dpp_supplicant.c - OpenGrok history log for /netbsd-src/external/bsd/wpa/dist/wpa_supplicant/dpp

Revision	Date	Author	Comments
# bb618362	18-Sep-2024	christos <christos@NetBSD.org>	Import wpa_supplicant hand hostapd 2.11. Previous was 2.9 1. Changes for hostapd: 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to b Import wpa_supplicant hand hostapd 2.11. Previous was 2.9 1. Changes for hostapd: 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions 2022-01-16 - v2.10 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added option send SAE Confirm immediately (sae_config_immediate=1) after SAE Commit - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2) - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed WPS UPnP SUBSCRIBE handling of invalid operations [https://w1.fi/security/2020-1/] * fixed PMF disconnection protection bypass [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * fixed various issues in experimental support for EAP-TEAP server * added configuration (max_auth_rounds, max_auth_rounds_short) to increase the maximum number of EAP message exchanges (mainly to support cases with very large certificates) for the EAP server * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * extended HE (IEEE 802.11ax) support, including 6 GHz support * removed obsolete IAPP functionality * fixed EAP-FAST server with TLS GCM/CCM ciphers * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible; owe_ptk_workaround=1 can be used to enabled a a workaround for the group 20/21 backwards compatibility * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * added support for PASN * added EAP-TLS server support for TLS 1.3 (disabled by default for now) * a large number of other fixes, cleanup, and extensions 2. Changes for wpa_supplicant 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers * HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * support OpenSSL 3.0 API changes * improve EAP-TLS support for TLSv1.3 * EAP-SIM/AKA: support IMSI privacy * improve mitigation against DoS attacks when PMF is used * improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * improve cross-AKM roaming with driver-based SME/BSS selection * PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default * support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert * extend SCS support for QoS Characteristics * extend MSCS support * support unsynchronized service discovery (USD) * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used * fix SAE H2E rejected groups validation to avoid downgrade attacks * a large number of other fixes, cleanup, and extensions 2022-01-16 - v2.10 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions show more ...
# 3d6c0713	01-Mar-2021	christos <christos@NetBSD.org>	ChangeLog for wpa_supplicant 2019-08-07 - v2.9 * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019- ChangeLog for wpa_supplicant 2019-08-07 - v2.9 * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL 2019-04-21 - v2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only group 19 (i.e., disable groups 20, 21, 25, 26 from default configuration) and disable all unsuitable groups completely based on REVmd changes - improved anti-clogging token mechanism and SAE authentication frame processing during heavy CPU load; this mitigates some issues with potential DoS attacks trying to flood an AP with large number of SAE messages - added Finite Cyclic Group field in status code 77 responses - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) - fixed confirm message validation in error cases [https://w1.fi/security/2019-3/] (CVE-2019-9496) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify peer scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * Hotspot 2.0 changes - added support for release number 3 - reject release 2 or newer association without PMF * added support for RSN operating channel validation (CONFIG_OCV=y and configuration parameter ocv=1) * added Multi-AP protocol support * added FTM responder configuration * fixed build with LibreSSL * added FT/RRB workaround for short Ethernet frame padding * fixed KEK2 derivation for FILS+FT * added RSSI-based association rejection from OCE * extended beacon reporting functionality * VLAN changes - allow local VLAN management with remote RADIUS authentication - add WPA/WPA2 passphrase/PSK -based VLAN assignment * OpenSSL: allow systemwide policies to be overridden * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * fixed FT and SA Query Action frame with AP-MLME-in-driver cases * OWE: allow Diffie-Hellman Parameter element to be included with DPP in preparation for DPP protocol extension * RADIUS server: started to accept ERP keyName-NAI as user identity automatically without matching EAP database entry * fixed PTK rekeying with FILS and FT ChangeLog for hostapd 2019-08-07 - v2.9 * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL 2019-04-21 - v2.8 * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9499) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT show more ...
# 0a73ee0a	04-Jan-2019	christos <christos@NetBSD.org>	2018-12-02 - v2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, 2018-12-02 - v2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol show more ...