3 files changed, 92 insertions, 12 deletions

diff --git a/chromium/components/onc/docs/onc_spec.md b/chromium/components/onc/docs/onc_spec.md
index 7729193aa98..4c3e961e98a 100644
--- a/chromium/components/onc/docs/onc_spec.md
+++ b/chromium/components/onc/docs/onc_spec.md
@@ -230,6 +230,11 @@ Field **NetworkConfigurations** is an array of
       [Cellular](#Cellular-type)
     * Cellular settings.
 
+* **Tether**
+    * (required if **Type** is *Tether*, otherwise ignored) -
+      [Tether](#Tether-type)
+    * Tether settings.
+
 * **Type**
     * (required if **Remove** is *false*, otherwise ignored) - **string**
     * `Allowed values are` *Cellular*,
@@ -1037,9 +1042,19 @@ type exists to configure the authentication.
     * (required if **ClientCertType** is *Ref*, otherwise ignored) - **string**
     * Reference to client certificate stored in certificate section.
 
+* **ClientCertPKCS11Id**
+    * (required if **ClientCertType** is *PKCS11Id*, otherwise ignored) - 
+    * PKCS#11 identifier in the format slot:key_id.
+  
 * **ClientCertType**
-    * (optional) **string**
-    `Allowed values are` *Ref*, and *Pattern*.
+    * (optional) - **string**
+    * `Allowed values are` *Ref*, *Pattern*, *PKCS11Id* and *None*.
+    * *Ref* and *Pattern* indicate that the associated property should be used
+      to identify the client certificate.
+    * *PKCS11Id* is used when representing a certificate in a local store and is
+      only valid when describing a local configuration.
+    * *None* indicates that the server is configured to not require client
+      certificates.
 
 * **Identity**
     * (optional) - **string**
@@ -1052,20 +1067,15 @@ type exists to configure the authentication.
       expansions.
 
 * **Inner**
-    * (optional if **Outer** is
-        *EAP-FAST*, *EAP-TTLS*
-        or *PEAP*, otherwise ignored, defaults to *Automatic*) - **string**
-    * `Allowed values are` *Automatic*,
-        *MD5*, *MSCHAPv2*,
-        *EAP-MSCHAPv2*,
-        *PAP*, and *GTC*.
+    * (optional if **Outer** is *EAP-FAST*, *EAP-TTLS* or *PEAP*, otherwise
+        ignored, defaults to *Automatic*) - **string**
+    * `Allowed values are` *Automatic*, *MD5*, *MSCHAP*, *MSCHAPv2*, *PAP*,
+        *CHAP* and *GTC*.
     * For tunneling outer protocols.
 
 * **Outer**
     * (required) - **string**
-    * `Allowed values are` *LEAP*,
-        *EAP-AKA*, *EAP-FAST*,
-        *EAP-TLS*, *EAP-TTLS*,
+    * `Allowed values are` *LEAP*, *EAP-AKA*, *EAP-FAST*, *EAP-TLS*, *EAP-TTLS*,
         *EAP-SIM* and *PEAP*.
 
 * **Password**
@@ -1105,6 +1115,11 @@ type exists to configure the authentication.
       A verification using the system's CA certificates may still apply.
       See **UseSystemCAs** for this.
 
+* **SubjectMatch**
+    * (optional) - **string**
+    * WiFi only. A substring which a remote RADIUS service certificate subject
+      name must contain in order to connect.
+
 * **UseSystemCAs**
     * (optional, defaults to *true*) - **boolean**
     * Required server certificate to be signed by "system default certificate
@@ -1431,6 +1446,40 @@ ONC configuration of of **Cellular** networks is not yet supported.
       changes to *sim-puk*).
 
