Trying to connect to network with LEAP authentication

[Jouni Malinen]

On Thu, Sep 28, 2006 at 08:11:57AM -0400, Dan Williams wrote:
> On Wed, 2006-09-27 at 20:08 -0700, Jouni Malinen wrote:

> I'm still somewhat unclear here... Given a card like airo or ipwXXXX,
> what parts of the connection process does the firmware handle, does the
> driver handle, and does wpa_supplicant handle?  On an airo, it's _all_
> firmware of course, using private ioctl() calls.  On the ipw2x00
> drivers, you can set the auth alg to LEAP, but it seems the firmware
> handles the rest?  I see a lot of LEAP code (eap-leap.c) in
> wpa_supplicant, but what's the handling flow?

I don't know what airo driver/firmware is doing, but with ipw and Host
AP drivers, the tasks are done as follows:

- wpa_supplicant configures driver to use Network EAP as the
  authentication algorithm

- driver/firmware sends out IEEE 802.11 management/authentication frame
  with auth alg set to 0x80 (Network EAP); AP replies to this

- driver/firmware sends out IEEE 802.11 association request; AP replies
  to this

- driver reports association as wireless event

- wpa_supplicant starts IEEE 802.1X/EAP authentication by sending out
  EAPOL-Start frame; AP/Authenticator is likely to also start by sending
  out EAP-Request/Identity; anyway, this identity request is sent out
  either automatically or as a response to EAPOL-Start

- wpa_supplicant replies with EAP-Response/Identity

- AP/Authenticator starts LEAP authentication

- wpa_supplicant completes LEAP authentication with the authenticator

- AP/Authenticator sends WEP keys (or does WPA/WPA2 4-way handshake)
  using EAPOL-Key frames

- wpa_supplicant parses the EAPOL-Key frames and configures dynamic
  encryption keys to the driver

- driver/firmware takes care of encrypting/decrypting data frames

-- 
Jouni Malinen                                            PGP id EFC895FA