diff options
author | Roshan Pius <rpius@google.com> | 2015-12-09 03:36:27 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2015-12-09 03:36:27 +0000 |
commit | 73c0bd65f73e0bf60d8fbed0b2002f4f1a26e6b7 (patch) | |
tree | 06171b1cdb6ef0cbc583c663571a00a1f9327f2e | |
parent | 2b28203a467c95575149c0db67f0bc1f2379addf (diff) | |
parent | abb515e84150d7a3189f96630907ab1190d75ea4 (diff) | |
download | shill-73c0bd65f73e0bf60d8fbed0b2002f4f1a26e6b7.tar.gz |
shill-test-proxy: Parse XML RPC security data structures
am: abb515e841
* commit 'abb515e84150d7a3189f96630907ab1190d75ea4':
shill-test-proxy: Parse XML RPC security data structures
-rw-r--r-- | test-rpc-proxy/proxy_rpc_security_types.cc | 127 | ||||
-rw-r--r-- | test-rpc-proxy/proxy_rpc_security_types.h | 174 |
2 files changed, 301 insertions, 0 deletions
diff --git a/test-rpc-proxy/proxy_rpc_security_types.cc b/test-rpc-proxy/proxy_rpc_security_types.cc new file mode 100644 index 00000000..89a75965 --- /dev/null +++ b/test-rpc-proxy/proxy_rpc_security_types.cc @@ -0,0 +1,127 @@ +// +// Copyright (C) 2015 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#include <base/logging.h> +#include <base/strings/stringprintf.h> +#include <service_constants.h> + +#include "proxy_rpc_security_types.h" +#include "proxy_util.h" + +// Autotest Server test encodes the object type in this key. +static const char kXmlRpcStructTypeKey[] = "xmlrpc_struct_type_key"; +const char SecurityConfig::kDefaultSecurity[] = "none"; +const int WPAConfig::kMaxPskSize = 64; +const char EAPConfig::kDefaultEapUsers[] = "* TLS"; +const char EAPConfig::kDefaultEAPIdentity[] = "brillo"; +int EAPConfig::last_tmp_id = 8800; +const int DynamicWEPConfig::kDefaultKeyPeriod = 20; +const char Tunneled1xConfig::kTTLSPrefix[] = "TTLS-"; +const char Tunneled1xConfig::kLayer1TypePEAP[] = "PEAP"; +const char Tunneled1xConfig::kLayer1TypeTTLS[] = "TTLS"; +const char Tunneled1xConfig::kLayer2TypeGTC[] = "GTC"; +const char Tunneled1xConfig::kLayer2TypeMSCHAPV2[] = "MSCHAPV2"; +const char Tunneled1xConfig::kLayer2TypeMD5[] = "MD5"; +const char Tunneled1xConfig::kLayer2TypeTTLSMSCHAPV2[] = "TTLS-MSCHAPV2"; +const char Tunneled1xConfig::kLayer2TypeTTLSMSCHAP[] = "TTLS-MSCHAP"; +const char Tunneled1xConfig::kLayer2TypeTTLSPAP[] = "TTLS-PAP"; + +std::unique_ptr<SecurityConfig> SecurityConfig::CreateSecurityConfigObject( + XmlRpc::XmlRpcValue* xml_rpc_value_in) { + const std::string& security_type = (*xml_rpc_value_in)[kXmlRpcStructTypeKey]; + if (security_type == "SecurityConfig") { + return std::unique_ptr<SecurityConfig>(new SecurityConfig(xml_rpc_value_in)); + } + if (security_type == "WEPConfig") { + return std::unique_ptr<SecurityConfig>(new WEPConfig(xml_rpc_value_in)); + } + if (security_type == "WPAConfig") { + return std::unique_ptr<SecurityConfig>(new WPAConfig(xml_rpc_value_in)); + } + LOG(FATAL) << "Unexpected object received. Received: " << security_type; + return nullptr; +} + +SecurityConfig::SecurityConfig( + XmlRpc::XmlRpcValue* xml_rpc_value_in) { + GetStringValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "security", kDefaultSecurity, &security_); +} + +void SecurityConfig::GetServiceProperties(brillo::VariantDictionary* properties) { + // The base class represents a connection with no security. So, no security + // properties to be sent to Shill. +} + +WEPConfig::WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in) + : SecurityConfig::SecurityConfig(xml_rpc_value_in) { + GetStringVectorFromXmlRpcValueStructMember( + xml_rpc_value_in, "wep_keys", std::vector<std::string>(), &wep_keys_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "wep_default_key", 0, &wep_default_key_index_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "auth_algorithm", (int)kAuthAlgorithmTypeDefault, + &auth_algorithm_); + if (wep_default_key_index_ > static_cast<int>(wep_keys_.size())) { + LOG(FATAL) << "Error in received wep_default_key: " + << wep_default_key_index_; + } +} + +void WEPConfig::GetServiceProperties(brillo::VariantDictionary* properties) { + std::string passphrase = base::StringPrintf( + "%d:%s", wep_default_key_index_, + wep_keys_[wep_default_key_index_].c_str()); + (*properties)[shill::kPassphraseProperty] = passphrase; +} + +WPAConfig::WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in) + : SecurityConfig::SecurityConfig(xml_rpc_value_in) { + GetStringValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "psk", std::string(), &psk_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa_mode", kWpaModeDefault, &wpa_mode_); + GetStringVectorFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa_ciphers", std::vector<std::string>(), + &wpa_ciphers_); + GetStringVectorFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa2_ciphers", std::vector<std::string>(), + &wpa2_ciphers_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa_ptk_rekey_period", 0, + &wpa_ptk_rekey_period_seconds_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa_gtk_rekey_period", 0, + &wpa_gtk_rekey_period_seconds_); + GetIntValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "wpa_gmk_rekey_period", 0, + &wpa_gmk_rekey_period_seconds_); + GetBoolValueFromXmlRpcValueStructMember( + xml_rpc_value_in, "use_strict_rekey", 0, &use_strict_rekey_); + + if (psk_.size() > kMaxPskSize) { + LOG(FATAL) << "WPA passphrases can be no longer than 63 characters" + "(or 64 hex digits). PSK: " << psk_; + } + if ((psk_.size() == kMaxPskSize) && + (psk_.find_first_not_of("0123456789abcdef") != std::string::npos)) { + LOG(FATAL) << "Invalid PSK: " << psk_; + } +} + +void WPAConfig::GetServiceProperties(brillo::VariantDictionary* properties) { + (*properties)[shill::kPassphraseProperty] = psk_; +} diff --git a/test-rpc-proxy/proxy_rpc_security_types.h b/test-rpc-proxy/proxy_rpc_security_types.h new file mode 100644 index 00000000..d9e599d6 --- /dev/null +++ b/test-rpc-proxy/proxy_rpc_security_types.h @@ -0,0 +1,174 @@ +// +// Copyright (C) 2015 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#ifndef PROXY_RPC_SECURITY_TYPES_H +#define PROXY_RPC_SECURITY_TYPES_H + +#include <string> + +#include <XmlRpcValue.h> + +#include <brillo/variant_dictionary.h> + +// Abstracts the security configuration for a WiFi network. +// This bundle of credentials can be passed to both HostapConfig and +// AssociationParameters so that both shill and hostapd can set up and connect +// to an encrypted WiFi network. By default, we'll assume we're connecting +// to an open network. +class SecurityConfig { + public: + enum WpaModeType { + kWpaModePure = 1, + kWpaModePure_2 = 2, + kWpaModeMixed = kWpaModePure | kWpaModePure_2, + kWpaModeDefault = kWpaModeMixed, + }; + enum AuthAlgorithmType { + kAuthAlgorithmTypeOpen = 1, + kAuthAlgorithmTypeShared = 2, + kAuthAlgorithmTypeDefault = kAuthAlgorithmTypeOpen + }; + static const char kDefaultSecurity[]; + + // This function creates the appropriate |SecurityConfig| subclass + // object from the incoming RPC data. + static std::unique_ptr<SecurityConfig> CreateSecurityConfigObject( + XmlRpc::XmlRpcValue* xml_rpc_value_in); + SecurityConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + virtual ~SecurityConfig() = default; + virtual void GetServiceProperties(brillo::VariantDictionary* properties); + + std::string security_; +}; + +// Abstracts security configuration for a WiFi network using static WEP. +// Open system authentication means that we don"t do a 4 way AUTH handshake, +// and simply start using the WEP keys after association finishes. +class WEPConfig : public