diff options
Diffstat (limited to 'wpa_supplicant/config.h')
-rw-r--r-- | wpa_supplicant/config.h | 134 |
1 files changed, 110 insertions, 24 deletions
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index 696fb38e..e1f30c2f 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -182,6 +182,38 @@ struct wpa_cred { char *milenage; /** + * imsi_privacy_cert - IMSI privacy certificate + * + * This field is used with EAP-SIM/AKA/AKA' to encrypt the permanent + * identity (IMSI) to improve privacy. The referenced PEM-encoded + * X.509v3 certificate needs to include a 2048-bit RSA public key and + * this is from the operator who authenticates the SIM/USIM. + */ + char *imsi_privacy_cert; + + /** + * imsi_privacy_attr - IMSI privacy attribute + * + * This field is used to help the EAP-SIM/AKA/AKA' server to identify + * the used certificate (and as such, the matching private key). This + * is set to an attribute in name=value format if the operator needs + * this information. + */ + char *imsi_privacy_attr; + + /** + * strict_conservative_peer_mode - Whether the strict conservative peer + * mode is enabled or not + * + * This field is used to handle the reponse of AT_PERMANENT_ID_REQ + * for EAP-SIM/AKA/AKA', in convervative peer mode, a client error would + * be sent to the server, but it allows to send the permanent identity + * in some special cases according to 4.6.2 of RFC 4187; With the strict + * mode, it never send the permanent identity to server for privacy concern. + */ + int strict_conservative_peer_mode; + + /** * engine - Use an engine for private key operations */ int engine; @@ -240,36 +272,50 @@ struct wpa_cred { size_t num_domain; /** - * roaming_consortium - Roaming Consortium OI + * home_ois - Home OIs * - * If roaming_consortium_len is non-zero, this field contains the - * Roaming Consortium OI that can be used to determine which access - * points support authentication with this credential. This is an - * alternative to the use of the realm parameter. When using Roaming - * Consortium to match the network, the EAP parameters need to be - * pre-configured with the credential since the NAI Realm information - * may not be available or fetched. + * If num_home_ois is non-zero, this field contains the set of Home OIs + * that can be use to determine which access points support + * authentication with this credential. These are an alternative to the + * use of the realm parameter. When using Home OIs to match the network, + * the EAP parameters need to be pre-configured with the credentials + * since the NAI Realm information may not be available or fetched. + * A successful authentication with the access point is possible as soon + * as at least one Home OI from the list matches an OI in the Roaming + * Consortium list advertised by the access point. + * (Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/HomeOIList/<X+>/HomeOI) + */ + u8 home_ois[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN]; + + /** + * home_ois_len - Length of home_ois[i] */ - u8 roaming_consortium[15]; + size_t home_ois_len[MAX_ROAMING_CONS]; /** - * roaming_consortium_len - Length of roaming_consortium + * num_home_ois - Number of entries in home_ois */ - size_t roaming_consortium_len; + unsigned int num_home_ois; /** - * required_roaming_consortium - Required Roaming Consortium OI + * required_home_ois - Required Home OI(s) * - * If required_roaming_consortium_len is non-zero, this field contains - * the Roaming Consortium OI that is required to be advertised by the AP - * for the credential to be considered matching. + * If required_home_ois_len is non-zero, this field contains the set of + * Home OI(s) that are required to be advertised by the AP for the + * credential to be considered matching. + * (Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/HomeOIList/<X+>/HomeOIRequired) */ - u8 required_roaming_consortium[15]; + u8 required_home_ois[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN]; /** - * required_roaming_consortium_len - Length of required_roaming_consortium + * required_home_ois_len - Length