robin.thoni
/
hostapd-rtl8188
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
2 Commits
1 Branch
Tag: e79cbd9348
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de e79cbd9348
${ noResults }
hostapd-rtl8188/wpa_supplicant/todo.txt

todo.txt 5.0KB
Histórico Original

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. To do:

  2. - add support for WPA with ap_scan=0 (update selected cipher etc. based on

  3.   AssocInfo; make sure these match with configuration)

  4. - consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA

  5.   authentication has been completed (cache scard data based on serial#(?)

  6.   and try to optimize next connection if the same card is present for next

  7.   auth)

  8. - on disconnect event, could try to associate with another AP if one is

  9.   present in scan results; would need to update scan results periodically..

  10. - if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from

  11.   ssid->proto fields to avoid detecting downgrade attacks when the driver

  12.   is not reporting RSN IE, but msg 3/4 has one

  13. - Cisco AP and non-zero keyidx for unicast -> map to broadcast

  14.   (actually, this already works with driver_ndis; so maybe just change

  15.   driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx

  16.   for unicast); worked also with Host AP driver and madwifi

  17. - IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem

  18.   to see unencrypted EAPOL-Key frames at all..

  19. - EAP-PAX with PAX_SEC

  20. - EAP (RFC 3748)

  21.   * OTP Extended Responses (Sect. 5.5)

  22. - test what happens if authenticator sends EAP-Success before real EAP

  23.   authentication ("canned" Success); this should be ignored based on

  24.   RFC 3748 Sect. 4.2

  25. - test compilation with gcc -W options (more warnings?)

  26.   (Done once; number of unused function arguments still present)

  27. - add proper support for using dot11RSNAConfigSATimeout

  28. - ctrl_iface: get/set/remove blob

  29. - use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and

  30.   web pages including the same information.. i.e., have this information only

  31.   in one page; how to build a PDF file with all the SGML included?

  32. - EAP-POTP/RSA SecurID profile (RFC 4793)

  33. - document wpa_gui build and consider adding it to 'make install'

  34. - test madwifi with pairwise=TKIP group=WEP104

  35. - consider merging hostapd and wpa_supplicant PMKSA cache implementations

  36. - consider redesigning pending EAP requests (identity/password/otp from

  37.   ctrl_iface) by moving the retrying of the previous request into EAP

  38.   state machine so that EAPOL state machine is not needed for this

  39. - rfc4284.txt (network selection for eap)

  40. - www pages about configuring wpa_supplicant:

  41.   * global options (ap_scan, ctrl_interfaces) based on OS/driver

  42.   * network block

  43.   * key_mgmt selection

  44.   * WPA parameters

  45.   * EAP options (one page for each method)

  46.   * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to

  47.     generate example configuration

  48. - error path in rsn_preauth_init: should probably deinit l2_packet handlers

  49.   if something fails; does something else need deinit?

  50. - consider moving SIM card functionality (IMSI fetching) away from eap.c;

  51.   this should likely happen before EAP is initialized for authentication;

  52.   now IMSI is read only after receiving EAP-Identity/Request, but since it is

  53.   really needed for all cases, reading IMSI and generating Identity string

  54.   could very well be done before EAP has been started

  55. - try to work around race in receiving association event and first EAPOL

  56.   message

  57. - try to work around race in configuring PTK and sending msg 4/4 (some NDIS

  58.   drivers with ndiswrapper end up not being able to complete 4-way handshake

  59.   in some cases; extra delay before setting the key seems to help)

  60. - add wpa_secure_memzero() macro and secure implementation (volatile u8*) to

  61.   clear memory; this would be used to clear temporary buffers containing

  62.   private data (e.g., keys); the macro can be defined to NOP in order to save

  63.   space (i.e., no code should depend on the macro doing something)

  64. - make sure that TLS session cache is not shared between EAP types or if it

  65.   is, that the cache entries are bound to only one EAP type; e.g., cache entry

  66.   created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS

  67. - consider moving eap_tls_build_ack() call into eap_tls_process_helper()

  68.   (it seems to be called always if helper returns 1)

  69.   * could need to modify eap_{ttls,peap,fast}_decrypt to do same

  70. - add support for fetching full user cert chain from Windows certificate

  71.   stores even when there are intermediate CA certs that are not in the

  72.   configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)

  73. - clean up common.[ch]

  74. - change TLS/crypto library interface to use a structure of function

  75.   pointers and helper inline functions (like driver_ops) instead of

  76.   requiring every TLS wrapper to implement all functions

  77. - add support for encrypted configuration fields (e.g., password, psk,

  78.   passphrase, pin)

  79. - wpa_gui: add support for setting and showing priority

  80. - cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data

  81.   phases should be able to use the same functions for this;

  82.   the last step in processing sent should be this code and rest of the code

  83.   should not need to care about fragmentation at all

  84. - test EAP-FAST peer with OpenSSL and verify that fallback to full handshake

  85.   (ServerHello followed by something else than ChangeCipherSpec)