1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.wifi; 18 19 import android.annotation.IntDef; 20 import android.annotation.NonNull; 21 import android.net.wifi.WifiConfiguration.AuthAlgorithm; 22 import android.net.wifi.WifiConfiguration.GroupCipher; 23 import android.net.wifi.WifiConfiguration.GroupMgmtCipher; 24 import android.net.wifi.WifiConfiguration.KeyMgmt; 25 import android.net.wifi.WifiConfiguration.PairwiseCipher; 26 import android.net.wifi.WifiConfiguration.Protocol; 27 import android.net.wifi.WifiConfiguration.SecurityType; 28 import android.net.wifi.WifiConfiguration.SuiteBCipher; 29 import android.os.Parcel; 30 31 import java.lang.annotation.Retention; 32 import java.lang.annotation.RetentionPolicy; 33 import java.util.BitSet; 34 import java.util.Objects; 35 36 /** 37 * A class representing a security configuration. 38 * @hide 39 */ 40 public class SecurityParams { 41 private static final String TAG = "SecurityParams"; 42 43 /** Passpoint Release 1 */ 44 public static final int PASSPOINT_R1 = 1; 45 46 /** Passpoint Release 2 */ 47 public static final int PASSPOINT_R2 = 2; 48 49 /** Passpoint Release 3 */ 50 public static final int PASSPOINT_R3 = 3; 51 52 @IntDef(prefix = { "PASSPOINT_" }, value = { 53 PASSPOINT_R1, 54 PASSPOINT_R2, 55 PASSPOINT_R3, 56 }) 57 @Retention(RetentionPolicy.SOURCE) 58 public @interface PasspointRelease {} 59 60 private @SecurityType int mSecurityType = WifiConfiguration.SECURITY_TYPE_PSK; 61 62 /** 63 * This indicates that this security type is enabled or disabled. 64 * Ex. While receiving Transition Disable Indication, older 65 * security should be disabled. 66 */ 67 private boolean mEnabled = true; 68 69 /** 70 * The set of key management protocols supported by this configuration. 71 * See {@link KeyMgmt} for descriptions of the values. 72 * This is set automatically based on the security type. 73 */ 74 private BitSet mAllowedKeyManagement = new BitSet(); 75 76 /** 77 * The set of security protocols supported by this configuration. 78 * See {@link Protocol} for descriptions of the values. 79 * This is set automatically based on the security type. 80 */ 81 private BitSet mAllowedProtocols = new BitSet(); 82 83 /** 84 * The set of authentication protocols supported by this configuration. 85 * See {@link AuthAlgorithm} for descriptions of the values. 86 * This is set automatically based on the security type. 87 */ 88 private BitSet mAllowedAuthAlgorithms = new BitSet(); 89 90 /** 91 * The set of pairwise ciphers for WPA supported by this configuration. 92 * See {@link PairwiseCipher} for descriptions of the values. 93 * This is set automatically based on the security type. 94 */ 95 private BitSet mAllowedPairwiseCiphers = new BitSet(); 96 97 /** 98 * The set of group ciphers supported by this configuration. 99 * See {@link GroupCipher} for descriptions of the values. 100 * This is set automatically based on the security type. 101 */ 102 private BitSet mAllowedGroupCiphers = new BitSet(); 103 104 /** 105 * The set of group management ciphers supported by this configuration. 106 * See {@link GroupMgmtCipher} for descriptions of the values. 107 */ 108 private BitSet mAllowedGroupManagementCiphers = new BitSet(); 109 110 /** 111 * The set of SuiteB ciphers supported by this configuration. 112 * To be used for WPA3-Enterprise mode. Set automatically by the framework based on the 113 * certificate type that is used in this configuration. 114 */ 115 private BitSet mAllowedSuiteBCiphers = new BitSet(); 116 117 /** 118 * True if the network requires Protected Management Frames (PMF), false otherwise. 