Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 05f11c46 authored by David Su's avatar David Su Committed by Android (Google) Code Review
Browse files

Merge changes from topic "wifi-rvc-qpr-dev-cherry-pick-to-mainline-prod" into mainline-prod 

* changes:
  [Suggestion] Fix setWpa3EnterpriseConfig
  wifi: Support SAE_TRANSITION when converting to WifiConfiguration
  [Passpoint] Changes to Unique ID
  [NetworkSuggestion] Fix getEnterpriseConfig
parents 9efbca2b 55272682

wifi/java/android/net/wifi/SoftApConfiguration.java

+1 −0
Original line number Diff line number Diff line
@@ -533,6 +533,7 @@ public final class SoftApConfiguration implements Parcelable { 
                wifiConfig.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.NONE);

                break;

            case SECURITY_TYPE_WPA2_PSK:

            case SECURITY_TYPE_WPA3_SAE_TRANSITION:

                wifiConfig.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA2_PSK);

                break;

            default:

wifi/java/android/net/wifi/WifiEnterpriseConfig.java

+49 −0
Original line number Diff line number Diff line
@@ -30,6 +30,9 @@ import java.lang.annotation.RetentionPolicy; 
import java.nio.charset.StandardCharsets;

import java.security.PrivateKey;

import java.security.cert.X509Certificate;

import java.security.interfaces.ECPublicKey;

import java.security.interfaces.RSAPublicKey;

import java.security.spec.ECParameterSpec;

import java.util.Arrays;

import java.util.HashMap;

import java.util.List;
@@ -1442,4 +1445,50 @@ public class WifiEnterpriseConfig implements Parcelable { 
        }

        return TextUtils.isEmpty(getCaPath());

    }



    /**

     * Check if a given certificate Get the Suite-B cipher from the certificate

     *

     * @param x509Certificate Certificate to process

     * @return true if the certificate OID matches the Suite-B requirements for RSA or ECDSA

     * certificates, or false otherwise.

     * @hide

     */

    public static boolean isSuiteBCipherCert(@Nullable X509Certificate x509Certificate) {

        if (x509Certificate == null) {

            return false;

        }

        final String sigAlgOid = x509Certificate.getSigAlgOID();



        // Wi-Fi alliance requires the use of both ECDSA secp384r1 and RSA 3072 certificates

        // in WPA3-Enterprise 192-bit security networks, which are also known as Suite-B-192

        // networks, even though NSA Suite-B-192 mandates ECDSA only. The use of the term

        // Suite-B was already coined in the IEEE 802.11-2016 specification for

        // AKM 00-0F-AC but the test plan for WPA3-Enterprise 192-bit for APs mandates

        // support for both RSA and ECDSA, and for STAs it mandates ECDSA and optionally

        // RSA. In order to be compatible with all WPA3-Enterprise 192-bit deployments,

        // we are supporting both types here.

        if (sigAlgOid.equals("1.2.840.113549.1.1.12")) {

            // sha384WithRSAEncryption

            if (x509Certificate.getPublicKey() instanceof RSAPublicKey) {

                final RSAPublicKey rsaPublicKey = (RSAPublicKey) x509Certificate.getPublicKey();

                if (rsaPublicKey.getModulus() != null

                        && rsaPublicKey.getModulus().bitLength() >= 3072) {

                    return true;

                }

            }

        } else if (sigAlgOid.equals("1.2.840.10045.4.3.3")) {

            // ecdsa-with-SHA384

            if (x509Certificate.getPublicKey() instanceof ECPublicKey) {

                final ECPublicKey ecPublicKey = (ECPublicKey) x509Certificate.getPublicKey();

                final ECParameterSpec ecParameterSpec = ecPublicKey.getParams();



                if (ecParameterSpec != null && ecParameterSpec.getOrder() != null

                        && ecParameterSpec.getOrder().bitLength() >= 384) {

                    return true;

                }

            }

        }

        return false;

    }

}

wifi/java/android/net/wifi/WifiNetworkSpecifier.java

+26 −5
Original line number Diff line number Diff line
@@ -78,12 +78,12 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc 
        private @Nullable String mWpa3SaePassphrase;

        /**

         * The enterprise configuration details specifying the EAP method,

         * certificates and other settings associated with the WPA-EAP networks.

         * certificates and other settings associated with the WPA/WPA2-Enterprise networks.

         */

        private @Nullable WifiEnterpriseConfig mWpa2EnterpriseConfig;

        /**

         * The enterprise configuration details specifying the EAP method,

         * certificates and other settings associated with the SuiteB networks.

         * certificates and other settings associated with the WPA3-Enterprise networks.

         */

        private @Nullable WifiEnterpriseConfig mWpa3EnterpriseConfig;

        /**
@@ -243,7 +243,11 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc 


        /**

         * Set the associated enterprise configuration for this network. Needed for authenticating

         * to WPA3-SuiteB networks. See {@link WifiEnterpriseConfig} for description.

         * to WPA3-Enterprise networks (standard and 192-bit security). See

         * {@link WifiEnterpriseConfig} for description. For 192-bit security networks, both the

         * client and CA certificates must be provided, and must be of type of either

         * sha384WithRSAEncryption (OID 1.2.840.113549.1.1.12) or ecdsa-with-SHA384

         * (OID 1.2.840.10045.4.3.3).

         *

         * @param enterpriseConfig Instance of {@link WifiEnterpriseConfig}.

