18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP peer configuration data 334af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * This software may be distributed under the terms of the BSD license. 6c5ec7f57ead87efa365800228aa0b09a12d9e6c4Dmitry Shmidt * See README for more details. 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#ifndef EAP_CONFIG_H 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_CONFIG_H 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct eap_peer_config - EAP peer configuration/credentials 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct eap_peer_config { 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity - EAP Identity 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to set the real user identity or NAI (for 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-PSK/PAX/SAKE/GPSK). 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *identity; 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * identity_len - EAP Identity length 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t identity_len; 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * anonymous_identity - Anonymous EAP Identity 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used for unencrypted use with EAP types that support 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * different tunnelled identity, e.g., EAP-TTLS, in order to reveal the 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * real identity (identity field) only to the authentication server. 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If not set, the identity field will be used for both unencrypted and 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * protected fields. 384530cfd4d14a77c58e35393b91e40f8dd9d62697Dmitry Shmidt * 394530cfd4d14a77c58e35393b91e40f8dd9d62697Dmitry Shmidt * This field can also be used with EAP-SIM/AKA/AKA' to store the 404530cfd4d14a77c58e35393b91e40f8dd9d62697Dmitry Shmidt * pseudonym identity. 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *anonymous_identity; 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * anonymous_identity_len - Length of anonymous_identity 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t anonymous_identity_len; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * password - Password string for EAP 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field can include either the plaintext password (default 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * option) or a NtPasswordHash (16-byte MD4 hash of the unicode 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * presentation of the password) if flags field has 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP_CONFIG_FLAGS_PASSWORD_NTHASH bit set to 1. NtPasswordHash can 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * only be used with authentication mechanism that use this hash as the 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * starting point for operation: MSCHAP and MSCHAPv2 (EAP-MSCHAPv2, 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP). 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * In addition, this field is used to configure a pre-shared key for 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-PSK/PAX/SAKE/GPSK. The length of the PSK must be 16 for EAP-PSK 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and EAP-PAX and 32 for EAP-SAKE. EAP-GPSK can use a variable length 638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * PSK. 648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *password; 668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * password_len - Length of password field 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t password_len; 718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert - File path to CA certificate file (PEM/DER) 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This file can have one or more trusted CA certificates. If ca_cert 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and ca_path are not included, server certificate will not be 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * verified. This is insecure and a trusted CA certificate should 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * always be configured when using EAP-TLS/TTLS/PEAP. Full path to the 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, this can be used to only perform matching of the 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate (SHA-256 hash of the DER encoded X.509 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate). In this case, the possible CA certificates in the 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate chain are ignored and only the server certificate 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * is verified. This is configured with the following format: 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hash:://server/sha256/cert_hash_in_hex 918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * For example: "hash://server/sha256/ 928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a" 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * On Windows, trusted CA certificates can be loaded from the system 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store by setting this to cert_store://name, e.g., 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Note that when running wpa_supplicant as an application, the user 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store (My user account) is used, whereas computer store 998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (Computer account) is used when running wpasvc as a service. 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_cert; 1028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_path - Directory path for CA certificate files (PEM) 1058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This path may contain multiple CA certificates in OpenSSL format. 1078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Common use for this is to point to system trusted CA list which is 1088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * often installed into directory like /etc/ssl/certs. If configured, 1098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * these certificates are added to the list of trusted CAs. ca_cert 1108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * may also be included in that case, but it is not required. 1118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_path; 1138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * client_cert - File path to client certificate file (PEM/DER) 1168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used with EAP method that use TLS authentication. 1188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Usually, this is only configured for EAP-TLS, even though this could 1198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the 1208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 1218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 1228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *client_cert; 1278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key - File path to client private key file (PEM/DER/PFX) 1308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 1328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * commented out. Both the private key and certificate will be read 1338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * from the PKCS#12 file in this case. Full path to the file should be 1348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * used since working directory may change when wpa_supplicant is run 1358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * in the background. 1368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Windows certificate store can be used by leaving client_cert out and 1388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * configuring private_key in one of the following formats: 1398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert://substring_to_match 1418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hash://certificate_thumbprint_in_hex 1438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 1458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Note that when running wpa_supplicant as an application, the user 1478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * certificate store (My user account) is used, whereas computer store 1488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (Computer account) is used when running wpasvc as a service. 