summaryrefslogtreecommitdiff
path: root/wifi/java
diff options
context:
space:
mode:
Diffstat (limited to 'wifi/java')
-rw-r--r--wifi/java/android/net/wifi/ScanResult.java21
-rw-r--r--wifi/java/android/net/wifi/SoftApConfiguration.java1
-rw-r--r--wifi/java/android/net/wifi/WifiEnterpriseConfig.java49
-rw-r--r--wifi/java/android/net/wifi/WifiManager.java8
-rw-r--r--wifi/java/android/net/wifi/WifiNetworkSpecifier.java31
-rw-r--r--wifi/java/android/net/wifi/WifiNetworkSuggestion.java34
-rw-r--r--wifi/java/android/net/wifi/hotspot2/pps/Credential.java13
-rw-r--r--wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java4
8 files changed, 142 insertions, 19 deletions
diff --git a/wifi/java/android/net/wifi/ScanResult.java b/wifi/java/android/net/wifi/ScanResult.java
index c269ba6752d9..5589bd137bcc 100644
--- a/wifi/java/android/net/wifi/ScanResult.java
+++ b/wifi/java/android/net/wifi/ScanResult.java
@@ -582,12 +582,18 @@ public final class ScanResult implements Parcelable {
* 6 GHz band frequency of first channel in MHz
* @hide
*/
- public static final int BAND_6_GHZ_START_FREQ_MHZ = 5945;
+ public static final int BAND_6_GHZ_START_FREQ_MHZ = 5955;
/**
* 6 GHz band frequency of last channel in MHz
* @hide
*/
- public static final int BAND_6_GHZ_END_FREQ_MHZ = 7105;
+ public static final int BAND_6_GHZ_END_FREQ_MHZ = 7115;
+
+ /**
+ * 6 GHz band operating class 136 channel 2 center frequency in MHz
+ * @hide
+ */
+ public static final int BAND_6_GHZ_OP_CLASS_136_CH_2_FREQ_MHZ = 5935;
/**
* Utility function to check if a frequency within 2.4 GHz band
@@ -619,7 +625,10 @@ public final class ScanResult implements Parcelable {
* @hide
*/
public static boolean is6GHz(int freqMhz) {
- return freqMhz >= BAND_6_GHZ_START_FREQ_MHZ && freqMhz <= BAND_6_GHZ_END_FREQ_MHZ;
+ if (freqMhz == BAND_6_GHZ_OP_CLASS_136_CH_2_FREQ_MHZ) {
+ return true;
+ }
+ return (freqMhz >= BAND_6_GHZ_START_FREQ_MHZ && freqMhz <= BAND_6_GHZ_END_FREQ_MHZ);
}
/**
@@ -650,6 +659,9 @@ public final class ScanResult implements Parcelable {
}
if (band == WifiScanner.WIFI_BAND_6_GHZ) {
if (channel >= BAND_6_GHZ_FIRST_CH_NUM && channel <= BAND_6_GHZ_LAST_CH_NUM) {
+ if (channel == 2) {
+ return BAND_6_GHZ_OP_CLASS_136_CH_2_FREQ_MHZ;
+ }
return ((channel - BAND_6_GHZ_FIRST_CH_NUM) * 5) + BAND_6_GHZ_START_FREQ_MHZ;
} else {
return UNSPECIFIED;
@@ -674,6 +686,9 @@ public final class ScanResult implements Parcelable {
} else if (is5GHz(freqMhz)) {
return ((freqMhz - BAND_5_GHZ_START_FREQ_MHZ) / 5) + BAND_5_GHZ_FIRST_CH_NUM;
} else if (is6GHz(freqMhz)) {
+ if (freqMhz == BAND_6_GHZ_OP_CLASS_136_CH_2_FREQ_MHZ) {
+ return 2;
+ }
return ((freqMhz - BAND_6_GHZ_START_FREQ_MHZ) / 5) + BAND_6_GHZ_FIRST_CH_NUM;
}
diff --git a/wifi/java/android/net/wifi/SoftApConfiguration.java b/wifi/java/android/net/wifi/SoftApConfiguration.java
index a5e76e6c92ee..d2ff658b59bc 100644
--- a/wifi/java/android/net/wifi/SoftApConfiguration.java
+++ b/wifi/java/android/net/wifi/SoftApConfiguration.java
@@ -533,6 +533,7 @@ public final class SoftApConfiguration implements Parcelable {
wifiConfig.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.NONE);
break;
case SECURITY_TYPE_WPA2_PSK:
+ case SECURITY_TYPE_WPA3_SAE_TRANSITION:
wifiConfig.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA2_PSK);
break;
default:
diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
index 77fa673f1960..90edc4523b7b 100644
--- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
+++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
@@ -30,6 +30,9 @@ import java.lang.annotation.RetentionPolicy;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.ECParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
@@ -1442,4 +1445,50 @@ public class WifiEnterpriseConfig implements Parcelable {
}
return TextUtils.isEmpty(getCaPath());
}
+
+ /**
+ * Check if a given certificate Get the Suite-B cipher from the certificate
+ *
+ * @param x509Certificate Certificate to process
+ * @return true if the certificate OID matches the Suite-B requirements for RSA or ECDSA
+ * certificates, or false otherwise.
