From e0de752b97396df4ab4e8d6dbf8ded8e68443afa Mon Sep 17 00:00:00 2001 From: Hai Shalom Date: Thu, 5 Mar 2020 14:27:10 -0800 Subject: [SAE] Connect to networks with GCMP_256 cipher Allow connections to WPA3-Personal SAE networks that use GCMP_256 cipher, not only CCMP. Bug: 150636703 Test: atest NetworkListStoreDataTest WifiConfigManagerTest WifiConfigurationTest Test: Manually connect to AP configured as [RSN-SAE-GCMP-256] Change-Id: Ic2f88c5f91b34eb991dddee44f7d13d4780e8479 --- .../com/android/server/wifi/NetworkListStoreData.java | 6 ++++-- .../java/com/android/server/wifi/WifiConfigManager.java | 5 +++++ .../android/server/wifi/NetworkListStoreDataTest.java | 17 ++++++++++------- .../com/android/server/wifi/WifiConfigManagerTest.java | 6 ++++++ 4 files changed, 25 insertions(+), 9 deletions(-) diff --git a/service/java/com/android/server/wifi/NetworkListStoreData.java b/service/java/com/android/server/wifi/NetworkListStoreData.java index c35a523c1..4c2bf7782 100644 --- a/service/java/com/android/server/wifi/NetworkListStoreData.java +++ b/service/java/com/android/server/wifi/NetworkListStoreData.java @@ -297,7 +297,7 @@ public abstract class NetworkListStoreData implements WifiConfigStore.StoreData WifiConfiguration configuration = parsedConfig.second; if (configuration.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.SAE)) { - removeLegacySecurityFromSaeNetwork(configuration); + fixSaeNetworkSecurityBits(configuration); } String configKeyCalculated = configuration.getKey(); @@ -329,7 +329,7 @@ public abstract class NetworkListStoreData implements WifiConfigStore.StoreData return configuration; } - private void removeLegacySecurityFromSaeNetwork(WifiConfiguration saeNetwork) { + private void fixSaeNetworkSecurityBits(WifiConfiguration saeNetwork) { // SAE saved networks Auth Algorithm set to OPEN need to be have this field cleared. if (saeNetwork.allowedAuthAlgorithms.get(WifiConfiguration.AuthAlgorithm.OPEN)) { saeNetwork.allowedAuthAlgorithms.clear(); @@ -354,6 +354,8 @@ public abstract class NetworkListStoreData implements WifiConfigStore.StoreData if (saeNetwork.allowedGroupCiphers.get(WifiConfiguration.GroupCipher.TKIP)) { saeNetwork.allowedGroupCiphers.clear(WifiConfiguration.GroupCipher.TKIP); } + saeNetwork.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.GCMP_256); + saeNetwork.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256); } } diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index fdc950a74..91612fe77 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -1071,14 +1071,19 @@ public class WifiConfigManager { configuration.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_PSK); configuration.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); + configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.GCMP_256); configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP); configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP); + configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.TKIP); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP40); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP104); + configuration.allowedGroupManagementCiphers + .set(WifiConfiguration.GroupMgmtCipher.BIP_GMAC_256); + configuration.setIpAssignment(IpConfiguration.IpAssignment.DHCP); configuration.setProxySettings(IpConfiguration.ProxySettings.NONE); diff --git a/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java b/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java index 64680794b..8f8800f75 100644 --- a/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java +++ b/tests/wifitests/src/com/android/server/wifi/NetworkListStoreDataTest.java @@ -209,8 +209,8 @@ public class NetworkListStoreDataTest extends WifiBaseTest { + "0001\n" + "02\n" + "\n" - + "08\n" - + "04\n" + + "28\n" + + "0c\n" + "\n" + "\n" + "\n" @@ -326,9 +326,7 @@ public class NetworkListStoreDataTest extends WifiBaseTest { saeNetwork.setIpConfiguration( WifiConfigurationTestUtil.createDHCPIpConfigurationWithNoProxy()); saeNetwork.setRandomizedMacAddress(TEST_RANDOMIZED_MAC); - saeNetwork.allowedProtocols.set(WifiConfiguration.Protocol.RSN); - saeNetwork.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP); - saeNetwork.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP); + saeNetwork.setSecurityParams(WifiConfiguration.SECURITY_TYPE_SAE); List networkList = new ArrayList<>(); networkList.add(openNetwork); networkList.add(eapNetwork); @@ -673,11 +671,11 @@ public class NetworkListStoreDataTest extends WifiBaseTest { "name=\"AllowedProtocols\" num=\"1\">03"); saeNetworkWithOpenAuthXml.replaceAll( - "name=\"AllowedGroupCiphers\" num=\"1\">08", + "name=\"AllowedGroupCiphers\" num=\"1\">28", "name=\"AllowedGroupCiphers\" num=\"1\">0f"); saeNetworkWithOpenAuthXml.replaceAll( - "name=\"AllowedPairwiseCiphers\" num=\"1\">04", + "name=\"AllowedPairwiseCiphers\" num=\"1\">0c", "name=\"AllowedPairwiseCiphers\" num=\"1\">06"); List retrievedNetworkList = @@ -687,6 +685,11 @@ public class NetworkListStoreDataTest extends WifiBaseTest { assertFalse(retrievedNetworkList.get(0).allowedAuthAlgorithms .get(WifiConfiguration.AuthAlgorithm.OPEN)); + + assertTrue(retrievedNetworkList.get(0).allowedPairwiseCiphers + .get(WifiConfiguration.PairwiseCipher.GCMP_256)); + assertTrue(retrievedNetworkList.get(0).allowedGroupCiphers + .get(WifiConfiguration.GroupCipher.GCMP_256)); } /** diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java index 88bf786e6..d72e1c168 100644 --- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java @@ -4774,15 +4774,21 @@ public class WifiConfigManagerTest extends WifiBaseTest { configuration.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); } if (configuration.allowedPairwiseCiphers.isEmpty()) { + configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.GCMP_256); configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP); configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.TKIP); } if (configuration.allowedGroupCiphers.isEmpty()) { + configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.TKIP); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP40); configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.WEP104); } + if (configuration.allowedGroupManagementCiphers.isEmpty()) { + configuration.allowedGroupManagementCiphers + .set(WifiConfiguration.GroupMgmtCipher.BIP_GMAC_256); + } if (configuration.getIpAssignment() == IpConfiguration.IpAssignment.UNASSIGNED) { configuration.setIpAssignment(IpConfiguration.IpAssignment.DHCP); } -- cgit v1.2.3