diff options
| author | Jimmy Chen <jimmycmchen@google.com> | 2019-12-19 09:28:52 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-12-19 09:28:52 +0000 |
| commit | 919df467f922b8e05bfd710aae48d415b2c76132 (patch) | |
| tree | 7c23bab30f775ceff1619a4c3b9fffde835a91bc | |
| parent | fcce2cb0b621a1aa588b8c0c25f8c971dabcdb48 (diff) | |
| parent | e8c8be569130aa75a3370cc4d4e50aad9aad3a7c (diff) | |
Merge "Wifi: framework adaption for WAPI configuration"
14 files changed, 532 insertions, 18 deletions
diff --git a/service/java/com/android/server/wifi/ScanResultMatchInfo.java b/service/java/com/android/server/wifi/ScanResultMatchInfo.java index e62368331..752de679c 100644 --- a/service/java/com/android/server/wifi/ScanResultMatchInfo.java +++ b/service/java/com/android/server/wifi/ScanResultMatchInfo.java @@ -52,6 +52,10 @@ public class ScanResultMatchInfo { return WifiConfiguration.SECURITY_TYPE_SAE; } else if (WifiConfigurationUtil.isConfigForPskNetwork(config)) { return WifiConfiguration.SECURITY_TYPE_PSK; + } else if (WifiConfigurationUtil.isConfigForWapiPskNetwork(config)) { + return WifiConfiguration.SECURITY_TYPE_WAPI_PSK; + } else if (WifiConfigurationUtil.isConfigForWapiCertNetwork(config)) { + return WifiConfiguration.SECURITY_TYPE_WAPI_CERT; } else if (WifiConfigurationUtil.isConfigForEapNetwork(config)) { return WifiConfiguration.SECURITY_TYPE_EAP; } else if (WifiConfigurationUtil.isConfigForEapSuiteBNetwork(config)) { @@ -84,6 +88,10 @@ public class ScanResultMatchInfo { return WifiConfiguration.SECURITY_TYPE_SAE; } else if (ScanResultUtil.isScanResultForPskNetwork(scanResult)) { return WifiConfiguration.SECURITY_TYPE_PSK; + } else if (ScanResultUtil.isScanResultForWapiPskNetwork(scanResult)) { + return WifiConfiguration.SECURITY_TYPE_WAPI_PSK; + } else if (ScanResultUtil.isScanResultForWapiCertNetwork(scanResult)) { + return WifiConfiguration.SECURITY_TYPE_WAPI_CERT; } else if (ScanResultUtil.isScanResultForEapSuiteBNetwork(scanResult)) { return WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B; } else if (ScanResultUtil.isScanResultForEapNetwork(scanResult)) { diff --git a/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java b/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java index c6f58c4ca..e3bdd3530 100644 --- a/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java +++ b/service/java/com/android/server/wifi/SupplicantStaIfaceHal.java @@ -19,6 +19,7 @@ import static android.net.wifi.WifiManager.WIFI_FEATURE_DPP; import static android.net.wifi.WifiManager.WIFI_FEATURE_MBO; import static android.net.wifi.WifiManager.WIFI_FEATURE_OCE; import static android.net.wifi.WifiManager.WIFI_FEATURE_OWE; +import static android.net.wifi.WifiManager.WIFI_FEATURE_WAPI; import static android.net.wifi.WifiManager.WIFI_FEATURE_WPA3_SAE; import static android.net.wifi.WifiManager.WIFI_FEATURE_WPA3_SUITE_B; @@ -2647,6 +2648,15 @@ public class SupplicantStaIfaceHal { } } + if ((keyMgmtCapabilities & android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .KeyMgmtMask.WAPI_PSK) != 0) { + advancedCapabilities |= WIFI_FEATURE_WAPI; + + if (mVerboseLoggingEnabled) { + Log.v(TAG, methodStr + ": WAPI supported"); + } + } + if (mVerboseLoggingEnabled) { Log.v(TAG, methodStr + ": Capability flags = " + keyMgmtCapabilities); } @@ -2654,12 +2664,47 @@ public class SupplicantStaIfaceHal { return advancedCapabilities; } + private int getKeyMgmtCapabilities_1_3(@NonNull String ifaceName) { + final String methodStr = "getKeyMgmtCapabilities_1_3"; + MutableInt keyMgmtMask = new MutableInt(0); + ISupplicantStaIface iface = checkSupplicantStaIfaceAndLogFailure(ifaceName, methodStr); + if (iface == null) { + return 0; + } + + // Get a v1.3 supplicant STA Interface + android.hardware.wifi.supplicant.V1_3.ISupplicantStaIface staIfaceV13 = + getStaIfaceMockableV1_3(iface); + if (staIfaceV13 == null) { + Log.e(TAG, methodStr + + ": ISupplicantStaIface V1.3 is null, cannot get advanced capabilities"); + return 0; + } + + try { + // Support for new key management types; WAPI_PSK, WAPI_CERT + // Requires HAL v1.3 or higher + staIfaceV13.getKeyMgmtCapabilities_1_3( + (SupplicantStatus statusInternal, int keyMgmtMaskInternal) -> { + if (statusInternal.code == SupplicantStatusCode.SUCCESS) { + keyMgmtMask.value = keyMgmtMaskInternal; + } + checkStatusAndLogFailure(statusInternal, methodStr); + }); + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + } + return keyMgmtMask.value; + } + private int getKeyMgmtCapabilities(@NonNull String ifaceName) { final String methodStr = "getKeyMgmtCapabilities"; MutableBoolean status = new MutableBoolean(false); MutableInt keyMgmtMask = new MutableInt(0); - if (isV1_2()) { + if (isV1_3()) { + keyMgmtMask.value = getKeyMgmtCapabilities_1_3(ifaceName); + } else if (isV1_2()) { ISupplicantStaIface iface = checkSupplicantStaIfaceAndLogFailure(ifaceName, methodStr); if (iface == null) { return 0; diff --git