1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.wifi; 18 19 import android.annotation.IntDef; 20 import android.annotation.NonNull; 21 import android.net.wifi.WifiConfiguration.AuthAlgorithm; 22 import android.net.wifi.WifiConfiguration.GroupCipher; 23 import android.net.wifi.WifiConfiguration.GroupMgmtCipher; 24 import android.net.wifi.WifiConfiguration.KeyMgmt; 25 import android.net.wifi.WifiConfiguration.PairwiseCipher; 26 import android.net.wifi.WifiConfiguration.Protocol; 27 import android.net.wifi.WifiConfiguration.SecurityType; 28 import android.net.wifi.WifiConfiguration.SuiteBCipher; 29 import android.os.Parcel; 30 import android.os.Parcelable; 31 32 import java.lang.annotation.Retention; 33 import java.lang.annotation.RetentionPolicy; 34 import java.util.BitSet; 35 import java.util.Objects; 36 37 /** 38 * A class representing a security configuration. 39 * @hide 40 */ 41 public final class SecurityParams implements Parcelable { 42 private static final String TAG = "SecurityParams"; 43 44 /** Passpoint Release 1 */ 45 public static final int PASSPOINT_R1 = 1; 46 47 /** Passpoint Release 2 */ 48 public static final int PASSPOINT_R2 = 2; 49 50 /** Passpoint Release 3 */ 51 public static final int PASSPOINT_R3 = 3; 52 53 @IntDef(prefix = { "PASSPOINT_" }, value = { 54 PASSPOINT_R1, 55 PASSPOINT_R2, 56 PASSPOINT_R3, 57 }) 58 @Retention(RetentionPolicy.SOURCE) 59 public @interface PasspointRelease {} 60 61 private @SecurityType int mSecurityType = WifiConfiguration.SECURITY_TYPE_PSK; 62 63 /** 64 * This indicates that this security type is enabled or disabled. 65 * Ex. While receiving Transition Disable Indication, older 66 * security should be disabled. 67 */ 68 private boolean mEnabled = true; 69 70 /** 71 * The set of key management protocols supported by this configuration. 72 * See {@link KeyMgmt} for descriptions of the values. 73 * This is set automatically based on the security type. 74 */ 75 private BitSet mAllowedKeyManagement = new BitSet(); 76 77 /** 78 * The set of security protocols supported by this configuration. 79 * See {@link Protocol} for descriptions of the values. 80 * This is set automatically based on the security type. 81 */ 82 private BitSet mAllowedProtocols = new BitSet(); 83 84 /** 85 * The set of authentication protocols supported by this configuration. 86 * See {@link AuthAlgorithm} for descriptions of the values. 87 * This is set automatically based on the security type. 88 */ 89 private BitSet mAllowedAuthAlgorithms = new BitSet(); 90 91 /** 92 * The set of pairwise ciphers for WPA supported by this configuration. 93 * See {@link PairwiseCipher} for descriptions of the values. 94 * This is set automatically based on the security type. 95 */ 96 private BitSet mAllowedPairwiseCiphers = new BitSet(); 97 98 /** 99 * The set of group ciphers supported by this configuration. 100 * See {@link GroupCipher} for descriptions of the values. 101 * This is set automatically based on the security type. 102 */ 103 private BitSet mAllowedGroupCiphers = new BitSet(); 104 105 /** 106 * The set of group management ciphers supported by this configuration. 107 * See {@link GroupMgmtCipher} for descriptions of the values. 108 */ 109 private BitSet mAllowedGroupManagementCiphers = new BitSet(); 110 111 /** 112 * The set of SuiteB ciphers supported by this configuration. 113 * To be used for WPA3-Enterprise mode. Set automatically by the framework based on the 114 * certificate type that is used in this configuration. 115 */ 116 private BitSet mAllowedSuiteBCiphers = new BitSet(); 117 118 /** 119 * True if the network requires Protected Management Frames (PMF), false otherwise. 