Initialize Suite-B ciphers correctly based on the CA cert type. Read the
cert type from key store, parse it and get the signature algorithm.
Enforce SHA384, and initialize AllowedSuiteBCiphers based on the
certificate type: RSA or ECSDA.
Wi-Fi alliance requires the use of both ECDSA secp384r1 and RSA 3072
certificates in WPA3-Enterprise 192-bit security networks, which are
also known as Suite-B-192 netowkrs, even though NSA Suite-B-192 mandates
ECDSA only. The use of the term Suite-B was already coined in the
IEEE 802.11-2016 specification for AKM 00-0F-AC but the test plan for
WPA3-Enterprise 192-bit for APs mandates support for both RSA and ECDSA,
and for STAs it mandates ECDSA and optionally RSA. In order to be
compatible with all WPA3-Enterprise 192-bit deployments,
Bug:
128861164
Test: Verify Suite-B initialized correctly with RSA and ECDSA certs.
Test: Associate to SUITE_B_192 AP with RSA certificate
Test: Associate to SUITE_B_192 AP with ECDSA certificate
Change-Id: I5e8b6794e68ed3af5f8c8beac622fff8076a46a1
config.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);
config.allowedGroupManagementCiphers.set(WifiConfiguration.GroupMgmtCipher
.BIP_GMAC_256);
- config.allowedSuiteBCiphers.set(WifiConfiguration.SuiteBCipher.ECDHE_RSA);
+ // allowedSuiteBCiphers will be set according to certificate type
}
config.enterpriseConfig = new WifiEnterpriseConfig();
int eapMethod = mEapMethodSpinner.getSelectedItemPosition();
config.allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);
config.allowedGroupManagementCiphers.set(WifiConfiguration.GroupMgmtCipher
.BIP_GMAC_256);
- config.allowedSuiteBCiphers.set(WifiConfiguration.SuiteBCipher.ECDHE_RSA);
+ // allowedSuiteBCiphers will be set according to certificate type
}
if (!TextUtils.isEmpty(password)) {
OSDN Git Service