a/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java b/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java index 3508cf71f..6f17af432 100644 --- a/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java +++ b/service/java/com/android/server/wifi/SupplicantStaNetworkHal.java @@ -130,6 +130,7 @@ public class SupplicantStaNetworkHal { private String mEapEngineID; private String mEapDomainSuffixMatch; private @Ocsp int mOcsp; + private String mWapiCertSuite; SupplicantStaNetworkHal(ISupplicantStaNetwork iSupplicantStaNetwork, String ifaceName, Context context, WifiMonitor monitor) { @@ -259,6 +260,20 @@ public class SupplicantStaNetworkHal { } else { Log.w(TAG, "getIdStr failed or empty"); } + + /** WAPI Cert Suite */ + if (config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_CERT)) { + if (config.enterpriseConfig == null) { + return false; + } + config.enterpriseConfig.setEapMethod( + WifiEnterpriseConfig.Eap.WAPI_CERT); + /** WAPI Certificate Suite. */ + if (getWapiCertSuite() && !TextUtils.isEmpty(mWapiCertSuite)) { + config.enterpriseConfig.setWapiCertSuite(mWapiCertSuite); + } + return true; + } return loadWifiEnterpriseConfig(config.SSID, config.enterpriseConfig); } } @@ -425,7 +440,17 @@ public class SupplicantStaNetworkHal { // Finish here if no EAP config to set if (config.enterpriseConfig != null && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE) { - if (!saveWifiEnterpriseConfig(config.SSID, config.enterpriseConfig)) { + if (config.enterpriseConfig.getEapMethod() == WifiEnterpriseConfig.Eap.WAPI_CERT) { + /** WAPI certificate suite name*/ + String param = config.enterpriseConfig + .getFieldValue(WifiEnterpriseConfig.WAPI_CERT_SUITE_KEY); + if (!TextUtils.isEmpty(param) && !setWapiCertSuite(param)) { + Log.e(TAG, config.SSID + ": failed to set WAPI certificate suite: " + + param); + return false; + } + return true; + } else if (!saveWifiEnterpriseConfig(config.SSID, config.enterpriseConfig)) { return false; } } @@ -783,6 +808,14 @@ public class SupplicantStaNetworkHal { mask |= android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork.KeyMgmtMask .WPA_EAP_SHA256; break; + case WifiConfiguration.KeyMgmt.WAPI_PSK: + mask |= android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.KeyMgmtMask + .WAPI_PSK; + break; + case WifiConfiguration.KeyMgmt.WAPI_CERT: + mask |= android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.KeyMgmtMask + .WAPI_CERT; + break; case WifiConfiguration.KeyMgmt.WPA2_PSK: // This should never happen default: throw new IllegalArgumentException( @@ -806,6 +839,10 @@ public class SupplicantStaNetworkHal { case WifiConfiguration.Protocol.OSEN: mask |= ISupplicantStaNetwork.ProtoMask.OSEN; break; + case WifiConfiguration.Protocol.WAPI: + mask |= android.hardware.wifi.supplicant.V1_3 + .ISupplicantStaNetwork.ProtoMask.WAPI; + break; default: throw new IllegalArgumentException( "Invalid protoMask bit in wificonfig: " + bit); @@ -860,6 +897,10 @@ public class SupplicantStaNetworkHal { mask |= android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork .GroupCipherMask.GCMP_256; break; + case WifiConfiguration.GroupCipher.SMS4: + mask |= android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .GroupCipherMask.SMS4; + break; default: throw new IllegalArgumentException( "Invalid GroupCipherMask bit in wificonfig: " + bit); @@ -913,6 +954,10 @@ public class SupplicantStaNetworkHal { mask |= android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork .PairwiseCipherMask.GCMP_256; break; + case WifiConfiguration.PairwiseCipher.SMS4: + mask |= android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .PairwiseCipherMask.SMS4; + break; default: throw new IllegalArgumentException( "Invalid pairwiseCipherMask bit in wificonfig: " + bit); @@ -1016,6 +1061,12 @@ public class SupplicantStaNetworkHal { mask = supplicantMaskValueToWifiConfigurationBitSet( mask, android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork.KeyMgmtMask .WPA_EAP_SHA256, bitset, WifiConfiguration.KeyMgmt.WPA_EAP_SHA256); + mask = supplicantMaskValueToWifiConfigurationBitSet( + mask, android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.KeyMgmtMask + .WAPI_PSK, bitset, WifiConfiguration.KeyMgmt.WAPI_PSK); + mask = supplicantMaskValueToWifiConfigurationBitSet( + mask, android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.KeyMgmtMask + .WAPI_CERT, bitset, WifiConfiguration.KeyMgmt.WAPI_CERT); if (mask != 0) { throw new IllegalArgumentException( "invalid key mgmt mask from supplicant: " + mask); @@ -1034,6 +1085,9 @@ public class SupplicantStaNetworkHal { mask = supplicantMaskValueToWifiConfigurationBitSet( mask, ISupplicantStaNetwork.ProtoMask.OSEN, bitset, WifiConfiguration.Protocol.OSEN); + mask = supplicantMaskValueToWifiConfigurationBitSet( + mask, android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.ProtoMask.WAPI, + bitset, WifiConfiguration.Protocol.WAPI); if (mask != 0) { throw