 
+## Tether Networks
+
+For Tether connections, **Type** must be set to *Tether* and the
+field **Tether** must be set to an object of type [Tether](#Tether-type).
+
+Used for representing a tether hotspot provided by an external device, e.g.
+a phone.
+
+### Tether type
+
+* **BatteryPercentage**
+    * (optional, read-only) - **integer**
+    * The battery percentage of the device providing the tether hotspot in the
+      range [0, 100].
+
+* **Carrier**
+    * (optional, read-only) - **string**
+    * The name of the cellular carrier when the hotspot is provided by a
+      cellular connection.
+
+* **HasConnectedToHost**
+    * (read-only) - **boolean**
+    * If *true*, the current device has already connected to a Tether network
+      created by the same external device which is providing this Tether
+      network.
+
+* **SignalStrength**
+    * (optional, read-only) - **integer**
+    * The current signal strength for the hotspot's connection in the range
+      [0, 100]. Note that this value refers to the strength of the signal
+      between the external device and its data provider, not the strength of the
+      signal between the current device and the external device.
+
+
 ## Bluetooth / WiFi Direct Networks
 
 This format will eventually also cover configuration of Bluetooth and WiFi
diff --git a/chromium/components/onc/onc_constants.cc b/chromium/components/onc/onc_constants.cc
index ef314226ed0..80a95efc3c9 100644
--- a/chromium/components/onc/onc_constants.cc
+++ b/chromium/components/onc/onc_constants.cc
@@ -59,6 +59,7 @@ const char kSourceUser[] = "User";
 const char kSourceUserPolicy[] = "UserPolicy";
 const char kSource[] = "Source";
 const char kStaticIPConfig[] = "StaticIPConfig";
+const char kTether[] = "Tether";
 const char kType[] = "Type";
 const char kVPN[] = "VPN";
 const char kWiFi[] = "WiFi";
@@ -68,6 +69,10 @@ std::string CellularProperty(const std::string& property) {
   return std::string(kCellular) + "." + property;
 }
 
+std::string TetherProperty(const std::string& property) {
+  return std::string(kTether) + "." + property;
+}
+
 std::string VpnProperty(const std::string& property) {
   return std::string(kVPN) + "." + property;
 }
@@ -82,6 +87,7 @@ namespace network_type {
 const char kAllTypes[] = "All";
 const char kCellular[] = "Cellular";
 const char kEthernet[] = "Ethernet";
+const char kTether[] = "Tether";
 const char kVPN[] = "VPN";
 const char kWiFi[] = "WiFi";
 const char kWimax[] = "WiMAX";
@@ -188,6 +194,13 @@ const char kEAP[] = "EAP";
 const char k8021X[] = "8021X";
 }  // namespace ethernet
 
+namespace tether {
+const char kBatteryPercentage[] = "BatteryPercentage";
+const char kCarrier[] = "Carrier";
+const char kHasConnectedToHost[] = "HasConnectedToHost";
+const char kSignalStrength[] = "SignalStrength";
+}  // namespace tether
+
 namespace ipconfig {
 const char kGateway[] = "Gateway";
 const char kIPAddress[] = "IPAddress";
@@ -230,6 +243,7 @@ const char kSignalStrength[] = "SignalStrength";
 
 namespace client_cert {
 const char kClientCertPattern[] = "ClientCertPattern";
+const char kClientCertPKCS11Id[] = "ClientCertPKCS11Id";
 const char kClientCertRef[] = "ClientCertRef";
 const char kClientCertType[] = "ClientCertType";
 const char kClientCertTypeNone[] = "None";
@@ -243,6 +257,7 @@ const char kLocality[] = "Locality";
 const char kOrganization[] = "Organization";
 const char kOrganizationalUnit[] = "OrganizationalUnit";
 const char kPattern[] = "Pattern";
+const char kPKCS11Id[] = "PKCS11Id";
 const char kRef[] = "Ref";
 const char kSubject[] = "Subject";
 }  // namespace client_cert
@@ -286,6 +301,7 @@ const char kIdentity[] = "Identity";
 const char kInner[] = "Inner";
 const char kLEAP[] = "LEAP";
 const char kMD5[] = "MD5";
+const char kMSCHAP[] = "MSCHAP";
 const char kMSCHAPv2[] = "MSCHAPv2";
 const char kOuter[] = "Outer";
 const char kPAP[] = "PAP";
@@ -295,6 +311,7 @@ const char kSaveCredentials[] = "SaveCredentials";
 const char kServerCAPEMs[] = "ServerCAPEMs";
 const char kServerCARef[] = "ServerCARef";
 const char kServerCARefs[] = "ServerCARefs";
+const char kSubjectMatch[] = "SubjectMatch";
 const char kUseSystemCAs[] = "UseSystemCAs";
 const char kUseProactiveKeyCaching[] = "UseProactiveKeyCaching";
 }  // namespace eap
diff --git a/chromium/components/onc/onc_constants.h b/chromium/components/onc/onc_constants.h
index 8576292b04e..20ece16b6af 100644
--- a/chromium/components/onc/onc_constants.h
+++ b/chromium/components/onc/onc_constants.h
@@ -82,12 +82,14 @@ ONC_EXPORT extern const char kConnectionState[];
 ONC_EXPORT extern const char kRestrictedConnectivity[];
 ONC_EXPORT extern const char kConnectable[];
 ONC_EXPORT extern const char kErrorState[];
+ONC_EXPORT extern const char kTether[];
 ONC_EXPORT extern const char kType[];
 ONC_EXPORT extern const char kVPN[];
 ONC_EXPORT extern const char kWiFi[];
 ONC_EXPORT extern const char kWimax[];
 