120 */ 121 private boolean mRequirePmf = false; 122 123 private @PasspointRelease int mPasspointRelease = PASSPOINT_R2; 124 125 /** Indicate that this SAE security type only accepts H2E (Hash-to-Element) mode. */ 126 private boolean mIsSaeH2eOnlyMode = false; 127 128 /** Indicate that this SAE security type only accepts PK (Public Key) mode. */ 129 private boolean mIsSaePkOnlyMode = false; 130 131 /** Indicate whether this is added by auto-upgrade or not. */ 132 private boolean mIsAddedByAutoUpgrade = false; 133 134 /** Constructor */ SecurityParams()135 private SecurityParams() { 136 } 137 138 /** Copy constructor */ SecurityParams(@onNull SecurityParams source)139 public SecurityParams(@NonNull SecurityParams source) { 140 this.mSecurityType = source.mSecurityType; 141 this.mEnabled = source.mEnabled; 142 this.mAllowedKeyManagement = (BitSet) source.mAllowedKeyManagement.clone(); 143 this.mAllowedProtocols = (BitSet) source.mAllowedProtocols.clone(); 144 this.mAllowedAuthAlgorithms = (BitSet) source.mAllowedAuthAlgorithms.clone(); 145 this.mAllowedPairwiseCiphers = (BitSet) source.mAllowedPairwiseCiphers.clone(); 146 this.mAllowedGroupCiphers = (BitSet) source.mAllowedGroupCiphers.clone(); 147 this.mAllowedGroupManagementCiphers = 148 (BitSet) source.mAllowedGroupManagementCiphers.clone(); 149 this.mAllowedSuiteBCiphers = 150 (BitSet) source.mAllowedSuiteBCiphers.clone(); 151 this.mRequirePmf = source.mRequirePmf; 152 this.mIsSaeH2eOnlyMode = source.mIsSaeH2eOnlyMode; 153 this.mIsSaePkOnlyMode = source.mIsSaePkOnlyMode; 154 this.mIsAddedByAutoUpgrade = source.mIsAddedByAutoUpgrade; 155 } 156 157 @Override equals(Object thatObject)158 public boolean equals(Object thatObject) { 159 if (this == thatObject) { 160 return true; 161 } 162 if (!(thatObject instanceof SecurityParams)) { 163 return false; 164 } 165 SecurityParams that = (SecurityParams) thatObject; 166 167 if (this.mSecurityType != that.mSecurityType) return false; 168 if (this.mEnabled != that.mEnabled) return false; 169 if (!this.mAllowedKeyManagement.equals(that.mAllowedKeyManagement)) return false; 170 if (!this.mAllowedProtocols.equals(that.mAllowedProtocols)) return false; 171 if (!this.mAllowedAuthAlgorithms.equals(that.mAllowedAuthAlgorithms)) return false; 172 if (!this.mAllowedPairwiseCiphers.equals(that.mAllowedPairwiseCiphers)) return false; 173 if (!this.mAllowedGroupCiphers.equals(that.mAllowedGroupCiphers)) return false; 174 if (!this.mAllowedGroupManagementCiphers.equals(that.mAllowedGroupManagementCiphers)) { 175 return false; 176 } 177 if (!this.mAllowedSuiteBCiphers.equals(that.mAllowedSuiteBCiphers)) return false; 178 if (this.mRequirePmf != that.mRequirePmf) return false; 179 if (this.mIsSaeH2eOnlyMode != that.mIsSaeH2eOnlyMode) return false; 180 if (this.mIsSaePkOnlyMode != that.mIsSaePkOnlyMode) return false; 181 if (this.mIsAddedByAutoUpgrade != that.mIsAddedByAutoUpgrade) return false; 182 183 return true; 184 } 185 186 @Override hashCode()187 public int hashCode() { 188 return Objects.hash(mSecurityType, mEnabled, 189 mAllowedKeyManagement, mAllowedProtocols, mAllowedAuthAlgorithms, 190 mAllowedPairwiseCiphers, mAllowedGroupCiphers, mAllowedGroupManagementCiphers, 191 mAllowedSuiteBCiphers, mRequirePmf, 192 mIsSaeH2eOnlyMode, mIsSaePkOnlyMode, mIsAddedByAutoUpgrade); 193 } 194 195 /** 196 * Get the security type of this params. 197 * 198 * @return The security type defined in {@link WifiConfiguration}. 199 */ getSecurityType()200 public @SecurityType int getSecurityType() { 201 return mSecurityType; 202 } 203 204 /** 205 * Check the security type of this params. 206 * 207 * @param type the testing security type. 208 * @return true if this is for the corresponiding type. 209 */ isSecurityType(@ecurityType int type)210 public boolean isSecurityType(@SecurityType int type) { 211 return type == mSecurityType; 212 } 213 214 /** 215 * Check whether the security of given params is the same as this one. 216 * 217 * @param params the testing security params. 218 * @return true if their security types are the same. 219 */ isSameSecurityType(SecurityParams params)220 public boolean isSameSecurityType(SecurityParams params) { 221 return params.mSecurityType == mSecurityType; 222 } 223 224 /** 225 * Update security params to legacy WifiConfiguration object. 226 * 227 * @param config the target configuration. 