new IllegalArgumentException( "invalid proto mask from supplicant: " + mask); @@ -1079,6 +1133,9 @@ public class SupplicantStaNetworkHal { mask = supplicantMaskValueToWifiConfigurationBitSet( mask, ISupplicantStaNetwork.GroupCipherMask.GTK_NOT_USED, bitset, WifiConfiguration.GroupCipher.GTK_NOT_USED); + mask = supplicantMaskValueToWifiConfigurationBitSet(mask, + android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.GroupCipherMask + .SMS4, bitset, WifiConfiguration.GroupCipher.SMS4); if (mask != 0) { throw new IllegalArgumentException( "invalid group cipher mask from supplicant: " + mask); @@ -1122,6 +1179,10 @@ public class SupplicantStaNetworkHal { android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork.PairwiseCipherMask .GCMP_256, bitset, WifiConfiguration.PairwiseCipher.GCMP_256); + mask = supplicantMaskValueToWifiConfigurationBitSet(mask, + android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork.PairwiseCipherMask + .SMS4, bitset, + WifiConfiguration.PairwiseCipher.SMS4); if (mask != 0) { throw new IllegalArgumentException( "invalid pairwise cipher mask from supplicant: " + mask); @@ -1287,9 +1348,14 @@ public class SupplicantStaNetworkHal { SupplicantStatus status; android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork iSupplicantStaNetworkV12; - iSupplicantStaNetworkV12 = getV1_2StaNetwork(); - if (iSupplicantStaNetworkV12 != null) { + + if (getV1_3StaNetwork() != null) { + /* Support for new key management types: + * WAPI_PSK, WAPI_CERT + * Requires HAL v1.3 or higher */ + status = getV1_3StaNetwork().setKeyMgmt_1_3(keyMgmtMask); + } else if (iSupplicantStaNetworkV12 != null) { /* Support for new key management types; * SAE, OWE, WPA_PSK_SHA256, WPA_EAP_SHA256 * Requires HAL v1.2 or higher */ @@ -1311,7 +1377,15 @@ public class SupplicantStaNetworkHal { final String methodStr = "setProto"; if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; try { - SupplicantStatus status = mISupplicantStaNetwork.setProto(protoMask); + SupplicantStatus status; + if (null != getV1_3StaNetwork()) { + /* Support for new proto types: WAPI + * Requires HAL v1.3 or higher + */ + status = getV1_3StaNetwork().setProto_1_3(protoMask); + } else { + status = mISupplicantStaNetwork.setProto(protoMask); + } return checkStatusAndLogFailure(status, methodStr); } catch (RemoteException e) { handleRemoteException(e, methodStr); @@ -1344,9 +1418,12 @@ public class SupplicantStaNetworkHal { SupplicantStatus status; android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork iSupplicantStaNetworkV12; - iSupplicantStaNetworkV12 = getV1_2StaNetwork(); - if (iSupplicantStaNetworkV12 != null) { + if (null != getV1_3StaNetwork()) { + /* Support for new key group cipher types for SMS4 + * Requires HAL v1.3 or higher */ + status = getV1_3StaNetwork().setGroupCipher_1_3(groupCipherMask); + } else if (iSupplicantStaNetworkV12 != null) { /* Support for new key group cipher types for SuiteB * Requires HAL v1.2 or higher */ status = iSupplicantStaNetworkV12.setGroupCipher_1_2(groupCipherMask); @@ -1425,9 +1502,12 @@ public class SupplicantStaNetworkHal { SupplicantStatus status; android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork iSupplicantStaNetworkV12; - iSupplicantStaNetworkV12 = getV1_2StaNetwork(); - if (iSupplicantStaNetworkV12 != null) { + if (null != getV1_3StaNetwork()) { + /* Support for new key pairwise cipher types for SMS4 + * Requires HAL v1.3 or higher */ + status = getV1_3StaNetwork().setPairwiseCipher_1_3(pairwiseCipherMask); + } else if (iSupplicantStaNetworkV12 != null) { /* Support for new key pairwise cipher types for SuiteB * Requires HAL v1.2 or higher */ status = iSupplicantStaNetworkV12.setPairwiseCipher_1_2(pairwiseCipherMask); @@ -1564,6 +1644,27 @@ public class SupplicantStaNetworkHal { } /** See ISupplicantStaNetwork.hal for documentation */ + private boolean setWapiCertSuite(String certSuite) { + synchronized (mLock) { + final String methodStr = "setWapiCertSuite"; + if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + try { + if (null != getV1_3StaNetwork()) { + /* Requires HAL v1.3 or higher */ + SupplicantStatus status = getV1_3StaNetwork().setWapiCertSuite(certSuite); + return checkStatusAndLogFailure(status, methodStr); + } else { + Log.e(TAG, "Cannot get ISupplicantStaNetwork V1.3"); + return false; + } + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + + /** See ISupplicantStaNetwork.hal for documentation */ private boolean setEapMethod(int method) { synchronized (mLock) { final String methodStr = "setEapMethod"; @@ -1962,9 +2063,35 @@ public class SupplicantStaNetworkHal { synchronized (mLock) { final String methodStr = "getKeyMgmt"; if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + if (getV1_3StaNetwork() != null) { + return getKeyMgmt_1_3(); + } else { + try { + MutableBoolean statusOk = new MutableBoolean(false); + mISupplicantStaNetwork.getKeyMgmt((SupplicantStatus