119 */ 120 private boolean mRequirePmf = false; 121 122 private @PasspointRelease int mPasspointRelease = PASSPOINT_R2; 123 124 /** Indicate that this SAE security type only accepts H2E (Hash-to-Element) mode. */ 125 private boolean mIsSaeH2eOnlyMode = false; 126 127 /** Indicate that this SAE security type only accepts PK (Public Key) mode. */ 128 private boolean mIsSaePkOnlyMode = false; 129 130 /** Indicate whether this is added by auto-upgrade or not. */ 131 private boolean mIsAddedByAutoUpgrade = false; 132 133 /** Constructor */ SecurityParams()134 private SecurityParams() { 135 } 136 137 /** Copy constructor */ SecurityParams(@onNull SecurityParams source)138 public SecurityParams(@NonNull SecurityParams source) { 139 this.mSecurityType = source.mSecurityType; 140 this.mEnabled = source.mEnabled; 141 this.mAllowedKeyManagement = (BitSet) source.mAllowedKeyManagement.clone(); 142 this.mAllowedProtocols = (BitSet) source.mAllowedProtocols.clone(); 143 this.mAllowedAuthAlgorithms = (BitSet) source.mAllowedAuthAlgorithms.clone(); 144 this.mAllowedPairwiseCiphers = (BitSet) source.mAllowedPairwiseCiphers.clone(); 145 this.mAllowedGroupCiphers = (BitSet) source.mAllowedGroupCiphers.clone(); 146 this.mAllowedGroupManagementCiphers = 147 (BitSet) source.mAllowedGroupManagementCiphers.clone(); 148 this.mAllowedSuiteBCiphers = 149 (BitSet) source.mAllowedSuiteBCiphers.clone(); 150 this.mRequirePmf = source.mRequirePmf; 151 this.mIsSaeH2eOnlyMode = source.mIsSaeH2eOnlyMode; 152 this.mIsSaePkOnlyMode = source.mIsSaePkOnlyMode; 153 this.mIsAddedByAutoUpgrade = source.mIsAddedByAutoUpgrade; 154 } 155 156 @Override equals(Object thatObject)157 public boolean equals(Object thatObject) { 158 if (this == thatObject) { 159 return true; 160 } 161 if (!(thatObject instanceof SecurityParams)) { 162 return false; 163 } 164 SecurityParams that = (SecurityParams) thatObject; 165 166 if (this.mSecurityType != that.mSecurityType) return false; 167 if (this.mEnabled != that.mEnabled) return false; 168 if (!this.mAllowedKeyManagement.equals(that.mAllowedKeyManagement)) return false; 169 if (!this.mAllowedProtocols.equals(that.mAllowedProtocols)) return false; 170 if (!this.mAllowedAuthAlgorithms.equals(that.mAllowedAuthAlgorithms)) return false; 171 if (!this.mAllowedPairwiseCiphers.equals(that.mAllowedPairwiseCiphers)) return false; 172 if (!this.mAllowedGroupCiphers.equals(that.mAllowedGroupCiphers)) return false; 173 if (!this.mAllowedGroupManagementCiphers.equals(that.mAllowedGroupManagementCiphers)) { 174 return false; 175 } 176 if (!this.mAllowedSuiteBCiphers.equals(that.mAllowedSuiteBCiphers)) return false; 177 if (this.mRequirePmf != that.mRequirePmf) return false; 178 if (this.mIsSaeH2eOnlyMode != that.mIsSaeH2eOnlyMode) return false; 179 if (this.mIsSaePkOnlyMode != that.mIsSaePkOnlyMode) return false; 180 if (this.mIsAddedByAutoUpgrade != that.mIsAddedByAutoUpgrade) return false; 181 182 return true; 183 } 184 185 @Override hashCode()186 public int hashCode() { 187 return Objects.hash(mSecurityType, mEnabled, 188 mAllowedKeyManagement, mAllowedProtocols, mAllowedAuthAlgorithms, 189 mAllowedPairwiseCiphers, mAllowedGroupCiphers, mAllowedGroupManagementCiphers, 190 mAllowedSuiteBCiphers, mRequirePmf, 191 mIsSaeH2eOnlyMode, mIsSaePkOnlyMode, mIsAddedByAutoUpgrade); 192 } 193 194 /** 195 * Get the security type of this params. 196 * 197 * @return The security type defined in {@link WifiConfiguration}. 198 */ getSecurityType()199 public @SecurityType int getSecurityType() { 200 return mSecurityType; 201 } 202 203 /** 204 * Check the security type of this params. 205 * 206 * @param type the testing security type. 207 * @return true if this is for the corresponiding type. 208 */ isSecurityType(@ecurityType int type)209 public boolean isSecurityType(@SecurityType int type) { 210 return type == mSecurityType; 211 } 212 213 /** 214 * Check whether the security of given params is the same as this one. 215 * 216 * @param params the testing security params. 