228 */ updateLegacyWifiConfiguration(WifiConfiguration config)229 public void updateLegacyWifiConfiguration(WifiConfiguration config) { 230 config.allowedKeyManagement = (BitSet) mAllowedKeyManagement.clone(); 231 config.allowedProtocols = (BitSet) mAllowedProtocols.clone(); 232 config.allowedAuthAlgorithms = (BitSet) mAllowedAuthAlgorithms.clone(); 233 config.allowedPairwiseCiphers = (BitSet) mAllowedPairwiseCiphers.clone(); 234 config.allowedGroupCiphers = (BitSet) mAllowedGroupCiphers.clone(); 235 config.allowedGroupManagementCiphers = (BitSet) mAllowedGroupManagementCiphers.clone(); 236 config.allowedSuiteBCiphers = (BitSet) mAllowedSuiteBCiphers.clone(); 237 config.requirePmf = mRequirePmf; 238 } 239 240 /** 241 * Set this params enabled. 242 * 243 * @param enable enable a specific security type. 244 */ setEnabled(boolean enable)245 public void setEnabled(boolean enable) { 246 mEnabled = enable; 247 } 248 249 /** 250 * Indicate this params is enabled or not. 251 */ isEnabled()252 public boolean isEnabled() { 253 return mEnabled; 254 } 255 256 /** 257 * Set the supporting Fast Initial Link Set-up (FILS) key management. 258 * 259 * FILS can be applied to all security types. 260 * @param enableFilsSha256 Enable FILS SHA256. 261 * @param enableFilsSha384 Enable FILS SHA256. 262 */ enableFils(boolean enableFilsSha256, boolean enableFilsSha384)263 public void enableFils(boolean enableFilsSha256, boolean enableFilsSha384) { 264 if (enableFilsSha256) { 265 mAllowedKeyManagement.set(KeyMgmt.FILS_SHA256); 266 } 267 268 if (enableFilsSha384) { 269 mAllowedKeyManagement.set(KeyMgmt.FILS_SHA384); 270 } 271 } 272 273 /** 274 * Get the copy of allowed key management. 275 */ getAllowedKeyManagement()276 public BitSet getAllowedKeyManagement() { 277 return (BitSet) mAllowedKeyManagement.clone(); 278 } 279 280 /** 281 * Get the copy of allowed protocols. 282 */ getAllowedProtocols()283 public BitSet getAllowedProtocols() { 284 return (BitSet) mAllowedProtocols.clone(); 285 } 286 287 /** 288 * Get the copy of allowed auth algorithms. 289 */ getAllowedAuthAlgorithms()290 public BitSet getAllowedAuthAlgorithms() { 291 return (BitSet) mAllowedAuthAlgorithms.clone(); 292 } 293 294 /** 295 * Get the copy of allowed pairwise ciphers. 296 */ getAllowedPairwiseCiphers()297 public BitSet getAllowedPairwiseCiphers() { 298 return (BitSet) mAllowedPairwiseCiphers.clone(); 299 } 300 301 /** 302 * Get the copy of allowed group ciphers. 303 */ getAllowedGroupCiphers()304 public BitSet getAllowedGroupCiphers() { 305 return (BitSet) mAllowedGroupCiphers.clone(); 306 } 307 308 /** 309 * Get the copy of allowed group management ciphers. 310 */ getAllowedGroupManagementCiphers()311 public BitSet getAllowedGroupManagementCiphers() { 312 return (BitSet) mAllowedGroupManagementCiphers.clone(); 313 } 314 315 /** 316 * Enable Suite-B ciphers. 317 * 318 * @param enableEcdheEcdsa enable Diffie-Hellman with Elliptic Curve ECDSA cipher support. 319 * @param enableEcdheRsa enable Diffie-Hellman with RSA cipher support. 320 */ enableSuiteBCiphers(boolean enableEcdheEcdsa, boolean enableEcdheRsa)321 public void enableSuiteBCiphers(boolean enableEcdheEcdsa, boolean enableEcdheRsa) { 322 if (enableEcdheEcdsa) { 323 mAllowedSuiteBCiphers.set(SuiteBCipher.ECDHE_ECDSA); 324 } else { 325 mAllowedSuiteBCiphers.clear(SuiteBCipher.ECDHE_ECDSA); 326 } 327 328 if (enableEcdheRsa) { 329 mAllowedSuiteBCiphers.set(SuiteBCipher.ECDHE_RSA); 330 } else { 331 mAllowedSuiteBCiphers.clear(SuiteBCipher.ECDHE_RSA); 332 } 333 } 334 335 /** 336 * Get the copy of allowed suite-b ciphers. 