ProHoster > Блог > ozi ịntanetị > Ntọhapụ nke hostapd na wpa_supplicant 2.10

Ntọhapụ nke hostapd na wpa_supplicant 2.10

Mgbe otu afọ na ọkara nke mmepe gasịrị, a kwadebere ntọhapụ nke hostapd/wpa_supplicant 2.10, nhazi maka ịkwado ụkpụrụ ikuku IEEE 802.1X, WPA, WPA2, WPA3 na EAP, nke gụnyere ngwa wpa_supplicant iji jikọọ na netwọk ikuku. dị ka onye ahịa na usoro ndabere hostapd iji nye ọrụ nke ebe nnweta na ihe nkesa nyocha, gụnyere ihe ndị dị ka WPA Authenticator, RADIUS nyocha ahịa / ihe nkesa, EAP nkesa. A na-ekesa koodu isi mmalite nke ọrụ a n'okpuru ikikere BSD.

Na mgbakwunye na mgbanwe arụ ọrụ, ụdị ọhụrụ a na-egbochi vector ọgụ akụkụ ọwa ọhụrụ na-emetụta usoro mkparita uka njikọ SAE (Simultaneous Authentication of Equals) yana usoro EAP-pwd. Onye na-awakpo nke nwere ikike ịme koodu enweghị ohere na sistemụ onye ọrụ na-ejikọ na netwọkụ ikuku nwere ike, site na nlekota oru na sistemụ, nweta ozi gbasara njirimara paswọọdụ wee jiri ha mee ka ịkọ nkọ paswọọdụ dị mfe na ọnọdụ offline. A na-akpata nsogbu ahụ site na ntapu site na ọwa ndị ọzọ nke ozi gbasara njirimara nke paswọọdụ, nke na-enye ohere, dabere na data na-apụtaghị ìhè, dị ka mgbanwe na-egbu oge n'oge arụ ọrụ, iji dokwuo anya nke ọma nke nhọrọ nke akụkụ nke paswọọdụ na. usoro nke ịhọrọ ya.

N'adịghị ka okwu ndị yiri nke ahụ edoziri na 2019, adịghị ike ọhụrụ a kpatara ya bụ eziokwu ahụ bụ na primitives cryptographic mpụga ejiri na ọrụ crypto_ec_point_solve_y_coord() enyeghị oge igbu oge niile, n'agbanyeghị ụdị data a na-ahazi. Dabere na nyocha nke omume nke cache processor, onye na-awakpo nwere ikike ịgba ọsọ koodu enweghị ohere na otu isi processor nwere ike nweta ozi gbasara ọganihu nke ọrụ paswọọdụ na SAE/EAP-pwd. Nsogbu a na-emetụta ụdịdị wpa_supplicant na hostapd niile ejiri nkwado SAE (CONFIG_SAE=y) na EAP-pwd (CONFIG_EAP_PWD=y).

Mgbanwe ndị ọzọ na mwepụta ọhụrụ nke hostapd na wpa_supplicant:

  • Gbakwunyere ikike iji ọbá akwụkwọ cryptographic OpenSSL 3.0 wuo.
  • Emejuputala usoro nchedo mgbamama atụpụtara na nwelite nkọwapụta WPA3, emebere iji kpuchido ọgụ megide mwakpo na-arụsi ọrụ ike na netwọk ikuku nke na-emegharị mgbanwe na okpokolo agba mgbama.
  • Nkwado agbakwunyere maka DPP 2 (Wi-Fi Provisioning Protocol), nke na-akọwapụta usoro nyocha igodo ọha ejiri na ọkọlọtọ WPA3 maka nhazi ngwa ngwa nke ngwaọrụ na-enweghị ihu ihuenyo. A na-eme ntọala site na iji ngwaọrụ ọzọ dị elu nke ejikọrọ na netwọk ikuku. Dịka ọmụmaatụ, enwere ike ịtọ parampat maka ngwaọrụ IoT na-enweghị ihuenyo site na ama dabere na foto nke koodu QR nke ebipụtara na ikpe ahụ;
  • Nkwado agbakwunyere maka ID igodo agbatịkwuru (IEEE 802.11-2016).
  • Nkwado maka usoro nchekwa SAE-PK (SAE Public Key) agbakwunyere na mmejuputa usoro mkparịta ụka njikọ SAE. A na-emejuputa usoro maka izipu nkwenye ozugbo, nke nhọrọ “sae_config_immediate=1” na-enyere ya aka, yana usoro hash-to-element, na-enyere aka mgbe edobere paramita sae_pwe na 1 ma ọ bụ 2.
  • Mmejuputa EAP-TLS agbakwunyela nkwado maka TLS 1.3 (nwere nkwarụ na ndabara).
  • agbakwunyere ntọala ọhụrụ (max_auth_rounds, max_auth_rounds_short) iji gbanwee oke na ọnụọgụ ozi EAP n'oge usoro nyocha (mgbanwe na oke nwere ike ịchọọ mgbe ị na-eji asambodo buru ibu).
  • Nkwado agbakwunyere maka usoro PASN (Pre Association Security Negotiation) iji guzobe njikọ echekwara yana ichekwa mgbanwe nke okpomoku njikwa na ọkwa njikọ mbụ.
  • Emejuputala usoro ngbanwe nke mgbanwe, nke na-enye gị ohere gbanyụọ ọnọdụ ngagharị na-akpaghị aka, nke na-enye gị ohere ịgbanwe n'etiti ebe ị ga-enweta ka ị na-aga, iji kwalite nchekwa.
  • Ewepụrụ nkwado maka ụkpụrụ WEP na nrụpụta ndabara (a chọrọ iji nhọrọ CONFIG_WEP = y wughachi iji weghachi nkwado WEP). Arụmọrụ ihe nketa wepụrụ metụtara Inter-Access Point Protocol (IAPP). Akwụsịla nkwado maka libnl 1.1. Nhọrọ iwu agbakwunyere CONFIG_NO_TKIP=y maka iwulite enweghị nkwado TKIP.
  • Ọdịmma edobere na mmejuputa UPnP (CVE-2020-12695), na onye njikwa P2P/Wi-Fi Direct (CVE-2021-27803) na usoro nchebe PMF (CVE-2019-16275).
  • Mgbanwe akọwapụtara nke Hostapd gụnyere nkwado gbasaara maka HEW (Ikuku Igwe anaghị arụ ọrụ dị elu, IEEE 802.11ax) netwọk ikuku, gụnyere ikike iji oke ugboro 6 GHz.
  • Mgbanwe kpọmkwem maka wpa_supplicant:
    • Nkwado agbakwunyere maka ntọala ọnọdụ ebe nnweta maka SAE (WPA3-onwe).
    • A na-emejuputa nkwado ụdị P802.11P maka ọwa EDMG (IEEE 2ay).
    • Amụma ntinye aka emelitere yana nhọrọ BSS.
    • A gbasaala njikwa njikwa site na D-Bus.
    • Agbakwụnyela azụ azụ ọhụrụ maka ịchekwa okwuntughe na faịlụ dị iche, na-enye gị ohere iwepu ozi nwere mmetụta na faịlụ nhazi bụ isi.
    • Atumatu ọhụrụ agbakwunyere maka SCS, MSCS na DSCP.

isi: opennet.ru

Tinye a comment