status, + int keyMgmtMaskValue) -> { + statusOk.value = status.code == SupplicantStatusCode.SUCCESS; + if (statusOk.value) { + this.mKeyMgmtMask = keyMgmtMaskValue; + } else { + checkStatusAndLogFailure(status, methodStr); + } + }); + return statusOk.value; + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + } + + private boolean getKeyMgmt_1_3() { + synchronized (mLock) { + final String methodStr = "getKeyMgmt_1_3"; try { MutableBoolean statusOk = new MutableBoolean(false); - mISupplicantStaNetwork.getKeyMgmt((SupplicantStatus status, + getV1_3StaNetwork().getKeyMgmt_1_3((SupplicantStatus status, int keyMgmtMaskValue) -> { statusOk.value = status.code == SupplicantStatusCode.SUCCESS; if (statusOk.value) { @@ -1986,9 +2113,35 @@ public class SupplicantStaNetworkHal { synchronized (mLock) { final String methodStr = "getProto"; if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + if (getV1_3StaNetwork() != null) { + return getProto_1_3(); + } else { + try { + MutableBoolean statusOk = new MutableBoolean(false); + mISupplicantStaNetwork.getProto( + (SupplicantStatus status, int protoMaskValue) -> { + statusOk.value = status.code == SupplicantStatusCode.SUCCESS; + if (statusOk.value) { + this.mProtoMask = protoMaskValue; + } else { + checkStatusAndLogFailure(status, methodStr); + } + }); + return statusOk.value; + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + } + + private boolean getProto_1_3() { + synchronized (mLock) { + final String methodStr = "getProto_1_3"; try { MutableBoolean statusOk = new MutableBoolean(false); - mISupplicantStaNetwork.getProto((SupplicantStatus status, int protoMaskValue) -> { + getV1_3StaNetwork().getProto((SupplicantStatus status, int protoMaskValue) -> { statusOk.value = status.code == SupplicantStatusCode.SUCCESS; if (statusOk.value) { this.mProtoMask = protoMaskValue; @@ -2033,9 +2186,35 @@ public class SupplicantStaNetworkHal { synchronized (mLock) { final String methodStr = "getGroupCipher"; if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + if (getV1_3StaNetwork() != null) { + return getGroupCipher_1_3(); + } else { + try { + MutableBoolean statusOk = new MutableBoolean(false); + mISupplicantStaNetwork.getGroupCipher((SupplicantStatus status, + int groupCipherMaskValue) -> { + statusOk.value = status.code == SupplicantStatusCode.SUCCESS; + if (statusOk.value) { + this.mGroupCipherMask = groupCipherMaskValue; + } else { + checkStatusAndLogFailure(status, methodStr); + } + }); + return statusOk.value; + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + } + + private boolean getGroupCipher_1_3() { + synchronized (mLock) { + final String methodStr = "getGroupCipher_1_3"; try { MutableBoolean statusOk = new MutableBoolean(false); - mISupplicantStaNetwork.getGroupCipher((SupplicantStatus status, + getV1_3StaNetwork().getGroupCipher((SupplicantStatus status, int groupCipherMaskValue) -> { statusOk.value = status.code == SupplicantStatusCode.SUCCESS; if (statusOk.value) { @@ -2057,9 +2236,35 @@ public class SupplicantStaNetworkHal { synchronized (mLock) { final String methodStr = "getPairwiseCipher"; if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + if (getV1_3StaNetwork() != null) { + return getPairwiseCipher_1_3(); + } else { + try { + MutableBoolean statusOk = new MutableBoolean(false); + mISupplicantStaNetwork.getPairwiseCipher((SupplicantStatus status, + int pairwiseCipherMaskValue) -> { + statusOk.value = status.code == SupplicantStatusCode.SUCCESS; + if (statusOk.value) { + this.mPairwiseCipherMask = pairwiseCipherMaskValue; + } else { + checkStatusAndLogFailure(status, methodStr); + } + }); + return statusOk.value; + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + } + + private boolean getPairwiseCipher_1_3() { + synchronized (mLock) { + final String methodStr = "getPairwiseCipher_1_3"; try { MutableBoolean statusOk = new MutableBoolean(false); - mISupplicantStaNetwork.getPairwiseCipher((SupplicantStatus status, + getV1_3StaNetwork().getPairwiseCipher((SupplicantStatus status, int pairwiseCipherMaskValue) -> { statusOk.value = status.code == SupplicantStatusCode.SUCCESS; if (statusOk.value) { @@ -2258,6 +2463,38 @@ public class SupplicantStaNetworkHal { } /** See ISupplicantStaNetwork.hal for documentation */ + private boolean getWapiCertSuite() { + synchronized (mLock) { + final String methodStr = "getWapiCertSuite"; + if (!checkISupplicantStaNetworkAndLogFailure(methodStr)) return false; + try { + android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + iSupplicantStaNetworkV13; + iSupplicantStaNetworkV13 = getV1_3StaNetwork(); + if (iSupplicantStaNetworkV13 != null) { + MutableBoolean statusOk = new MutableBoolean(false); + iSupplicantStaNetworkV13.getWapiCertSuite((SupplicantStatus status, + String suiteValue) -> { + statusOk.value = status.code == SupplicantStatusCode.SUCCESS; + if (statusOk.value) { + mWapiCertSuite = suiteValue; + } else { + checkStatusAndLogFailure(status, methodStr); + } + }); + return statusOk.value; + } else { + Log.e(TAG, "Cannot get ISupplicantStaNetwork V1.3"); + return false; + } + } catch (RemoteException e) { + handleRemoteException(e, methodStr); + return false; + } + } + } + + /** See ISupplicantStaNetwork.hal for documentation */ private boolean getEapMethod() { synchronized (mLock) { final String methodStr = "getEapMethod"; diff --git a/service/java/com/android/server/wifi/WifiBackupRestore.java b/service/java/com/android/server/wifi/WifiBackupRestore.java index fa2122b5a..078cb77e7 100644 --- a/service/java/com/android/server/wifi/WifiBackupRestore.java +++ b/service/java/com/android/server/wifi/WifiBackupRestore.java @@ -619,6 +619,12 @@ public class WifiBackupRestore { } else if (ktype.equals("IEEE8021X")) { configuration.allowedKeyManagement.set( WifiConfiguration.KeyMgmt.IEEE8021X); + } else if (ktype.equals("WAPI-PSK")) { + configuration.allowedKeyManagement.set( + WifiConfiguration.KeyMgmt.WAPI_PSK); + } else if (ktype.equals("WAPI-CERT")) { + configuration.allowedKeyManagement.set( + WifiConfiguration.KeyMgmt.WAPI_CERT); } } } diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java index 36ddc8443..37e3504d6 100644 --- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java +++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java @@ -92,6 +92,20 @@ public class WifiConfigurationUtil { } /** + * Helper method to check if the provided |config| corresponds to a WAPI PSK network or not. + */ + public static boolean isConfigForWapiPskNetwork(WifiConfiguration config) { + return config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_PSK); + } + + /** + * Helper method to check if the provided |config| corresponds to a WAPI CERT network or not. + */ + public static boolean isConfigForWapiCertNetwork(WifiConfiguration config) { + return config.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.WAPI_CERT); + } + + /** * Helper method to check if the provided |config| corresponds to an SAE network or not. */ public static boolean isConfigForSaeNetwork(WifiConfiguration config) { diff --git a/service/java/com/android/server/wifi/util/InformationElementUtil.java b/service/java/com/android/server/wifi/util/InformationElementUtil.java index 0aff20432..bb54b183a 100644 --- a/service/java/com/android/server/wifi/util/InformationElementUtil.java +++ b/service/java/com/android/server/wifi/util/InformationElementUtil.java @@ -1221,6 +1221,8 @@ public class InformationElementUtil { return "RSN"; case ScanResult.PROTOCOL_OSEN: return "OSEN"; + case ScanResult.PROTOCOL_WAPI: + return "WAPI"; default: return "?"; } @@ -1254,6 +1256,10 @@ public class InformationElementUtil { return "EAP_SUITE_B_192"; case ScanResult.KEY_MGMT_OSEN: return "OSEN"; + case ScanResult.KEY_MGMT_WAPI_PSK: + return "WAPI-PSK"; + case ScanResult.KEY_MGMT_WAPI_CERT: + return "WAPI-CERT"; default: return "?"; } diff --git a/service/java/com/android/server/wifi/util/ScanResultUtil.java b/service/java/com/android/server/wifi/util/ScanResultUtil.java index ec5a3a1ec..ed782ad9c 100644 --- a/service/java/com/android/server/wifi/util/ScanResultUtil.java +++ b/service/java/com/android/server/wifi/util/ScanResultUtil.java @@ -54,6 +54,23 @@ public class ScanResultUtil { } /** + * Helper method to check if the provided |scanResult| corresponds to a WAPI-PSK network or not. + * This checks if the provided capabilities string contains PSK encryption type or not. + */ + public static boolean isScanResultForWapiPskNetwork(ScanResult scanResult) { + return scanResult.capabilities.contains("WAPI-PSK"); + } + + /** + * Helper method to check if the provided |scanResult| corresponds to a WAPI-CERT + * network or not. + * This checks if the provided capabilities string contains PSK encryption type or not. + */ + public static boolean isScanResultForWapiCertNetwork(ScanResult scanResult) { + return scanResult.capabilities.contains("WAPI-CERT"); + } + + /** * Helper method to check if the provided |scanResult| corresponds to a EAP network or not. * This checks if the provided capabilities string contains EAP encryption type or not. */ @@ -117,6 +134,8 @@ public class ScanResultUtil { public static boolean isScanResultForOpenNetwork(ScanResult scanResult) { return (!(isScanResultForWepNetwork(scanResult) || isScanResultForPskNetwork(scanResult) || isScanResultForEapNetwork(scanResult) || isScanResultForSaeNetwork(scanResult) + || isScanResultForWapiPskNetwork(scanResult) + || isScanResultForWapiCertNetwork(scanResult) || isScanResultForEapSuiteBNetwork(scanResult))); } @@ -158,6 +177,10 @@ public class ScanResultUtil { config.setSecurityParams(WifiConfiguration.SECURITY_TYPE_WEP); } else if (isScanResultForOweNetwork(scanResult)) { config.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OWE); + } else if (isScanResultForWapiPskNetwork(scanResult)) { + config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WAPI_PSK); + } else if (isScanResultForWapiCertNetwork(scanResult)) { + config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WAPI_CERT); } else { config.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OPEN); } diff --git a/service/java/com/android/server/wifi/util/XmlUtil.java b/service/java/com/android/server/wifi/util/XmlUtil.java index a2f69b285..65d82f1b6 100644 --- a/service/java/com/android/server/wifi/util/XmlUtil.java +++ b/service/java/com/android/server/wifi/util/XmlUtil.java @@ -1114,6 +1114,7 @@ public class XmlUtil { public static final String XML_TAG_PLMN = "PLMN"; public static final String XML_TAG_REALM = "Realm"; public static final String XML_TAG_OCSP = "Ocsp"; + public static final String XML_TAG_WAPI_CERT_SUITE = "WapiCertSuite"; /** * Write password key to the XML stream. @@ -1185,6 +1186,8 @@ public class XmlUtil { XmlUtil.writeNextValue(out, XML_TAG_PLMN, enterpriseConfig.getPlmn()); XmlUtil.writeNextValue(out, XML_TAG_REALM, enterpriseConfig.getRealm()); XmlUtil.writeNextValue(out, XML_TAG_OCSP, enterpriseConfig.getOcsp()); + XmlUtil.writeNextValue(out, + XML_TAG_WAPI_CERT_SUITE, enterpriseConfig.getWapiCertSuite()); } /** @@ -1282,6 +1285,9 @@ public class XmlUtil { case XML_TAG_REALM: enterpriseConfig.setRealm((String) value); break; + case XML_TAG_WAPI_CERT_SUITE: + enterpriseConfig.setWapiCertSuite((String) value); + break; default: Log.w(TAG, "Ignoring unknown value name found: " + valueName[0]); break; diff --git a/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java b/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java index 694dfdedd..272ff56ce 100644 --- a/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java +++ b/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java @@ -189,6 +189,7 @@ public class NetworkListStoreDataTest extends WifiBaseTest { + "<string name=\"PLMN\"></string>\n" + "<string name=\"Realm\"></string>\n" + "<int name=\"Ocsp\" value=\"0\" />\n" + + "<string name=\"WapiCertSuite\"></string>\n" + "</WifiEnterpriseConfiguration>\n" + "</Network>\n"; diff --git a/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java b/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java index 5615e4ffa..69766aaa4 100644 --- a/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java +++ b/tests/wifitests/src/com/android/server/wifi/SupplicantStaIfaceHalTest.java @@ -19,6 +19,7 @@ import static android.net.wifi.WifiManager.WIFI_FEATURE_DPP; import static android.net.wifi.WifiManager.WIFI_FEATURE_MBO; import static android.net.wifi.WifiManager.WIFI_FEATURE_OCE; import static android.net.wifi.WifiManager.WIFI_FEATURE_OWE; +import static android.net.wifi.WifiManager.WIFI_FEATURE_WAPI; import static android.net.wifi.WifiManager.WIFI_FEATURE_WPA3_SAE; import static android.net.wifi.WifiManager.WIFI_FEATURE_WPA3_SUITE_B; @@ -1517,6 +1518,19 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest { } } + private class GetKeyMgmtCapabilities_1_3Answer extends MockAnswerUtil.AnswerWithArguments { + private int mKeyMgmtCapabilities; + + GetKeyMgmtCapabilities_1_3Answer(int keyMgmtCapabilities) { + mKeyMgmtCapabilities = keyMgmtCapabilities; + } + + public void answer(android.hardware.wifi.supplicant.V1_3.ISupplicantStaIface + .getKeyMgmtCapabilities_1_3Callback cb) { + cb.onValues(mStatusSuccess, mKeyMgmtCapabilities); + } + } + /** * Test get key management capabilities API on old HAL, should return 0 (not supported) */ @@ -1623,6 +1637,24 @@ public class SupplicantStaIfaceHalTest extends WifiBaseTest { } /** + * Test WAPI key may management support + */ + @Test + public void testGetKeyMgmtCapabilitiesWapi() throws Exception { + setupMocksForHalV1_3(); + + executeAndValidateInitializationSequenceV1_3(); + + doAnswer(new GetKeyMgmtCapabilities_1_3Answer(android.hardware.wifi.supplicant.V1_3 + .ISupplicantStaNetwork.KeyMgmtMask.WAPI_PSK)) + .when(mISupplicantStaIfaceMockV13).getKeyMgmtCapabilities_1_3(any( + android.hardware.wifi.supplicant.V1_3.ISupplicantStaIface + .getKeyMgmtCapabilities_1_3Callback.class)); + + assertEquals(WIFI_FEATURE_WAPI, mDut.getAdvancedKeyMgmtCapabilities(WLAN0_IFACE_NAME)); + } + + /** * Test Easy Connect (DPP) calls return failure if hal version is less than 1_2 */ @Test diff --git a/tests/wifitests/src/com/android/server/wifi/SupplicantStaNetworkHalTest.java b/tests/wifitests/src/com/android/server/wifi/SupplicantStaNetworkHalTest.java index 902300745..9c6596257 100644 --- a/tests/wifitests/src/com/android/server/wifi/SupplicantStaNetworkHalTest.java +++ b/tests/wifitests/src/com/android/server/wifi/SupplicantStaNetworkHalTest.java @@ -385,6 +385,30 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { } /** + * Tests the saving of WifiConfiguration to wpa_supplicant. + */ + @Test + public void testWapiPskNetworkWifiConfigurationSaveLoad() throws Exception { + // Now expose the V1.3 ISupplicantStaNetwork + createSupplicantStaNetwork(SupplicantStaNetworkVersion.V1_3); + + WifiConfiguration