From f2b52be493c1864e3632103012a4dd446895f05c Mon Sep 17 00:00:00 2001
From: Hai Shalom <haishalom@google.com>
Date: Fri, 19 Jul 2019 10:54:19 -0700
Subject: [PATCH] Reject SUITE_B_192 network creation for non EAP-TLS

Reject creation of WPA3-Enterprise 192-bit network in Settings app if
the selected EAP method is not EAP-TLS, as mandated by the
specification.

Note that this is just a protection against invalid networks, a UI
change to prevent this in Settings will follow.

Bug: 135127581
Test: atest WifiConfigControllerTest
Test: Create invalid network, verify it is not saved
Change-Id: I2978c2c71a90433778b6187a986e3284e9095d41
---
 src/com/android/settings/wifi/WifiConfigController.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index dc84201132f..bb60f472d5d 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -678,6 +678,12 @@ public class WifiConfigController implements TextWatcher,
                 config.enterpriseConfig = new WifiEnterpriseConfig();
                 int eapMethod = mEapMethodSpinner.getSelectedItemPosition();
                 int phase2Method = mPhase2Spinner.getSelectedItemPosition();
+                if (mAccessPointSecurity == AccessPoint.SECURITY_EAP_SUITE_B) {
+                    if (eapMethod != WIFI_EAP_METHOD_TLS) {
+                        Log.e(TAG, "WPA3-Enterprise 192-bit EAP method must be EAP-TLS");
+                        return null;
+                    }
+                }
                 config.enterpriseConfig.setEapMethod(eapMethod);
                 switch (eapMethod) {
                     case Eap.PEAP: