Improve IKEv2/IPsec VPN by proposing more IKE algorithms
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IKE library. Those new algorithms have stronger
security guarantees and better performance.
It also improves the cooperability with
NordVpn. Previously, IKEv2/IPsec VPN only proposes PRF-HMAC-SHA1
and PRF-AES128-XCBC. NordVpn always prefer PRF-AES128-XCBC over
PRF-HMAC-SHA1 for security reasons, but few NordVpn servers have
broken PRF-AES128-XCBC support which will cause VPN setup to fail.
Proposing more PRFs can reduce the chance of selecting a broken
algorithms.
This commit also switches to use IKE library defined constants
Bug: 185265778
Test: atest FrameworksNetTests, CtsIkeTestCases
Test: new algorithms are manually tested
Change-Id: Id0983d4b73691b153ee0f1cf3bf63b215098a29a
1 file changed