1abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// 2abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Copyright (C) 2015 The Android Open Source Project 3abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// 4abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Licensed under the Apache License, Version 2.0 (the "License"); 5abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// you may not use this file except in compliance with the License. 6abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// You may obtain a copy of the License at 7abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// 8abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// http://www.apache.org/licenses/LICENSE-2.0 9abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// 10abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Unless required by applicable law or agreed to in writing, software 11abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// distributed under the License is distributed on an "AS IS" BASIS, 12abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// See the License for the specific language governing permissions and 14abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// limitations under the License. 15abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// 16abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 17abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#ifndef PROXY_RPC_SECURITY_TYPES_H 18abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#define PROXY_RPC_SECURITY_TYPES_H 19abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 20abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#include <string> 21abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 22abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#include <XmlRpcValue.h> 23abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 24abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#include <brillo/variant_dictionary.h> 25abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 26abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Abstracts the security configuration for a WiFi network. 27abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// This bundle of credentials can be passed to both HostapConfig and 28abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// AssociationParameters so that both shill and hostapd can set up and connect 29abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// to an encrypted WiFi network. By default, we'll assume we're connecting 30abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// to an open network. 31abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass SecurityConfig { 32abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 33abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius enum WpaModeType { 34abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kWpaModePure = 1, 35abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kWpaModePure_2 = 2, 36abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kWpaModeMixed = kWpaModePure | kWpaModePure_2, 37abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kWpaModeDefault = kWpaModeMixed, 38abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius }; 39abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius enum AuthAlgorithmType { 40abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kAuthAlgorithmTypeOpen = 1, 41abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kAuthAlgorithmTypeShared = 2, 42abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius kAuthAlgorithmTypeDefault = kAuthAlgorithmTypeOpen 43abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius }; 44abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kDefaultSecurity[]; 45abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 46abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius // This function creates the appropriate |SecurityConfig| subclass 47abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius // object from the incoming RPC data. 48abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static std::unique_ptr<SecurityConfig> CreateSecurityConfigObject( 49abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius XmlRpc::XmlRpcValue* xml_rpc_value_in); 50abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius SecurityConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 51abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius virtual ~SecurityConfig() = default; 52abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius virtual void GetServiceProperties(brillo::VariantDictionary* properties); 53abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 54abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string security_; 55abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 56abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 57abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Abstracts security configuration for a WiFi network using static WEP. 58abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Open system authentication means that we don"t do a 4 way AUTH handshake, 59abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// and simply start using the WEP keys after association finishes. 60abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass WEPConfig : public SecurityConfig { 61abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 62abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 63abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius virtual void GetServiceProperties(brillo::VariantDictionary* properties) override; 64abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 65abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 66abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::vector<std::string> wep_keys_; 67abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wep_default_key_index_; 68abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int auth_algorithm_; 69abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 70abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 71abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Abstracts security configuration for a WPA encrypted WiFi network. 72abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass WPAConfig : public SecurityConfig { 73abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 74abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 75abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius void GetServiceProperties(brillo::VariantDictionary* properties) override; 76abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 77abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const int kMaxPskSize; 78abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 79abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 80abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string psk_; 81abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wpa_mode_; 82abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::vector<std::string> wpa_ciphers_; 83abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::vector<std::string> wpa2_ciphers_; 84abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wpa_ptk_rekey_period_seconds_; 85abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wpa_gtk_rekey_period_seconds_; 86abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wpa_gmk_rekey_period_seconds_; 87abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius bool use_strict_rekey_; 88abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 89abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 90abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Abstract superclass that implements certificate/key installation. 91abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass EAPConfig : public SecurityConfig { 92abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 93abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kDefaultEapUsers[]; 94abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kDefaultEAPIdentity[]; 95abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static int last_tmp_id; 96abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 97abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius EAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 98abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius void GetServiceProperties(brillo::VariantDictionary* properties) override; 99abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 100abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 101abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius bool use_system_cas_; 102abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_ca_cert_; 103abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_cert_; 104abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_key_; 105abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_eap_users; 106abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_ca_cert_; 107abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_cert_; 108abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_key_; 109abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_ca_cert_file_path_; 110abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_cert_file_path_; 111abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_key_file_path_; 112abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string server_eap_user_file_path_; 113abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string file_path_suffix_; 114abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_cert_id_; 115abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_key_id_; 116abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string pin_; 117abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_cert_slot_id_; 118abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string client_key_slot_id_; 119abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string eap_identity_; 120abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 121abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 122abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Configuration settings bundle for dynamic WEP. 123abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// This is a WEP encrypted connection where the keys are negotiated after the 124abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// client authenticates via 802.1x. 125abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass DynamicWEPConfig : public EAPConfig { 126abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 127abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const int kDefaultKeyPeriod; 128abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 129abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius DynamicWEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 130abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius void GetServiceProperties(brillo::VariantDictionary* properties) override; 131abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 132abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 133abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius bool use_short_keys_; 134abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius int wep_rekey_period_seconds_; 135abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 136abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 137abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Security type to set up a WPA connection via EAP-TLS negotiation. 138abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass WPAEAPConfig : public EAPConfig { 139abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 140abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius WPAEAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 141abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius void GetServiceProperties(brillo::VariantDictionary* properties) override; 142abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 143abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 144abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius bool use_short_keys_; 145abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius WpaModeType wpa_mode_; 146abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 147abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 148abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Security type to set up a TTLS/PEAP connection. 149abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Both PEAP and TTLS are tunneled protocols which use EAP inside of a TLS 150abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// secured tunnel. The secured tunnel is a symmetric key encryption scheme 151abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// negotiated under the protection of a public key in the server certificate. 152abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// Thus, we"ll see server credentials in the form of certificates, but client 153abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius// credentials in the form of passwords and a CA Cert to root the trust chain. 154abb515e84150d7a3189f96630907ab1190d75ea4Roshan Piusclass Tunneled1xConfig : public WPAEAPConfig { 155abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius public: 156abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kTTLSPrefix[]; 157abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer1TypePEAP[]; 158abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer1TypeTTLS[]; 159abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeGTC[]; 160abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeMSCHAPV2[]; 161abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeMD5[]; 162abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeTTLSMSCHAPV2[]; 163abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeTTLSMSCHAP[]; 164abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius static const char kLayer2TypeTTLSPAP[]; 165abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 166abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius Tunneled1xConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); 167abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius void GetServiceProperties(brillo::VariantDictionary* properties) override; 168abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 169abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius private: 170abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string password_; 171abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius std::string inner_protocol_; 172abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius}; 173abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius 174abb515e84150d7a3189f96630907ab1190d75ea4Roshan Pius#endif // PROXY_RPC_SECURITY_TYPES_H 175