1498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key; 1548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key_passwd - Password for private key file 1578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 1598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key_passwd; 1618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dh_file - File path to DH/DSA parameters file (in PEM format) 1648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is an optional configuration file for setting parameters for an 1668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ephemeral DH key exchange. In most cases, the default RSA 1678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * authentication does not use this configuration. However, it is 1688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * possible setup RSA to use ephemeral DH key exchange. In addition, 1698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ciphers with DSA keys always use ephemeral DH keys. This can be used 1708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to achieve forward secrecy. If the file is in DSA parameters format, 1718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * it will be automatically converted into DH params. Full path to the 1728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 1738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 1748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 1768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 1778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *dh_file; 1798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * subject_match - Constraint for server certificate subject 1828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This substring is matched against the subject of the authentication 1848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * server certificate. If this string is set, the server sertificate is 1858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * only accepted if it contains this string in the subject. The subject 1868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * string is in following format: 1878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com 1898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 1908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *subject_match; 1918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 1928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 1938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altsubject_match - Constraint for server certificate alt. subject 1948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Semicolon separated string of entries to be matched against the 1968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * alternative subject name of the authentication server certificate. 1978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If this string is set, the server sertificate is only accepted if it 1988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * contains one of the entries in an alternative subject name 1998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * extension. 2008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altSubjectName string is in following format: TYPE:VALUE 2028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Example: EMAIL:server@example.com 2048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Example: DNS:server.example.com;DNS:server2.example.com 2058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Following types are supported: EMAIL, DNS, URI 2078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *altsubject_match; 2098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert2 - File path to CA certificate file (PEM/DER) (Phase 2) 2128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This file can have one or more trusted CA certificates. If ca_cert2 2148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * and ca_path2 are not included, server certificate will not be 2158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * verified. This is insecure and a trusted CA certificate should 2168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * always be configured. Full path to the file should be used since 2178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * working directory may change when wpa_supplicant is run in the 2188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * background. 2198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like ca_cert, but used for phase 2 (inside 2218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_cert2; 2278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_path2 - Directory path for CA certificate files (PEM) (Phase 2) 2308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This path may contain multiple CA certificates in OpenSSL format. 2328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Common use for this is to point to system trusted CA list which is 2338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * often installed into directory like /etc/ssl/certs. If configured, 2348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * these certificates are added to the list of trusted CAs. ca_cert 2358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * may also be included in that case, but it is not required. 2368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like ca_path, but used for phase 2 (inside 2388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *ca_path2; 2418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * client_cert2 - File path to client certificate file 2448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like client_cert, but used for phase 2 (inside 2468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *client_cert2; 2548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key2 - File path to client private key file 2578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like private_key, but used for phase 2 (inside 2598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key2; 2678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * private_key2_passwd - Password for private key file 2708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like private_key_passwd, but used for phase 2 (inside 2728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *private_key2_passwd; 2758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * dh_file2 - File path to DH/DSA parameters file (in PEM format) 2788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like dh_file, but used for phase 2 (inside 2808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the 2818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * file should be used since working directory may change when 2828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 2838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 2858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 2868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *dh_file2; 2888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * subject_match2 - Constraint for server certificate subject 2918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like subject_match, but used for phase 2 (inside 2938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 2948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 2958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *subject_match2; 2968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 2978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 2988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * altsubject_match2 - Constraint for server certificate alt. subject 2998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like altsubject_match, but used for phase 2 (inside 3018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 3028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *altsubject_match2; 3048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * eap_methods - Allowed EAP methods 3078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * (vendor=EAP_VENDOR_IETF,method=EAP_TYPE_NONE) terminated list of 3098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * allowed EAP methods or %NULL if all methods are accepted. 3108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct eap_method_type *eap_methods; 3128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * phase1 - Phase 1 (outer authentication) parameters 3158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * String with field-value pairs, e.g., "peapver=0" or 3178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "peapver=1 peaplabel=1". 3188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peapver' can be used to force which PEAP version (0 or 1) is used. 3208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peaplabel=1' can be used to force new label, "client PEAP 3228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * encryption", to be used during key derivation when PEAPv1 or newer. 