1# Copyright 2017 - The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15import collections 16import string 17 18from acts.controllers.ap_lib import hostapd_constants 19 20 21class Security(object): 22 """The Security class for hostapd representing some of the security 23 settings that are allowed in hostapd. If needed more can be added. 24 """ 25 26 def __init__(self, 27 security_mode=None, 28 password=None, 29 wpa_cipher=hostapd_constants.WPA_DEFAULT_CIPHER, 30 wpa2_cipher=hostapd_constants.WPA2_DEFAULT_CIPER, 31 wpa_group_rekey=hostapd_constants.WPA_GROUP_KEY_ROTATION_TIME, 32 wpa_strict_rekey=hostapd_constants.WPA_STRICT_REKEY_DEFAULT, 33 wep_default_key=hostapd_constants.WEP_DEFAULT_KEY, 34 radius_server_ip=None, 35 radius_server_port=None, 36 radius_server_secret=None): 37 """Gather all of the security settings for WPA-PSK. This could be 38 expanded later. 39 40 Args: 41 security_mode: Type of security modes. 42 Options: wep, wpa, wpa2, wpa/wpa2 43 password: The PSK or passphrase for the security mode. 44 wpa_cipher: The cipher to be used for wpa. 45 Options: TKIP, CCMP, TKIP CCMP 46 Default: TKIP 47 wpa2_cipher: The cipher to be used for wpa2. 48 Options: TKIP, CCMP, TKIP CCMP 49 Default: CCMP 50 wpa_group_rekey: How often to refresh the GTK regardless of network 51 changes. 52 Options: An integrer in seconds, None 53 Default: 600 seconds 54 wpa_strict_rekey: Whether to do a group key update when client 55 leaves the network or not. 56 Options: True, False 57 Default: True 58 wep_default_key: The wep key number to use when transmitting. 59 radius_server_ip: Radius server IP for Enterprise auth. 60 radius_server_port: Radius server port for Enterprise auth. 61 radius_server_secret: Radius server secret for Enterprise auth. 62 """ 63 self.wpa_cipher = wpa_cipher 64 self.wpa2_cipher = wpa2_cipher 65 self.wpa_group_rekey = wpa_group_rekey 66 self.wpa_strict_rekey = wpa_strict_rekey 67 self.wep_default_key = wep_default_key 68 self.radius_server_ip = radius_server_ip 69 self.radius_server_port = radius_server_port 70 self.radius_server_secret = radius_server_secret 71 if security_mode == hostapd_constants.WPA_STRING: 72 security_mode = hostapd_constants.WPA1 73 elif security_mode == hostapd_constants.WPA2_STRING: 74 security_mode = hostapd_constants.WPA2 75 elif security_mode == hostapd_constants.WPA_MIXED_STRING: 76 security_mode = hostapd_constants.MIXED 77 elif security_mode == hostapd_constants.WEP_STRING: 78 security_mode = hostapd_constants.WEP 79 elif security_mode == hostapd_constants.ENT_STRING: 80 security_mode = hostapd_constants.ENT 81 else: 82 security_mode = None 83 self.security_mode = security_mode 84 if password: 85 if security_mode == hostapd_constants.WEP: 86 if len(password) in hostapd_constants.WEP_HEX_LENGTH and all( 87 c in string.hexdigits for c in password): 88 self.password = password 89 else: 90 raise ValueError( 91 'WEP key must be a hex string of %s characters' 92 % hostapd_constants.WEP_HEX_LENGTH) 93 else: 94 if len(password) < hostapd_constants.MIN_WPA_PSK_LENGTH or len( 95 password) > hostapd_constants.MAX_WPA_PSK_LENGTH: 96 raise ValueError( 97 'Password must be a minumum of %s characters and a maximum of %s' 98 % (hostapd_constants.MIN_WPA_PSK_LENGTH, 99 hostapd_constants.MAX_WPA_PSK_LENGTH)) 100 else: 101 self.password = password 102 103 def generate_dict(self): 104 """Returns: an ordered dictionary of settings""" 105 settings = collections.OrderedDict() 106 if self.security_mode != None: 107 if self.security_mode == hostapd_constants.WEP: 108 settings['wep_default_key'] = self.wep_default_key 109 settings['wep_key' + str(self.wep_default_key)] = self.password 110 elif self.security_mode == hostapd_constants.ENT: 111 settings['auth_server_addr'] = self.radius_server_ip 112 settings['auth_server_port'] = self.radius_server_port 113 settings['auth_server_shared_secret'] = self.radius_server_secret 114 settings['wpa_key_mgmt'] = hostapd_constants.ENT_KEY_MGMT 115 settings['ieee8021x'] = hostapd_constants.IEEE8021X 116 settings['wpa'] = hostapd_constants.WPA2 117 else: 118 settings['wpa'] = self.security_mode 119 if len(self.password) == hostapd_constants.MAX_WPA_PSK_LENGTH: 120 settings['wpa_psk'] = self.password 121 else: 122 settings['wpa_passphrase'] = self.password 123 124 if self.security_mode == hostapd_constants.MIXED: 125 settings['wpa_pairwise'] = self.wpa_cipher 126 settings['rsn_pairwise'] = self.wpa2_cipher 127 elif self.security_mode == hostapd_constants.WPA1: 128 settings['wpa_pairwise'] = self.wpa_cipher 129 elif self.security_mode == hostapd_constants.WPA2: 130 settings['rsn_pairwise'] = self.wpa2_cipher 131 132 if self.wpa_group_rekey: 133 settings['wpa_group_rekey'] = self.wpa_group_rekey 134 if self.wpa_strict_rekey: 135 settings[ 136 'wpa_strict_rekey'] = hostapd_constants.WPA_STRICT_REKEY 137 return settings 138