Lines Matching refs:EAP
16 * EAP-SIM/AKA: support IMSI privacy
22 * support new AKM for 802.1X/EAP with SHA384
24 * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
50 * EAP-pwd changes
58 * fixed various issues in experimental support for EAP-TEAP server
60 increase the maximum number of EAP message exchanges (mainly to
61 support cases with very large certificates) for the EAP server
65 * fixed EAP-FAST server with TLS GCM/CCM ciphers
80 * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
88 * EAP-pwd changes
92 * fixed FT-EAP initial mobility domain association using PMKSA caching
98 * added experimental support for EAP-TEAP server (RFC 7170)
99 * added experimental support for EAP-TLS server with TLS v1.3
103 * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
125 * EAP-pwd changes
159 automatically without matching EAP database entry
215 * added EAP-pwd server support for salted passwords
218 * fixed EAP-pwd last fragment validation
234 * EAP-pwd: added support for Brainpool Elliptic Curves
249 * EAP-PEAP: support fast-connect crypto binding
270 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
295 * fixed EAP-pwd server missing payload length validation
305 * added support for hashed password (NtHash) in EAP-pwd server
307 * added EAP-EKE server support for deriving Session-Id
319 * added EAP server support for TLS session resumption
327 * allow OpenSSL cipher configuration to be set for internal EAP server
347 * add support for EAP Re-Authentication Protocol (ERP)
406 three-byte encoding EAP methods that use NtPasswordHash
413 * enforce full EAP authentication after RADIUS Disconnect-Request by
446 - added option for TLS protocol testing of an EAP peer by simulating
462 * EAP-pwd fixes
463 - fix possible segmentation fault on EAP method deinit if an invalid
473 - this could result in deinial of service in some EAP server cases
493 * added EAP-EKE server
525 * EAP-pwd:
540 implementations that can change SNonce for each EAP-Key 2/4
553 * EAP-SIM: fixed re-authentication not to update pseudonym
554 * EAP-SIM: use Notification round before EAP-Failure
555 * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
556 * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
557 * EAP-AKA': fixed identity for MK derivation
558 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
560 * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
563 * fixed EAP/WPS to PSK transition on reassociation in cases where
570 * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
586 * changed VENDOR-TEST EAP method to use proper private enterprise number
593 * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
693 * EAP server: Add support for configuring fragment size (see
720 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
754 * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
778 * fixed EAPOL/EAP reauthentication when using an external RADIUS
780 * fixed TNC with EAP-TTLS
818 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
820 * changed EAP-GPSK to use the IANA assigned EAP method type 51
822 * fixed retransmission of EAP requests if no response is received
828 * updated OpenSSL code for EAP-FAST to use an updated version of the
838 * fixed EAP-TLS message processing for the last TLS message if it is
846 * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
849 by EAP-FAST server)
862 * changed EAP-FAST configuration to use separate fields for A-ID and
871 * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
873 * added support for EAP Sequences in EAP-FAST Phase 2
874 * added support for EAP-TNC (Trusted Network Connect)
875 (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
879 * added fragmentation support for EAP-TNC
880 * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
893 * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
895 * added a workaround for EAP-SIM/AKA peers that include incorrect null
897 * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
900 * fixed EAP-SIM Start response processing for fast reauthentication
902 * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
903 phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
906 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
910 and various interfaces (e.g., EAP) is not compatible with old
912 * added support for protecting EAP-AKA/Identity messages with
915 EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
916 * added support for configuring EAP-TTLS phase 2 non-EAP methods in
917 EAP server configuration; previously all four were enabled for every
924 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
933 * added support for EAP-FAST server method to the integrated EAP
935 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
947 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
948 * updated EAP-PSK to use the IANA-allocated EAP type 47
949 * fixed EAP-PSK bit ordering of the Flags field
952 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
954 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
962 * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
964 * added support for sending EAP-AKA Notifications in error cases
985 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
991 * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
995 EAP-SIM/EAP-AKA
1013 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
1026 * added support for EAP-SAKE (no EAP method number allocated yet, so
1027 this is using the same experimental type 255 as EAP-PSK)
1028 * fixed EAP-MSCHAPv2 message length validation
1034 * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
1041 hardcoded AKA authentication data); this can be used to test EAP-SIM
1042 and EAP-AKA
1044 to make it possible to test EAP-AKA with real USIM cards (this is
1050 * changed EAP method registration to use a dynamic list of methods
1060 * added support for EAP expanded type (vendor specific EAP methods)
1067 * added support for EAP methods to use callbacks to external programs
1068 by buffering a pending request and processing it after the EAP method
1070 * improved EAP-SIM database interface to allow external request to GSM
1072 * added support for using EAP-SIM pseudonyms and fast re-authentication
1073 * added support for EAP-AKA in the integrated EAP authenticator
1074 * added support for matching EAP identity prefixes (e.g., "1"*) in EAP
1075 user database to allow EAP-SIM/AKA selection without extra roundtrip
1076 for EAP-Nak negotiation
1077 * added support for storing EAP user password as NtPasswordHash instead
1094 * added support for replacing user identity from EAP with RADIUS
1096 for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
1105 two EAP-Response/Identity frames to the authentication server
1110 * added experimental support for EAP-PSK
1126 * EAP-PAX is now registered as EAP type 46
1127 * fixed EAP-PAX MAC calculation
1128 * fixed EAP-PAX CK and ICK key derivation
1130 better match with RFC 3748 (EAP) terminology
1150 using integrated EAP authenticator for EAP-TLS; new hostapd.conf
1155 EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
1162 * fixed WPA2 to add PMKSA cache entry when using integrated EAP
1164 * fixed PMKSA caching (EAP authentication was not skipped correctly
1171 * added experimental support for EAP-PAX
1180 * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
1182 * fixed EAP identifier duplicate processing with the new IEEE 802.1X
1199 * added support for configuring multiple allowed EAP types for Phase 2
1200 authentication (EAP-PEAP, EAP-TTLS)
1205 * added support for EAP-PEAP in the integrated EAP authenticator
1206 * added support for EAP-GTC in the integrated EAP authenticator
1207 * added support for configuring list of EAP methods for Phase 1 so that
1208 the integrated EAP authenticator can, e.g., use the wildcard entry
1209 for EAP-TLS and EAP-PEAP
1210 * added support for EAP-TTLS in the integrated EAP authenticator
1211 * added support for EAP-SIM in the integrated EAP authenticator
1213 with the integrated EAP authenticator taking care of EAP
1222 * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
1225 * added support for integrated EAP-TLS authentication (new hostapd.conf
1237 * made EAP re-authentication period configurable (eap_reauth_period)
1282 * added integrated EAP authenticator that can be used instead of
1283 external RADIUS authentication server; currently, only EAP-MD5 is
1284 supported, so this cannot yet be used for key distribution; the EAP
1285 method interface is generic, though, so adding new EAP methods should
1313 * send canned EAP failure if RADIUS server sends Access-Reject without
1314 EAP message (previously, Supplicant was not notified in this case)
1315 * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
1323 - both WPA-PSK and WPA-RADIUS/EAP are supported