217 * @return true if their security types are the same. 218 */ isSameSecurityType(SecurityParams params)219 public boolean isSameSecurityType(SecurityParams params) { 220 return params.mSecurityType == mSecurityType; 221 } 222 223 /** 224 * Update security params to legacy WifiConfiguration object. 225 * 226 * @param config the target configuration. 227 */ updateLegacyWifiConfiguration(WifiConfiguration config)228 public void updateLegacyWifiConfiguration(WifiConfiguration config) { 229 config.allowedKeyManagement = (BitSet) mAllowedKeyManagement.clone(); 230 config.allowedProtocols = (BitSet) mAllowedProtocols.clone(); 231 config.allowedAuthAlgorithms = (BitSet) mAllowedAuthAlgorithms.clone(); 232 config.allowedPairwiseCiphers = (BitSet) mAllowedPairwiseCiphers.clone(); 233 config.allowedGroupCiphers = (BitSet) mAllowedGroupCiphers.clone(); 234 config.allowedGroupManagementCiphers = (BitSet) mAllowedGroupManagementCiphers.clone(); 235 config.allowedSuiteBCiphers = (BitSet) mAllowedSuiteBCiphers.clone(); 236 config.requirePmf = mRequirePmf; 237 } 238 239 /** 240 * Set this params enabled. 241 * 242 * @param enable enable a specific security type. 243 */ setEnabled(boolean enable)244 public void setEnabled(boolean enable) { 245 mEnabled = enable; 246 } 247 248 /** 249 * Indicate this params is enabled or not. 250 */ isEnabled()251 public boolean isEnabled() { 252 return mEnabled; 253 } 254 255 /** 256 * Set the supporting Fast Initial Link Set-up (FILS) key management. 257 * 258 * FILS can be applied to all security types. 259 * @param enableFilsSha256 Enable FILS SHA256. 260 * @param enableFilsSha384 Enable FILS SHA256. 261 */ enableFils(boolean enableFilsSha256, boolean enableFilsSha384)262 public void enableFils(boolean enableFilsSha256, boolean enableFilsSha384) { 263 if (enableFilsSha256) { 264 mAllowedKeyManagement.set(KeyMgmt.FILS_SHA256); 265 } 266 267 if (enableFilsSha384) { 268 mAllowedKeyManagement.set(KeyMgmt.FILS_SHA384); 269 } 270 } 271 272 /** 273 * Get the copy of allowed key management. 274 */ getAllowedKeyManagement()275 public BitSet getAllowedKeyManagement() { 276 return (BitSet) mAllowedKeyManagement.clone(); 277 } 278 279 /** 280 * Get the copy of allowed protocols. 281 */ getAllowedProtocols()282 public BitSet getAllowedProtocols() { 283 return (BitSet) mAllowedProtocols.clone(); 284 } 285 286 /** 287 * Get the copy of allowed auth algorithms. 288 */ getAllowedAuthAlgorithms()289 public BitSet getAllowedAuthAlgorithms() { 290 return (BitSet) mAllowedAuthAlgorithms.clone(); 291 } 292 293 /** 294 * Get the copy of allowed pairwise ciphers. 295 */ getAllowedPairwiseCiphers()296 public BitSet getAllowedPairwiseCiphers() { 297 return (BitSet) mAllowedPairwiseCiphers.clone(); 298 } 299 300 /** 301 * Get the copy of allowed group ciphers. 302 */ getAllowedGroupCiphers()303 public BitSet getAllowedGroupCiphers() { 304 return (BitSet) mAllowedGroupCiphers.clone(); 305 } 306 307 /** 308 * Get the copy of allowed group management ciphers. 309 */ getAllowedGroupManagementCiphers()310 public BitSet getAllowedGroupManagementCiphers() { 311 return (BitSet) mAllowedGroupManagementCiphers.clone(); 312 } 313 314 /** 315 * Enable Suite-B ciphers. 316 * 317 * @param enableEcdheEcdsa enable Diffie-Hellman with Elliptic Curve ECDSA cipher support. 318 * @param enableEcdheRsa enable Diffie-Hellman with RSA cipher support. 319 */ enableSuiteBCiphers(boolean enableEcdheEcdsa, boolean enableEcdheRsa)320 public void enableSuiteBCiphers(boolean enableEcdheEcdsa, boolean enableEcdheRsa) { 321 if (enableEcdheEcdsa) { 322 mAllowedSuiteBCiphers.set(SuiteBCipher.ECDHE_ECDSA); 323 } else { 324 mAllowedSuiteBCiphers.clear(SuiteBCipher.ECDHE_ECDSA); 325 } 326 327 if (enableEcdheRsa) { 328 mAllowedSuiteBCiphers.set(SuiteBCipher.ECDHE_RSA); 329 } else { 330 mAllowedSuiteBCiphers.clear(SuiteBCipher.ECDHE_RSA); 331 } 332 } 333 334 /** 335 * Get the copy of allowed suite-b ciphers. 