On Sat, Nov 23, 2024 at 08:18:13PM +1000, Daniel Foster wrote: > I have been playing around with a project by the name of Vanilla, which > allows a Linux device to act as a gamepad (controller for the Wii U). The > Wii U > gamepad connects to the console over Wi-Fi, however (to the best of my > knowledge) it authenticates with a PTK rotated by three bytes. Would you happen to know whether this behavior is defined clearly somewhere in a public document? Is this just rotating the derived PTK by three octets to make this no work with anything else without any other real reason for doing so? And that is the only difference between this and how standard WPA works? > - Would support for byte rotated PTKs ever be accepted in upstream hostap, > whatever method it is (e.g. compile-time config, API to specify PTK > rotations, > auto-detect based on MAC address, etc.) I guess that could be considered if there is believed to be a valid use case for this. > - Which method would be the most practical to implement? > - Would the auto-detect method be accepted if it requires checking for a > vendor- > specific attribute? I ask because I assume most software wants to remain > "vendor-neutral," though I guess then wpa_supplicant probably already has > plenty of vendor-specific workarounds for buggy access points. Ideally things would be done automatically, but I do not really want to touch the PTK derivation based on some insecure information like a MAC address or a Vendor Specific element in a Beacon frame since that could open up security vulnerabilities. In practice, this would likely require a network profile specific configuration item to allow a specific network to use this type of different PTK derivation while not having any impact for any other configured networks. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