3238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Most existing PEAPv1 implementation seem to be using the old label, 3258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "client EAP encryption", and wpa_supplicant is now using that as the 3268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * default value. 3278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Some servers, e.g., Radiator, may require peaplabel=1 configuration 3298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to interoperate with PEAPv1; see eap_testing.txt for more details. 3308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 'peap_outer_success=0' can be used to terminate PEAP authentication 3328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * on tunneled EAP-Success. This is required with some RADIUS servers 3338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., 3348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode). 3358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * include_tls_length=1 can be used to force wpa_supplicant to include 3378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * TLS Message Length field in all TLS messages even if they are not 3388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragmented. 3398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * sim_min_num_chal=3 can be used to configure EAP-SIM to require three 3418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * challenges (by default, it accepts 2 or 3). 3428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use 3448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * protected result indication. 3458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_provisioning option can be used to enable in-line provisioning 3478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * of EAP-FAST credentials (PAC): 3488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 0 = disabled, 3498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1 = allow unauthenticated provisioning, 3508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2 = allow authenticated provisioning, 3518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3 = allow both unauthenticated and authenticated provisioning 3528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_max_pac_list_len=num option can be used to set the maximum 3548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * number of PAC entries to store in a PAC list (default: 10). 3558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fast_pac_format=binary option can be used to select binary format 3578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * for storing PAC entries in order to save some space (the default 3588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * text format uses about 2.5 times the size of minimal binary format). 3598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * crypto_binding option can be used to control PEAPv0 cryptobinding 3618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * behavior: 3628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 0 = do not use cryptobinding (default) 3638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 1 = use cryptobinding if server supports it 3648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 2 = require cryptobinding 3658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-WSC (WPS) uses following options: pin=Device_Password and 3678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * uuid=Device_UUID 3688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *phase1; 3708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * phase2 - Phase2 (inner authentication with TLS tunnel) parameters 3738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or 3758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS. 3768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *phase2; 3788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pcsc - Parameters for PC/SC smartcard interface for USIM and GSM SIM 3818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PC/SC smartcard interface. 3838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Currently, the only configuration is whether this field is %NULL (do 3848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * not use PC/SC) or non-NULL (e.g., "") to enable PC/SC. 3858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used for EAP-SIM and EAP-AKA. 3878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pcsc; 3898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 3908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 3918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pin - PIN for USIM, GSM SIM, and smartcards 3928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PIN for SIM and smartcards for 3948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a 3958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * smartcard is used for private key operations. 3968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 3978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 3988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 3998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pin; 4008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine - Enable OpenSSL engine (e.g., for smartcard access) 4038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int engine; 4088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine_id - Engine ID for OpenSSL engine 4118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 4138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine. 4148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *engine_id; 4198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine2 - Enable OpenSSL engine (e.g., for smartcard) (Phase 2) 4228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like engine, but used for phase 2 (inside 4278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int engine2; 4308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pin2 - PIN for USIM, GSM SIM, and smartcards (Phase 2) 4348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used to configure PIN for SIM and smartcards for 4368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a 4378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * smartcard is used for private key operations. 4388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like pin2, but used for phase 2 (inside 4408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * If left out, this will be asked through control interface. 4438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pin2; 4458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine2_id - Engine ID for OpenSSL engine (Phase 2) 4488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 4508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * engine. 4518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is like engine_id, but used for phase 2 (inside 4568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * EAP-TTLS/PEAP/FAST tunnel) authentication. 4578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *engine2_id; 4598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key_id - Key ID for OpenSSL engine 4638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *key_id; 4688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert_id - Cert ID for OpenSSL engine 4718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the certificate operations for EAP-TLS are performed 4738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *cert_id; 4768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert_id - CA Cert ID for OpenSSL engine 4798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the CA certificate for EAP-TLS is on a smartcard. 4818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *ca_cert_id; 4838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * key2_id - Key ID for OpenSSL engine (phase2) 4868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if private key operations for EAP-TLS are performed 4888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *key2_id; 4918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 4928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 4938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cert2_id - Cert ID for OpenSSL engine (phase2) 4948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 4958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the certificate operations for EAP-TLS are performed 4968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * using a smartcard. 4978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 4988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *cert2_id; 4998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * ca_cert2_id - CA Cert ID for OpenSSL engine (phase2) 5028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This is used if the CA certificate for EAP-TLS is on a smartcard. 