Lines Matching refs:EAP
9 - remove incorrect EAP Session-Id length constraint
17 * improve EAP-TLS support for TLSv1.3
18 * EAP-SIM/AKA: support IMSI privacy
26 * support new AKM for 802.1X/EAP with SHA384
32 * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
36 caching with FT-EAP was, and still is, disabled by default
39 * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
62 * EAP-pwd changes
74 * increased the maximum number of EAP message exchanges (mainly to
76 * fixed various issues in experimental support for EAP-TEAP peer
81 * fixed EAP-FAST peer with TLS GCM/CCM ciphers
100 * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
111 * EAP-pwd changes
116 * fixed FT-EAP initial mobility domain association using PMKSA caching
122 * extended EAP-SIM/AKA fast re-authentication to allow use with FILS
125 * added support for EAP-SIM/AKA using anonymous@realm identity
127 to ignore credentials without a specific EAP method
128 * added experimental support for EAP-TEAP peer (RFC 7170)
129 * added experimental support for EAP-TLS peer with TLS v1.3
153 * EAP-pwd changes
181 * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
184 SAE, FT-SAE, FT-EAP-SHA384
219 * fixed EAP-pwd pre-processing with PasswordHashHash
220 * added EAP-pwd client support for salted passwords
236 * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
239 * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
277 * fixed EAP-pwd last fragment validation
279 * fixed EAP-pwd unexpected Confirm message processing
348 * EAP-pwd: added support for Brainpool Elliptic Curves
388 * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
390 * EAP-TTLS: fixed success after fragmented final Phase 2 message
398 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
403 * Interworking: add credential realm to EAP-TLS identity
425 * fixed EAP-pwd peer missing payload length validation
441 * added support for hashed password (NtHash) in EAP-pwd peer
460 * added EAP-EKE peer support for deriving Session-Id
482 * allow OpenSSL cipher configuration to be set for internal EAP server
524 * add support for EAP Re-Authentication Protocol (ERP)
525 * fixed EAP-IKEv2 fragmentation reassembly
534 * include peer certificate in EAP events even without a separate probe
536 * add peer ceritficate alt subject name to EAP events
537 (CTRL-EVENT-EAP-PEER-ALT)
576 * fixed EAP-AKA' message parser with multiple AT_KDF attributes
597 * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
600 * modified EAP fast session resumption to allow results to be used only
638 three-byte encoding EAP methods that use NtPasswordHash
679 * slow down automatic connection attempts on EAP failure to meet
722 * EAP-pwd fixes
725 - fix possible segmentation fault on EAP method deinit if an invalid
729 * fixed EAP-SIM counter-too-small message
784 * added Session-Id derivation for EAP peer methods
806 * added EAP-EKE peer
809 EAP-TLS) to specify additional constraint for the server certificate
811 * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
812 and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
884 * EAP-pwd:
904 * EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
944 * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
945 * EAP-SIM/AKA: append realm to pseudonym identity
946 * EAP-SIM/AKA: store pseudonym identity in network configuration to
947 allow it to persist over multiple EAP sessions and wpa_supplicant
949 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
978 * EAP-TTLS: fixed peer challenge generation for MSCHAPv2
988 (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
1039 using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
1040 * changed VENDOR-TEST EAP method to use proper private enterprise number
1109 - Add a DBus signal for EAP SM requests, emitted on the Interface
1186 - Fragment size is now configurable for EAP-WSC peer. Use
1262 automatic detection of EAP parameters
1270 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
1395 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
1400 * changed EAP-GPSK to use the IANA assigned EAP method type 51
1408 * added Milenage SIM/USIM emulator for EAP-SIM/EAP-AKA
1419 * fixed EAP-AKA to use RES Length field in AT_RES as length in bits,
1421 * updated OpenSSL code for EAP-FAST to use an updated version of the
