diff options
Diffstat (limited to 'src/se')
45 files changed, 716 insertions, 206 deletions
diff --git a/src/se/leap/leapclient/AboutFragment.java b/src/se/leap/bitmaskclient/AboutFragment.java index 97cfb584..d751dc2f 100644 --- a/src/se/leap/leapclient/AboutFragment.java +++ b/src/se/leap/bitmaskclient/AboutFragment.java @@ -1,4 +1,4 @@ -package se.leap.leapclient; +package se.leap.bitmaskclient; import android.app.Fragment; import android.content.pm.PackageInfo; @@ -11,7 +11,7 @@ import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; import android.widget.TextView; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class AboutFragment extends Fragment { diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/bitmaskclient/ConfigHelper.java index 14b29787..97a62bb2 100644 --- a/src/se/leap/leapclient/ConfigHelper.java +++ b/src/se/leap/bitmaskclient/ConfigHelper.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -package se.leap.leapclient; +package se.leap.bitmaskclient; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -50,7 +50,6 @@ public class ConfigHelper { public static SharedPreferences shared_preferences; private static KeyStore keystore_trusted; - final public static String NG_1024 = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; final public static BigInteger G = new BigInteger("2"); @@ -178,6 +177,18 @@ public class ConfigHelper { shared_preferences_editor.remove(shared_preferences_key); return shared_preferences_editor.commit(); } + + public static boolean checkErroneousDownload(String downloaded_string) { + try { + if(new JSONObject(downloaded_string).has(ProviderAPI.ERRORS) || downloaded_string.isEmpty()) { + return true; + } else { + return false; + } + } catch(JSONException e) { + return false; + } + } /** * Treat the input as the MSB representation of a number, diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/bitmaskclient/ConfigurationWizard.java index dd9f4121..c03d7c9e 100644 --- a/src/se/leap/leapclient/ConfigurationWizard.java +++ b/src/se/leap/bitmaskclient/ConfigurationWizard.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
- package se.leap.leapclient;
+ package se.leap.bitmaskclient;
import java.io.IOException;
import java.util.Iterator;
@@ -22,9 +22,9 @@ import java.util.Iterator; import org.json.JSONException;
import org.json.JSONObject;
-import se.leap.leapclient.ProviderAPIResultReceiver.Receiver;
-import se.leap.leapclient.ProviderListContent.ProviderItem;
-import se.leap.leapclient.R;
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver;
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
import android.app.Activity;
import android.app.DialogFragment;
import android.app.Fragment;
@@ -124,8 +124,10 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn //Toast.makeText(this, getResources().getString(R.string.config_error_parsing), Toast.LENGTH_LONG);
setResult(RESULT_CANCELED, mConfigState);
}
- }
+ } else if(resultCode == ProviderAPI.INCORRECTLY_UPDATED_PROVIDER_DOT_JSON) {
+ String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);
+ showDownloadFailedDialog(getCurrentFocus(), reason_to_fail); mProgressDialog.dismiss();
setResult(RESULT_CANCELED, mConfigState);
}
@@ -142,8 +144,9 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn }
}
else if(resultCode == ProviderAPI.INCORRECTLY_DOWNLOADED_JSON_FILES) {
- //Toast.makeText(getApplicationContext(), R.string.incorrectly_downloaded_json_files_message, Toast.LENGTH_LONG).show();
- mProgressDialog.dismiss();
+ //Toast.makeText(getApplicationContext(), R.string.incorrectly_downloaded_json_files_message, Toast.LENGTH_LONG).show(); + String reason_to_fail = resultData.getString(ProviderAPI.ERRORS);
+ showDownloadFailedDialog(getCurrentFocus(), reason_to_fail); setResult(RESULT_CANCELED, mConfigState);
}
else if(resultCode == ProviderAPI.CORRECTLY_DOWNLOADED_CERTIFICATE) {
@@ -301,9 +304,8 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn /**
* Open the new provider dialog
- * @param view from which the dialog is showed
*/
- public void addAndSelectNewProvider(View view) {
+ public void addAndSelectNewProvider() {
FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();
Fragment previous_new_provider_dialog = getFragmentManager().findFragmentByTag(NewProviderDialog.TAG);
if (previous_new_provider_dialog != null) {
@@ -320,6 +322,25 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn * use it anonymously (if possible)
* or cancel his/her election pressing the back button.