of required_home_ois */ - size_t required_roaming_consortium_len; + size_t required_home_ois_len[MAX_ROAMING_CONS]; + + /** + * num_required_home_ois - Number of entries in required_home_ois + */ + unsigned int num_required_home_ois; /** * roaming_consortiums - Roaming Consortium OI(s) memberships @@ -808,8 +854,8 @@ struct wpa_config { int p2p_add_cli_chan; int p2p_ignore_shared_freq; int p2p_optimize_listen_chan; - int p2p_6ghz_disable; + int p2p_dfs_chan_enable; struct wpabuf *wps_vendor_ext_m1; @@ -1221,6 +1267,25 @@ struct wpa_config { enum mfp_options pmf; /** + * sae_check_mfp - Whether to limit SAE based on PMF capabilities + * + * With this check SAE key_mgmt will not be selected if PMF is + * not enabled. + * Scenarios where enabling this check will limit SAE: + * 1) ieee8011w=0 is set for the network. + * 2) The AP does not have PMF enabled. + * 3) ieee8011w for the network is the default(3), pmf=1 is enabled + * globally and the device does not support the BIP cipher. + * + * Useful to allow the BIP cipher check that occurs for ieee80211w=3 + * and pmf=1 to also avoid using SAE key_mgmt. + * Useful when hardware does not support BIP to still to allow + * connecting to sae_require_mfp=1 WPA2+WPA3-Personal transition mode + *access points by automatically selecting PSK instead of SAE. + */ + int sae_check_mfp; + + /** * sae_groups - Preference list of enabled groups for SAE * * By default (if this parameter is not set), the mandatory group 19 @@ -1236,7 +1301,7 @@ struct wpa_config { * 1 = hash-to-element only * 2 = both hunting-and-pecking loop and hash-to-element enabled */ - int sae_pwe; + enum sae_pwe sae_pwe; /** * sae_pmkid_in_assoc - Whether to include PMKID in SAE Assoc Req @@ -1356,7 +1421,7 @@ struct wpa_config { * the per-network mac_addr parameter. Global mac_addr=1 can be used to * change this default behavior. */ - int mac_addr; + enum wpas_mac_addr_style mac_addr; /** * rand_addr_lifetime - Lifetime of random MAC address in seconds @@ -1370,7 +1435,7 @@ struct wpa_config { * 1 = use random MAC address * 2 = like 1, but maintain OUI (with local admin bit set) */ - int preassoc_mac_addr; + enum wpas_mac_addr_style preassoc_mac_addr; /** * key_mgmt_offload - Use key management offload @@ -1579,7 +1644,7 @@ struct wpa_config { * 1 = use random MAC address * 2 = like 1, but maintain OUI (with local admin bit set) */ - int gas_rand_mac_addr; + enum wpas_mac_addr_style gas_rand_mac_addr; /** * dpp_config_processing - How to process DPP configuration @@ -1607,6 +1672,25 @@ struct wpa_config { char *dpp_mud_url; /** + * dpp_extra_conf_req_name - JSON node name of additional data for + * Enrollee's DPP Configuration Request + */ + char *dpp_extra_conf_req_name; + + /** + * dpp_extra_conf_req_value - JSON node data of additional data for + * Enrollee's DPP Configuration Request + */ + char *dpp_extra_conf_req_value; + + /* dpp_connector_privacy_default - Default valur for Connector privacy + * + * This value is used as the default for the dpp_connector_privacy + * network parameter for all new networks provisioned using DPP. + */ + int dpp_connector_privacy_default; + + /** * coloc_intf_reporting - Colocated interference reporting * * dot11CoLocIntfReportingActivated @@ -1785,6 +1869,7 @@ const char * wpa_config_get_global_field_name(unsigned int i, int *no_var); * @name: Name of the configuration (e.g., path and file name for the * configuration file) * @cfgp: Pointer to previously allocated configuration data or %NULL if none + * @ro: Whether to mark networks from this configuration as read-only * Returns: Pointer to allocated configuration data or %NULL on failure * * This function reads configuration data, parses its contents, and allocates @@ -1793,7 +1878,8 @@ const char * wpa_config_get_global_field_name(unsigned int i, int *no_var); * * Each configuration backend needs to implement this function. */ -struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp); +struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp, + bool ro); /** * wpa_config_write - Write or update configuration data |