Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/external/bsd/wpa/dist/hs20/client/osu_client.h

120 lines
4.0 KiB
C
Raw Normal View History

Import wpa_supplicant and hostapd
2014-10-16 23:16:01 +04:00
/*
* Hotspot 2.0 - OSU client
* Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef OSU_CLIENT_H
#define OSU_CLIENT_H
#define SPP_NS_URI "http://www.wi-fi.org/specifications/hotspot2dot0/v1.0/spp"
#define URN_OMA_DM_DEVINFO "urn:oma:mo:oma-dm-devinfo:1.0"
#define URN_OMA_DM_DEVDETAIL "urn:oma:mo:oma-dm-devdetail:1.0"
#define URN_HS20_DEVDETAIL_EXT "urn:wfa:mo-ext:hotspot2dot0-devdetail-ext:1.0"
#define URN_HS20_PPS "urn:wfa:mo:hotspot2dot0-perprovidersubscription:1.0"
#define MAX_OSU_VALS 10
struct osu_lang_text {
char lang[4];
char text[253];
};
struct hs20_osu_client {
struct xml_node_ctx *xml;
struct http_ctx *http;
int no_reconnect;
char pps_fname[300];
char *devid;
const char *result_file;
const char *summary_file;
const char *ifname;
const char *ca_fname;
int no_osu_cert_validation; /* for EST operations */
char *fqdn;
char *server_url;
struct osu_lang_text friendly_name[MAX_OSU_VALS];
size_t friendly_name_count;
size_t icon_count;
char icon_filename[MAX_OSU_VALS][256];
u8 icon_hash[MAX_OSU_VALS][32];
int pps_cred_set;
int pps_updated;
int client_cert_present;
char **server_dnsname;
size_t server_dnsname_count;
2018-12-02 - v2.7 * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol
2019-01-04 22:29:14 +03:00
const char *osu_ssid; /* Enforced OSU_SSID for testing purposes */
Import wpa_supplicant and hostapd
2014-10-16 23:16:01 +04:00
#define WORKAROUND_OCSP_OPTIONAL 0x00000001
unsigned long int workarounds;
};
/* osu_client.c */
void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
__attribute__ ((format (printf, 2, 3)));
void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
__attribute__ ((format (printf, 2, 3)));
void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
xml_node_t *node);
int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert);
int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
xml_node_t *add_mo, char *fname, size_t fname_len);
void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
const char *alt_loc, char **user, char **pw);
int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
xml_node_t *pps);
void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname);
/* spp_client.c */
void spp_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void spp_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
int cmd_prov(struct hs20_osu_client *ctx, const char *url);
int cmd_sim_prov(struct hs20_osu_client *ctx, const char *url);
/* oma_dm_client.c */
int cmd_oma_dm_prov(struct hs20_osu_client *ctx, const char *url);
int cmd_oma_dm_sim_prov(struct hs20_osu_client *ctx, const char *url);
void oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void oma_dm_pol_upd(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname,
const char *client_cert, const char *client_key,
const char *cred_username, const char *cred_password,
xml_node_t *pps);
void cmd_oma_dm_sub_rem(struct hs20_osu_client *ctx, const char *address,
const char *pps_fname);
void cmd_oma_dm_add(struct hs20_osu_client *ctx, const char *pps_fname,
const char *add_fname);
void cmd_oma_dm_replace(struct hs20_osu_client *ctx, const char *pps_fname,
const char *replace_fname);
/* est.c */
int est_load_cacerts(struct hs20_osu_client *ctx, const char *url);
int est_build_csr(struct hs20_osu_client *ctx, const char *url);
int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
const char *user, const char *pw);
#endif /* OSU_CLIENT_H */