* @param view
+ * @param reason_to_fail
+ */
+ public void showDownloadFailedDialog(View view, String reason_to_fail) {
+ FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();
+ Fragment previous_provider_details_dialog = getFragmentManager().findFragmentByTag(DownloadFailedDialog.TAG);
+ if (previous_provider_details_dialog != null) {
+ fragment_transaction.remove(previous_provider_details_dialog);
+ }
+ fragment_transaction.addToBackStack(null);
+
+ DialogFragment newFragment = DownloadFailedDialog.newInstance(reason_to_fail);
+ newFragment.show(fragment_transaction, DownloadFailedDialog.TAG);
+ }
+
+ /**
+ * Once selected a provider, this fragment offers the user to log in,
+ * use it anonymously (if possible)
+ * or cancel his/her election pressing the back button.
+ * @param view
*/
public void showProviderDetails(View view) {
FragmentTransaction fragment_transaction = getFragmentManager().beginTransaction();
@@ -380,6 +401,10 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn switch (item.getItemId()){
case R.id.about_leap:
showAboutFragment(getCurrentFocus());
+ return true;
+ case R.id.new_provider:
+ addAndSelectNewProvider();
+ return true;
default:
return super.onOptionsItemSelected(item);
}
diff --git a/src/se/leap/leapclient/Dashboard.java b/src/se/leap/bitmaskclient/Dashboard.java index 19d33a12..fd8d6be6 100644 --- a/src/se/leap/leapclient/Dashboard.java +++ b/src/se/leap/bitmaskclient/Dashboard.java @@ -14,14 +14,15 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; import org.apache.http.cookie.Cookie; import org.apache.http.impl.cookie.BasicClientCookie; import org.json.JSONException; import org.json.JSONObject; -import se.leap.leapclient.ProviderAPIResultReceiver.Receiver; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.ProviderAPIResultReceiver.Receiver; import se.leap.openvpn.MainActivity; import android.app.Activity; import android.app.AlertDialog; @@ -65,7 +66,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf private TextView providerNameTV; - private boolean authed = false; + private boolean authed_eip = false; public ProviderAPIResultReceiver providerAPI_result_receiver; @@ -74,10 +75,12 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf super.onCreate(savedInstanceState); app = this; - + + PRNGFixes.apply(); ConfigHelper.setSharedPreferences(getSharedPreferences(SHARED_PREFERENCES, MODE_PRIVATE)); preferences = ConfigHelper.shared_preferences; + authed_eip = ConfigHelper.getBoolFromSharedPref(EIP.AUTHED_EIP); if (ConfigHelper.getStringFromSharedPref(Provider.KEY).isEmpty()) startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP); else @@ -88,6 +91,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf protected void onActivityResult(int requestCode, int resultCode, Intent data){ if ( requestCode == CONFIGURE_LEAP ) { if ( resultCode == RESULT_OK ){ + ConfigHelper.saveSharedPref(EIP.AUTHED_EIP, authed_eip); startService( new Intent(EIP.ACTION_UPDATE_EIP_SERVICE) ); buildDashboard(); if(data != null && data.hasExtra(LogInDialog.VERB)) { @@ -156,7 +160,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf provider_json = ConfigHelper.getJsonFromSharedPref(Provider.KEY); JSONObject service_description = provider_json.getJSONObject(Provider.SERVICE); if(service_description.getBoolean(Provider.ALLOW_REGISTRATION)) { - if(authed) { + if(authed_eip) { menu.findItem(R.id.login_button).setVisible(false); menu.findItem(R.id.logout_button).setVisible(true); } else { @@ -312,7 +316,8 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf String session_id_cookie_key = resultData.getString(ProviderAPI.SESSION_ID_COOKIE_KEY); String session_id_string = resultData.getString(ProviderAPI.SESSION_ID_KEY); setResult(RESULT_OK); - authed = true; + authed_eip = true; + ConfigHelper.saveSharedPref(EIP.AUTHED_EIP, authed_eip); invalidateOptionsMenu(); //Cookie session_id = new BasicClientCookie(session_id_cookie_key, session_id_string); @@ -321,7 +326,8 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf mProgressDialog.dismiss(); logInDialog(getCurrentFocus(), resultData); } else if(resultCode == ProviderAPI.LOGOUT_SUCCESSFUL) { - authed = false; + authed_eip = false; + ConfigHelper.saveSharedPref(EIP.AUTHED_EIP, authed_eip); invalidateOptionsMenu(); setResult(RESULT_OK); mProgressDialog.dismiss(); diff --git a/src/se/leap/bitmaskclient/DownloadFailedDialog.java b/src/se/leap/bitmaskclient/DownloadFailedDialog.java new file mode 100644 index 00000000..3ce101a6 --- /dev/null +++ b/src/se/leap/bitmaskclient/DownloadFailedDialog.java @@ -0,0 +1,59 @@ +/** + * Copyright (c) 2013 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + package se.leap.bitmaskclient; + +import se.leap.bitmaskclient.R; +import android.app.AlertDialog; +import