Merge "Improve IKEv2/IPsec VPN by proposing more IPsec algorithms"
diff --git a/tests/unit/java/android/net/Ikev2VpnProfileTest.java b/tests/unit/java/android/net/Ikev2VpnProfileTest.java
index 1abd39a..0707ef3 100644
--- a/tests/unit/java/android/net/Ikev2VpnProfileTest.java
+++ b/tests/unit/java/android/net/Ikev2VpnProfileTest.java
@@ -29,8 +29,8 @@
import androidx.test.runner.AndroidJUnit4;
import com.android.internal.net.VpnProfile;
-import com.android.net.module.util.ProxyUtils;
import com.android.internal.org.bouncycastle.x509.X509V1CertificateGenerator;
+import com.android.net.module.util.ProxyUtils;
import org.junit.Before;
import org.junit.Test;
@@ -170,7 +170,10 @@
final Ikev2VpnProfile.Builder builder = getBuilderWithDefaultOptions();
builder.setAuthPsk(PSK_BYTES);
- List<String> allowedAlgorithms = Arrays.asList(IpSecAlgorithm.AUTH_CRYPT_AES_GCM);
+ List<String> allowedAlgorithms =
+ Arrays.asList(
+ IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
+ IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305);
builder.setAllowedAlgorithms(allowedAlgorithms);
final Ikev2VpnProfile profile = builder.build();
@@ -183,7 +186,12 @@
builder.setAuthPsk(PSK_BYTES);
List<String> allowedAlgorithms =
- Arrays.asList(IpSecAlgorithm.AUTH_HMAC_SHA512, IpSecAlgorithm.CRYPT_AES_CBC);
+ Arrays.asList(
+ IpSecAlgorithm.AUTH_HMAC_SHA512,
+ IpSecAlgorithm.AUTH_AES_XCBC,
+ IpSecAlgorithm.AUTH_AES_CMAC,
+ IpSecAlgorithm.CRYPT_AES_CBC,
+ IpSecAlgorithm.CRYPT_AES_CTR);
builder.setAllowedAlgorithms(allowedAlgorithms);
final Ikev2VpnProfile profile = builder.build();
diff --git a/tests/unit/java/com/android/internal/net/VpnProfileTest.java b/tests/unit/java/com/android/internal/net/VpnProfileTest.java
index 46597d1..cb0f071 100644
--- a/tests/unit/java/com/android/internal/net/VpnProfileTest.java
+++ b/tests/unit/java/com/android/internal/net/VpnProfileTest.java
@@ -23,7 +23,6 @@
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
import android.net.IpSecAlgorithm;
@@ -97,6 +96,7 @@
p.setAllowedAlgorithms(
Arrays.asList(
IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
+ IpSecAlgorithm.AUTH_CRYPT_CHACHA20_POLY1305,
IpSecAlgorithm.AUTH_HMAC_SHA512,
IpSecAlgorithm.CRYPT_AES_CBC));
p.isBypassable = true;
@@ -126,30 +126,6 @@
}
@Test
- public void testSetInvalidAlgorithmValueDelimiter() {
- final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
-
- try {
- profile.setAllowedAlgorithms(
- Arrays.asList("test" + VpnProfile.VALUE_DELIMITER + "test"));
- fail("Expected failure due to value separator in algorithm name");
- } catch (IllegalArgumentException expected) {
- }
- }
-
- @Test
- public void testSetInvalidAlgorithmListDelimiter() {
- final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
-
- try {
- profile.setAllowedAlgorithms(
- Arrays.asList("test" + VpnProfile.LIST_DELIMITER + "test"));
- fail("Expected failure due to value separator in algorithm name");
- } catch (IllegalArgumentException expected) {
- }
- }
-
- @Test
public void testEncodeDecode() {
final VpnProfile profile = getSampleIkev2Profile(DUMMY_PROFILE_KEY);
final VpnProfile decoded = VpnProfile.decode(DUMMY_PROFILE_KEY, profile.encode());