139beb93cSSam LefflerTo do: 239beb93cSSam Leffler- add support for WPA with ap_scan=0 (update selected cipher etc. based on 339beb93cSSam Leffler AssocInfo; make sure these match with configuration) 439beb93cSSam Leffler- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA 539beb93cSSam Leffler authentication has been completed (cache scard data based on serial#(?) 639beb93cSSam Leffler and try to optimize next connection if the same card is present for next 739beb93cSSam Leffler auth) 839beb93cSSam Leffler- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from 939beb93cSSam Leffler ssid->proto fields to avoid detecting downgrade attacks when the driver 1039beb93cSSam Leffler is not reporting RSN IE, but msg 3/4 has one 1139beb93cSSam Leffler- Cisco AP and non-zero keyidx for unicast -> map to broadcast 1239beb93cSSam Leffler (actually, this already works with driver_ndis; so maybe just change 1339beb93cSSam Leffler driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx 1439beb93cSSam Leffler for unicast); worked also with Host AP driver and madwifi 1539beb93cSSam Leffler- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem 1639beb93cSSam Leffler to see unencrypted EAPOL-Key frames at all.. 1739beb93cSSam Leffler- EAP-PAX with PAX_SEC 1839beb93cSSam Leffler- EAP (RFC 3748) 1939beb93cSSam Leffler * OTP Extended Responses (Sect. 5.5) 2039beb93cSSam Leffler- test what happens if authenticator sends EAP-Success before real EAP 2139beb93cSSam Leffler authentication ("canned" Success); this should be ignored based on 2239beb93cSSam Leffler RFC 3748 Sect. 4.2 2339beb93cSSam Leffler- test compilation with gcc -W options (more warnings?) 2439beb93cSSam Leffler (Done once; number of unused function arguments still present) 25*5b9c547cSRui Paulo- ctrl_iface: get/remove blob 2639beb93cSSam Leffler- use doc/docbook/*.sgml and docbook2{txt,html,pdf} to replace README and 2739beb93cSSam Leffler web pages including the same information.. i.e., have this information only 2839beb93cSSam Leffler in one page; how to build a PDF file with all the SGML included? 2939beb93cSSam Leffler- EAP-POTP/RSA SecurID profile (RFC 4793) 3039beb93cSSam Leffler- document wpa_gui build and consider adding it to 'make install' 3139beb93cSSam Leffler- consider merging hostapd and wpa_supplicant PMKSA cache implementations 3239beb93cSSam Leffler- consider redesigning pending EAP requests (identity/password/otp from 3339beb93cSSam Leffler ctrl_iface) by moving the retrying of the previous request into EAP 3439beb93cSSam Leffler state machine so that EAPOL state machine is not needed for this 3539beb93cSSam Leffler- rfc4284.txt (network selection for eap) 3639beb93cSSam Leffler- www pages about configuring wpa_supplicant: 3739beb93cSSam Leffler * global options (ap_scan, ctrl_interfaces) based on OS/driver 3839beb93cSSam Leffler * network block 3939beb93cSSam Leffler * key_mgmt selection 4039beb93cSSam Leffler * WPA parameters 4139beb93cSSam Leffler * EAP options (one page for each method) 4239beb93cSSam Leffler * "configuration wizard" (step 1: select OS, step 2: select driver, ...) to 4339beb93cSSam Leffler generate example configuration 4439beb93cSSam Leffler- error path in rsn_preauth_init: should probably deinit l2_packet handlers 4539beb93cSSam Leffler if something fails; does something else need deinit? 4639beb93cSSam Leffler- consider moving SIM card functionality (IMSI fetching) away from eap.c; 4739beb93cSSam Leffler this should likely happen before EAP is initialized for authentication; 4839beb93cSSam Leffler now IMSI is read only after receiving EAP-Identity/Request, but since it is 4939beb93cSSam Leffler really needed for all cases, reading IMSI and generating Identity string 5039beb93cSSam Leffler could very well be done before EAP has been started 5139beb93cSSam Leffler- try to work around race in receiving association event and first EAPOL 5239beb93cSSam Leffler message 53e28a4053SRui Paulo- try to work around race in configuring PTK and sending msg 4/4 (some NDIS 54e28a4053SRui Paulo drivers with ndiswrapper end up not being able to complete 4-way handshake 55e28a4053SRui Paulo in some cases; extra delay before setting the key seems to help) 5639beb93cSSam Leffler- make sure that TLS session cache is not shared between EAP types or if it 5739beb93cSSam Leffler is, that the cache entries are bound to only one EAP type; e.g., cache entry 5839beb93cSSam Leffler created with EAP-TLS must not be allowed to do fast re-auth with EAP-TTLS 59*5b9c547cSRui Paulo- consider moving eap_peer_tls_build_ack() call into 60*5b9c547cSRui Paulo eap_peer_tls_process_helper() 6139beb93cSSam Leffler (it seems to be called always if helper returns 1) 6239beb93cSSam Leffler * could need to modify eap_{ttls,peap,fast}_decrypt to do same 6339beb93cSSam Leffler- add support for fetching full user cert chain from Windows certificate 6439beb93cSSam Leffler stores even when there are intermediate CA certs that are not in the 6539beb93cSSam Leffler configured ca_cert store (e.g., ROOT) (they could be, e.g., in CA store) 6639beb93cSSam Leffler- clean up common.[ch] 6739beb93cSSam Leffler- change TLS/crypto library interface to use a structure of function 6839beb93cSSam Leffler pointers and helper inline functions (like driver_ops) instead of 6939beb93cSSam Leffler requiring every TLS wrapper to implement all functions 7039beb93cSSam Leffler- add support for encrypted configuration fields (e.g., password, psk, 7139beb93cSSam Leffler passphrase, pin) 72e28a4053SRui Paulo- wpa_gui: add support for setting and showing priority 7339beb93cSSam Leffler- cleanup TLS/PEAP/TTLS/FAST fragmentation: both the handshake and Appl. Data 7439beb93cSSam Leffler phases should be able to use the same functions for this; 7539beb93cSSam Leffler the last step in processing sent should be this code and rest of the code 7639beb93cSSam Leffler should not need to care about fragmentation at all 7739beb93cSSam Leffler- test EAP-FAST peer with OpenSSL and verify that fallback to full handshake 7839beb93cSSam Leffler (ServerHello followed by something else than ChangeCipherSpec) 79