commit bbf2198766918fab4bdd05d2f54612c0c9abf009
author Nate Jiang <qiangjiang@google.com> Tue Nov 28 12:07:02 2023 -0800
committer Nate Jiang <qiangjiang@google.com> Wed Nov 29 15:49:23 2023 -0800
tree 3d8f71faa3336b38e896b3452c3888b96b484ed2
parent abfd5064c472703c87f992485682dee1eea11dff

Add CSIA into NDP request to support frame protection

Bug: 294810242
Test: atest SingleDeviceTest
Change-Id: Ia59c4e9fbed473b6630e5db1e9af78f58467de77

wifi/aidl/aidl_api/android.hardware.wifi/current/android/hardware/wifi/NanDataPathSecurityConfig.aidl

diff --git a/wifi/aidl/aidl_api/android.hardware.wifi/current/android/hardware/wifi/NanDataPathSecurityConfig.aidl b/wifi/aidl/aidl_api/android.hardware.wifi/current/android/hardware/wifi/NanDataPathSecurityConfig.aidl
index 635dbce..48e9501 100644
--- a/wifi/aidl/aidl_api/android.hardware.wifi/current/android/hardware/wifi/NanDataPathSecurityConfig.aidl
+++ b/wifi/aidl/aidl_api/android.hardware.wifi/current/android/hardware/wifi/NanDataPathSecurityConfig.aidl
@@ -39,4 +39,10 @@
   byte[32] pmk;
   byte[] passphrase;
   byte[16] scid;
+  boolean enable16ReplyCountersForTksa;
+  boolean enable16ReplyCountersForGtksa;
+  boolean supportGtkAndIgtk;
+  boolean supportBigtksa;
+  boolean enableNcsBip256;
+  boolean requiresEnhancedFrameProtection;
 }

wifi/aidl/android/hardware/wifi/NanDataPathSecurityConfig.aidl

diff --git a/wifi/aidl/android/hardware/wifi/NanDataPathSecurityConfig.aidl b/wifi/aidl/android/hardware/wifi/NanDataPathSecurityConfig.aidl
index 9a2013b..b6c5eef 100644
--- a/wifi/aidl/android/hardware/wifi/NanDataPathSecurityConfig.aidl
+++ b/wifi/aidl/android/hardware/wifi/NanDataPathSecurityConfig.aidl
@@ -58,4 +58,49 @@
      * setting up the Secure Data Path.
      */
     byte[16] scid;
+
+    /**
+     * Enables the 16 replay counter for ND-TKSA(NAN Data Pairwise Security Association) and
+     * NM-TKSA(NAN managerment Pairwise Security Association), if set to false will use 4 replay
+     * counter as default
+     * Wi-Fi Aware spec 4.0: 9.5.21.2 Cipher Suite Information attribute
+     */
+    boolean enable16ReplyCountersForTksa;
+
+    /**
+     * Enables the 16 replay counter for GTKSA(Group Transient Key security associations), if set to
+     * false will use 4 replay counter as default.
+     * Wi-Fi Aware spec 4.0: 9.5.21.2 Cipher Suite Information attribute
+     */
+    boolean enable16ReplyCountersForGtksa;
+
+    /**
+     * GTK(Group Transient Key) used to protect group addressed data frames,
+     * IGTK(Integrity Group Transient Key) used to protect multicast management frames, set to true
+     * if supported.
+     * Wi-Fi Aware spec 4.0: 9.5.21.2 Cipher Suite Information attribute
+     */
+    boolean supportGtkAndIgtk;
+
+    /**
+     * BIGTK(Beacon Integrity Group Transient Key) used to protect Beacon frames, set to true if
+     * supported.
+     * Ref: Wi-Fi Aware spec 4.0: 9.5.21.2 Cipher Suite Information attribute
+     */
+    boolean supportBigtksa;
+
+    /**
+     * Enables NCS-BIP-256 for IGTKSA(Integrity Group Transient Key security associations)
+     * and BIGTK(Beacon Integrity Group Transient Key security associations), if set to false will
+     * use NCS-BIP-128 as default
+     * Wi-Fi Aware spec 4.0: 9.5.21.2 Cipher Suite Information attribute
+     */
+    boolean enableNcsBip256;
+
+    /**
+     * Require enhanced frame protection if supported, which includes multicast management frame
+     * protection, group addressed data protection and beacon frame protection.
+     * Wi-Fi Aware spec 4.0: 7.3 frame protection
+     */
+    boolean requiresEnhancedFrameProtection;
 }

wifi/aidl/default/aidl_struct_util.cpp

diff --git a/wifi/aidl/default/aidl_struct_util.cpp b/wifi/aidl/default/aidl_struct_util.cpp
index 83e1193..e66372c 100644
--- a/wifi/aidl/default/aidl_struct_util.cpp
+++ b/wifi/aidl/default/aidl_struct_util.cpp
@@ -2088,6 +2088,17 @@
     memcpy(legacy_request->scid, aidl_request.securityConfig.scid.data(), legacy_request->scid_len);
     legacy_request->publish_subscribe_id = static_cast<uint8_t>(aidl_request.discoverySessionId);
 
+    legacy_request->csia_capabilities |=
+            aidl_request.securityConfig.enable16ReplyCountersForTksa ? 0x1 : 0x0;
+    legacy_request->csia_capabilities |=
+            aidl_request.securityConfig.enable16ReplyCountersForGtksa ? 0x8 : 0x0;
+    if (aidl_request.securityConfig.supportGtkAndIgtk) {
+        legacy_request->csia_capabilities |= aidl_request.securityConfig.supportBigtksa ? 0x4 : 0x2;
+    }
+    legacy_request->csia_capabilities |= aidl_request.securityConfig.enableNcsBip256 ? 0x16 : 0x0;
+    legacy_request->gtk_protection =
+            aidl_request.securityConfig.requiresEnhancedFrameProtection ? 1 : 0;
+
     return true;
 }
 
@@ -2170,6 +2181,17 @@
     memcpy(legacy_request->scid, aidl_request.securityConfig.scid.data(), legacy_request->scid_len);
     legacy_request->publish_subscribe_id = static_cast<uint8_t>(aidl_request.discoverySessionId);
 
+    legacy_request->csia_capabilities |=
+            aidl_request.securityConfig.enable16ReplyCountersForTksa ? 0x1 : 0x0;
+    legacy_request->csia_capabilities |=
+            aidl_request.securityConfig.enable16ReplyCountersForGtksa ? 0x8 : 0x0;
+    if (aidl_request.securityConfig.supportGtkAndIgtk) {
+        legacy_request->csia_capabilities |= aidl_request.securityConfig.supportBigtksa ? 0x4 : 0x2;
+    }
+    legacy_request->csia_capabilities |= aidl_request.securityConfig.enableNcsBip256 ? 0x16 : 0x0;
+    legacy_request->gtk_protection =
+            aidl_request.securityConfig.requiresEnhancedFrameProtection ? 1 : 0;
+
     return true;
 }