+ * @hide
+ */
+ public static boolean isSuiteBCipherCert(@Nullable X509Certificate x509Certificate) {
+ if (x509Certificate == null) {
+ return false;
+ }
+ final String sigAlgOid = x509Certificate.getSigAlgOID();
+
+ // Wi-Fi alliance requires the use of both ECDSA secp384r1 and RSA 3072 certificates
+ // in WPA3-Enterprise 192-bit security networks, which are also known as Suite-B-192
+ // networks, even though NSA Suite-B-192 mandates ECDSA only. The use of the term
+ // Suite-B was already coined in the IEEE 802.11-2016 specification for
+ // AKM 00-0F-AC but the test plan for WPA3-Enterprise 192-bit for APs mandates
+ // support for both RSA and ECDSA, and for STAs it mandates ECDSA and optionally
+ // RSA. In order to be compatible with all WPA3-Enterprise 192-bit deployments,
+ // we are supporting both types here.
+ if (sigAlgOid.equals("1.2.840.113549.1.1.12")) {
+ // sha384WithRSAEncryption
+ if (x509Certificate.getPublicKey() instanceof RSAPublicKey) {
+ final RSAPublicKey rsaPublicKey = (RSAPublicKey) x509Certificate.getPublicKey();
+ if (rsaPublicKey.getModulus() != null
+ && rsaPublicKey.getModulus().bitLength() >= 3072) {
+ return true;
+ }
+ }
+ } else if (sigAlgOid.equals("1.2.840.10045.4.3.3")) {
+ // ecdsa-with-SHA384
+ if (x509Certificate.getPublicKey() instanceof ECPublicKey) {
+ final ECPublicKey ecPublicKey = (ECPublicKey) x509Certificate.getPublicKey();
+ final ECParameterSpec ecParameterSpec = ecPublicKey.getParams();
+
+ if (ecParameterSpec != null && ecParameterSpec.getOrder() != null
+ && ecParameterSpec.getOrder().bitLength() >= 384) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
}
diff --git a/wifi/java/android/net/wifi/WifiManager.java b/wifi/java/android/net/wifi/WifiManager.java
index b7f4c96f6604..ccf8a80665aa 100644
--- a/wifi/java/android/net/wifi/WifiManager.java
+++ b/wifi/java/android/net/wifi/WifiManager.java
@@ -1054,8 +1054,8 @@ public class WifiManager {
/**
* Broadcast intent action indicating that the link configuration changed on wifi.
* <br />Included Extras:
- * <br />{@link #EXTRA_LINK_PROPERTIES}: {@link android.net.LinkProperties} object associated
- * with the Wi-Fi network.
+ * <br />{@link #EXTRA_LINK_PROPERTIES}: may not be set starting in Android 11. Check for
+ * <br /> null before reading its value.
* <br /> No permissions are required to listen to this broadcast.
* @hide
*/
@@ -1071,6 +1071,10 @@ public class WifiManager {
* Included in the {@link #ACTION_LINK_CONFIGURATION_CHANGED} broadcast.
*
* Retrieve with {@link android.content.Intent#getParcelableExtra(String)}.
+ *
+ * Note: this extra may not be set starting in Android 11. Check for null before reading its
+ * value.