337 */ getAllowedSuiteBCiphers()338 public BitSet getAllowedSuiteBCiphers() { 339 return (BitSet) mAllowedSuiteBCiphers.clone(); 340 } 341 342 /** 343 * Set PMF is required or not. 344 * 345 * @param required indicates whether PMF is required or not. 346 */ setRequirePmf(boolean required)347 public void setRequirePmf(boolean required) { 348 mRequirePmf = required; 349 } 350 351 /** 352 * Indicate PMF is required or not. 353 */ isRequirePmf()354 public boolean isRequirePmf() { 355 return mRequirePmf; 356 } 357 358 /** 359 * Indicate that this is open security type. 360 */ isOpenSecurityType()361 public boolean isOpenSecurityType() { 362 return isSecurityType(WifiConfiguration.SECURITY_TYPE_OPEN) 363 || isSecurityType(WifiConfiguration.SECURITY_TYPE_OWE); 364 } 365 366 /** 367 * Indicate that this is enterprise security type. 368 */ isEnterpriseSecurityType()369 public boolean isEnterpriseSecurityType() { 370 return mAllowedKeyManagement.get(KeyMgmt.WPA_EAP) 371 || mAllowedKeyManagement.get(KeyMgmt.IEEE8021X) 372 || mAllowedKeyManagement.get(KeyMgmt.SUITE_B_192) 373 || mAllowedKeyManagement.get(KeyMgmt.WAPI_CERT); 374 } 375 376 /** 377 * Enable Hash-to-Element only mode. 378 * 379 * @param enable set H2E only mode enabled or not. 380 */ enableSaeH2eOnlyMode(boolean enable)381 public void enableSaeH2eOnlyMode(boolean enable) { 382 mIsSaeH2eOnlyMode = enable; 383 } 384 385 /** 386 * Indicate whether this params is H2E only mode. 387 * 388 * @return true if this is H2E only mode params. 389 */ isSaeH2eOnlyMode()390 public boolean isSaeH2eOnlyMode() { 391 return mIsSaeH2eOnlyMode; 392 } 393 /** 394 * Enable Pubilc-Key only mode. 395 * 396 * @param enable set PK only mode enabled or not. 397 */ enableSaePkOnlyMode(boolean enable)398 public void enableSaePkOnlyMode(boolean enable) { 399 mIsSaePkOnlyMode = enable; 400 } 401 402 /** 403 * Indicate whether this params is PK only mode. 404 * 405 * @return true if this is PK only mode params. 406 */ isSaePkOnlyMode()407 public boolean isSaePkOnlyMode() { 408 return mIsSaePkOnlyMode; 409 } 410 411 /** 412 * Set whether this is added by auto-upgrade. 413 * 414 * @param addedByAutoUpgrade true if added by auto-upgrade. 415 */ setIsAddedByAutoUpgrade(boolean addedByAutoUpgrade)416 public void setIsAddedByAutoUpgrade(boolean addedByAutoUpgrade) { 417 mIsAddedByAutoUpgrade = addedByAutoUpgrade; 418 } 419 420 /** 421 * Indicate whether this is added by auto-upgrade or not. 422 * 423 * @return true if added by auto-upgrade; otherwise, false. 424 */ isAddedByAutoUpgrade()425 public boolean isAddedByAutoUpgrade() { 426 return mIsAddedByAutoUpgrade; 427 } 428 429 @Override toString()430 public String toString() { 431 StringBuilder sbuf = new StringBuilder(); 432 sbuf.append("Security Parameters:\n"); 433 sbuf.append(" Type: ").append(mSecurityType).append("\n"); 434 sbuf.append(" Enabled: ").append(mEnabled).append("\n"); 435 sbuf.append(" KeyMgmt:"); 436 for (int k = 0; k < mAllowedKeyManagement.size(); k++) { 437 if (mAllowedKeyManagement.get(k)) { 438 sbuf.append(" "); 439 if (k < KeyMgmt.strings.length) { 440 sbuf.append(KeyMgmt.strings[k]); 441 } else { 442 sbuf.append("??"); 443 } 444 } 445 } 446 sbuf.append('\n'); 447 sbuf.append(" Protocols:"); 448 for (int p = 0; p < mAllowedProtocols.size(); p++) { 449 if (mAllowedProtocols.get(p)) { 450 sbuf.append(" "); 451 if (p < Protocol.strings.length) { 452 sbuf.append(Protocol.strings[p]); 453 } else { 454 sbuf.append("??"); 455 } 456 } 457 } 458 sbuf.append('\n'); 459 sbuf.append(" AuthAlgorithms:"); 460 for (int a = 0; a < mAllowedAuthAlgorithms.size(); a++) { 461 if (mAllowedAuthAlgorithms.get(a)) { 462 sbuf.append(" "); 463 if (a < AuthAlgorithm.strings.length) { 464 sbuf.append(AuthAlgorithm.strings[a]); 465 } else { 466 sbuf.append("??"); 467 } 468 } 469 } 470 sbuf.append('\n'); 471 sbuf.append(" PairwiseCiphers:"); 472 for (int pc = 0; pc < mAllowedPairwiseCiphers.size(); pc++) { 473 if (mAllowedPairwiseCiphers.get(pc)) { 474 sbuf.append(" "); 475 if (pc < PairwiseCipher.strings.length) { 476 sbuf.append(PairwiseCipher.strings[pc]); 477 } else { 478 sbuf.append("??"); 479 } 480 } 481 } 482 sbuf.append('\n'); 483 sbuf.append(" GroupCiphers:"); 484 for (int gc = 0; gc < mAllowedGroupCiphers.size(); gc++) { 485 if (mAllowedGroupCiphers.get(gc)) { 486 sbuf.append(" "); 487 if (gc < GroupCipher.strings.length) { 488 sbuf.append(GroupCipher.strings[gc]); 489 } else { 490 sbuf.append("??"); 491 } 492 } 493 } 494 sbuf.append('\n'); 495 sbuf.append(" GroupMgmtCiphers:"); 496 for (int gmc = 0; gmc < mAllowedGroupManagementCiphers.size(); gmc++) { 497 if (mAllowedGroupManagementCiphers.get(gmc)) { 498 sbuf.append(" "); 499 if (gmc < GroupMgmtCipher.strings.length) { 500 sbuf.append(GroupMgmtCipher.strings[gmc]); 501 } else { 502 sbuf.append("??"); 503 } 504 } 505 } 506 sbuf.append('\n'); 507 sbuf.append(" SuiteBCiphers:"); 508 for (int sbc = 0; sbc < mAllowedSuiteBCiphers.size(); sbc++) { 509 if (mAllowedSuiteBCiphers.get(sbc)) { 510 sbuf.append(" "); 511 if (sbc < SuiteBCipher.strings.length) { 512 sbuf.append(SuiteBCipher.strings[sbc]); 513 } else { 514 sbuf.append("??"); 515 } 516 } 517 } 518 sbuf.append('\n'); 519 sbuf.append(" RequirePmf: ").append(mRequirePmf).append('\n'); 520 sbuf.append(" IsAddedByAutoUpgrade: ").append(mIsAddedByAutoUpgrade).append("\n"); 521 sbuf.append(" IsSaeH2eOnlyMode: ").append(mIsSaeH2eOnlyMode).append("\n"); 522 sbuf.append(" IsSaePkOnlyMode: ").append(mIsSaePkOnlyMode).append("\n"); 523 return sbuf.toString(); 524 } 525 readBitSet(Parcel src)526 private static BitSet readBitSet(Parcel src) { 527 int cardinality = src.readInt(); 528 529 BitSet set = new BitSet(); 530 for (int i = 0; i < cardinality; i++) { 531 set.set(src.readInt()); 532 } 533 534 return set; 535 } 536 writeBitSet(Parcel dest, BitSet set)537 private static void writeBitSet(Parcel dest, BitSet set) { 538 int nextSetBit = -1; 539 540 dest.writeInt(set.cardinality()); 541 542 while ((nextSetBit = set.nextSetBit(nextSetBit + 1)) != -1) { 543 dest.writeInt(nextSetBit); 544 } 545 } 546 547 /** Implement the Parcelable interface */ 548 @Override describeContents()549 public int describeContents() { 550 return 0; 551 } 552 553 /** Implement the Parcelable interface */ 554 @Override writeToParcel(Parcel dest, int flags)555 public void writeToParcel(Parcel dest, int flags) { 556 dest.writeInt(mSecurityType); 557 dest.writeBoolean(mEnabled); 558 writeBitSet(dest, mAllowedKeyManagement); 559 writeBitSet(dest, mAllowedProtocols); 560 writeBitSet(dest, mAllowedAuthAlgorithms); 561 writeBitSet(dest, mAllowedPairwiseCiphers); 562 writeBitSet(dest, mAllowedGroupCiphers); 563 writeBitSet(dest, mAllowedGroupManagementCiphers); 564 writeBitSet(dest, mAllowedSuiteBCiphers); 565 dest.writeBoolean(mRequirePmf); 566 dest.writeBoolean(mIsAddedByAutoUpgrade); 567 dest.writeBoolean(mIsSaeH2eOnlyMode); 568 dest.writeBoolean(mIsSaePkOnlyMode); 569 570 } 571 572 /** Implement the Parcelable interface */ 573 public static final @NonNull Parcelable.Creator<SecurityParams> CREATOR = 574 new Creator<SecurityParams>() { 575 public SecurityParams createFromParcel(Parcel in) { 576 SecurityParams params = new SecurityParams(); 577 params.mSecurityType = in.readInt(); 578 params.mEnabled = in.readBoolean(); 579 params.mAllowedKeyManagement = readBitSet(in); 580 params.mAllowedProtocols = readBitSet(in); 581 params.mAllowedAuthAlgorithms = readBitSet(in); 582 params.mAllowedPairwiseCiphers = readBitSet(in); 583 params.mAllowedGroupCiphers = readBitSet(in); 584 params.mAllowedGroupManagementCiphers = readBitSet(in); 585 params.mAllowedSuiteBCiphers = readBitSet(in); 586 params.mRequirePmf = in.readBoolean(); 587 params.mIsAddedByAutoUpgrade = in.readBoolean(); 588 params.mIsSaeH2eOnlyMode = in.readBoolean(); 589 params.mIsSaePkOnlyMode = in.readBoolean(); 590 return params; 591 } 592 593 public SecurityParams[] newArray(int size) { 594 return new SecurityParams[size]; 595 } 596 }; 597 598 /** 599 * Create a params according to the security type. 600 * 601 * @param securityType One of the following security types: 602 * {@link WifiConfiguration#SECURITY_TYPE_OPEN}, 603 * {@link WifiConfiguration#SECURITY_TYPE_WEP}, 604 * {@link WifiConfiguration#SECURITY_TYPE_PSK}, 605 * {@link WifiConfiguration#SECURITY_TYPE_EAP}, 606 * {@link WifiConfiguration#SECURITY_TYPE_SAE}, 607 * {@link WifiConfiguration#SECURITY_TYPE_OWE}, 608 * {@link WifiConfiguration#SECURITY_TYPE_WAPI_PSK}, 609 * {@link WifiConfiguration#SECURITY_TYPE_WAPI_CERT}, 610 * {@link WifiConfiguration#SECURITY_TYPE_EAP_WPA3_ENTERPRISE}, 611 * {@link WifiConfiguration#SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT}, 612 * {@link WifiConfiguration#SECURITY_TYPE_OSEN}, 613 * {@link WifiConfiguration#SECURITY_TYPE_PASSPOINT_R1_R2}, 614 * {@link WifiConfiguration#SECURITY_TYPE_PASSPOINT_R3}, 615 * {@link WifiConfiguration#SECURITY_TYPE_DPP} 616 * 617 * @return the corresponding security params if the security type is valid; 618 * otherwise, throw IllegalArgumentException. 