1446 * added support for EAP Sequences in EAP-FAST Phase 2
1447 * added support for using TNC with EAP-FAST
1450 * fixed the OpenSSL patches (0.9.8g and 0.9.9) for EAP-FAST to
1452 * added fragmentation support for EAP-TNC
1465 previously used for configuring user identity and key for EAP-PSK,
1466 EAP-PAX, EAP-SAKE, and EAP-GPSK. 'identity' field is now used as the
1482 * fixed EAP-SIM not to include AT_NONCE_MT and AT_SELECTED_VERSION
1483 attributes in EAP-SIM Start/Response when using fast reauthentication
1491 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
1495 changed and various interfaces (e.g., EAP) is not compatible with old
1497 * added support for protecting EAP-AKA/Identity messages with
1500 EAP-SIM and EAP-AKA (phase1="result_ind=1")
1529 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
1536 full handshake when using EAP-FAST (e.g., due to an expired
1538 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1563 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
1564 * updated EAP-PSK to use the IANA-allocated EAP type 47
1565 * fixed EAP-PAX key derivation
1566 * fixed EAP-PSK bit ordering of the Flags field
1567 * fixed EAP-PEAP/TTLS/FAST to use the correct EAP identifier in
1572 of EAP-PEAP/TTLS/FAST
1573 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
1574 * added support for EAP-FAST authentication with inner methods that
1575 generate MSK (e.g., EAP-MSCHAPv2 that was previously only supported
1577 * added support for authenticated EAP-FAST provisioning
1578 * added support for configuring maximum number of EAP-FAST PACs to
1580 * added support for storing EAP-FAST PACs in binary format
1586 added support for EAP-FAST
1587 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1589 * fixed EAP-AKA Notification processing to allow Notification to be
1593 * fixed EAP-TTLS implementation not to crash on use of freed memory
1595 * added support for EAP-TNC (Trusted Network Connect)
1596 (this version implements the EAP-TNC method and EAP-TTLS changes
1611 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
1621 needed (this allows EAP-AKA to be used with USIM cards that do not
1623 * added support for reading 3G USIM AID from EF_DIR to allow EAP-AKA to
1629 * fixed EAP-SIM/AKA key derivation for re-authentication case (only
1698 configure the maximum EAP fragment size
1727 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
1756 * fixed EAP-GTC response to include correct user identity when run as
1757 phase 2 method of EAP-FAST (i.e., EAP-FAST did not work in v0.5.2)
1777 * added support for EAP-SAKE (no EAP method number allocated yet, so
1778 this is using the same experimental type 255 as EAP-PSK)
1779 * added support for dynamically loading EAP methods (.so files) instead
1786 access for a network that has not enabled EAP-AKA
1787 * fixed EAP phase 2 Nak for EAP-{PEAP,TTLS,FAST} (this was broken in
1788 v0.5.1 due to the new support for expanded EAP types)
1789 * added support for generating EAP Expanded Nak
1796 * changed EAP method registration to use a dynamic list of methods
1800 * fixed a memory leak in EAP-TTLS re-authentication
1810 * added support for EAP expanded type (vendor specific EAP methods)
1828 EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
1836 * fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
1838 * fixed EAP-AKA to allow resynchronization within the same session
1863 refused the previously used parameters; this fixes EAP-SIM and
1864 EAP-AKA authentication using SIM/USIM card under Windows
1876 * added support for EAP-FAST key derivation using other ciphers than
1903 * disable EAP state machine when IEEE 802.1X authentication is not used
1904 in order to get rid of bogus "EAP failed" messages
1913 * fixed EAP state machine to not discard EAP-Failure messages in many
1961 EAP authentication immediately after association
1973 for EAP state machine to allow recovery from dropped EAP-Success
1976 layer (Ethernet) header during WPA and EAPOL/EAP processing; this
1980 * updated EAP-PSK to use draft 9 by default since this can now be
1998 * replaced OpenSSL patch for EAP-FAST support
2002 to be able to build wpa_supplicant with EAP-FAST support)
2004 for client certificate and private key operations (EAP-TLS)
