Wpasupplicant on an iPhone

Jouni Malinen j
Sat Dec 6 01:08:30 PST 2008

On Fri, Dec 05, 2008 at 11:18:09PM +0100, Damien Leroy wrote:

> For a research project, we are developing and implementing a new EAP 
> method in hostap.
> It works on Linux but it would be great for us if we could make demos of 
> our protocol on a mobile device such as an iPhone.
> Hostap has, in the "drivers" directory, some drivers for OsX and 
> iPhone/iPodTouch.
> I have not found what it is the development state of these drivers. Does 
> anyone have some experience with wpasupplicant on an iPhone (firmware 
> 2.x) ? I see some "TODO" in the source code but I do not know exactly 
> where are the limitations, essentially for developer of upper protocols.

I would consider most of that code quite experimental. Anyway, OS X
support worked fine the last time I tested it for all modes. iPhone/iPod
Touch code is for older 1.x firmware and I don't know whether the driver
interface has changed since then.

The main limitation with iPhone/iPod Touch was in configuring the PMK to
the driver. It looked like there was no clear driver interface for doing
this (well, the old firmware did not support WPA2-Enterprise, so this is
not too surprising). Consequently, it was possible to run through the
EAP authentication, but not actually to complete WPA2 4-way handshake
after that (or well, wpa_supplicant could run through that, but the end
result did not actually work for data connection).

Since Apple has added 802.1X support in 2.x, I would assume there is now
a way of configuring the needed keys to the driver. I have not looked at
the new firmware versions at all, so I don't know what exactly is there.
In other words, someone would need to reverse engineer (assuming Apple
has not released documentation for this) the driver interface with new
firmware version and update the MobileApple80211.h file in
wpa_supplicant with that information and change driver_iphone.m to use
the new API.

The interest on this has went down quite a bit after 802.1X support was
added to the firmware, so I do not know whether there are people who
would be willing to spend the time needed to finish the implementation
now. I haven't even bothered updating to the 2.x firmware.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list