This commit adds support for validating and filtering IPsec algorithms.
Without a public API exposing IKEv2 algorithms (and their respective
public APIs), the allowedAlgorithms can only filter the proposals for
IPsec (Child) SA algorithms.
Additionally, this removes the HMAC_SHA1 from the IKE SA's integrity
algorithm proposals due to insecurity
Bug: 153701879
Test: FrameworksNetTests passing, new tests added
Change-Id: I7e61a1612692db275b751330af5bacbf86836a8c
This commit allows the startLegacyVpn() call to start Platform VPN
profiles, allowing Settings to use the IKEv2/IPsec VPN options
When using an aliased private key, the
Ikev2VpnProfile.KEYSTORE_ALIAS_PREFIX must be prepended to the front of
the alias. This will in turn result in the fromVpnProfile() function to
pull the key from the KeyStore, as opposed to the inline-key that the
VpnManager API uses.
Bug: 148991741
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested
Change-Id: Icbca695c353b2e12e99305676404dbf1a4495949
This change adds configuration classes for Platform VPNs, with the
extensibility for further platform VPNs to be added in future.
Profile validity is checked upon construction, and upon changing
conversion from VpnProfile instances. Internal storage and method calls
all use VpnProfiles to allow for reuse of existing infrastructure.
However, when Platform VPN implementations are started, the internal
VpnProfile will be converted back into the respective
PlatformVpnProfile for validity checking.
Bug: 143325939
Test: Compiles, FrameworksNetTests passing.
Change-Id: I3c375fb08c132fc062e893c375f5c36460122162
