Smartcards and wpa_supplicant

Jouni Malinen jkmaline
Wed Apr 13 21:03:25 PDT 2005


On Wed, Mar 09, 2005 at 05:36:03PM +0100, Gordon Hecker wrote:
> Jouni Malinen wrote:
> >Unfortunately, OpenSC does not seem to support PKCS#15 initialization
> >for SetCOS and I happen to only have SetCOS cards.

It looks like some initial code for this was actually just added in
OpenSC, so there's something new for me to test now..

> I have extracted the PIN-through-wpa_cli related changes and created a
> diff containing only those.
> As usual:
> http://ghe.dyndns.org/patches/wpa_supplicant/wpa_supplicant-pin-through-wpa_cli-20050309-2.patch

Like I mentioned yesterday, this is now in CVS. I added one missed part
today, i.e., pending PIN requests are now re-sent when a new ctrl_iface
monitor (e.g., wpa_cli) attaches to wpa_supplicant. This makes it easier
to notice PIN requests that happen immediately after starting
wpa_supplicant, i.e., when there are likely no attached frontends to ask
for the PIN.

> There's no code included that makes EAP-SIM or AKA use that
> functionality. I don't want to mess around in that code for now.

This is now implemented, committed to CVS, and even found working in my
tests. I ended up moving PIN validation from scard_init() into a
separate function that will be used only when the identity (and IMSI, in
case of EAP-SIM/AKA) is needed. This ended up getting this code into EAP
implementation and as such, it works fine with the same function you
used for requesting a PIN. I did not yet verify, but I wouldn't expect
these changes to cause problems for your changes related to getting PIN
for opensc_engine.

> I'm working through your comments on the other parts. Most of the things
> are solved, I'll see how I can split the big patch into pieces and
> resend them as soon as possible.

Is http://ghe.dyndns.org/patches/wpa_supplicant/wpa_supplicant-engine-20050316.patch
the latest version of the patch or do you have some updates on top of
that? I'll try to get one of the SetCOS cards initialized for PKCS#15
and start merging the remaining changes to wpa_supplicant.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list