         * @return Instance of {@link Builder} to enable chaining of the builder method.
@@ -284,8 +288,25 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc 
            } else if (mWpa2EnterpriseConfig != null) { // WPA-EAP network

                configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);

                configuration.enterpriseConfig = mWpa2EnterpriseConfig;

            } else if (mWpa3EnterpriseConfig != null) { // WPA3-SuiteB network

            } else if (mWpa3EnterpriseConfig != null) { // WPA3-Enterprise

                if (mWpa3EnterpriseConfig.getEapMethod() == WifiEnterpriseConfig.Eap.TLS

                        && WifiEnterpriseConfig.isSuiteBCipherCert(

                        mWpa3EnterpriseConfig.getClientCertificate())

                        && WifiEnterpriseConfig.isSuiteBCipherCert(

                        mWpa3EnterpriseConfig.getCaCertificate())) {

                    // WPA3-Enterprise in 192-bit security mode (Suite-B)

                    configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);

                } else {

                    // WPA3-Enterprise

                    configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);

                    configuration.allowedProtocols.set(WifiConfiguration.Protocol.RSN);

                    configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);

                    configuration.allowedPairwiseCiphers.set(

                            WifiConfiguration.PairwiseCipher.GCMP_256);

                    configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP);

                    configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);

                    configuration.requirePmf = true;

                }

                configuration.enterpriseConfig = mWpa3EnterpriseConfig;

            } else if (mIsEnhancedOpen) { // OWE network

                configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OWE);

wifi/java/android/net/wifi/WifiNetworkSuggestion.java

+29 −5
Original line number Diff line number Diff line
@@ -72,12 +72,12 @@ public final class WifiNetworkSuggestion implements Parcelable { 
        private @Nullable String mWpa3SaePassphrase;

        /**

         * The enterprise configuration details specifying the EAP method,

         * certificates and other settings associated with the WPA-EAP networks.

         * certificates and other settings associated with the WPA/WPA2-Enterprise networks.

         */

        private @Nullable WifiEnterpriseConfig mWpa2EnterpriseConfig;

        /**

         * The enterprise configuration details specifying the EAP method,

         * certificates and other settings associated with the SuiteB networks.

         * certificates and other settings associated with the WPA3-Enterprise networks.

         */

        private @Nullable WifiEnterpriseConfig mWpa3EnterpriseConfig;

        /**
@@ -276,7 +276,11 @@ public final class WifiNetworkSuggestion implements Parcelable { 


        /**

         * Set the associated enterprise configuration for this network. Needed for authenticating

         * to WPA3 enterprise networks. See {@link WifiEnterpriseConfig} for description.

         * to WPA3-Enterprise networks (standard and 192-bit security). See

         * {@link WifiEnterpriseConfig} for description. For 192-bit security networks, both the

         * client and CA certificates must be provided, and must be of type of either

         * sha384WithRSAEncryption (OID 1.2.840.113549.1.1.12) or ecdsa-with-SHA384

         * (OID 1.2.840.10045.4.3.3).

         *

         * @param enterpriseConfig Instance of {@link WifiEnterpriseConfig}.

         * @return Instance of {@link Builder} to enable chaining of the builder method.
@@ -522,8 +526,25 @@ public final class WifiNetworkSuggestion implements Parcelable { 
            } else if (mWpa2EnterpriseConfig != null) { // WPA-EAP network

                configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);

                configuration.enterpriseConfig = mWpa2EnterpriseConfig;

            } else if (mWpa3EnterpriseConfig != null) { // WPA3-SuiteB network

            } else if (mWpa3EnterpriseConfig != null) { // WPA3-Enterprise

                if (mWpa3EnterpriseConfig.getEapMethod() == WifiEnterpriseConfig.Eap.TLS

                        && WifiEnterpriseConfig.isSuiteBCipherCert(

                        mWpa3EnterpriseConfig.getClientCertificate())

                        && WifiEnterpriseConfig.isSuiteBCipherCert(

                        mWpa3EnterpriseConfig.getCaCertificate())) {

                    // WPA3-Enterprise in 192-bit security mode (Suite-B)

                    configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);

                } else {

                    // WPA3-Enterprise

                    configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);

                    configuration.allowedProtocols.set(WifiConfiguration.Protocol.RSN);

                    configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);

                    configuration.allowedPairwiseCiphers.set(

                            WifiConfiguration.PairwiseCipher.GCMP_256);

                    configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP);

                    configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);

                    configuration.requirePmf = true;

                }

                configuration.enterpriseConfig = mWpa3EnterpriseConfig;

            } else if (mIsEnhancedOpen) { // OWE network

                configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OWE);
@@ -943,6 +964,9 @@ public final class WifiNetworkSuggestion implements Parcelable { 
     */

    @Nullable

    public WifiEnterpriseConfig getEnterpriseConfig() {

        if (!wifiConfiguration.isEnterprise()) {

            return null;

        }

        return wifiConfiguration.enterpriseConfig;

    }

wifi/java/android/net/wifi/hotspot2/pps/Credential.java

+12 −1
Original line number Diff line number Diff line
@@ -448,6 +448,16 @@ public final class Credential implements Parcelable { 
                    return new UserCredential[size];

                }

            };



        /**

         * Get a unique identifier for UserCredential.

         *

         * @hide

         * @return a Unique identifier for a UserCredential object

         */

        public int getUniqueId() {

            return Objects.hash(mUsername);

        }

    }

    private UserCredential mUserCredential = null;

    /**
@@ -1037,7 +1047,8 @@ public final class Credential implements Parcelable { 
     * @return a Unique identifier for a Credential object

     */

    public int getUniqueId() {

        return Objects.hash(mUserCredential, mCertCredential, mSimCredential, mRealm);

        return Objects.hash(mUserCredential != null ? mUserCredential.getUniqueId() : 0,

                mCertCredential, mSimCredential, mRealm);

    }



    @Override