336 */ getAllowedSuiteBCiphers()337 public BitSet getAllowedSuiteBCiphers() { 338 return (BitSet) mAllowedSuiteBCiphers.clone(); 339 } 340 341 /** 342 * Set PMF is required or not. 343 * 344 * @param required indicates whether PMF is required or not. 345 */ setRequirePmf(boolean required)346 public void setRequirePmf(boolean required) { 347 mRequirePmf = required; 348 } 349 350 /** 351 * Indicate PMF is required or not. 352 */ isRequirePmf()353 public boolean isRequirePmf() { 354 return mRequirePmf; 355 } 356 357 /** 358 * Indicate that this is open security type. 359 */ isOpenSecurityType()360 public boolean isOpenSecurityType() { 361 return isSecurityType(WifiConfiguration.SECURITY_TYPE_OPEN) 362 || isSecurityType(WifiConfiguration.SECURITY_TYPE_OWE); 363 } 364 365 /** 366 * Indicate that this is enterprise security type. 367 */ isEnterpriseSecurityType()368 public boolean isEnterpriseSecurityType() { 369 return mAllowedKeyManagement.get(KeyMgmt.WPA_EAP) 370 || mAllowedKeyManagement.get(KeyMgmt.IEEE8021X) 371 || mAllowedKeyManagement.get(KeyMgmt.SUITE_B_192) 372 || mAllowedKeyManagement.get(KeyMgmt.WAPI_CERT); 373 } 374 375 /** 376 * Enable Hash-to-Element only mode. 377 * 378 * @param enable set H2E only mode enabled or not. 379 */ enableSaeH2eOnlyMode(boolean enable)380 public void enableSaeH2eOnlyMode(boolean enable) { 381 mIsSaeH2eOnlyMode = enable; 382 } 383 384 /** 385 * Indicate whether this params is H2E only mode. 386 * 387 * @return true if this is H2E only mode params. 388 */ isSaeH2eOnlyMode()389 public boolean isSaeH2eOnlyMode() { 390 return mIsSaeH2eOnlyMode; 391 } 392 /** 393 * Enable Pubilc-Key only mode. 394 * 395 * @param enable set PK only mode enabled or not. 396 */ enableSaePkOnlyMode(boolean enable)397 public void enableSaePkOnlyMode(boolean enable) { 398 mIsSaePkOnlyMode = enable; 399 } 400 401 /** 402 * Indicate whether this params is PK only mode. 403 * 404 * @return true if this is PK only mode params. 405 */ isSaePkOnlyMode()406 public boolean isSaePkOnlyMode() { 407 return mIsSaePkOnlyMode; 408 } 409 410 /** 411 * Set whether this is added by auto-upgrade. 412 * 413 * @param addedByAutoUpgrade true if added by auto-upgrade. 414 */ setIsAddedByAutoUpgrade(boolean addedByAutoUpgrade)415 public void setIsAddedByAutoUpgrade(boolean addedByAutoUpgrade) { 416 mIsAddedByAutoUpgrade = addedByAutoUpgrade; 417 } 418 419 /** 420 * Indicate whether this is added by auto-upgrade or not. 421 * 422 * @return true if added by auto-upgrade; otherwise, false. 423 */ isAddedByAutoUpgrade()424 public boolean isAddedByAutoUpgrade() { 425 return mIsAddedByAutoUpgrade; 426 } 427 428 @Override toString()429 public String toString() { 430 StringBuilder sbuf = new StringBuilder(); 431 sbuf.append("Security Parameters:\n"); 432 sbuf.append(" Type: ").append(mSecurityType).append("\n"); 433 sbuf.append(" Enabled: ").append(mEnabled).append("\n"); 434 sbuf.append(" KeyMgmt:"); 435 for (int k = 0; k < mAllowedKeyManagement.size(); k++) { 436 if (mAllowedKeyManagement.get(k)) { 437 sbuf.append(" "); 438 if (k < KeyMgmt.strings.length) { 439 sbuf.append(KeyMgmt.strings[k]); 440 } else { 441 sbuf.append("??"); 442 } 443 } 444 } 445 sbuf.append('\n'); 446 sbuf.append(" Protocols:"); 447 for (int p = 0; p < mAllowedProtocols.size(); p++) { 448 if (mAllowedProtocols.get(p)) { 449 sbuf.append(" "); 450 if (p < Protocol.strings.length) { 451 sbuf.append(Protocol.strings[p]); 452 } else { 453 sbuf.append("??"); 454 } 455 } 456 } 457 sbuf.append('\n'); 458 sbuf.append(" AuthAlgorithms:"); 459 for (int a = 0; a < mAllowedAuthAlgorithms.size(); a++) { 460 if (mAllowedAuthAlgorithms.get(a)) { 461 sbuf.append(" "); 462 if (a < AuthAlgorithm.strings.length) { 463 sbuf.append(AuthAlgorithm.strings[a]); 464 } else { 465 sbuf.append("??"); 466 } 467 } 468 } 469 sbuf.append('\n'); 470 sbuf.append(" PairwiseCiphers:"); 471 for (int pc = 0; pc < mAllowedPairwiseCiphers.size(); pc++) { 472 if (mAllowedPairwiseCiphers.get(pc)) { 473 sbuf.append(" "); 474 if (pc < PairwiseCipher.strings.length) { 475 sbuf.append(PairwiseCipher.strings[pc]); 476 } else { 477 sbuf.append("??"); 478 } 479 } 480 } 481 sbuf.append('\n'); 482 sbuf.append(" GroupCiphers:"); 483 for (int gc = 0; gc < mAllowedGroupCiphers.size(); gc++) { 484 if (mAllowedGroupCiphers.get(gc)) { 485 sbuf.append(" "); 486 if (gc < GroupCipher.strings.length) { 487 sbuf.append(GroupCipher.strings[gc]); 488 } else { 489 sbuf.append("??"); 490 } 491 } 492 } 493 sbuf.append('\n'); 494 sbuf.append(" GroupMgmtCiphers:"); 495 for (int gmc = 0; gmc < mAllowedGroupManagementCiphers.size(); gmc++) { 496 if (mAllowedGroupManagementCiphers.get(gmc)) { 497 sbuf.append(" "); 498 if (gmc < GroupMgmtCipher.strings.length) { 499 sbuf.append(GroupMgmtCipher.strings[gmc]); 500 } else { 501 sbuf.append("??"); 502 } 503 } 504 } 505 sbuf.append('\n'); 506 sbuf.append(" SuiteBCiphers:"); 507 for (int sbc = 0; sbc < mAllowedSuiteBCiphers.size(); sbc++) { 508 if (mAllowedSuiteBCiphers.get(sbc)) { 509 sbuf.append(" "); 510 if (sbc < SuiteBCipher.strings.length) { 511 sbuf.append(SuiteBCipher.strings[sbc]); 512 } else { 513 sbuf.append("??"); 514 } 515 } 516 } 517 sbuf.append('\n'); 518 sbuf.append(" RequirePmf: ").append(mRequirePmf).append('\n'); 519 sbuf.append(" IsAddedByAutoUpgrade: ").append(mIsAddedByAutoUpgrade).append("\n"); 520 sbuf.append(" IsSaeH2eOnlyMode: ").append(mIsSaeH2eOnlyMode).append("\n"); 521 sbuf.append(" IsSaePkOnlyMode: ").append(mIsSaePkOnlyMode).append("\n"); 522 return sbuf.toString(); 523 } 524 readBitSet(Parcel src)525 private static BitSet readBitSet(Parcel src) { 526 int cardinality = src.readInt(); 527 528 BitSet set = new BitSet(); 529 for (int i = 0; i < cardinality; i++) { 530 set.set(src.readInt()); 531 } 532 533 return set; 534 } 535 writeBitSet(Parcel dest, BitSet set)536 private static void writeBitSet(Parcel dest, BitSet set) { 537 int nextSetBit = -1; 538 539 dest.writeInt(set.cardinality()); 540 541 while ((nextSetBit = set.nextSetBit(nextSetBit + 1)) != -1) { 542 dest.writeInt(nextSetBit); 543 } 544 } 545 546 /** Write this object to the parcel. */ writeToParcel(Parcel dest, int flags)547 public void writeToParcel(Parcel dest, int flags) { 548 dest.writeInt(mSecurityType); 549 dest.writeBoolean(mEnabled); 550 writeBitSet(dest, mAllowedKeyManagement); 551 writeBitSet(dest, mAllowedProtocols); 552 writeBitSet(dest, mAllowedAuthAlgorithms); 553 writeBitSet(dest, mAllowedPairwiseCiphers); 554 writeBitSet(dest, mAllowedGroupCiphers); 555 writeBitSet(dest, mAllowedGroupManagementCiphers); 556 writeBitSet(dest, mAllowedSuiteBCiphers); 557 dest.writeBoolean(mRequirePmf); 558 dest.writeBoolean(mIsAddedByAutoUpgrade); 559 dest.writeBoolean(mIsSaeH2eOnlyMode); 560 dest.writeBoolean(mIsSaePkOnlyMode); 561 562 } 563 564 /** Create a SecurityParams object from the parcel. */ createFromParcel(Parcel in)565 public static final @NonNull SecurityParams createFromParcel(Parcel in) { 566 SecurityParams params = new SecurityParams(); 567 params.mSecurityType = in.readInt(); 568 params.mEnabled = in.readBoolean(); 569 params.mAllowedKeyManagement = readBitSet(in); 570 params.mAllowedProtocols = readBitSet(in); 571 params.mAllowedAuthAlgorithms = readBitSet(in); 572 params.mAllowedPairwiseCiphers = readBitSet(in); 573 params.mAllowedGroupCiphers = readBitSet(in); 574 params.mAllowedGroupManagementCiphers = readBitSet(in); 575 params.mAllowedSuiteBCiphers = readBitSet(in); 576 params.mRequirePmf = in.readBoolean(); 577 params.mIsAddedByAutoUpgrade = in.readBoolean(); 578 params.mIsSaeH2eOnlyMode = in.readBoolean(); 579 params.mIsSaePkOnlyMode = in.readBoolean(); 580 