Implement Cisco's LEAP to HOSTAPD.

Jouni Malinen j at w1.fi
Wed Oct 17 21:19:47 EDT 2007


On Mon, Oct 15, 2007 at 06:18:59PM +0800, Hangjun He wrote:

>      I am planning to implement Cisco's LEAP kind of Security Mechanism on 0.3.11 version of HostAPD.   LEAP security mechanism with dynamic wep keys to HOSTAPD,   how I can do this on HostAP ?

Before answering this, I want to point out that there are good reasons
for not including support for LEAP in hostapd.. Not least because of
security issues with it. WEP is not exactly secure either, so this is
not really a combination I would recommend for any new deployment.

>        Can I add a file like eap_leap.c like eap_peap.c? And write eap_method:
>    
>   const struct eap_method eap_method_leap =

Well, that would be a starting point. However, LEAP does not work like
standard EAP methods. Its message sequence and especially the extra
EAP-Success message do not fit at all with the EAP state machines and
consequently, you would also need to add special cases to handle this in
the generic EAP implementation to make the statemachines allow invalid
messages to be sent and received. wpa_supplicant has the example changes
needed for LEAP peer, so that could give some information on what could
be needed on the server side.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list