2027 * added EAP workaround for PEAP session resumption: allow outer,
2028 i.e., not tunneled, EAP-Success to terminate session since; this can
2038 * removed interface for external EAPOL/EAP supplicant (e.g.,
2062 * added support for querying private key password (EAP-TLS) through the
2067 * EAP-PAX is now registered as EAP type 46
2068 * fixed EAP-PAX MAC calculation
2069 * fixed EAP-PAX CK and ICK key derivation
2070 * added support for using password with EAP-PAX (as an alternative to
2091 * added support for EAP-MSCHAPv2 password retries within the same EAP
2093 * added support for password changes with EAP-MSCHAPv2 (used when the
2099 * fixed a possible double free in EAP-TTLS fast-reauthentication when
2101 * display EAP Notification messages to user through control interface
2102 with "CTRL-EVENT-EAP-NOTIFICATION" prefix
2113 * added EAP workaround for PEAPv1 session resumption: allow outer,
2114 i.e., not tunneled, EAP-Success to terminate session since; this can
2131 * modified the EAP workaround that accepts EAP-Success with incorrect
2139 file, a control interface request is sent and EAP processing is
2142 private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
2146 * added experimental support for EAP-PAX
2174 EAP-PEAP and EAP-TTLS
2193 * fixed EAP workaround and fast reauthentication configuration for
2196 requires EAP workarounds
2200 * fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
2202 * allow EAP-PEAP/TTLS fast reauthentication only if Phase 2 succeeded
2221 * cleaned up EAP state machine <-> method interface and number of
2223 EAP-Failure but waiting for timeout
2226 * added support for EAP-FAST (draft-cam-winget-eap-fast-00.txt);
2240 * improved recovery from PMKID mismatches by requesting full EAP
2255 clearing port Valid in order to reset EAP state machine and avoid
2302 * PEAPv1: fixed tunneled EAP-Success reply handling to reply with TLS
2303 ACK, not tunneled EAP-Success (of which only the first byte was
2307 EAP-Success message; this can be configured by adding
2315 * added support for EAP-PSK (draft-bersani-eap-psk-03.txt)
2317 * added support for configuring list of allowed Phase 2 EAP types
2318 (for both EAP-PEAP and EAP-TTLS) instead of only one type
2322 * added support for EAP-AKA (with UMTS SIM)
2324 random-looking errors for EAP-SIM
2325 * added support for EAP-SIM pseudonyms and fast re-authentication
2326 * added support for EAP-TLS/PEAP/TTLS fast re-authentication (TLS
2328 * added support for EAP-SIM with two challenges
2331 key exchange (EAP-TLS/PEAP/TTLS) using new configuration parameters
2335 certificate with a substring when using EAP-TLS/PEAP/TTLS; new
2377 * added a workaround for EAP servers that incorrectly use same Id for
2378 sequential EAP packets
2391 * made EAP workarounds configurable; enabled by default, can be
2395 * resolved couple of interoperability issues with EAP-PEAPv1 and
2396 Phase 2 (inner EAP) fragment reassembly
2416 * added support for new EAP authentication methods:
2417 EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
2422 password; this can be used with both EAP-OTP and EAP-GTC
2452 * small improvements/bug fixes for EAP-MSCHAPv2, EAP-PEAP, and
2464 EAP-SIM; this requires pcsc-lite
2468 EAP keying material is used as data encryption key)
2473 * added support for new EAP authentication methods:
2474 EAP-TTLS/EAP-MD5-Challenge
2475 EAP-TTLS/EAP-GTC
2476 EAP-TTLS/EAP-MSCHAPv2
2477 EAP-TTLS/EAP-TLS
2478 EAP-TTLS/MSCHAPv2
2479 EAP-TTLS/MSCHAP
2480 EAP-TTLS/PAP
2481 EAP-TTLS/CHAP
2482 EAP-PEAP/TLS
2483 EAP-PEAP/GTC
2484 EAP-PEAP/MD5-Challenge
2485 EAP-GTC
2486 EAP-SIM (not yet complete; needs GSM/SIM authentication interface)
2489 tunnel (e.g., with EAP-TTLS)
2492 control interface; in other words, the password for EAP-PEAP or
2493 EAP-TTLS does not need to be included in the configuration file since
2511 - EAP peer state machine [draft-ietf-eap-statemachine-02.pdf]
2512 - EAP-MD5 (cannot be used with WPA-RADIUS)
2514 - EAP-TLS [RFC 2716]
2515 - EAP-MSCHAPv2 (currently used only with EAP-PEAP)
2516 - EAP-PEAP/MSCHAPv2 [draft-josefsson-pppext-eap-tls-eap-07.txt]
2527 - EAP-TLS and EAP-PEAP require openssl libraries
2528 * use module prefix in debug messages (WPA, EAP, EAP-TLS, ..)
2530 (i.e., complete IEEE 802.1X/EAP authentication and use IEEE 802.1X
2547 - EAPOL/EAP functions