619 */ createSecurityParamsBySecurityType( @ifiConfiguration.SecurityType int securityType)620 public static @NonNull SecurityParams createSecurityParamsBySecurityType( 621 @WifiConfiguration.SecurityType int securityType) { 622 switch (securityType) { 623 case WifiConfiguration.SECURITY_TYPE_OPEN: 624 return createOpenParams(); 625 case WifiConfiguration.SECURITY_TYPE_WEP: 626 return createWepParams(); 627 case WifiConfiguration.SECURITY_TYPE_PSK: 628 return createWpaWpa2PersonalParams(); 629 case WifiConfiguration.SECURITY_TYPE_EAP: 630 return createWpaWpa2EnterpriseParams(); 631 case WifiConfiguration.SECURITY_TYPE_SAE: 632 return createWpa3PersonalParams(); 633 // The value of {@link WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B} is the same as 634 // {@link #WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT}, remove it 635 // to avoid duplicate case label errors. 636 case WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT: 637 return createWpa3Enterprise192BitParams(); 638 case WifiConfiguration.SECURITY_TYPE_OWE: 639 return createEnhancedOpenParams(); 640 case WifiConfiguration.SECURITY_TYPE_WAPI_PSK: 641 return createWapiPskParams(); 642 case WifiConfiguration.SECURITY_TYPE_WAPI_CERT: 643 return createWapiCertParams(); 644 case WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE: 645 return createWpa3EnterpriseParams(); 646 case WifiConfiguration.SECURITY_TYPE_OSEN: 647 return createOsenParams(); 648 case WifiConfiguration.SECURITY_TYPE_PASSPOINT_R1_R2: 649 return SecurityParams.createPasspointParams(PASSPOINT_R2); 650 case WifiConfiguration.SECURITY_TYPE_PASSPOINT_R3: 651 return SecurityParams.createPasspointParams(PASSPOINT_R3); 652 case WifiConfiguration.SECURITY_TYPE_DPP: 653 return SecurityParams.createDppParams(); 654 default: 655 throw new IllegalArgumentException("unknown security type " + securityType); 656 } 657 } 658 659 /** 660 * Create EAP security params. 661 */ createWpaWpa2EnterpriseParams()662 private static @NonNull SecurityParams createWpaWpa2EnterpriseParams() { 663 SecurityParams params = new SecurityParams(); 664 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP; 665 666 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 667 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 668 669 params.mAllowedProtocols.set(Protocol.RSN); 670 params.mAllowedProtocols.set(Protocol.WPA); 671 672 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 673 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 674 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 675 676 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 677 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 678 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 679 return params; 680 } 681 682 /** 683 * Create Passpoint security params. 684 */ createPasspointParams(@asspointRelease int release)685 private static @NonNull SecurityParams createPasspointParams(@PasspointRelease int release) { 686 SecurityParams params = new SecurityParams(); 687 switch (release) { 688 case PASSPOINT_R1: 689 case PASSPOINT_R2: 690 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PASSPOINT_R1_R2; 691 break; 692 case PASSPOINT_R3: 693 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PASSPOINT_R3; 694 params.mRequirePmf = true; 695 break; 696 default: 697 throw new IllegalArgumentException("invalid passpoint release " + release); 698 } 699 700 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 701 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 702 703 params.mAllowedProtocols.set(Protocol.RSN); 704 705 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 706 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 707 708 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 709 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 710 711 return params; 712 } 713 714 /** 715 * Create Enhanced Open params. 