SecurityConfig { + public: + WEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + virtual void GetServiceProperties(brillo::VariantDictionary* properties) override; + + private: + std::vector<std::string> wep_keys_; + int wep_default_key_index_; + int auth_algorithm_; +}; + +// Abstracts security configuration for a WPA encrypted WiFi network. +class WPAConfig : public SecurityConfig { + public: + WPAConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + void GetServiceProperties(brillo::VariantDictionary* properties) override; + + static const int kMaxPskSize; + + private: + std::string psk_; + int wpa_mode_; + std::vector<std::string> wpa_ciphers_; + std::vector<std::string> wpa2_ciphers_; + int wpa_ptk_rekey_period_seconds_; + int wpa_gtk_rekey_period_seconds_; + int wpa_gmk_rekey_period_seconds_; + bool use_strict_rekey_; +}; + +// Abstract superclass that implements certificate/key installation. +class EAPConfig : public SecurityConfig { + public: + static const char kDefaultEapUsers[]; + static const char kDefaultEAPIdentity[]; + static int last_tmp_id; + + EAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + void GetServiceProperties(brillo::VariantDictionary* properties) override; + + private: + bool use_system_cas_; + std::string server_ca_cert_; + std::string server_cert_; + std::string server_key_; + std::string server_eap_users; + std::string client_ca_cert_; + std::string client_cert_; + std::string client_key_; + std::string server_ca_cert_file_path_; + std::string server_cert_file_path_; + std::string server_key_file_path_; + std::string server_eap_user_file_path_; + std::string file_path_suffix_; + std::string client_cert_id_; + std::string client_key_id_; + std::string pin_; + std::string client_cert_slot_id_; + std::string client_key_slot_id_; + std::string eap_identity_; +}; + +// Configuration settings bundle for dynamic WEP. +// This is a WEP encrypted connection where the keys are negotiated after the +// client authenticates via 802.1x. +class DynamicWEPConfig : public EAPConfig { + public: + static const int kDefaultKeyPeriod; + + DynamicWEPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + void GetServiceProperties(brillo::VariantDictionary* properties) override; + + private: + bool use_short_keys_; + int wep_rekey_period_seconds_; +}; + +// Security type to set up a WPA connection via EAP-TLS negotiation. +class WPAEAPConfig : public EAPConfig { + public: + WPAEAPConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + void GetServiceProperties(brillo::VariantDictionary* properties) override; + + private: + bool use_short_keys_; + WpaModeType wpa_mode_; +}; + +// Security type to set up a TTLS/PEAP connection. +// Both PEAP and TTLS are tunneled protocols which use EAP inside of a TLS +// secured tunnel. The secured tunnel is a symmetric key encryption scheme +// negotiated under the protection of a public key in the server certificate. +// Thus, we"ll see server credentials in the form of certificates, but client +// credentials in the form of passwords and a CA Cert to root the trust chain. +class Tunneled1xConfig : public WPAEAPConfig { + public: + static const char kTTLSPrefix[]; + static const char kLayer1TypePEAP[]; + static const char kLayer1TypeTTLS[]; + static const char kLayer2TypeGTC[]; + static const char kLayer2TypeMSCHAPV2[]; + static const char kLayer2TypeMD5[]; + static const char kLayer2TypeTTLSMSCHAPV2[]; + static const char kLayer2TypeTTLSMSCHAP[]; + static const char kLayer2TypeTTLSPAP[]; + + Tunneled1xConfig(XmlRpc::XmlRpcValue* xml_rpc_value_in); + void GetServiceProperties(brillo::VariantDictionary* properties) override; + + private: + std::string password_; + std::string inner_protocol_; +}; + +#endif // PROXY_RPC_SECURITY_TYPES_H |