Add support for Certificates from Keystore under Jelly Beans (Thanks Kenny Root for the right pointers)

Move jniglue/minivpn files to more sensitive places

5 files changed, 124 insertions, 1 deletions

diff --git a/jni/Android.mk b/jni/Android.mk
index ff17b27b..761fa005 100644
--- a/jni/Android.mk
+++ b/jni/Android.mk
@@ -1,9 +1,31 @@
 # Path of the sources
-CURRENT_DIR := $(call my-dir)
 
+JNI_DIR := $(call my-dir)
 
 include lzo/Android.mk
 
 include openssl/Android.mk
 
 include openvpn/Android.mk
+
+
+LOCAL_PATH := $(JNI_DIR)
+
+# The only real JNI library
+include $(CLEAR_VARS)
+LOCAL_LDLIBS := -llog 
+LOCAL_C_INCLUDES := openssl/include openssl/crypto openssl 
+LOCAL_SRC_FILES:= jniglue.c jbcrypto.cpp
+LOCAL_MODULE = opvpnutil
+LOCAL_STATIC_LIBRARIES :=  libcrypto_static
+include $(BUILD_SHARED_LIBRARY)
+
+
+
+include $(CLEAR_VARS)
+LOCAL_LDLIBS := -llog 
+LOCAL_SRC_FILES:= minivpn.c 
+LOCAL_MODULE = minivp
+LOCAL_SHARED_LIBRARIES=openvpn
+include $(BUILD_EXECUTABLE)
+
diff --git a/jni/jbcrypto.cpp b/jni/jbcrypto.cpp
new file mode 100644
index 00000000..0c56b974
--- /dev/null
+++ b/jni/jbcrypto.cpp
@@ -0,0 +1,67 @@
+//
+//  JBCyrpto.cpp
+//  xcopenvpn
+//
+//  Created by Arne Schwabe on 12.07.12.
+//  Copyright (c) 2012 Universität Paderborn. All rights reserved.
+//
+
+#include <jni.h>
+
+#include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/md5.h>
+
+extern "C" {
+jbyteArray Java_de_blinkt_openvpn_OpenVpnManagementThread_rsasign(JNIEnv* env, jclass, jbyteArray from, jint pkeyRef);
+}
+
+
+jbyteArray Java_de_blinkt_openvpn_OpenVpnManagementThread_rsasign(JNIEnv* env, jclass, jbyteArray from, jint pkeyRef) {
+
+	//	EVP_MD_CTX* ctx = reinterpret_cast<EVP_MD_CTX*>(ctxRef);
+	EVP_PKEY* pkey = reinterpret_cast<EVP_PKEY*>(pkeyRef);
+
+
+	if (pkey == NULL || from == NULL) {
+		jniThrowException(env, "java/lang/NullPointerException", "EVP_KEY is null");
+		return NULL;
+	}
+
+	jbyte* data =  env-> GetByteArrayElements (from, NULL);
+	int  datalen = env-> GetArrayLength(from);
+
+	if(data==NULL || datalen == )
+
+		unsigned int siglen;
+	unsigned char* sigret = (unsigned char*)malloc(RSA_size(pkey->pkey.rsa));
+
+
+	//int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+	//           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+	// adapted from s3_clnt.c
+	if (RSA_sign(NID_md5_sha1, (unsigned char*) data, datalen,
+			sigret, &siglen, pkey->pkey.rsa) <= 0 )
+	{
+
+		ERR_print_errors(errbio);
+		jniThrowException(env, "java/security/InvalidKeyException", "rsa_sign went wrong, see logcat");
+
+		ERR_print_errors_fp(stderr);
+		return NULL;
+
+
+	}
+
+
+	jbyteArray jb;
+
+	jb =env->NewByteArray(siglen);
+
+	env->SetByteArrayRegion(jb, 0, siglen, (jbyte *) sigret);
+	free(sigret);
+	return jb;
+
+}
diff --git a/jni/jniglue.c b/jni/jniglue.c
new file mode 100644
index 00000000..82b54d16
--- /dev/null
+++ b/jni/jniglue.c
@@ -0,0 +1,22 @@
+#include <jni.h>
+#include <android/log.h>
+#include <stdlib.h>
+#include <setjmp.h>
+
+#include "jniglue.h"
+
+jint JNI_OnLoad(JavaVM *vm, void *reserved) {
+    __android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Loading openvpn native library $id$ compiled on "   __DATE__ " " __TIME__ );
+    return JNI_VERSION_1_2;
+}
+
+
+void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1)
+{
+    __android_log_print(ANDROID_LOG_DEBUG,"openvpn","%s%s%s",prefix,prefix_sep,m1);
+}
+
+void Java_de_blinkt_openvpn_OpenVpnManagementThread_jniclose(JNIEnv *env,jclass jo, jint fd) {
+	int ret = close(fd);
+}
+
diff --git a/jni/jniglue.h b/jni/jniglue.h
new file mode 100644
index 00000000..a86d52da
--- /dev/null
+++ b/jni/jniglue.h
@@ -0,0 +1,12 @@
+//
+//  jniglue.h
+//  xcopenvpn
+//
+//  Created by Arne Schwabe on 29.03.12.
+//  Copyright (c) 2012 Universität Paderborn. All rights reserved.
+//
+
+#ifndef xcopenvpn_jniglue_h
+#define xcopenvpn_jniglue_h
+void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1);
+#endif
diff --git a/jni/minivpn.c b/jni/minivpn.c
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/jni/minivpn.c