android.app.Dialog; +import android.app.DialogFragment; +import android.content.DialogInterface; +import android.os.Bundle; + +/** + * Implements a dialog to show why a download failed. + * + * @author parmegv + * + */ +public class DownloadFailedDialog extends DialogFragment { + + public static String TAG = "downloaded_failed_dialog"; + private String reason_to_fail; + /** + * @return a new instance of this DialogFragment. + */ + public static DialogFragment newInstance(String reason_to_fail) { + DownloadFailedDialog dialog_fragment = new DownloadFailedDialog(); + dialog_fragment.reason_to_fail = reason_to_fail; + return dialog_fragment; + } + + @Override + public Dialog onCreateDialog(Bundle savedInstanceState) { + AlertDialog.Builder builder = new AlertDialog.Builder(getActivity()); + + builder.setMessage(reason_to_fail) + .setPositiveButton(R.string.ok, new DialogInterface.OnClickListener() { + public void onClick(DialogInterface dialog, int id) { + dialog.dismiss(); + } + }); + + // Create the AlertDialog object and return it + return builder.create(); + } +} diff --git a/src/se/leap/leapclient/EIP.java b/src/se/leap/bitmaskclient/EIP.java index 0a537b4d..e059f1c1 100644 --- a/src/se/leap/leapclient/EIP.java +++ b/src/se/leap/bitmaskclient/EIP.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; import java.util.Collection; import java.util.HashMap; @@ -26,6 +26,7 @@ import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import se.leap.bitmaskclient.R; import se.leap.openvpn.ConfigParser; import se.leap.openvpn.ConfigParser.ConfigParseError; import se.leap.openvpn.LaunchVPN; @@ -60,6 +61,7 @@ public final class EIP extends IntentService { public final static String ACTION_START_EIP = "se.leap.leapclient.START_EIP"; public final static String ACTION_STOP_EIP = "se.leap.leapclient.STOP_EIP"; public final static String ACTION_UPDATE_EIP_SERVICE = "se.leap.leapclient.UPDATE_EIP_SERVICE"; + public final static String AUTHED_EIP = "authed_eip"; public final static String ACTION_IS_EIP_RUNNING = "se.leap.leapclient.IS_RUNNING"; public final static String EIP_NOTIFICATION = "EIP_NOTIFICATION"; public final static String ALLOWED_ANON = "allow_anonymous"; @@ -71,6 +73,7 @@ public final class EIP extends IntentService { public final static String RECEIVER_TAG = "receiverTag"; public final static String REQUEST_TAG = "requestTag"; + private static Context context; private static ResultReceiver mReceiver; private static OpenVpnService mVpnService; diff --git a/src/se/leap/leapclient/EipServiceFragment.java b/src/se/leap/bitmaskclient/EipServiceFragment.java index 628572b4..daf446a5 100644 --- a/src/se/leap/leapclient/EipServiceFragment.java +++ b/src/se/leap/bitmaskclient/EipServiceFragment.java @@ -1,5 +1,6 @@ -package se.leap.leapclient; +package se.leap.bitmaskclient; +import se.leap.bitmaskclient.R; import se.leap.openvpn.LogWindow; import se.leap.openvpn.OpenVPN; import se.leap.openvpn.OpenVPN.StateListener; diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/bitmaskclient/LeapHttpClient.java index 5dca31e9..837da236 100644 --- a/src/se/leap/leapclient/LeapHttpClient.java +++ b/src/se/leap/bitmaskclient/LeapHttpClient.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; import java.security.KeyStore; diff --git a/src/se/leap/leapclient/LeapSRPSession.java b/src/se/leap/bitmaskclient/LeapSRPSession.java index 5a78219b..14a8bff2 100644 --- a/src/se/leap/leapclient/LeapSRPSession.java +++ b/src/se/leap/bitmaskclient/LeapSRPSession.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; import java.io.UnsupportedEncodingException; import java.math.BigInteger; @@ -207,60 +207,63 @@ public class LeapSRPSession { */ public byte[] response(byte[] salt_bytes, byte[] Bbytes) throws NoSuchAlgorithmException { // Calculate x = H(s | H(U | ':' | password)) - byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes)); - this.x = new BigInteger(1, xb); + byte[] M1 = null; + if(new BigInteger(1, Bbytes).mod(new BigInteger(1, N_bytes)) != BigInteger.ZERO) { + byte[] xb = calculatePasswordHash(username, password, ConfigHelper.trim(salt_bytes)); + this.x = new BigInteger(1, xb); - // Calculate v = kg^x mod N - String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0"; - this.v = calculateV(k_string); + // Calculate v = kg^x mod N + String k_string = "bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0"; + this.v = calculateV(k_string); - // H(N) - byte[] digest_of_n = newDigest().digest(N_bytes); - - // H(g) - byte[] digest_of_g = newDigest().digest(params.g); - - // clientHash = H(N) xor H(g) - byte[] xor_digest = xor(digest_of_n, digest_of_g); - clientHash.update(xor_digest); - - // clientHash = H(N) xor H(g) | H(U) - byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes())); - username_digest = ConfigHelper.trim(username_digest); - clientHash.update(username_digest); - - // clientHash = H(N) xor H(g) | H(U) | s - clientHash.update(ConfigHelper.trim(salt_bytes)); - - K = null; + // H(N) + byte[] digest_of_n = newDigest().digest(N_bytes); - // clientHash = H(N) xor H(g) | H(U) | A - byte[] Abytes = ConfigHelper.trim(A.toByteArray()); - clientHash.update(Abytes); - - // clientHash = H(N) xor H(g) | H(U) | s | A | B - Bbytes = ConfigHelper.trim(Bbytes); - clientHash.update(Bbytes); - - // Calculate S = (B - kg^x) ^ (a + u * x) % N - BigInteger S = calculateS(Bbytes); - byte[] S_bytes = ConfigHelper.trim(S.toByteArray()); - - // K = SessionHash(S) - String hash_algorithm = params.hashAlgorithm; - MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm); - K = ConfigHelper.trim(sessionDigest.digest(S_bytes)); - - // clientHash = H(N) xor H(g) | H(U) | A | B | K - clientHash.update(K); - - byte[] M1 = ConfigHelper.trim(clientHash.digest()); - - // serverHash = Astr + M + K - serverHash.update(Abytes); - serverHash.update(M1); - serverHash.update(K); - + // H(g) + byte[] digest_of_g = newDigest().digest(params.g); + + // clientHash = H(N) xor H(g) + byte[] xor_digest = xor(digest_of_n, digest_of_g); + clientHash.update(xor_digest); + + // clientHash = H(N) xor H(g) | H(U) + byte[] username_digest = newDigest().digest(ConfigHelper.trim(username.getBytes())); + username_digest = ConfigHelper.trim(username_digest); + clientHash.update(username_digest); + + // clientHash = H(N) xor H(g) | H(U) | s + clientHash.update(ConfigHelper.trim(salt_bytes)); + + K = null; + + // clientHash = H(N) xor H(g) | H(U) | A + byte[] Abytes = ConfigHelper.trim(A.toByteArray()); + clientHash.update(Abytes); + + // clientHash = H(N) xor H(g) | H(U) | s | A | B + Bbytes = ConfigHelper.trim(Bbytes); + clientHash.update(Bbytes); + + // Calculate S = (B - kg^x) ^ (a + u * x) % N + BigInteger S = calculateS(Bbytes); + byte[] S_bytes = ConfigHelper.trim(S.toByteArray()); + + // K = SessionHash(S) + String hash_algorithm = params.hashAlgorithm; + MessageDigest sessionDigest = MessageDigest.getInstance(hash_algorithm); + K = ConfigHelper.trim(sessionDigest.digest(S_bytes)); + + // clientHash = H(N) xor H(g) | H(U) | A | B | K + clientHash.update(K); + + M1 = ConfigHelper.trim(clientHash.digest()); + + // serverHash = Astr + M + K + serverHash.update(Abytes); + serverHash.update(M1); + serverHash.update(K); + + } return M1; } diff --git a/src/se/leap/leapclient/LogInDialog.java b/src/se/leap/bitmaskclient/LogInDialog.java index 7dd1c732..3651e9ba 100644 --- a/src/se/leap/leapclient/LogInDialog.java +++ b/src/se/leap/bitmaskclient/LogInDialog.java @@ -14,9 +14,9 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; import android.R.color; import android.app.Activity; import android.app.AlertDialog; diff --git a/src/se/leap/leapclient/NewProviderDialog.java b/src/se/leap/bitmaskclient/NewProviderDialog.java index 5cb16f7d..f77cb6d4 100644 --- a/src/se/leap/leapclient/NewProviderDialog.java +++ b/src/se/leap/bitmaskclient/NewProviderDialog.java @@ -14,9 +14,9 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; import android.app.Activity; import android.app.AlertDialog; import android.app.Dialog; diff --git a/src/se/leap/bitmaskclient/PRNGFixes.java b/src/se/leap/bitmaskclient/PRNGFixes.java new file mode 100644 index 00000000..a046f01f --- /dev/null +++ b/src/se/leap/bitmaskclient/PRNGFixes.java @@ -0,0 +1,338 @@ +package se.leap.bitmaskclient; + +/* + * This software is provided 'as-is', without any express or implied + * warranty. In no event will Google be held liable for any damages + * arising from the use of this software. + * + * Permission is granted to anyone to use this software for any purpose, + * including commercial applications, and to alter it and redistribute it + * freely, as long as the origin is not misrepresented. + * + * Source: http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html + */ + +import android.os.Build; +import android.os.Process; +import android.util.Log; + +import java.io.ByteArrayOutputStream; +import java.io.DataInputStream; +import java.io.DataOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.io.UnsupportedEncodingException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.SecureRandomSpi; +import java.security.Security; + +/** + * Fixes for the output of the default PRNG having low entropy. + * + * The fixes need to be applied via {@link #apply()} before any use of Java + * Cryptography Architecture primitives. A good place to invoke them is in the + * application's {@code onCreate}. + */ +public final class PRNGFixes { + + private static final int VERSION_CODE_JELLY_BEAN = 16; + private static