Home | History | Annotate | Download | only in test-rpc-proxy
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef PROXY_RPC_SECURITY_TYPES_H
     18 #define PROXY_RPC_SECURITY_TYPES_H
     19 
     20 #include <string>
     21 
     22 #include <XmlRpcValue.h>
     23 
     24 #include <brillo/variant_dictionary.h>
     25 
     26 // Abstracts the security configuration for a WiFi network.
     27 // This bundle of credentials can be passed to both HostapConfig and
     28 // AssociationParameters so that both shill and hostapd can set up and connect
     29 // to an encrypted WiFi network. By default, we'll assume we're connecting
     30 // to an open network.
     31 class SecurityConfig {
     32  public:
     33   enum WpaModeType {
     34     kWpaModePure = 1,
     35     kWpaModePure_2 = 2,
     36     kWpaModeMixed = kWpaModePure | kWpaModePure_2,
     37     kWpaModeDefault = kWpaModeMixed,
     38   };
     39   enum AuthAlgorithmType {
     40     kAuthAlgorithmTypeOpen = 1,
     41     kAuthAlgorithmTypeShared = 2,
     42     kAuthAlgorithmTypeDefault = kAuthAlgorithmTypeOpen
     43   };
     44   static const char kDefaultSecurity[];
     45 
     46   // This function creates the appropriate |SecurityConfig| subclass
     47   // object from the incoming RPC data.
     48   static std::unique_ptr<SecurityConfig> CreateSecurityConfigObject(
     49       XmlRpc::XmlRpcValue* xml_rpc_value_in);
     50   SecurityConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
     51   virtual ~SecurityConfig() = default;
     52   virtual void GetServiceProperties(brillo::VariantDictionary* properties);
     53 
     54   std::string security_;
     55 };
     56 
     57 // Abstracts security configuration for a WiFi network using static WEP.
     58 // Open system authentication means that we don"t do a 4 way AUTH handshake,
     59 // and simply start using the WEP keys after association finishes.
     60 class WEPConfig : public SecurityConfig {
     61  public:
     62   WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
     63   virtual void GetServiceProperties(brillo::VariantDictionary* properties) override;
     64 
     65  private:
     66   std::vector<std::string> wep_keys_;
     67   int wep_default_key_index_;
     68   int auth_algorithm_;
     69 };
     70 
     71 // Abstracts security configuration for a WPA encrypted WiFi network.
     72 class WPAConfig : public SecurityConfig {
     73  public:
     74   WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
     75   void GetServiceProperties(brillo::VariantDictionary* properties) override;
     76 
     77   static const int kMaxPskSize;
     78 
     79  private:
     80   std::string psk_;
     81   int wpa_mode_;
     82   std::vector<std::string> wpa_ciphers_;
     83   std::vector<std::string> wpa2_ciphers_;
     84   int wpa_ptk_rekey_period_seconds_;
     85   int wpa_gtk_rekey_period_seconds_;
     86   int wpa_gmk_rekey_period_seconds_;
     87   bool use_strict_rekey_;
     88 };
     89 
     90 // Abstract superclass that implements certificate/key installation.
     91 class EAPConfig : public SecurityConfig {
     92  public:
     93   static const char kDefaultEapUsers[];
     94   static const char kDefaultEAPIdentity[];
     95   static int last_tmp_id;
     96 
     97   EAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
     98   void GetServiceProperties(brillo::VariantDictionary* properties) override;
     99 
    100  private:
    101   bool use_system_cas_;
    102   std::string server_ca_cert_;
    103   std::string server_cert_;
    104   std::string server_key_;
    105   std::string server_eap_users;
    106   std::string client_ca_cert_;
    107   std::string client_cert_;
    108   std::string client_key_;
    109   std::string server_ca_cert_file_path_;
    110   std::string server_cert_file_path_;
    111   std::string server_key_file_path_;
    112   std::string server_eap_user_file_path_;
    113   std::string file_path_suffix_;
    114   std::string client_cert_id_;
    115   std::string client_key_id_;
    116   std::string pin_;
    117   std::string client_cert_slot_id_;
    118   std::string client_key_slot_id_;
    119   std::string eap_identity_;
    120 };
    121 
    122 // Configuration settings bundle for dynamic WEP.
    123 // This is a WEP encrypted connection where the keys are negotiated after the
    124 // client authenticates via 802.1x.
    125 class DynamicWEPConfig : public EAPConfig {
    126  public:
    127   static const int kDefaultKeyPeriod;
    128 
    129   DynamicWEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
    130   void GetServiceProperties(brillo::VariantDictionary* properties) override;
    131 
    132  private:
    133   bool use_short_keys_;
    134   int wep_rekey_period_seconds_;
    135 };
    136 
    137 // Security type to set up a WPA connection via EAP-TLS negotiation.
    138 class WPAEAPConfig : public EAPConfig {
    139  public:
    140   WPAEAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
    141   void GetServiceProperties(brillo::VariantDictionary* properties) override;
    142 
    143  private:
    144   bool use_short_keys_;
    145   WpaModeType wpa_mode_;
    146 };
    147 
    148 // Security type to set up a TTLS/PEAP connection.
    149 // Both PEAP and TTLS are tunneled protocols which use EAP inside of a TLS
    150 // secured tunnel.  The secured tunnel is a symmetric key encryption scheme
    151 // negotiated under the protection of a public key in the server certificate.
    152 // Thus, we"ll see server credentials in the form of certificates, but client
    153 // credentials in the form of passwords and a CA Cert to root the trust chain.
    154 class Tunneled1xConfig : public WPAEAPConfig {
    155  public:
    156   static const char kTTLSPrefix[];
    157   static const char kLayer1TypePEAP[];
    158   static const char kLayer1TypeTTLS[];
    159   static const char kLayer2TypeGTC[];
    160   static const char kLayer2TypeMSCHAPV2[];
    161   static const char kLayer2TypeMD5[];
    162   static const char kLayer2TypeTTLSMSCHAPV2[];
    163   static const char kLayer2TypeTTLSMSCHAP[];
    164   static const char kLayer2TypeTTLSPAP[];
    165 
    166   Tunneled1xConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in);
    167   void GetServiceProperties(brillo::VariantDictionary* properties) override;
    168 
    169  private:
    170   std::string password_;
    171   std::string inner_protocol_;
    172 };
    173 
    174 #endif // PROXY_RPC_SECURITY_TYPES_H
    175