716 */ createEnhancedOpenParams()717 private static @NonNull SecurityParams createEnhancedOpenParams() { 718 SecurityParams params = new SecurityParams(); 719 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OWE; 720 721 params.mAllowedKeyManagement.set(KeyMgmt.OWE); 722 723 params.mAllowedProtocols.set(Protocol.RSN); 724 725 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 726 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 727 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 728 729 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 730 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 731 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 732 733 params.mRequirePmf = true; 734 return params; 735 } 736 737 /** 738 * Create Open params. 739 */ createOpenParams()740 private static @NonNull SecurityParams createOpenParams() { 741 SecurityParams params = new SecurityParams(); 742 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OPEN; 743 744 params.mAllowedKeyManagement.set(KeyMgmt.NONE); 745 746 params.mAllowedProtocols.set(Protocol.RSN); 747 params.mAllowedProtocols.set(Protocol.WPA); 748 return params; 749 } 750 751 /** 752 * Create OSEN params. 753 */ createOsenParams()754 private static @NonNull SecurityParams createOsenParams() { 755 SecurityParams params = new SecurityParams(); 756 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OSEN; 757 758 params.mAllowedKeyManagement.set(KeyMgmt.OSEN); 759 760 params.mAllowedProtocols.set(Protocol.OSEN); 761 762 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 763 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 764 765 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 766 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 767 return params; 768 } 769 770 /** 771 * Create WAPI-CERT params. 772 */ createWapiCertParams()773 private static @NonNull SecurityParams createWapiCertParams() { 774 SecurityParams params = new SecurityParams(); 775 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WAPI_CERT; 776 777 params.mAllowedKeyManagement.set(KeyMgmt.WAPI_CERT); 778 779 params.mAllowedProtocols.set(Protocol.WAPI); 780 781 params.mAllowedPairwiseCiphers.set(PairwiseCipher.SMS4); 782 783 params.mAllowedGroupCiphers.set(GroupCipher.SMS4); 784 return params; 785 } 786 787 /** 788 * Create WAPI-PSK params. 789 */ createWapiPskParams()790 private static @NonNull SecurityParams createWapiPskParams() { 791 SecurityParams params = new SecurityParams(); 792 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WAPI_PSK; 793 794 params.mAllowedKeyManagement.set(KeyMgmt.WAPI_PSK); 795 796 params.mAllowedProtocols.set(Protocol.WAPI); 797 798 params.mAllowedPairwiseCiphers.set(PairwiseCipher.SMS4); 799 800 params.mAllowedGroupCiphers.set(GroupCipher.SMS4); 801 return params; 802 } 803 804 /** 805 * Create WEP params. 806 */ createWepParams()807 private static @NonNull SecurityParams createWepParams() { 808 SecurityParams params = new SecurityParams(); 809 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WEP; 810 811 params.mAllowedKeyManagement.set(KeyMgmt.NONE); 812 813 params.mAllowedProtocols.set(Protocol.RSN); 814 815 params.mAllowedAuthAlgorithms.set(AuthAlgorithm.OPEN); 816 params.mAllowedAuthAlgorithms.set(AuthAlgorithm.SHARED); 817 818 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 819 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 820 821 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 822 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 823 params.mAllowedGroupCiphers.set(GroupCipher.WEP40); 824 params.mAllowedGroupCiphers.set(GroupCipher.WEP104); 825 return params; 826 } 827 828 /** 829 * Create WPA3 Enterprise 192-bit params. 