Android 网络加密类型WPA3,比WPA和WPA2 安全性强一下;
并且热点WPA3 估计是Android11之后的系统才存在的加密类型,
从Android11-13 系统Framework代码看,上层也是有相关属性需要适配,
之前也有Wifi WPA3 加密类型相关分析:
Wifi WPA3 : 指的是Android设备 支持连接WPA3 类型的Wifi 网络,这个只需要适配连接Wifi 的应用代码即可;这个功能在Android11 之后,系统原生Framework和原生Settings默认都是支持的。
热点 WPA3 :指的是热点开启的加密类型是WPA3,其他手机搜到这个热点,限制的加密类型是WPA3类型。这个适配要系统适配,有点麻烦。
//构造热点信息对象 SoftApConfiguration.Builder configBuilder = new SoftApConfiguration.Builder(); //热点名称 configBuilder.setSsid(mHotspotName); //根据情况配置密码 //加密情况才需要设置密码,如果热点不用密码不需要设置就行 if (mSecurityType != 0) { //密码类型1:WPA,2:WPA3(过度),3:WPA3 configBuilder.setPassphrase(mPassword, mSecurityType); } //设置信道和wifi类型,信道值可以根据情况设置 if (mChanel != 0) { configBuilder.setChannel(mChanel, mBand); } else { configBuilder.setBand(mBand); } SoftApConfiguration softApConfiguration = configBuilder.build(); //设置热点信息 mWifiManager.setSoftApConfiguration(softApConfiguration); //启动热点 mConnectivityManager.startTethering(ConnectivityManager.TETHERING_WIFI, true, mOnStartTetheringCallback, new Handler(Looper.getMainLooper()));
通过demo 测试,发现 setPassphrase 设置热点密码类型 mSecurityType 设置 2和3都是无法打开热点的!
logcat -c;logcat | grep -i -E "SoftApManager|ApConfigUtil" //设置无密码加密格式,正常打开热点,日志 11-08 17:42:25.559 813 1073 D SoftApManager[ap0]: startSoftAp: band 2 iface ap0 country US 11-08 17:42:25.566 813 1073 E ApConfigUtil: Can not start softAp with band 6Ghz not supported. //这个不影响热点开启 11-08 17:42:25.578 813 1073 D SoftApManager[ap0]: Soft AP is started 11-08 17:42:25.578 813 1073 D SoftApManager[ap0]: SoftAp is ready for use //设置wap3加密格式,加密类型为3,无法正常打开热点,日志: 11-08 17:42:46.527 813 1073 D SoftApManager[ap0]: currentstate: StartedState 11-08 17:42:46.623 813 1073 D SoftApManager[ap0]: Soft AP is stopped 11-08 17:42:46.623 813 1073 D SoftApManager[ap0]: Timeout message canceled on ap0 11-08 17:42:46.624 813 1073 D SoftApManager[unknown]: SoftApInfo update null, isRemoved: false 11-08 17:42:49.673 813 1073 D SoftApManager[ap0]: startSoftAp: band 2 iface ap0 country US 11-08 17:42:49.685 813 1073 D ApConfigUtil: Error, SAE requires HAL support //热点打开失败关键,需要追一下 SoftApManager 和 ApConfigUtil 里面的代码 11-08 17:42:49.686 813 1073 D SoftApManager[ap0]: Unsupported Configuration detect! config = ssid = "AndroidAP_7983" 11-08 17:42:49.686 813 1073 D SoftApManager[ap0]: Passphrase = <non-empty> 11-08 17:42:49.686 813 1073 D SoftApManager[ap0]: HiddenSsid = false 11-08 17:42:49.686 813 1073 D SoftApManager[ap0]: Channels = {2=36} 11-08 17:42:49.686 813 1073 D SoftApManager[ap0]: SecurityType = 3 11-08 17:42:49.743 813 1073 D SoftApManager[ap0]: Soft AP is stopped 11-08 17:42:49.743 813 1073 E WifiActiveModeWarden: SoftApManager start failed!SoftApManager{id=6497707 iface=ap0 role=ROLE_SOFTAP_TETHERED}
重点报错信息:SAE requires HAL support,这也是导致WPA3 热点无法正常开启的原因!