config = WifiConfigurationTestUtil.createWapiPskNetwork(); + testWifiConfigurationSaveLoad(config); + } + + /** + * Tests the saving of WifiConfiguration to wpa_supplicant. + */ + @Test + public void testWapiCertNetworkWifiConfigurationSaveLoad() throws Exception { + // Now expose the V1.3 ISupplicantStaNetwork + createSupplicantStaNetwork(SupplicantStaNetworkVersion.V1_3); + + WifiConfiguration config = WifiConfigurationTestUtil.createWapiCertNetwork(); + testWifiConfigurationSaveLoad(config); + } + + /** * Tests the failure to save ssid. */ @Test @@ -1192,6 +1216,22 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { .getKeyMgmt_1_2(any(android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork .getKeyMgmt_1_2Callback.class)); + /** allowedKeyManagement v1.3 */ + doAnswer(new AnswerWithArguments() { + public SupplicantStatus answer(int mask) throws RemoteException { + mSupplicantVariables.keyMgmtMask = mask; + return mStatusSuccess; + } + }).when(mISupplicantStaNetworkV13).setKeyMgmt_1_3(any(int.class)); + doAnswer(new AnswerWithArguments() { + public void answer(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getKeyMgmt_1_3Callback cb) throws RemoteException { + cb.onValues(mStatusSuccess, mSupplicantVariables.keyMgmtMask); + } + }).when(mISupplicantStaNetworkV13) + .getKeyMgmt_1_3(any(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getKeyMgmt_1_3Callback.class)); + /** allowedProtocols */ doAnswer(new AnswerWithArguments() { public SupplicantStatus answer(int mask) throws RemoteException { @@ -1206,6 +1246,22 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { }).when(mISupplicantStaNetworkMock) .getProto(any(ISupplicantStaNetwork.getProtoCallback.class)); + /** allowedProtocols v1.3*/ + doAnswer(new AnswerWithArguments() { + public SupplicantStatus answer(int mask) throws RemoteException { + mSupplicantVariables.protoMask = mask; + return mStatusSuccess; + } + }).when(mISupplicantStaNetworkV13).setProto_1_3(any(int.class)); + doAnswer(new AnswerWithArguments() { + public void answer(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getProto_1_3Callback cb) throws RemoteException { + cb.onValues(mStatusSuccess, mSupplicantVariables.protoMask); + } + }).when(mISupplicantStaNetworkV13) + .getProto_1_3(any(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getProto_1_3Callback.class)); + /** allowedAuthAlgorithms */ doAnswer(new AnswerWithArguments() { public SupplicantStatus answer(int mask) throws RemoteException { @@ -1251,6 +1307,23 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { .getGroupCipher_1_2(any(android.hardware.wifi.supplicant.V1_2.ISupplicantStaNetwork .getGroupCipher_1_2Callback.class)); + /** allowedGroupCiphers v1.3*/ + doAnswer(new AnswerWithArguments() { + public SupplicantStatus answer(int mask) throws RemoteException { + mSupplicantVariables.groupCipherMask = mask; + return mStatusSuccess; + } + }).when(mISupplicantStaNetworkV13).setGroupCipher_1_3(any(int.class)); + doAnswer(new AnswerWithArguments() { + public void answer(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getGroupCipher_1_3Callback cb) + throws RemoteException { + cb.onValues(mStatusSuccess, mSupplicantVariables.groupCipherMask); + } + }).when(mISupplicantStaNetworkV13) + .getGroupCipher_1_3(any(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getGroupCipher_1_3Callback.class)); + /** allowedPairwiseCiphers */ doAnswer(new AnswerWithArguments() { public SupplicantStatus answer(int mask) throws RemoteException { @@ -1282,6 +1355,23 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { .getPairwiseCipher_1_2(any(android.hardware.wifi.supplicant.V1_2 .ISupplicantStaNetwork.getPairwiseCipher_1_2Callback.class)); + /** allowedPairwiseCiphers v1.3 */ + doAnswer(new AnswerWithArguments() { + public SupplicantStatus answer(int mask) throws RemoteException { + mSupplicantVariables.pairwiseCipherMask = mask; + return mStatusSuccess; + } + }).when(mISupplicantStaNetworkV13).setPairwiseCipher_1_3(any(int.class)); + doAnswer(new AnswerWithArguments() { + public void answer(android.hardware.wifi.supplicant.V1_3.ISupplicantStaNetwork + .getPairwiseCipher_1_3Callback cb) + throws RemoteException { + cb.onValues(mStatusSuccess, mSupplicantVariables.pairwiseCipherMask); + } + }).when(mISupplicantStaNetworkV13) + .getPairwiseCipher_1_3(any(android.hardware.wifi.supplicant.V1_3 + .ISupplicantStaNetwork.getPairwiseCipher_1_3Callback.class)); + /** metadata: idstr */ doAnswer(new AnswerWithArguments() { public SupplicantStatus answer(String idStr) throws RemoteException { @@ -1583,6 +1673,22 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { } }).when(mISupplicantStaNetworkV13).setPmkCache(any(ArrayList.class)); + /** WAPI Cert */ + doAnswer(new AnswerWithArguments() { + public SupplicantStatus answer(String cert) throws RemoteException { + mSupplicantVariables.wapiCertSuite = cert; + return