final int VERSION_CODE_JELLY_BEAN_MR2 = 18; + private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL = + getBuildFingerprintAndDeviceSerial(); + + /** Hidden constructor to prevent instantiation. */ + private PRNGFixes() {} + + /** + * Applies all fixes. + * + * @throws SecurityException if a fix is needed but could not be applied. + */ + public static void apply() { + applyOpenSSLFix(); + installLinuxPRNGSecureRandom(); + } + + /** + * Applies the fix for OpenSSL PRNG having low entropy. Does nothing if the + * fix is not needed. + * + * @throws SecurityException if the fix is needed but could not be applied. + */ + private static void applyOpenSSLFix() throws SecurityException { + if ((Build.VERSION.SDK_INT < VERSION_CODE_JELLY_BEAN) + || (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2)) { + // No need to apply the fix + return; + } + + try { + // Mix in the device- and invocation-specific seed. + Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto") + .getMethod("RAND_seed", byte[].class) + .invoke(null, generateSeed()); + + // Mix output of Linux PRNG into OpenSSL's PRNG + int bytesRead = (Integer) Class.forName( + "org.apache.harmony.xnet.provider.jsse.NativeCrypto") + .getMethod("RAND_load_file", String.class, long.class) + .invoke(null, "/dev/urandom", 1024); + if (bytesRead != 1024) { + throw new IOException( + "Unexpected number of bytes read from Linux PRNG: " + + bytesRead); + } + } catch (Exception e) { + throw new SecurityException("Failed to seed OpenSSL PRNG", e); + } + } + + /** + * Installs a Linux PRNG-backed {@code SecureRandom} implementation as the + * default. Does nothing if the implementation is already the default or if + * there is not need to install the implementation. + * + * @throws SecurityException if the fix is needed but could not be applied. + */ + private static void installLinuxPRNGSecureRandom() + throws SecurityException { + if (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2) { + // No need to apply the fix + return; + } + + // Install a Linux PRNG-based SecureRandom implementation as the + // default, if not yet installed. + Provider[] secureRandomProviders = + Security.getProviders("SecureRandom.SHA1PRNG"); + if ((secureRandomProviders == null) + || (secureRandomProviders.length < 1) + || (!LinuxPRNGSecureRandomProvider.class.equals( + secureRandomProviders[0].getClass()))) { + Security.insertProviderAt(new LinuxPRNGSecureRandomProvider(), 1); + } + + // Assert that new SecureRandom() and + // SecureRandom.getInstance("SHA1PRNG") return a SecureRandom backed + // by the Linux PRNG-based SecureRandom implementation. + SecureRandom rng1 = new SecureRandom(); + if (!LinuxPRNGSecureRandomProvider.class.equals( + rng1.getProvider().getClass())) { + throw new SecurityException( + "new SecureRandom() backed by wrong Provider: " + + rng1.getProvider().getClass()); + } + + SecureRandom rng2; + try { + rng2 = SecureRandom.getInstance("SHA1PRNG"); + } catch (NoSuchAlgorithmException e) { + throw new SecurityException("SHA1PRNG not available", e); + } + if (!LinuxPRNGSecureRandomProvider.class.equals( + rng2.getProvider().getClass())) { + throw new SecurityException( + "SecureRandom.getInstance(\"SHA1PRNG\") backed by wrong" + + " Provider: " + rng2.getProvider().getClass()); + } + } + + /** + * {@code Provider} of {@code SecureRandom} engines which pass through + * all requests to the Linux PRNG. + */ + private static class LinuxPRNGSecureRandomProvider extends Provider { + + public LinuxPRNGSecureRandomProvider() { + super("LinuxPRNG", + 1.0, + "A Linux-specific random number provider that uses" + + " /dev/urandom"); + // Although /dev/urandom is not a SHA-1 PRNG, some apps + // explicitly request a SHA1PRNG SecureRandom and we thus need to + // prevent them from getting the default implementation whose output + // may have low entropy. + put("SecureRandom.SHA1PRNG", LinuxPRNGSecureRandom.class.getName()); + put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); + } + } + + /** + * {@link SecureRandomSpi} which passes all requests to the Linux PRNG + * ({@code /dev/urandom}). + */ + public static class LinuxPRNGSecureRandom extends SecureRandomSpi { + + /* + * IMPLEMENTATION NOTE: Requests to generate bytes and to mix in a seed + * are passed through to the Linux PRNG (/dev/urandom). Instances of + * this class seed themselves by mixing in the current time, PID, UID, + * build fingerprint, and hardware serial number (where available) into + * Linux PRNG. + * + * Concurrency: Read requests to the underlying Linux PRNG are + * serialized (on sLock) to ensure that multiple threads do not get + * duplicated PRNG output. + */ + + private static final File URANDOM_FILE = new File("/dev/urandom"); + + private static