了解过 wifi 加密类型都会知道 SAE 类型 就是 WPA3 网络加密类型。
public static boolean checkSupportAllConfiguration(SoftApConfiguration config,
SoftApCapability capability) {
if (!capability.areFeaturesSupported(SoftApCapability.SOFTAP_FEATURE_WPA3_SAE)
&& (config.getSecurityType()
|| config.getSecurityType() == SoftApConfiguration.SECURITY_TYPE_WPA3_SAE)) {
Log.d(TAG, "Error, SAE requires HAL support"); //设置热点无法打开的关键!
return false;
return true;
config.getSecurityType() == 2 或者 3 ,并且 capability.areFeaturesSupported(SoftApCapability.SOFTAP_FEATURE_WPA3_SAE) 为false,就会触发这个条件。
所以重点是 capability 对象的分析,这个分析其实是有点复杂的,但是通过全局搜索+日志打印还是可以分析到的。
其实是 WifiServiceImpl.java 开启热点前会更新一下 相关数据。
关于系统代码怎么调用到 ApConfigUtil.checkSupportAllConfiguration,其实是热点开启的流程(最后总结有),SoftApManager.startSoftAp() 多个数据校验的时候调用的。
public SoftApCapability getSoftApCapability() {
synchronized (mLock) {
if (mSoftApCapability == null) {
mSoftApCapability = ApConfigUtil.updateCapabilityFromResource(mContext);
// Default country code
mSoftApCapability = updateSoftApCapabilityWithAvailableChannelList(
mSoftApCapability, mCountryCode.getCountryCode());
return mSoftApCapability;
有N多个地方调用了 getSoftApCapability() 方法,详细流程可以自己摸索一下。
可以看到 SoftApCapability 对象有进行复制和修改
mSoftApCapability = ApConfigUtil.updateCapabilityFromResource(mContext);
mSoftApCapability = updateSoftApCapabilityWithAvailableChannelList(
mSoftApCapability, mCountryCode.getCountryCode());
下面追踪一下 ApConfigUtil.java 的代码
public static SoftApCapability updateCapabilityFromResource(@NonNull Context context) { long features = 0; if (isAcsSupported(context)) { Log.d(TAG, "Update Softap capability, add acs feature support"); features |= SoftApCapability.SOFTAP_FEATURE_ACS_OFFLOAD; } if (isWpa3SaeSupported(context)) { Log.d(TAG, "Update Softap capability, add SAE feature support"); features |= SoftApCapability.SOFTAP_FEATURE_WPA3_SAE; } ... return capability; } //看这里,终于看到了点有用的信息!一个res属性的判断! public static boolean isWpa3SaeSupported(@NonNull Context context) { return context.getResources().getBoolean( R.bool.config_wifi_softap_sae_supported); }
ApConfigUtil 这个热点工具类,是有封装了很多方法的,很多地方有调用到。
通过上面一顿分析,发现只要把 config_wifi_softap_sae_supported 设置成 true ,就可以在上层设置支持WPA3 热点功能。
<!-- Wifi driver supports WPA3 Simultaneous Authentication of Equals (WPA3-SAE) for softap -->
<bool translatable="false" name="config_wifi_softap_sae_supported">true</bool> //默认false
这里是过滤 ap0 节点关键字的日志信息。
11-09 08:57:11.415 806 1471 I EthernetTracker: interfaceLinkStateChanged, iface: ap0, up: true 11-09 08:57:11.419 806 1047 E EthernetNetworkFactoryExt: interfaceLinkStateChanged: iface = ap0, up = true 11-09 08:57:11.428 611 611 I wificond: New station fa:fb:73:72:8c:a5 connected to hotspot using interface ap0 11-09 08:57:11.428 611 611 I wificond: Sending notifications for station add event 11-09 08:57:11.482 611 611 I wificond: Station fa:fb:73:72:8c:a5 disassociated from hotspot 11-09 08:57:11.483 6379 6379 I hostapd : ap0: STA fa:fb:73:72:8c:a5 IEEE 802.11: disassociated 11-09 08:57:17.880 806 1471 I EthernetTracker: interfaceLinkStateChanged, iface: ap0, up: true 11-09 08:57:17.880 806 1047 E EthernetNetworkFactoryExt: interfaceLinkStateChanged: iface = ap0, up = true 11-09 08:57:17.978 611 611 I wificond: New station 18:87:40:31:22:e6 connected to hotspot using interface ap0 11-09 08:57:17.978 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: associated 11-09 08:57:17.978 611 611 I wificond: Sending notifications for station add event 11-09 08:57:17.978 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: associated 11-09 08:57:18.003 611 611 I wificond: Station 18:87:40:31:22:e6 disassociated from hotspot 01-01 08:08:26.998 0 0 I [4 T758 ..] [wlan][758]saaFsmRunEventRxDeauth: (SAA EVENT) ucRoleIdx 1, name ap0, ifindex 18, dev_addr0a:cf:89:a6:44:28 11-09 08:57:18.003 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: disassociated 11-09 08:57:19.256 806 1478 I EthernetTracker: interfaceLinkStateChanged, iface: ap0, up: true 11-09 08:57:19.257 806 1047 E EthernetNetworkFactoryExt: interfaceLinkStateChanged: iface = ap0, up = true 11-09 08:57:19.270 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: associated 11-09 08:57:19.271 611 611 I wificond: New station 18:87:40:31:22:e6 connected to hotspot using interface ap0 11-09 08:57:19.271 611 611 I wificond: Sending notifications for station add event 11-09 08:57:19.271 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: associated 11-09 08:57:19.292 611 611 I wificond: Station 18:87:40:31:22:e6 disassociated from hotspot 01-01 08:08:28.287 0 0 I [4 T758 ..] [wlan][758]saaFsmRunEventRxDeauth: (SAA EVENT) ucRoleIdx 1, name ap0, ifindex 18, dev_addr0a:cf:89:a6:44:28 11-09 08:57:19.292 6379 6379 I hostapd : ap0: STA 18:87:40:31:22:e6 IEEE 802.11: disassociated
连接动作:“connected to hotspot using interface ap0”,这个日志倒是看到有多次,但是之后就没有明显的动作日志了。
11-09 09:19:06.109 17222 17222 D wpa_supplicant: RTM_NEWLINK: ifi_index=18 ifname=ap0 wext ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP]) 11-09 09:19:06.112 806 1478 I EthernetTracker: interfaceLinkStateChanged, iface: ap0, up: true 11-09 09:19:06.112 806 1047 E EthernetNetworkFactoryExt: interfaceLinkStateChanged: iface = ap0, up = true 11-09 09:19:06.122 611 611 I wificond: New station fa:fb:73:72:8c:a5 connected to hotspot using interface ap0 11-09 09:19:06.122 611 611 I wificond: Sending notifications for station add event 11-09 09:19:06.122 18018 18018 I hostapd : ap0: STA fa:fb:73:72:8c:a5 IEEE 802.11: associated 11-09 09:19:06.250 18018 18018 I hostapd : ap0: AP-STA-CONNECTED fa:fb:73:72:8c:a5 11-09 09:19:06.250 18018 18018 I hostapd : ap0: STA fa:fb:73:72:8c:a5 WPA: pairwise key handshake completed (RSN) 11-09 09:19:06.251 18018 18018 I hostapd : ap0: EAPOL-4WAY-HS-COMPLETED fa:fb:73:72:8c:a5 11-09 09:19:06.252 806 1608 D HostapdHalAidlImp: onConnectedClientsChanged on ap0 / ap0 and Mac is fa:fb:73:72:8c:a5 isConnected: true 11-09 09:19:06.254 806 1037 D SoftApManager[ap0]: CMD_ASSOCIATED_STATIONS_CHANGED, Client: fa:fb:73:72:8c:a5 isConnected: true 11-09 09:19:06.255 806 1037 D SoftApManager[ap0]: The connected wifi stations have changed with count: 1: [WifiClient{mMacAddress=fa:fb:73:72:8c:a5mApInstanceIdentifier=ap0}] on the AP which info is SoftApInfo{bandwidth= 2, frequency= 2437,bssid=0a:cf:89:a6:44:28, wifiStandard= 4, mApInstanceIdentifier= ap0, mIdleShutdownTimeoutMillis= 600000} 11-09 09:19:06.256 806 1037 D SoftApManager[ap0]: rescheduleTimeoutMessageIfNeeded ap0, timeoutEnabled=true, isChargingfalse, clientNumber=1 11-09 09:19:06.256 806 1037 D SoftApManager[ap0]: Timeout message canceled on ap0 11-09 09:19:06.257 1226 1269 V WifiManager: SoftApCallbackProxy on mode 1, send onConnectedClientsChanged, changedInfo is SoftApInfo{bandwidth= 2, frequency= 2437,bssid=0a:cf:89:a6:44:28, wifiStandard= 4, mApInstanceIdentifier= ap0, mIdleShutdownTimeoutMillis= 600000} and clients are [WifiClient{mMacAddress=fa:fb:73:72:8c:a5mApInstanceIdentifier=ap0}] 11-09 09:19:06.258 1226 1269 V WifiManager: SoftApCallbackProxy on mode 1, send onConnectedClientsChanged(clients): [WifiClient{mMacAddress=fa:fb:73:72:8c:a5mApInstanceIdentifier=ap0}]
这个日志同样有 “connected to hotspot using interface ap0”,
随后有 hostapd、HostapdHalAidlImp、SoftApManager 相关日志,
从"isConnected: true",明显可以看到有其他设备连接上了分享的热点。
hostapd 是网络身份校验的逻辑代码, wpa_supplicant 模块处理。
HostapdHalAidlImp 上层是调用底层接口的实现,Android11 没有这个类,但是有类似的HostapdHal。
SoftApManager 是上层校验信息逻辑实现
wpa_supplicant 模块的代码,全部都是C/C++ 的代码,路径:
同时发现,即使设置WPA3 热点开启成功,其他Android设备还是未显示WPA3类型的网络,
以前只分析过Android11 ,这里发现Android13 有些区别,记录一下。
SECURITY_TYPE_OPEN = 0; //无密码 SECURITY_TYPE_WEP = 1; //比较旧的加密方式,基本很少用,不太安全 更多文字介绍:https://blog.csdn.net/u013403237/article/details/50663790 SECURITY_TYPE_PSK = 2; //目前常用 包含WPA/WPA2 更多文字介绍:https://www.jianshu.com/p/9316c433ec5f/ SECURITY_TYPE_EAP = 3; //非常安全 EAP 的类型,是一种企业验证的安全类型,EAP 全称叫 802.1X/EAP 他常常给误解成 802.11x。 EAP 的意思就是可扩展认证协议的缩写。 最常部署的 EAP 验证类型包括 EAP-MD-5、EAP-TLS、EAP-LEAP、EAP-TTLS、EAP-Fast、EAP-PEAP; 所以EAP网络也是连接wifi参数最多的网络,还需要添加客户端和服务器端的证书安装。 更多文字介绍:https://blog.csdn.net/hl1293348082/article/details/123888636 SECURITY_TYPE_SAE = 4; SAE最早是802.11s中为mesh网络提出的基于password的认证和key生成协议[1]。在WPA2-PSK中,PMK就是PSK,直接来源于密钥; 而SAE则保证任何STA pair(AP-STA,nonAP-STA)在不同的session都有不同的PMK,使用SAE认证的个人无线网络通常称为WPA3-PSK/WPA3-Personal。 简单的说SAE,就是WPA2的升级,简称WPA3 更多文字介绍:https://blog.csdn.net/qq_23087099/article/details/113921261 SECURITY_TYPE_EAP_SUITE_B = 5; EAP网络的另一种加密形式,具体介绍查不出 SECURITY_TYPE_OWE = 6; 未查出相关介绍,在当前类中发现,入下介绍,Opportunististic (共产主义),大概是共享网络的一种加密格式吧。 /** * Opportunististic Wireless Encryption */ public static final int OWE = 9; 最后两种:SECURITY_TYPE_WAPI_X WAPI(无线网络WLANAuthenticationandPrivacyInfrastructure)是我国自主研发并大力推行的无线网络WLAN安全标准, 它通过了IEEE(注意,不是Wi-Fi)认证和授权,是一种认证和私密性保护协议,其作用类似于802.11b中的WEP,但是能提供更加完善的安全保护。
上面的加密类型都是基于Android11 进行搜索和总结的,Android13 上看了是有点区别的。
Android 加密类型的定义是在 WifiConfiguration.java
/** * Set the various security params to correspond to the provided security type. * This is accomplished by setting the various BitSets exposed in WifiConfiguration. * * @param securityType One of the following security types: * {@link #SECURITY_TYPE_OPEN}, //0 * {@link #SECURITY_TYPE_WEP}, //1 * {@link #SECURITY_TYPE_PSK}, //2 * {@link #SECURITY_TYPE_EAP}, //3 * {@link #SECURITY_TYPE_SAE}, //4 * {@link #SECURITY_TYPE_EAP_SUITE_B}, //5 * {@link #SECURITY_TYPE_OWE}, //6 * {@link #SECURITY_TYPE_WAPI_PSK}, or //7 * {@link #SECURITY_TYPE_WAPI_CERT} //8 */
