Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: research
Branches Tags
krackattacks
/
wpa_supplicant
/
todo.txt

todo.txt 4.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. To do:
    2. 

  2. - add support for WPA with ap_scan=0 (update selected cipher etc. based on
    3. 

  3.   AssocInfo; make sure these match with configuration)
    4. 

  4. - consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
    5. 

  5.   authentication has been completed (cache scard data based on serial#(?)
    6. 

  6.   and try to optimize next connection if the same card is present for next
    7. 

  7.   auth)
    8. 

  8. - if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
    9. 

  9.   ssid->proto fields to avoid detecting downgrade attacks when the driver
    10. 

  10.   is not reporting RSN IE, but msg 3/4 has one
    11. 

  11. - Cisco AP and non-zero keyidx for unicast -> map to broadcast
    12. 

  12.   (actually, this already works with driver_ndis; so maybe just change
    13. 

  13.   driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
    14. 

  14.   for unicast); worked also with Host AP driver and madwifi
    15. 

  15. - IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
    16. 

  16.   to see unencrypted EAPOL-Key frames at all..
    17. 

  17. - EAP-PAX with PAX_SEC
    18. 

  18. - EAP (RFC 3748)
    19. 

  19.   * OTP Extended Responses (Sect. 5.5)
    20. 

  20. - test what happens if authenticator sends EAP-Success before real EAP
    21. 

  21.   authentication ("canned" Success); this should be ignored based on
    22. 

  22.   RFC 3748 Sect. 4.2
    23. 

  23. - test compilation with gcc -W options (more warnings?)
    24. 

  24.   (Done once; number of unused function arguments still present)
    25. 

  25. - ctrl_iface: get/remove blob
    26. 

  26. - use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and
    27. 

  27.   web pages including the same information.. i.e., have this information only
    28. 

  28.   in one page; how to build a PDF file with all the SGML included?
    29. 

  29. - EAP-POTP/RSA SecurID profile (RFC 4793)
    30. 

  30. - document wpa_gui build and consider adding it to 'make install'
    31. 

  31. - consider merging hostapd and wpa_supplicant PMKSA cache implementations
    32. 

  32. - consider redesigning pending EAP requests (identity/password/otp from
    33. 

  33.   ctrl_iface) by moving the retrying of the previous request into EAP
    34. 

  34.   state machine so that EAPOL state machine is not needed for this
    35. 

  35. - rfc4284.txt (network selection for eap)
    36. 

  36. - www pages about configuring wpa_supplicant:
    37. 

  37.   * global options (ap_scan, ctrl_interfaces) based on OS/driver
    38. 

  38.   * network block
    39. 

  39.   * key_mgmt selection
    40. 

  40.   * WPA parameters
    41. 

  41.   * EAP options (one page for each method)
    42. 

  42.   * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to
    43. 

  43.     generate example configuration
    44. 

  44. - error path in rsn_preauth_init: should probably deinit l2_packet handlers
    45. 

  45.   if something fails; does something else need deinit?
    46. 

  46. - consider moving SIM card functionality (IMSI fetching) away from eap.c;
    47. 

  47.   this should likely happen before EAP is initialized for authentication;
    48. 

  48.   now IMSI is read only after receiving EAP-Identity/Request, but since it is
    49. 

  49.   really needed for all cases, reading IMSI and generating Identity string
    50. 

  50.   could very well be done before EAP has been started
    51. 

  51. - try to work around race in receiving association event and first EAPOL
    52. 

  52.   message
    53. 

  53. - try to work around race in configuring PTK and sending msg 4/4 (some NDIS
    54. 

  54.   drivers with ndiswrapper end up not being able to complete 4-way handshake
    55. 

  55.   in some cases; extra delay before setting the key seems to help)
    56. 

  56. - make sure that TLS session cache is not shared between EAP types or if it
    57. 

  57.   is, that the cache entries are bound to only one EAP type; e.g., cache entry
    58. 

  58.   created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS
    59. 

  59. - consider moving eap_peer_tls_build_ack() call into
    60. 

  60.   eap_peer_tls_process_helper()
    61. 

  61.   (it seems to be called always if helper returns 1)
    62. 

  62.   * could need to modify eap_{ttls,peap,fast}_decrypt to do same
    63. 

  63. - add support for fetching full user cert chain from Windows certificate
    64. 

  64.   stores even when there are intermediate CA certs that are not in the
    65. 

  65.   configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store)
    66. 

  66. - clean up common.[ch]
    67. 

  67. - change TLS/crypto library interface to use a structure of function
    68. 

  68.   pointers and helper inline functions (like driver_ops) instead of
    69. 

  69.   requiring every TLS wrapper to implement all functions
    70. 

  70. - add support for encrypted configuration fields (e.g., password, psk,
    71. 

  71.   passphrase, pin)
    72. 

  72. - wpa_gui: add support for setting and showing priority
    73. 

  73. - cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data
    74. 

  74.   phases should be able to use the same functions for this;
    75. 

  75.   the last step in processing sent should be this code and rest of the code
    76. 

  76.   should not need to care about fragmentation at all
    77. 

  77. - test EAP-FAST peer with OpenSSL and verify that fallback to full handshake
    78. 

  78.   (ServerHello followed by something else than ChangeCipherSpec)
    79.