55 lines
2.9 KiB
Plaintext

To do:
- add WPA support to Linux Wireless Extensions
- add support for other drivers
- implement GUI for WPA Supplicant/Xsupplicant/iwconfig/iwlist
(easy to use configuration and network stats, etc.)
- add support for opportunistic PMKSA caching
- hostap: try other roaming modes
NOTE: current mode (manual roaming) does not really roam at all..
Firmware did not notice the current AP disappearing..
- EAP-MSCHAPv2: add support for password changing
- add support for WPA with ap_scan=0 (update selected cipher etc. based on
AssocInfo; make sure these match with configuration)
- add driver interface for using wpa_supplicant with wired interface
(or a separate program using EAPOL library)
- wpa_supplicant.conf g+rw so that frontend can change wpa_supplicant.conf
and RECONFIG wpa_supplicant (?)
(or wpa_supplicant changes .conf and ctrl interface gets support for
changing config?)
- optional security separation (build time option): run EAPOL state machines
as non-root (need to add something like socketpair between privileged root
process and non-root handler; send EAPOL packets between processes
and send keying data from non-root -> privileged)
EAPOL-Key processing (WPA & WEP keys) could be in privileged part
at least in the beginning; some parts might end up being moved to
non-root part eventually
- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
authentication has been completed (cache scard data based on serial#(?)
and try to optimize next connection if the same card is present for next
auth)
- EAP-AKA: AT_CHECKCODE
- EAP-SIM/AKA: AT_RESULT_IND
- abort auth if EAP method initialization fails and there no other
accepted methods (i.e., do not send NAK for the same method that just
failed)
- on disconnect event, could try to associate with another AP if one is
present in scan results; would need to update scan results periodically..
- add flag scan_requested and only try to re-associate if this is set when
new scan results are received; this would allow background scans without
triggering re-assoc..
- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
ssid->proto fields to avoid detecting downgrade attacks when the driver
is not reporting RSN IE, but msg 3/4 has one
- read CA certs from PFX file
- EAP-SIM/AKA: if SIM reader initialization fails, do not start authentication
- Cisco AP and non-zero keyidx for unicast -> map to broadcast
(actually, this already works with driver_ndis; so maybe just change
driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
for unicast)
- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
to see unencrypted EAPOL-Key frames at all..
- update developer.txt to match with current implementation
(driver API updates, EAP methods)
- driver_wext.c and driver that does not support WPA -> fix plaintext, WEP, and
IEEE 802.1X operation (e.g., use capabilities to report no support for WPA)