final Object sLock = new Object(); + + /** + * Input stream for reading from Linux PRNG or {@code null} if not yet + * opened. + * + * @GuardedBy("sLock") + */ + private static DataInputStream sUrandomIn; + + /** + * Output stream for writing to Linux PRNG or {@code null} if not yet + * opened. + * + * @GuardedBy("sLock") + */ + private static OutputStream sUrandomOut; + + /** + * Whether this engine instance has been seeded. This is needed because + * each instance needs to seed itself if the client does not explicitly + * seed it. + */ + private boolean mSeeded; + + @Override + protected void engineSetSeed(byte[] bytes) { + try { + OutputStream out; + synchronized (sLock) { + out = getUrandomOutputStream(); + } + out.write(bytes); + out.flush(); + } catch (IOException e) { + // On a small fraction of devices /dev/urandom is not writable. + // Log and ignore. + Log.w(PRNGFixes.class.getSimpleName(), + "Failed to mix seed into " + URANDOM_FILE); + } finally { + mSeeded = true; + } + } + + @Override + protected void engineNextBytes(byte[] bytes) { + if (!mSeeded) { + // Mix in the device- and invocation-specific seed. + engineSetSeed(generateSeed()); + } + + try { + DataInputStream in; + synchronized (sLock) { + in = getUrandomInputStream(); + } + synchronized (in) { + in.readFully(bytes); + } + } catch (IOException e) { + throw new SecurityException( + "Failed to read from " + URANDOM_FILE, e); + } + } + + @Override + protected byte[] engineGenerateSeed(int size) { + byte[] seed = new byte[size]; + engineNextBytes(seed); + return seed; + } + + private DataInputStream getUrandomInputStream() { + synchronized (sLock) { + if (sUrandomIn == null) { + // NOTE: Consider inserting a BufferedInputStream between + // DataInputStream and FileInputStream if you need higher + // PRNG output performance and can live with future PRNG + // output being pulled into this process prematurely. + try { + sUrandomIn = new DataInputStream( + new FileInputStream(URANDOM_FILE)); + } catch (IOException e) { + throw new SecurityException("Failed to open " + + URANDOM_FILE + " for reading", e); + } + } + return sUrandomIn; + } + } + + private OutputStream getUrandomOutputStream() throws IOException { + synchronized (sLock) { + if (sUrandomOut == null) { + sUrandomOut = new FileOutputStream(URANDOM_FILE); + } + return sUrandomOut; + } + } + } + + /** + * Generates a device- and invocation-specific seed to be mixed into the + * Linux PRNG. + */ + private static byte[] generateSeed() { + try { + ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream(); + DataOutputStream seedBufferOut = + new DataOutputStream(seedBuffer); + seedBufferOut.writeLong(System.currentTimeMillis()); + seedBufferOut.writeLong(System.nanoTime()); + seedBufferOut.writeInt(Process.myPid()); + seedBufferOut.writeInt(Process.myUid()); + seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL); + seedBufferOut.close(); + return seedBuffer.toByteArray(); + } catch (IOException e) { + throw new SecurityException("Failed to generate seed", e); + } + } + + /** + * Gets the hardware serial number of this device. + * + * @return serial number or {@code null} if not available. + */ + private static String getDeviceSerialNumber() { + // We're using the Reflection API because Build.SERIAL is only available + // since API Level 9 (Gingerbread, Android 2.3). + try { + return (String) Build.class.getField("SERIAL").get(null); + } catch (Exception ignored) { + return null; + } + } + + private static byte[] getBuildFingerprintAndDeviceSerial() { + StringBuilder result = new StringBuilder(); + String fingerprint = Build.FINGERPRINT; + if (fingerprint != null) { + result.append(fingerprint); + } + String serial = getDeviceSerialNumber(); + if (serial != null) { + result.append(serial); + } + try { + return result.toString().getBytes("UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException("UTF-8 encoding not supported"); + } + } +} diff --git a/src/se/leap/leapclient/Provider.java b/src/se/leap/bitmaskclient/Provider.java index 2846ea60..e462829f 100644 --- a/src/se/leap/leapclient/Provider.java +++ b/src/se/leap/bitmaskclient/Provider.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ -package se.leap.leapclient; +package se.leap.bitmaskclient; import java.io.Serializable; import java.util.Arrays; diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java index 2170478b..6ed3a294 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/bitmaskclient/ProviderAPI.