From 452e0ea4c4d5331907fecbaf97299f45ce7c32ec Mon Sep 17 00:00:00 2001 From: maheshkkv Date: Mon, 3 Mar 2025 22:27:16 -0800 Subject: Fix the cipher usage for PASN Add support for GCMP_128 and CCMP_256. Also rename CCMP_128 to CCMP and GCMP_128 to GCMP which aligns with wpa_supplicant. Bug: 397619419 Test: atest FrameworksWifiTests Flag: EXEMPT bug fix Change-Id: I1ca01bbc4716708ac9cb749d47af1bdbfa17c724 --- framework/java/android/net/wifi/ScanResult.java | 6 +++ .../java/android/net/wifi/rtt/PasnConfig.java | 2 +- .../src/android/net/wifi/rtt/PasnConfigTest.java | 6 ++- .../android/net/wifi/rtt/WifiRttManagerTest.java | 2 +- .../server/wifi/util/InformationElementUtil.java | 7 +++ .../wifi/util/InformationElementUtilTest.java | 62 ++++++++++++++++++++++ 6 files changed, 82 insertions(+), 3 deletions(-) diff --git a/framework/java/android/net/wifi/ScanResult.java b/framework/java/android/net/wifi/ScanResult.java index 6954590ae9..e4c91c4c75 100644 --- a/framework/java/android/net/wifi/ScanResult.java +++ b/framework/java/android/net/wifi/ScanResult.java @@ -442,6 +442,12 @@ public final class ScanResult implements Parcelable { */ @SystemApi public static final int CIPHER_BIP_CMAC_256 = 9; + /** + * @hide + * Cipher suite: CCMP_256 + */ + public static final int CIPHER_CCMP_256 = 10; + /** * The detected signal level in dBm, also known as the RSSI. diff --git a/framework/java/android/net/wifi/rtt/PasnConfig.java b/framework/java/android/net/wifi/rtt/PasnConfig.java index d420154cba..f1feb5bd29 100644 --- a/framework/java/android/net/wifi/rtt/PasnConfig.java +++ b/framework/java/android/net/wifi/rtt/PasnConfig.java @@ -176,7 +176,7 @@ public final class PasnConfig implements Parcelable { sStringToCipher.put("None", CIPHER_NONE); sStringToCipher.put("-CCMP]", CIPHER_CCMP_128); sStringToCipher.put("-CCMP-256]", CIPHER_CCMP_256); - sStringToCipher.put("-GCMP-128]", CIPHER_GCMP_128); + sStringToCipher.put("-GCMP]", CIPHER_GCMP_128); sStringToCipher.put("-GCMP-256]", CIPHER_GCMP_256); } diff --git a/framework/tests/src/android/net/wifi/rtt/PasnConfigTest.java b/framework/tests/src/android/net/wifi/rtt/PasnConfigTest.java index d986e251f3..d235f037fd 100644 --- a/framework/tests/src/android/net/wifi/rtt/PasnConfigTest.java +++ b/framework/tests/src/android/net/wifi/rtt/PasnConfigTest.java @@ -199,8 +199,12 @@ public class PasnConfigTest { assertEquals(PasnConfig.CIPHER_NONE, PasnConfig.getCiphersFromCapabilities("")); assertEquals(PasnConfig.CIPHER_CCMP_128, PasnConfig.getCiphersFromCapabilities("[RSN-SAE+SAE_EXT_KEY-CCMP]")); + assertEquals(PasnConfig.CIPHER_CCMP_256, + PasnConfig.getCiphersFromCapabilities("[RSN-SAE+SAE_EXT_KEY-CCMP-256]")); assertEquals(PasnConfig.CIPHER_GCMP_128, - PasnConfig.getCiphersFromCapabilities("[RSN-SAE+SAE_EXT_KEY-GCMP-128]")); + PasnConfig.getCiphersFromCapabilities("[RSN-SAE+SAE_EXT_KEY-GCMP]")); + assertEquals(PasnConfig.CIPHER_GCMP_256, + PasnConfig.getCiphersFromCapabilities("[RSN-SAE+SAE_EXT_KEY-GCMP-256]")); } /** diff --git a/framework/tests/src/android/net/wifi/rtt/WifiRttManagerTest.java b/framework/tests/src/android/net/wifi/rtt/WifiRttManagerTest.java index 08d5f40385..3426b76800 100644 --- a/framework/tests/src/android/net/wifi/rtt/WifiRttManagerTest.java +++ b/framework/tests/src/android/net/wifi/rtt/WifiRttManagerTest.java @@ -864,7 +864,7 @@ public class WifiRttManagerTest { scanResult.setFlag( ScanResult.FLAG_80211az_NTB_RESPONDER | ScanResult.FLAG_SECURE_HE_LTF_SUPPORTED); scanResult.informationElements = ie; - scanResult.capabilities = "[RSN-PASN-SAE+SAE_EXT_KEY-GCMP-128]"; + scanResult.capabilities = "[RSN-PASN-SAE+SAE_EXT_KEY-GCMP]"; scanResult.setWifiSsid(WifiSsid.fromString("\"TEST_SSID\"")); RangingRequest.Builder builder = new RangingRequest.Builder(); diff --git a/service/java/com/android/server/wifi/util/InformationElementUtil.java b/service/java/com/android/server/wifi/util/InformationElementUtil.java index 37a07a5ca8..f4fd25c168 100644 --- a/service/java/com/android/server/wifi/util/InformationElementUtil.java +++ b/service/java/com/android/server/wifi/util/InformationElementUtil.java @@ -1895,6 +1895,7 @@ public class InformationElementUtil { private static final int RSN_CIPHER_CCMP = 0x04ac0f00; private static final int RSN_CIPHER_NO_GROUP_ADDRESSED = 0x07ac0f00; private static final int RSN_CIPHER_GCMP_256 = 0x09ac0f00; + private static final int RSN_CIPHER_CCMP_256 = 0x0aac0f00; private static final int RSN_CIPHER_GCMP_128 = 0x08ac0f00; private static final int RSN_CIPHER_BIP_GMAC_128 = 0x0bac0f00; private static final int RSN_CIPHER_BIP_GMAC_256 = 0x0cac0f00; @@ -2129,6 +2130,8 @@ public class InformationElementUtil { return ScanResult.CIPHER_TKIP; case RSN_CIPHER_CCMP: return ScanResult.CIPHER_CCMP; + case RSN_CIPHER_CCMP_256: + return ScanResult.CIPHER_CCMP_256; case RSN_CIPHER_GCMP_256: return ScanResult.CIPHER_GCMP_256; case RSN_CIPHER_NO_GROUP_ADDRESSED: @@ -2490,6 +2493,10 @@ public class InformationElementUtil { return "None"; case ScanResult.CIPHER_CCMP: return "CCMP"; + case ScanResult.CIPHER_CCMP_256: + return "CCMP-256"; + case ScanResult.CIPHER_GCMP_128: + return "GCMP"; case ScanResult.CIPHER_GCMP_256: return "GCMP-256"; case ScanResult.CIPHER_TKIP: diff --git a/service/tests/wifitests/src/com/android/server/wifi/util/InformationElementUtilTest.java b/service/tests/wifitests/src/com/android/server/wifi/util/InformationElementUtilTest.java index eb9083acd3..e45b9dbf0c 100644 --- a/service/tests/wifitests/src/com/android/server/wifi/util/InformationElementUtilTest.java +++ b/service/tests/wifitests/src/com/android/server/wifi/util/InformationElementUtilTest.java @@ -1014,6 +1014,38 @@ public class InformationElementUtilTest extends WifiBaseTest { "[RSN-EAP_SUITE_B_192-GCMP-256][MFPR]"); } + /** + * Test Capabilities.generateCapabilitiesString() with RSN IE, GCMP-128 and SUITE_B_192. + * Expect the function to return a string with the proper security information. + */ + @Test + public void buildCapabilities_rsnSuiteB192ElementWithGcmp128() { + InformationElement ieRsn = new InformationElement(); + ieRsn.id = InformationElement.EID_RSN; + ieRsn.bytes = new byte[] { + // RSNE Version (0x0001) + (byte) 0x01, (byte) 0x00, + // Group cipher suite: GCMP-128 + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x09, + // Number of cipher suites (1) + (byte) 0x01, (byte) 0x00, + // Cipher suite: GCMP-256 + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x08, + // Number of AKMs (1) + (byte) 0x01, (byte) 0x00, + // SUITE_B_192 AKM + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x0C, + // RSN capabilities + (byte) 0x40, (byte) 0x00, + // PMKID count + (byte) 0x00, (byte) 0x00, + // Group mgmt cipher suite: BIP_GMAC_256 + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x0c, + }; + verifyCapabilityStringFromIeWithoutOweSupported(ieRsn, + "[RSN-EAP_SUITE_B_192-GCMP][MFPR]"); + } + /** * Test Capabilities.generateCapabilitiesString() with RSN IE, * CCMP and FILS SHA256. Expect the function to return a string @@ -2864,6 +2896,36 @@ public class InformationElementUtilTest extends WifiBaseTest { "[RSN-PASN+SAE-CCMP+GCMP-256][MFPR]"); } + /** + * Test Capabilities.generateCapabilitiesString() with a RSN IE. + * Expect the function to return a string with the proper security information. + */ + @Test + public void buildCapabilities_rsnElementWithPasnSaeAndCcmp256() { + InformationElement ie = new InformationElement(); + ie.id = InformationElement.EID_RSN; + ie.bytes = new byte[] { + // Version + (byte) 0x01, (byte) 0x00, + // Group cipher suite: TKIP + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x02, + // Pairwise cipher count + (byte) 0x01, (byte) 0x00, + // Pairwise cipher suite: CCMP-256 + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x0A, + // AKM count + (byte) 0x02, (byte) 0x00, + // AMK suite: PASN + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x15, + // AKM suite: SAE + (byte) 0x00, (byte) 0x0F, (byte) 0xAC, (byte) 0x08, + // RSN capabilities + (byte) 0x40, (byte) 0x00, + }; + verifyCapabilityStringFromIeWithoutOweSupported(ie, + "[RSN-PASN+SAE-CCMP-256][MFPR]"); + } + /** * Test RSNXE capabilities for IEEE 802.11az secure ranging support. *