830 */ createWpa3Enterprise192BitParams()831 private static @NonNull SecurityParams createWpa3Enterprise192BitParams() { 832 SecurityParams params = new SecurityParams(); 833 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT; 834 835 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 836 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 837 params.mAllowedKeyManagement.set(KeyMgmt.SUITE_B_192); 838 839 params.mAllowedProtocols.set(Protocol.RSN); 840 841 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 842 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 843 844 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 845 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 846 847 params.mAllowedGroupManagementCiphers.set(GroupMgmtCipher.BIP_GMAC_256); 848 849 // Note: allowedSuiteBCiphers bitset will be set by the service once the 850 // certificates are attached to this profile 851 852 params.mRequirePmf = true; 853 return params; 854 } 855 856 /** 857 * Create WPA3 Enterprise params. 858 */ createWpa3EnterpriseParams()859 private static @NonNull SecurityParams createWpa3EnterpriseParams() { 860 SecurityParams params = new SecurityParams(); 861 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE; 862 863 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 864 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 865 866 params.mAllowedProtocols.set(Protocol.RSN); 867 868 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 869 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 870 871 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 872 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 873 874 params.mRequirePmf = true; 875 return params; 876 } 877 878 /** 879 * Create WPA3 Personal params. 880 */ createWpa3PersonalParams()881 private static @NonNull SecurityParams createWpa3PersonalParams() { 882 SecurityParams params = new SecurityParams(); 883 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_SAE; 884 885 params.mAllowedKeyManagement.set(KeyMgmt.SAE); 886 887 params.mAllowedProtocols.set(Protocol.RSN); 888 889 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 890 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 891 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 892 893 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 894 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 895 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 896 897 params.mRequirePmf = true; 898 return params; 899 } 900 901 /** 902 * Create WPA/WPA2 Personal params. 903 */ createWpaWpa2PersonalParams()904 private static @NonNull SecurityParams createWpaWpa2PersonalParams() { 905 SecurityParams params = new SecurityParams(); 906 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PSK; 907 908 params.mAllowedKeyManagement.set(KeyMgmt.WPA_PSK); 909 910 params.mAllowedProtocols.set(Protocol.RSN); 911 params.mAllowedProtocols.set(Protocol.WPA); 912 913 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 914 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 915 916 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 917 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 918 params.mAllowedGroupCiphers.set(GroupCipher.WEP40); 919 params.mAllowedGroupCiphers.set(GroupCipher.WEP104); 920 return params; 921 } 922 923 /** 924 * Create Easy Connect (DPP) params. 925 */ createDppParams()926 private static @NonNull SecurityParams createDppParams() { 927 SecurityParams params = new SecurityParams(); 928 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_DPP; 929 930 params.mAllowedKeyManagement.set(KeyMgmt.DPP); 931 932 params.mAllowedProtocols.set(Protocol.RSN); 933 934 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 935 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 936 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 937 938 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 939 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 940 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 941 942 params.mRequirePmf = true; 943 return params; 944 } 945 } 946