return params; 581 } 582 583 /** 584 * Create a params according to the security type. 585 * 586 * @param securityType One of the following security types: 587 * {@link WifiConfiguration#SECURITY_TYPE_OPEN}, 588 * {@link WifiConfiguration#SECURITY_TYPE_WEP}, 589 * {@link WifiConfiguration#SECURITY_TYPE_PSK}, 590 * {@link WifiConfiguration#SECURITY_TYPE_EAP}, 591 * {@link WifiConfiguration#SECURITY_TYPE_SAE}, 592 * {@link WifiConfiguration#SECURITY_TYPE_OWE}, 593 * {@link WifiConfiguration#SECURITY_TYPE_WAPI_PSK}, 594 * {@link WifiConfiguration#SECURITY_TYPE_WAPI_CERT}, 595 * {@link WifiConfiguration#SECURITY_TYPE_EAP_WPA3_ENTERPRISE}, 596 * {@link WifiConfiguration#SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT}, 597 * 598 * @return the corresponding security params if the security type is valid; 599 * otherwise, throw IllegalArgumentException. 600 */ createSecurityParamsBySecurityType( @ifiConfiguration.SecurityType int securityType)601 public static @NonNull SecurityParams createSecurityParamsBySecurityType( 602 @WifiConfiguration.SecurityType int securityType) { 603 switch (securityType) { 604 case WifiConfiguration.SECURITY_TYPE_OPEN: 605 return createOpenParams(); 606 case WifiConfiguration.SECURITY_TYPE_WEP: 607 return createWepParams(); 608 case WifiConfiguration.SECURITY_TYPE_PSK: 609 return createWpaWpa2PersonalParams(); 610 case WifiConfiguration.SECURITY_TYPE_EAP: 611 return createWpaWpa2EnterpriseParams(); 612 case WifiConfiguration.SECURITY_TYPE_SAE: 613 return createWpa3PersonalParams(); 614 // The value of {@link WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B} is the same as 615 // {@link #WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT}, remove it 616 // to avoid duplicate case label errors. 617 case WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT: 618 return createWpa3Enterprise192BitParams(); 619 case WifiConfiguration.SECURITY_TYPE_OWE: 620 return createEnhancedOpenParams(); 621 case WifiConfiguration.SECURITY_TYPE_WAPI_PSK: 622 return createWapiPskParams(); 623 case WifiConfiguration.SECURITY_TYPE_WAPI_CERT: 624 return createWapiCertParams(); 625 case WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE: 626 return createWpa3EnterpriseParams(); 627 case WifiConfiguration.SECURITY_TYPE_OSEN: 628 return createOsenParams(); 629 case WifiConfiguration.SECURITY_TYPE_PASSPOINT_R1_R2: 630 return SecurityParams.createPasspointParams(PASSPOINT_R2); 631 case WifiConfiguration.SECURITY_TYPE_PASSPOINT_R3: 632 return SecurityParams.createPasspointParams(PASSPOINT_R3); 633 default: 634 throw new IllegalArgumentException("unknown security type " + securityType); 635 } 636 } 637 638 /** 639 * Create EAP security params. 640 */ createWpaWpa2EnterpriseParams()641 private static @NonNull SecurityParams createWpaWpa2EnterpriseParams() { 642 SecurityParams params = new SecurityParams(); 643 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP; 644 645 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 646 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 647 648 params.mAllowedProtocols.set(Protocol.RSN); 649 params.mAllowedProtocols.set(Protocol.WPA); 650 651 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 652 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 653 654 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 655 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 656 return params; 657 } 658 659 /** 660 * Create Passpoint security params. 