement all functions
    83. 

  83. - add support for encrypted configuration fields (e.g., password, psk,
    84. 

  84.   passphrase, pin)
    85. 

  85. - wpa_gui: add support for setting and showing priority, auth_alg
    86. 

  86.   (open/shared for static WEP)
    87. 

  87. 

  88. - cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data
    89. 

  89.   phases should be able to use the same functions for this;
    90. 

  90.   the last step in processing sent should be this code and rest of the code
    91. 

  91.   should not need to care about fragmentation at all
    92. 

  92. - test EAP-FAST peer with OpenSSL and verify that fallback to full handshake
    93. 

  93.   (ServerHello followed by something else than ChangeCipherSpec)
    94.