Smartcards and wpa_supplicant

Jouni Malinen jkmaline
Sat Apr 16 11:26:56 PDT 2005 

On Thu, Apr 14, 2005 at 12:30:01PM +0200, Gordon Hecker wrote:

> There's no update yet, but as the old patch does no longer apply I did
> a simple re-merge. I'll put it into the same directory.

Thanks! I merged this into CVS with following changes:
- allow PIN to be entered through ctrl_iface without having to
  reassociate (i.e., just delay the EAP session enough to wait for user
  input)
- move tls_engine initialization to eap.c so that it can be shared by
  all programs using EAPOL/EAP "library" (wpa_supplicant, eapol_test,
  preauth_test); no TLS-specific code in wpa_supplicant.c
- cleaned up TLS wrapper (tls.h) for engine support: no need for new
  functions, just use tls_init/deinit
- coding style cleanup (e.g., extra/missing whitespace)
- make TLS engine support configurable (CONFIG_SMARTCARD=y in .config)
- add -ldl to fix linking


I haven't been able to fully test this yet due to some problems with
OpenSC and SetCOS cards I'm using. I got a bit further with the latest
snapshot release, but I haven't yet been able to complete PKCS#15
initialization. I found the PIN for a card that was already initialized,
but unfortunately, some operations with the private key are failing, so
I was not able to generate a new certificate for the private key. This
was enough to test PIN configuration, though.

If you have chance of testing the current wpa_supplicant snapshot, I
would be interested in hearing whether I broke something while moving
things around..

> I might add some functionality to get the certificates from the
> smartcard, too since there was a patch allowing that in opensc cvs
> recently. I'll keep you up to date.

OK, that would be useful. I take that this would mean reading both the
CA certificate(s) and client certificate so no certificates would need
to be configured in wpa_supplicant.conf. If you start working on this,
please take the latest wpa_supplicant snapshot from CVS to avoid merging
mismatches after my changes to the engine code.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list