 ONC_EXPORT extern std::string CellularProperty(const std::string& property);
+ONC_EXPORT extern std::string TetherProperty(const std::string& property);
 ONC_EXPORT extern std::string VpnProperty(const std::string& property);
 ONC_EXPORT extern std::string WifiProperty(const std::string& property);
 
@@ -96,6 +98,7 @@ ONC_EXPORT extern std::string WifiProperty(const std::string& property);
 namespace network_type {
 ONC_EXPORT extern const char kCellular[];
 ONC_EXPORT extern const char kEthernet[];
+ONC_EXPORT extern const char kTether[];
 ONC_EXPORT extern const char kVPN[];
 ONC_EXPORT extern const char kWiFi[];
 ONC_EXPORT extern const char kWimax[];
@@ -216,6 +219,13 @@ ONC_EXPORT extern const char kEAP[];
 ONC_EXPORT extern const char k8021X[];
 }  // namespace ethernet
 
+namespace tether {
+ONC_EXPORT extern const char kBatteryPercentage[];
+ONC_EXPORT extern const char kCarrier[];
+ONC_EXPORT extern const char kHasConnectedToHost[];
+ONC_EXPORT extern const char kSignalStrength[];
+}  // namespace tether
+
 namespace wifi {
 ONC_EXPORT extern const char kAllowGatewayARPPolling[];
 ONC_EXPORT extern const char kAutoConnect[];
@@ -246,6 +256,7 @@ ONC_EXPORT extern const char kSignalStrength[];
 
 namespace client_cert {
 ONC_EXPORT extern const char kClientCertPattern[];
+ONC_EXPORT extern const char kClientCertPKCS11Id[];
 ONC_EXPORT extern const char kClientCertRef[];
 ONC_EXPORT extern const char kClientCertType[];
 ONC_EXPORT extern const char kClientCertTypeNone[];
@@ -259,6 +270,7 @@ ONC_EXPORT extern const char kLocality[];
 ONC_EXPORT extern const char kOrganization[];
 ONC_EXPORT extern const char kOrganizationalUnit[];
 ONC_EXPORT extern const char kPattern[];
+ONC_EXPORT extern const char kPKCS11Id[];
 ONC_EXPORT extern const char kRef[];
 ONC_EXPORT extern const char kSubject[];
 }  // namespace client_cert
@@ -302,6 +314,7 @@ ONC_EXPORT extern const char kIdentity[];
 ONC_EXPORT extern const char kInner[];
 ONC_EXPORT extern const char kLEAP[];
 ONC_EXPORT extern const char kMD5[];
+ONC_EXPORT extern const char kMSCHAP[];
 ONC_EXPORT extern const char kMSCHAPv2[];
 ONC_EXPORT extern const char kOuter[];
 ONC_EXPORT extern const char kPAP[];
@@ -311,6 +324,7 @@ ONC_EXPORT extern const char kSaveCredentials[];
 ONC_EXPORT extern const char kServerCAPEMs[];
 ONC_EXPORT extern const char kServerCARef[];
 ONC_EXPORT extern const char kServerCARefs[];
+ONC_EXPORT extern const char kSubjectMatch[];
 ONC_EXPORT extern const char kUseSystemCAs[];
 ONC_EXPORT extern const char kUseProactiveKeyCaching[];
 }  // namespace eap