mStatusSuccess; + } + }).when(mISupplicantStaNetworkV13).setWapiCertSuite(any(String.class)); + doAnswer(new AnswerWithArguments() { + public void answer(android.hardware.wifi.supplicant.V1_3 + .ISupplicantStaNetwork.getWapiCertSuiteCallback cb) + throws RemoteException { + cb.onValues(mStatusSuccess, mSupplicantVariables.wapiCertSuite); + } + }).when(mISupplicantStaNetworkV13) + .getWapiCertSuite(any(android.hardware.wifi.supplicant.V1_3 + .ISupplicantStaNetwork.getWapiCertSuiteCallback.class)); } private SupplicantStatus createSupplicantStatus(int code) { @@ -1648,5 +1754,6 @@ public class SupplicantStaNetworkHalTest extends WifiBaseTest { public boolean eapProactiveKeyCaching; public int ocsp; public ArrayList<Byte> serializedPmkCache; + public String wapiCertSuite; } } diff --git a/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java index 5b69421a3..bbd99ce02 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiBackupRestoreTest.java @@ -105,11 +105,11 @@ public class WifiBackupRestoreTest extends WifiBaseTest { // Valid Value: 01 + "<byte-array name=\"AllowedKeyMgmt\" num=\"2\">0180</byte-array>" // Valid Value: 03 - + "<byte-array name=\"AllowedProtocols\" num=\"1\">0b</byte-array>" + + "<byte-array name=\"AllowedProtocols\" num=\"1\">13</byte-array>" // Valid Value: 01 + "<byte-array name=\"AllowedAuthAlgos\" num=\"1\">09</byte-array>" // Valid Value: 0f - + "<byte-array name=\"AllowedGroupCiphers\" num=\"1\">4f</byte-array>" + + "<byte-array name=\"AllowedGroupCiphers\" num=\"1\">8f</byte-array>" // Valid Value: 06 + "<byte-array name=\"AllowedPairwiseCiphers\" num=\"1\">26</byte-array>" + "<boolean name=\"Shared\" value=\"true\" />" diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java index 23f068410..f87e2d42f 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationTestUtil.java @@ -49,6 +49,8 @@ public class WifiConfigurationTestUtil { public static final int SECURITY_SAE = 1 << 3; public static final int SECURITY_OWE = 1 << 4; public static final int SECURITY_EAP_SUITE_B = 1 << 5; + public static final int SECURITY_WAPI_PSK = 1 << 6; + public static final int SECURITY_WAPI_CERT = 1 << 7; /** * These values are used to describe ip configuration parameters for a network. @@ -162,6 +164,14 @@ public class WifiConfigurationTestUtil { config.requirePMF = true; } + if ((security & SECURITY_WAPI_PSK) != 0) { + config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WAPI_PSK); + } + + if ((security & SECURITY_WAPI_CERT) != 0) { + config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WAPI_CERT); + } + } return config; } @@ -380,6 +390,25 @@ public class WifiConfigurationTestUtil { return configuration; } + public static WifiConfiguration createWapiPskNetwork() { + WifiConfiguration configuration = + generateWifiConfig(TEST_NETWORK_ID, TEST_UID, createNewSSID(), true, true, null, + null, SECURITY_WAPI_PSK); + configuration.preSharedKey = TEST_PSK; + return configuration; + } + + public static WifiConfiguration createWapiCertNetwork() { + WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig(); + enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.WAPI_CERT); + enterpriseConfig.setWapiCertSuite("wapiCertSuite"); + WifiConfiguration configuration = + generateWifiConfig(TEST_NETWORK_ID, TEST_UID, createNewSSID(), true, true, null, + null, SECURITY_WAPI_CERT); + configuration.enterpriseConfig = enterpriseConfig; + return configuration; + } + public static IpConfiguration createStaticIpConfigurationWithPacProxy() { return generateIpConfig( STATIC_IP_ASSIGNMENT, PAC_PROXY_SETTING, diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java index d2e6f1f78..eb6686d9d 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java @@ -480,7 +480,7 @@ public class WifiConfigurationUtilTest extends WifiBaseTest { WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork(); assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); - config.allowedProtocols.set(3); + config.allowedProtocols.set(4); assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); } @@ -506,7 +506,7 @@ public class WifiConfigurationUtilTest extends WifiBaseTest { WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork(); assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); - config.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GTK_NOT_USED + 2); + config.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GTK_NOT_USED + 3); assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); } @@ -519,7 +519,7 @@ public class WifiConfigurationUtilTest extends WifiBaseTest { WifiConfiguration config = WifiConfigurationTestUtil.createOpenNetwork(); assertTrue(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); - config.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP + 2); + config.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP + 3); assertFalse(WifiConfigurationUtil.validate(config, WifiConfigurationUtil.VALIDATE_FOR_ADD)); } |