5048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *ca_cert2_id; 5068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * otp - One-time-password 5098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when OTP is entered through the control interface. 5128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *otp; 5148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * otp_len - Length of the otp field 5178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t otp_len; 5198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_identity - Whether there is a pending identity request 5228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_identity; 5288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_password - Whether there is a pending password request 5318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_password; 5378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_pin - Whether there is a pending PIN request 5408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_pin; 5468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_new_password - Pending password update request 5498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_new_password; 5558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_passphrase - Pending passphrase request 5588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int pending_req_passphrase; 5648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_otp - Whether there is a pending OTP request 5678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field should not be set in configuration step. It is only used 5698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * internally when control interface is used to request needed 5708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * information. 5718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pending_req_otp; 5738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pending_req_otp_len - Length of the pending OTP request 5768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t pending_req_otp_len; 5788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * pac_file - File path or blob name for the PAC entries (EAP-FAST) 5818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant will need to be able to create this file and write 5838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * updates to it when PAC is being provisioned or refreshed. Full path 5848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * to the file should be used since working directory may change when 5858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * wpa_supplicant is run in the background. 5868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, a named configuration blob can be used by setting 5878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * this to blob://blob_name. 5888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *pac_file; 5908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5918d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 5928d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * mschapv2_retry - MSCHAPv2 retry in progress 5938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 5948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used internally by EAP-MSCHAPv2 and should not be set 5958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * as part of configuration. 5968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 5978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int mschapv2_retry; 5988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 5998d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * new_password - New password for password update 6018d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6028d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This field is used during MSCHAPv2 password update. This is normally 6038d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * requested from the user through the control interface and not set 6048d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * from configuration. 6058d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6068d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *new_password; 6078d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6088d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6098d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * new_password_len - Length of new_password field 6108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t new_password_len; 6128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragment_size - Maximum EAP fragment size in bytes (default 1398) 6158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This value limits the fragment size for EAP methods that support 6178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set 6188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * small enough to make the EAP messages fit in MTU of the network 6198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * interface used for EAPOL. The default value is suitable for most 6208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * cases. 6218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt int fragment_size; 6238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#define EAP_CONFIG_FLAGS_PASSWORD_NTHASH BIT(0) 62561d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt#define EAP_CONFIG_FLAGS_EXT_PASSWORD BIT(1) 6268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * flags - Network configuration flags (bitfield) 6288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This variable is used for internal flags to describe further details 6308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * for the network parameters. 6318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * bit 0 = password is represented as a 16-byte NtPasswordHash value 6328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * instead of plaintext password 63361d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * bit 1 = password is stored in external storage; the value in the 63461d9df3e62aaa0e87ad05452fcb95142159a17b6Dmitry Shmidt * password field is the name of that external entry 6358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u32 flags; 63734af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt 63834af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt /** 63934af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * ocsp - Whether to use/require OCSP to check server certificate 64034af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * 64134af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * 0 = do not use OCSP stapling (TLS certificate status extension) 64234af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * 1 = try to use OCSP stapling, but not require response 64334af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt * 2 = require valid OCSP stapling response 64434af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt */ 64534af306c42b7ccf956508e7cd23f0ba90606e360Dmitry Shmidt int ocsp; 6468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 6478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/** 6508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * struct wpa_config_blob - Named configuration blob 6518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 6528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This data structure is used to provide storage for binary objects to store 6538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * abstract information like certificates and private keys inlined with the 6548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * configuration data. 6558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstruct wpa_config_blob { 6578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * name - Blob name 6598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt char *name; 6618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6638d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * data - Pointer to binary data 6648d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6658d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt u8 *data; 6668d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6678d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6688d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * len - Length of binary data 6698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt size_t len; 6718d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt /** 6738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * next - Pointer to next blob in the configuration 6748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 6758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct wpa_config_blob *next; 6768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt}; 6778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 6788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#endif /* EAP_CONFIG_H */ 679