Fix support for ed25519 private VPN keys, add signing capabilities for ed25519 in VpnProfile, so that such a key can be passed with OpenVPNs management-external-key option on runtime

author: cyBerta <cyberta@riseup.net> 2024-12-07 03:09:01 +0100
committer: cyberta <cyberta@riseup.net> 2024-12-11 00:09:34 +0000
commit: 3bcba785be239093ee469fd99efb197ca1d1f246 (patch)
tree: b05ffe4eb72afceca8d6651a3ff91399332a1ed1 /app/src/main/java/de/blinkt
parent: bf75f3824596f53f0c6e9a2cfb3629da905b59d1 (diff)
2 files changed, 16 insertions, 6 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 511893d7..9e71939b 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -43,6 +43,7 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.Signature;
 import java.security.SignatureException;
@@ -475,7 +476,11 @@ public class VpnProfile implements Serializable, Cloneable {
                 // Client Cert + Key
                 cfg.append(insertFileData("cert", mClientCertFilename));
                 mPrivateKey = ProviderObservable.getInstance().getCurrentProvider().getPrivateKey();
-                cfg.append("management-external-key nopadding pkcs1 pss digest\n");
+                if (mPrivateKey.getAlgorithm().equalsIgnoreCase("RSA")) {
+                    cfg.append("management-external-key nopadding pkcs1 pss digest\n");
+                } else {
+                    cfg.append("management-external-key\n");
+                }
 
                 break;
             case VpnProfile.TYPE_USERPASS_PKCS12:
@@ -1280,7 +1285,9 @@ public class VpnProfile implements Serializable, Cloneable {
                 return signed_bytes;
             }
         } catch
-        (NoSuchAlgorithmException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchPaddingException | SignatureException | InvalidAlgorithmParameterException
+        (NoSuchAlgorithmException | InvalidKeyException | IllegalBlockSizeException |
+         BadPaddingException | NoSuchPaddingException | SignatureException |
+         InvalidAlgorithmParameterException | NoSuchProviderException
                         e) {
             VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage());
             return null;
@@ -1326,11 +1333,13 @@ public class VpnProfile implements Serializable, Cloneable {
         return hashtype;
     }
 
-    private byte[] doDigestSign(PrivateKey privkey, byte[] data, OpenVPNManagement.SignaturePadding padding, String hashalg, String saltlen) throws SignatureException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
+    private byte[] doDigestSign(PrivateKey privkey, byte[] data, OpenVPNManagement.SignaturePadding padding, String hashalg, String saltlen) throws SignatureException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchProviderException {
         /* RSA */
         Signature sig = null;
 
-        if (privkey.getAlgorithm().equals("EC")) {
+        if (privkey.getAlgorithm().equals("Ed25519")) {
+            sig = Signature.getInstance("Ed25519", "BC");
+        } else if (privkey.getAlgorithm().equals("EC")) {
             if (hashalg.equals(""))
                 hashalg = "NONE";
             /* e.g. SHA512withECDSA */
diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
index 88b933eb..a4b5e3be 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java
@@ -272,12 +272,13 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement {
     }
 
     private void processCommand(String command) {
-        //Log.i(TAG, "Line from managment" + command);
+        Log.i(TAG, "Line from managment " + command);
 
         if (command.startsWith(">") && command.contains(":")) {
             String[] parts = command.split(":", 2);
             String cmd = parts[0].substring(1);
             String argument = parts[1];
+            Log.d(">>>>", "CMD: "+ cmd + "argument: " + argument);
 
 
             switch (cmd) {
@@ -735,7 +736,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement {
         String[] arguments = argument.split(",");
 
         // NC9t8IkYrjAQcCzc85zN0H5TvwfAUDwYkR4j2ga6fGw=,RSA_PKCS1_PSS_PADDING,hashalg=SHA256,saltlen=digest
-
+        // ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFRMUyAxLjMsIGNsaWVudCBIoXJ0aWZpY2F0ZVZlcmlmeQCvvTk69HvSHUhM27ghCCSgzHds1Bdsm4MyVGxlgDIJbnDj+G5Y1YxXajqy6E/G1GA=,ED25519,data=message
 
         SignaturePadding padding = SignaturePadding.NO_PADDING;
         String saltlen="";
author	cyBerta <cyberta@riseup.net>	2024-12-07 03:09:01 +0100
committer	cyberta <cyberta@riseup.net>	2024-12-11 00:09:34 +0000
commit	3bcba785be239093ee469fd99efb197ca1d1f246 (patch)
tree	b05ffe4eb72afceca8d6651a3ff91399332a1ed1 /app/src/main/java/de/blinkt
parent	bf75f3824596f53f0c6e9a2cfb3629da905b59d1 (diff)