661 */ createPasspointParams(@asspointRelease int release)662 private static @NonNull SecurityParams createPasspointParams(@PasspointRelease int release) { 663 SecurityParams params = new SecurityParams(); 664 switch (release) { 665 case PASSPOINT_R1: 666 case PASSPOINT_R2: 667 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PASSPOINT_R1_R2; 668 break; 669 case PASSPOINT_R3: 670 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PASSPOINT_R3; 671 params.mRequirePmf = true; 672 break; 673 default: 674 throw new IllegalArgumentException("invalid passpoint release " + release); 675 } 676 677 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 678 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 679 680 params.mAllowedProtocols.set(Protocol.RSN); 681 682 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 683 684 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 685 686 return params; 687 } 688 689 /** 690 * Create Enhanced Open params. 691 */ createEnhancedOpenParams()692 private static @NonNull SecurityParams createEnhancedOpenParams() { 693 SecurityParams params = new SecurityParams(); 694 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OWE; 695 696 params.mAllowedKeyManagement.set(KeyMgmt.OWE); 697 698 params.mAllowedProtocols.set(Protocol.RSN); 699 700 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 701 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 702 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 703 704 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 705 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 706 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 707 708 params.mRequirePmf = true; 709 return params; 710 } 711 712 /** 713 * Create Open params. 714 */ createOpenParams()715 private static @NonNull SecurityParams createOpenParams() { 716 SecurityParams params = new SecurityParams(); 717 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OPEN; 718 719 params.mAllowedKeyManagement.set(KeyMgmt.NONE); 720 721 params.mAllowedProtocols.set(Protocol.RSN); 722 params.mAllowedProtocols.set(Protocol.WPA); 723 return params; 724 } 725 726 /** 727 * Create OSEN params. 728 */ createOsenParams()729 private static @NonNull SecurityParams createOsenParams() { 730 SecurityParams params = new SecurityParams(); 731 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_OSEN; 732 733 params.mAllowedKeyManagement.set(KeyMgmt.OSEN); 734 735 params.mAllowedProtocols.set(Protocol.OSEN); 736 737 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 738 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 739 740 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 741 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 742 return params; 743 } 744 745 /** 746 * Create WAPI-CERT params. 747 */ createWapiCertParams()748 private static @NonNull SecurityParams createWapiCertParams() { 749 SecurityParams params = new SecurityParams(); 750 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WAPI_CERT; 751 752 params.mAllowedKeyManagement.set(KeyMgmt.WAPI_CERT); 753 754 params.mAllowedProtocols.set(Protocol.WAPI); 755 756 params.mAllowedPairwiseCiphers.set(PairwiseCipher.SMS4); 757 758 params.mAllowedGroupCiphers.set(GroupCipher.SMS4); 759 return params; 760 } 761 762 /** 763 * Create WAPI-PSK params. 764 */ createWapiPskParams()765 private static @NonNull SecurityParams createWapiPskParams() { 766 SecurityParams params = new SecurityParams(); 767 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WAPI_PSK; 768 769 params.mAllowedKeyManagement.set(KeyMgmt.WAPI_PSK); 770 771 params.mAllowedProtocols.set(Protocol.WAPI); 772 773 params.mAllowedPairwiseCiphers.set(PairwiseCipher.SMS4); 774 775 params.mAllowedGroupCiphers.set(GroupCipher.SMS4); 776 return params; 777 } 778 779 /** 780 * Create WEP params. 781 */ createWepParams()782 private static @NonNull SecurityParams createWepParams() { 783 SecurityParams params = new SecurityParams(); 784 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_WEP; 785 786 params.mAllowedKeyManagement.set(KeyMgmt.NONE); 787 788 params.mAllowedProtocols.set(Protocol.RSN); 789 790 params.mAllowedAuthAlgorithms.set(AuthAlgorithm.OPEN); 791 params.mAllowedAuthAlgorithms.set(AuthAlgorithm.SHARED); 792 793 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 794 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 795 796 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 797 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 798 params.mAllowedGroupCiphers.set(GroupCipher.WEP40); 799 params.mAllowedGroupCiphers.set(GroupCipher.WEP104); 800 return params; 801 } 802 803 /** 804 * Create WPA3 Enterprise 192-bit params. 805 */ createWpa3Enterprise192BitParams()806 private static @NonNull SecurityParams createWpa3Enterprise192BitParams() { 807 SecurityParams params = new SecurityParams(); 808 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT; 809 810 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 811 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 812 params.mAllowedKeyManagement.set(KeyMgmt.SUITE_B_192); 813 814 params.mAllowedProtocols.set(Protocol.RSN); 815 816 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 817 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 818 819 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 820 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 821 822 params.mAllowedGroupManagementCiphers.set(GroupMgmtCipher.BIP_GMAC_256); 823 824 // Note: allowedSuiteBCiphers bitset will be set by the service once the 825 // certificates are attached to this profile 826 827 params.mRequirePmf = true; 828 return params; 829 } 830 831 /** 832 * Create WPA3 Enterprise params. 833 */ createWpa3EnterpriseParams()834 private static @NonNull SecurityParams createWpa3EnterpriseParams() { 835 SecurityParams params = new SecurityParams(); 836 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_EAP_WPA3_ENTERPRISE; 837 838 params.mAllowedKeyManagement.set(KeyMgmt.WPA_EAP); 839 params.mAllowedKeyManagement.set(KeyMgmt.IEEE8021X); 840 841 params.mAllowedProtocols.set(Protocol.RSN); 842 843 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 844 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 845 846 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 847 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 848 849 params.mRequirePmf = true; 850 return params; 851 } 852 853 /** 854 * Create WPA3 Personal params. 855 */ createWpa3PersonalParams()856 private static @NonNull SecurityParams createWpa3PersonalParams() { 857 SecurityParams params = new SecurityParams(); 858 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_SAE; 859 860 params.mAllowedKeyManagement.set(KeyMgmt.SAE); 861 862 params.mAllowedProtocols.set(Protocol.RSN); 863 864 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 865 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_128); 866 params.mAllowedPairwiseCiphers.set(PairwiseCipher.GCMP_256); 867 868 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 869 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_128); 870 params.mAllowedGroupCiphers.set(GroupCipher.GCMP_256); 871 872 params.mRequirePmf = true; 873 return params; 874 } 875 876 /** 877 * Create WPA/WPA2 Personal params. 878 */ createWpaWpa2PersonalParams()879 private static @NonNull SecurityParams createWpaWpa2PersonalParams() { 880 SecurityParams params = new SecurityParams(); 881 params.mSecurityType = WifiConfiguration.SECURITY_TYPE_PSK; 882 883 params.mAllowedKeyManagement.set(KeyMgmt.WPA_PSK); 884 885 params.mAllowedProtocols.set(Protocol.RSN); 886 params.mAllowedProtocols.set(Protocol.WPA); 887 888 params.mAllowedPairwiseCiphers.set(PairwiseCipher.CCMP); 889 params.mAllowedPairwiseCiphers.set(PairwiseCipher.TKIP); 890 891 params.mAllowedGroupCiphers.set(GroupCipher.CCMP); 892 params.mAllowedGroupCiphers.set(GroupCipher.TKIP); 893 params.mAllowedGroupCiphers.set(GroupCipher.WEP40); 894 params.mAllowedGroupCiphers.set(GroupCipher.WEP104); 895 return params; 896 } 897 } 898