+ *
* @hide
*/
@SystemApi
diff --git a/wifi/java/android/net/wifi/WifiNetworkSpecifier.java b/wifi/java/android/net/wifi/WifiNetworkSpecifier.java
index b0213b0ef502..e12bb9178235 100644
--- a/wifi/java/android/net/wifi/WifiNetworkSpecifier.java
+++ b/wifi/java/android/net/wifi/WifiNetworkSpecifier.java
@@ -78,12 +78,12 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc
private @Nullable String mWpa3SaePassphrase;
/**
* The enterprise configuration details specifying the EAP method,
- * certificates and other settings associated with the WPA-EAP networks.
+ * certificates and other settings associated with the WPA/WPA2-Enterprise networks.
*/
private @Nullable WifiEnterpriseConfig mWpa2EnterpriseConfig;
/**
* The enterprise configuration details specifying the EAP method,
- * certificates and other settings associated with the SuiteB networks.
+ * certificates and other settings associated with the WPA3-Enterprise networks.
*/
private @Nullable WifiEnterpriseConfig mWpa3EnterpriseConfig;
/**
@@ -243,7 +243,11 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc
/**
* Set the associated enterprise configuration for this network. Needed for authenticating
- * to WPA3-SuiteB networks. See {@link WifiEnterpriseConfig} for description.
+ * to WPA3-Enterprise networks (standard and 192-bit security). See
+ * {@link WifiEnterpriseConfig} for description. For 192-bit security networks, both the
+ * client and CA certificates must be provided, and must be of type of either
+ * sha384WithRSAEncryption (OID 1.2.840.113549.1.1.12) or ecdsa-with-SHA384
+ * (OID 1.2.840.10045.4.3.3).
*
* @param enterpriseConfig Instance of {@link WifiEnterpriseConfig}.
* @return Instance of {@link Builder} to enable chaining of the builder method.
@@ -284,8 +288,25 @@ public final class WifiNetworkSpecifier extends NetworkSpecifier implements Parc
} else if (mWpa2EnterpriseConfig != null) { // WPA-EAP network
configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);
configuration.enterpriseConfig = mWpa2EnterpriseConfig;
- } else if (mWpa3EnterpriseConfig != null) { // WPA3-SuiteB network
- configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);
+ } else if (mWpa3EnterpriseConfig != null) { // WPA3-Enterprise
+ if (mWpa3EnterpriseConfig.getEapMethod() == WifiEnterpriseConfig.Eap.TLS
+ && WifiEnterpriseConfig.isSuiteBCipherCert(
+ mWpa3EnterpriseConfig.getClientCertificate())
+ && WifiEnterpriseConfig.isSuiteBCipherCert(
+ mWpa3EnterpriseConfig.getCaCertificate())) {
+ // WPA3-Enterprise in 192-bit security mode (Suite-B)
+ configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);
+ } else {
+ // WPA3-Enterprise
+ configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);
+ configuration.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
+ configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
+ configuration.allowedPairwiseCiphers.set(
+ WifiConfiguration.PairwiseCipher.GCMP_256);
+ configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP);
+ configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);
+ configuration.requirePmf = true;
+ }
configuration.enterpriseConfig = mWpa3EnterpriseConfig;
} else if (mIsEnhancedOpen) { // OWE network
configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OWE);
diff --git a/wifi/java/android/net/wifi/WifiNetworkSuggestion.java b/wifi/java/android/net/wifi/WifiNetworkSuggestion.java
index 4d3a2c02c686..d8be1d2c853c 100644
--- a/wifi/java/android/net/wifi/WifiNetworkSuggestion.java
+++ b/wifi/java/android/net/wifi/WifiNetworkSuggestion.java
@@ -72,12 +72,12 @@ public final class WifiNetworkSuggestion implements Parcelable {
private @Nullable String mWpa3SaePassphrase;
/**
* The enterprise configuration details specifying the EAP method,
- * certificates and other settings associated with the WPA-EAP networks.
+ * certificates and other settings associated with the WPA/WPA2-Enterprise networks.
*/
private @Nullable WifiEnterpriseConfig mWpa2EnterpriseConfig;
/**
* The enterprise configuration details specifying the EAP method,
- * certificates and other settings associated with the SuiteB networks.
+ * certificates and other settings associated with the WPA3-Enterprise networks.
*/
private @Nullable WifiEnterpriseConfig mWpa3EnterpriseConfig;
/**
@@ -276,7 +276,11 @@ public final class WifiNetworkSuggestion implements Parcelable {
/**
* Set the associated enterprise configuration for this network. Needed for authenticating
- * to WPA3 enterprise networks. See {@link WifiEnterpriseConfig} for description.