/** * Security types we support. * @hide */ @Retention(RetentionPolicy.SOURCE) @IntDef(prefix = { "SECURITY_TYPE_" }, value = { SECURITY_TYPE_OPEN, SECURITY_TYPE_WEP, SECURITY_TYPE_PSK, SECURITY_TYPE_EAP, SECURITY_TYPE_SAE, SECURITY_TYPE_EAP_SUITE_B, SECURITY_TYPE_OWE, SECURITY_TYPE_WAPI_PSK, SECURITY_TYPE_WAPI_CERT, //下面几个是新增的 SECURITY_TYPE_EAP_WPA3_ENTERPRISE, SECURITY_TYPE_EAP_WPA3_ENTERPRISE_192_BIT, SECURITY_TYPE_PASSPOINT_R1_R2, SECURITY_TYPE_PASSPOINT_R3, SECURITY_TYPE_DPP, }) //下面是最后几个新增的加密类型的代码说明: /** * Security type for an OSEN network. * @hide */ public static final int SECURITY_TYPE_OSEN = 10; /** * Security type for a Passpoint R1/R2 network. * Passpoint R1/R2 uses Enterprise security, where TKIP and WEP are not allowed. * @hide */ public static final int SECURITY_TYPE_PASSPOINT_R1_R2 = 11; /** * Security type for a Passpoint R3 network. * Passpoint R3 uses Enterprise security, where TKIP and WEP are not allowed, * and PMF must be set to Required. * @hide */ public static final int SECURITY_TYPE_PASSPOINT_R3 = 12; /** Security type for Easy Connect (DPP) network */ public static final int SECURITY_TYPE_DPP = 13; /** * This is used for the boundary check and should be the same as the last type. * @hide */ public static final int SECURITY_TYPE_NUM = SECURITY_TYPE_DPP;
热点加密类型是定义在 SoftApConfiguration.java
* The operating security type of the AP.
* One of the following security types:
* {@link #SECURITY_TYPE_OPEN}, //0
* {@link #SECURITY_TYPE_WPA2_PSK}, //1
* {@link #SECURITY_TYPE_WPA3_SAE} //3
* The operating security type of the AP.
* One of the following security types:
* {@link #SECURITY_TYPE_OPEN}, //1
* {@link #SECURITY_TYPE_WPA2_PSK}, //2
* {@link #SECURITY_TYPE_WPA3_SAE}, //4
* {@link #SECURITY_TYPE_WPA3_OWE} //6
关于热点开启是如何走到 SoftApManager ,可以看下我之前对热点开启流程的分析:
Android11 热点开启大致流程:
(1)ConnectivityManager.startTethering (2)TetheringManager.startTethering(request, executor, tetheringCallback) (3)TetheringService.TetheringConnector.startTethering (4)Tethering.startTethering(request, listener); //方法名变化,使用null 对象开启热点 (5)WifiManager.startTetheredHotspot(null /* use existing softap config */) (6)WifiServiceImpl.startTetheredHotspot(@Nullable SoftApConfiguration softApConfig) //方法名再变化 (7)ActiveModeWarden.startSoftAp(apModeConfig); (8)ActiveModeManager.start(); ActiveModeManager manager = mWifiInjector.makeSoftApManager(listener, callback, softApConfig); listener.setActiveModeManager(manager); manager.start(); ActiveModeManager是接口类,会调用到SoftApManager.start() (9)SoftApManager.startSoftAp() (10)WifiNative.startSoftAp(mApInterfaceName, localConfigBuilder.build(), mSoftApListener) (11)HostapdHal.addAccessPoint(ifaceName, config, listener::onFailure) (12)根据硬件版本调用不同的接口实现:addAccessPoint_X_X
上面是Android11 上分析的代码逻辑,Android13 上应该是只有 HostapdHal 这个类不一样,其他流程是一样的。
需要设置系统 wpa3 相关 res属性 为true,如果不设置wap3 为true,是无法打开wpa3 热点的。
<!-- Wifi driver supports WPA3 Simultaneous Authentication of Equals (WPA3-SAE) for softap -->
<bool translatable="false" name="config_wifi_softap_sae_supported">true</bool> //默认false
简单来说,本文就是为了说这个属性设置为 true, 其他相关知识都是附带介绍的。
系统上层适配后,还是有点bug,其他设备无法连接分享的wpa3 热点,
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。