diff options
| author | 2020-05-01 06:20:58 +0000 | |
|---|---|---|
| committer | 2020-05-01 06:20:58 +0000 | |
| commit | 075da89ba91832537f1d77990523930f8e366aed (patch) | |
| tree | 631aa0c5682d55071450e1a7ebc7d3e9f95f4b24 | |
| parent | 75c82108f61dcf64c00feb4633448670645d79ec (diff) | |
| parent | cf7744dc1e2707ff2f25aa572428fea329c2d95e (diff) | |
Merge "Update MODP groups for IKEv2/IPsec VPNs" into rvc-dev
| -rw-r--r-- | services/core/java/com/android/server/connectivity/VpnIkev2Utils.java | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java b/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java index 228966cbee5b..103f659cc258 100644 --- a/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java +++ b/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java @@ -17,7 +17,6 @@ package com.android.server.connectivity; import static android.net.ConnectivityManager.NetworkCallback; -import static android.net.ipsec.ike.SaProposal.DH_GROUP_1024_BIT_MODP; import static android.net.ipsec.ike.SaProposal.DH_GROUP_2048_BIT_MODP; import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_CBC; import static android.net.ipsec.ike.SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12; @@ -85,6 +84,12 @@ import java.util.List; public class VpnIkev2Utils { private static final String TAG = VpnIkev2Utils.class.getSimpleName(); + // TODO: Use IKE library exposed constants when @SystemApi is updated. + /** IANA-defined 3072 group for use in IKEv2 */ + private static final int DH_GROUP_3072_BIT_MODP = 15; + /** IANA-defined 4096 group for use in IKEv2 */ + private static final int DH_GROUP_4096_BIT_MODP = 16; + static IkeSessionParams buildIkeSessionParams( @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) { final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity()); @@ -177,8 +182,9 @@ public class VpnIkev2Utils { // Add dh, prf for both builders for (final IkeSaProposal.Builder builder : Arrays.asList(normalModeBuilder, aeadBuilder)) { + builder.addDhGroup(DH_GROUP_4096_BIT_MODP); + builder.addDhGroup(DH_GROUP_3072_BIT_MODP); builder.addDhGroup(DH_GROUP_2048_BIT_MODP); - builder.addDhGroup(DH_GROUP_1024_BIT_MODP); builder.addPseudorandomFunction(PSEUDORANDOM_FUNCTION_AES128_XCBC); builder.addPseudorandomFunction(PSEUDORANDOM_FUNCTION_HMAC_SHA1); } |