+ * to WPA3-Enterprise networks (standard and 192-bit security). See
+ * {@link WifiEnterpriseConfig} for description. For 192-bit security networks, both the
+ * client and CA certificates must be provided, and must be of type of either
+ * sha384WithRSAEncryption (OID 1.2.840.113549.1.1.12) or ecdsa-with-SHA384
+ * (OID 1.2.840.10045.4.3.3).
*
* @param enterpriseConfig Instance of {@link WifiEnterpriseConfig}.
* @return Instance of {@link Builder} to enable chaining of the builder method.
@@ -522,8 +526,25 @@ public final class WifiNetworkSuggestion implements Parcelable {
} else if (mWpa2EnterpriseConfig != null) { // WPA-EAP network
configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);
configuration.enterpriseConfig = mWpa2EnterpriseConfig;
- } else if (mWpa3EnterpriseConfig != null) { // WPA3-SuiteB network
- configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);
+ } else if (mWpa3EnterpriseConfig != null) { // WPA3-Enterprise
+ if (mWpa3EnterpriseConfig.getEapMethod() == WifiEnterpriseConfig.Eap.TLS
+ && WifiEnterpriseConfig.isSuiteBCipherCert(
+ mWpa3EnterpriseConfig.getClientCertificate())
+ && WifiEnterpriseConfig.isSuiteBCipherCert(
+ mWpa3EnterpriseConfig.getCaCertificate())) {
+ // WPA3-Enterprise in 192-bit security mode (Suite-B)
+ configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP_SUITE_B);
+ } else {
+ // WPA3-Enterprise
+ configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_EAP);
+ configuration.allowedProtocols.set(WifiConfiguration.Protocol.RSN);
+ configuration.allowedPairwiseCiphers.set(WifiConfiguration.PairwiseCipher.CCMP);
+ configuration.allowedPairwiseCiphers.set(
+ WifiConfiguration.PairwiseCipher.GCMP_256);
+ configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.CCMP);
+ configuration.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);
+ configuration.requirePmf = true;
+ }
configuration.enterpriseConfig = mWpa3EnterpriseConfig;
} else if (mIsEnhancedOpen) { // OWE network
configuration.setSecurityParams(WifiConfiguration.SECURITY_TYPE_OWE);
@@ -943,6 +964,9 @@ public final class WifiNetworkSuggestion implements Parcelable {
*/
@Nullable
public WifiEnterpriseConfig getEnterpriseConfig() {
+ if (!wifiConfiguration.isEnterprise()) {
+ return null;
+ }
return wifiConfiguration.enterpriseConfig;
}
diff --git a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
index fa806e7797cd..282757ac5a14 100644
--- a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
+++ b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java
@@ -448,6 +448,16 @@ public final class Credential implements Parcelable {
return new UserCredential[size];
}
};
+
+ /**
+ * Get a unique identifier for UserCredential.
+ *
+ * @hide
+ * @return a Unique identifier for a UserCredential object
+ */
+ public int getUniqueId() {
+ return Objects.hash(mUsername);
+ }
}
private UserCredential mUserCredential = null;
/**
@@ -1037,7 +1047,8 @@ public final class Credential implements Parcelable {
* @return a Unique identifier for a Credential object
*/
public int getUniqueId() {
- return Objects.hash(mUserCredential, mCertCredential, mSimCredential, mRealm);
+ return Objects.hash(mUserCredential != null ? mUserCredential.getUniqueId() : 0,
+ mCertCredential, mSimCredential, mRealm);
}
@Override
diff --git a/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java b/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
index 224c4bed9d5b..8f34579f6a5d 100644
--- a/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
+++ b/wifi/java/android/net/wifi/hotspot2/pps/HomeSp.java
@@ -313,9 +313,7 @@ public final class HomeSp implements Parcelable {
* @return a Unique identifier for a HomeSp object
*/
public int getUniqueId() {
- return Objects.hash(mFqdn, mFriendlyName, mHomeNetworkIds, Arrays.hashCode(mMatchAllOis),
- Arrays.hashCode(mMatchAnyOis), Arrays.hashCode(mOtherHomePartners),
- Arrays.hashCode(mRoamingConsortiumOis));
+ return Objects.hash(mFqdn);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 08:31:46 +0000