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ - package se.leap.leapclient; + package se.leap.bitmaskclient; import java.io.DataOutputStream; import java.io.FileNotFoundException; @@ -57,8 +57,10 @@ import org.apache.http.client.ClientProtocolException; import org.jboss.security.srp.SRPParameters; import org.json.JSONException; import org.json.JSONObject; +import org.json.JSONStringer; -import se.leap.leapclient.ProviderListContent.ProviderItem; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.ProviderListContent.ProviderItem; import android.app.IntentService; import android.content.Intent; import android.os.Bundle; @@ -127,14 +129,8 @@ public class ProviderAPI extends IntentService { CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER) ); } - private void displayToast(final int toast_string_id) { - mHandler.post(new Runnable() { - - @Override - public void run() { - Toast.makeText(ProviderAPI.this, toast_string_id, Toast.LENGTH_LONG).show(); - } - }); + private String formatErrorMessage(final int toast_string_id) { + return "{ \"" + ERRORS + "\" : \""+getResources().getString(toast_string_id)+"\" }"; } @Override @@ -144,10 +140,11 @@ public class ProviderAPI extends IntentService { Bundle parameters = command.getBundleExtra(PARAMETERS); if(action.equalsIgnoreCase(DOWNLOAD_JSON_FILES_BUNDLE_EXTRA)) { - if(!downloadJsonFiles(parameters)) { - receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY); - } else { + Bundle result = downloadJsonFiles(parameters); + if(result.getBoolean(RESULT_KEY)) { receiver.send(CORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY); + } else { + receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, result); } } else if(action.equalsIgnoreCase(UPDATE_PROVIDER_DOTJSON)) { Bundle result = updateProviderDotJSON(parameters); @@ -161,7 +158,7 @@ public class ProviderAPI extends IntentService { if(result.getBoolean(RESULT_KEY)) { receiver.send(CORRECTLY_UPDATED_PROVIDER_DOT_JSON, result); } else { - receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY); + receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, result); } } else if (action.equalsIgnoreCase(SRP_AUTH)) { Bundle session_id_bundle = authenticateBySRP(parameters); @@ -190,28 +187,53 @@ public class ProviderAPI extends IntentService { * @param task * @return true if eip-service.json was parsed as a JSON object correctly. */ - private boolean downloadJsonFiles(Bundle task) { + private Bundle downloadJsonFiles(Bundle task) { + Bundle result = new Bundle(); String cert_url = task.getString(Provider.CA_CERT); String eip_service_json_url = task.getString(EIP.KEY); boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON); try { String cert_string = downloadWithCommercialCA(cert_url, danger_on); - if(cert_string.isEmpty()) return false; - X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string); - cert_string = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); - ConfigHelper.saveSharedPref(Provider.CA_CERT, "-----BEGIN CERTIFICATE-----\n"+cert_string+"-----END CERTIFICATE-----"); - - String eip_service_string = downloadWithCommercialCA(eip_service_json_url, danger_on); - ConfigHelper.saveSharedPref(EIP.KEY, new JSONObject(eip_service_string)); - - return true; + + if(ConfigHelper.checkErroneousDownload(cert_string)) { + JSONObject possible_errors = new JSONObject(cert_string); + String reason_to_fail = ""; + if(cert_string.isEmpty()) + reason_to_fail = "Empty certificate downloaded"; + else + reason_to_fail = possible_errors.getString(ERRORS); + result.putString(ERRORS, reason_to_fail); + result.putBoolean(RESULT_KEY, false); + } else { + X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string); + cert_string = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); + ConfigHelper.saveSharedPref(Provider.CA_CERT, "-----BEGIN CERTIFICATE-----\n"+cert_string+"-----END CERTIFICATE-----"); + } } catch (JSONException e) { - return false; + e.printStackTrace(); + result.putBoolean(RESULT_KEY, false); } catch (CertificateException e) { // TODO Auto-generated catch block e.printStackTrace(); - return false; + result.putBoolean(RESULT_KEY, false); + } + + try { + String eip_service_string = downloadWithCommercialCA(eip_service_json_url, danger_on); + JSONObject eip_service_json = new JSONObject(eip_service_string); + if(eip_service_json.has(ERRORS)) { + String reason_to_fail = eip_service_json.getString(ERRORS); + result.putString(ERRORS, reason_to_fail); + result.putBoolean(RESULT_KEY, false); + } + else ConfigHelper.saveSharedPref(EIP.KEY, eip_service_json); + + result.putBoolean(RESULT_KEY, true); + } catch (JSONException e) { + result.putBoolean(RESULT_KEY, false); } + + return result; } /** @@ -237,6 +259,7 @@ public class ProviderAPI extends IntentService { String salt = saltAndB.getString(LeapSRPSession.SALT); byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray(); byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes); + if(M1 != null) { JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1); if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) { session_id_bundle.putBoolean(RESULT_KEY, true); @@ -245,6 +268,11 @@ public class ProviderAPI extends IntentService { session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message)); session_id_bundle.putString(LogInDialog.USERNAME, username); } + } else { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putString(LogInDialog.USERNAME, username); + session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message)); + } } else { session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message)); session_id_bundle.putString(LogInDialog.USERNAME, username); @@ -451,12 +479,18 @@ public class ProviderAPI extends IntentService { result.putBoolean(RESULT_KEY, false); } else { JSONObject provider_json = new JSONObject(provider_dot_json_string); - ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)); + if(provider_json.has(ERRORS)) { + String reason_to_fail = provider_json.getString(ERRORS); + result.putString(ERRORS, reason_to_fail); + result.putBoolean(RESULT_KEY, false); + } else { + ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)); - //ProviderListContent.addItem(new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on)); - result.putBoolean(RESULT_KEY, true); - result.putString(Provider.KEY, provider_json.toString()); - result.putBoolean(ProviderItem.DANGER_ON, danger_on); + //ProviderListContent.addItem(new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on)); + result.putBoolean(RESULT_KEY, true); + result.putString(Provider.KEY, provider_json.toString()); + result.putBoolean(ProviderItem.DANGER_ON, danger_on); + } } } catch (JSONException e) { result.putBoolean(RESULT_KEY, false); @@ -486,19 +520,26 @@ public class ProviderAPI extends IntentService { } else { JSONObject provider_json = new JSONObject(provider_json_string); - ConfigHelper.saveSharedPref(Provider.KEY, provider_json); - ConfigHelper.saveSharedPref(ProviderItem.DANGER_ON, danger_on); - ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)); - ProviderItem added_provider = new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on); - ProviderListContent.addItem(added_provider); - - result.putString(Provider.NAME, added_provider.getName()); - result.putBoolean(RESULT_KEY, true); - result.putString(Provider.KEY, provider_json.toString()); - result.putBoolean(ProviderItem.DANGER_ON, danger_on); + if(provider_json.has(ERRORS)) { + String reason_to_fail = provider_json.getString(ERRORS); + result.putString(ERRORS, reason_to_fail); + result.putBoolean(RESULT_KEY, false); + } else { + ConfigHelper.saveSharedPref(Provider.KEY, provider_json); + ConfigHelper.saveSharedPref(ProviderItem.DANGER_ON, danger_on); + ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)); + ProviderItem added_provider = new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on); + ProviderListContent.addItem(added_provider); + + result.putString(Provider.NAME, added_provider.getName()); + result.putBoolean(RESULT_KEY, true); + result.putString(Provider.KEY, provider_json.toString()); + result.putBoolean(ProviderItem.DANGER_ON, danger_on); + } } } catch (JSONException e) { result.putBoolean(RESULT_KEY, false); + result.putString(ERRORS, "Corrupt download"); } return result; @@ -524,17 +565,14 @@ public class ProviderAPI extends IntentService { url_connection.setConnectTimeout(seconds_of_timeout*1000); json_file_content = new Scanner(url_connection.getInputStream()).useDelimiter("\\A").next(); } catch (MalformedURLException e) { - displayToast(R.string.malformed_url); + json_file_content = formatErrorMessage(R.string.malformed_url); } catch(SocketTimeoutException e) { - displayToast(R.string.server_is_down_message); - } catch (FileNotFoundException e) { - e.printStackTrace(); - displayToast(R.string.server_is_down_message); + json_file_content = formatErrorMessage(R.string.server_is_down_message); } catch (IOException e) { if(provider_url != null) { json_file_content = downloadWithProviderCA(provider_url, danger_on); } else { - displayToast(R.string.certificate_error); + json_file_content = formatErrorMessage(R.string.certificate_error); } } catch (Exception e) { if(provider_url != null && danger_on) { @@ -546,7 +584,7 @@ public class ProviderAPI extends IntentService { } /** - * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. + * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. * @param url * @param danger_on true to download CA certificate in case it has not been downloaded. * @return an empty string if it fails, the url content if not. @@ -564,16 +602,13 @@ public class ProviderAPI extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } catch (UnknownHostException e) { - displayToast(R.string.server_is_down_message); - } catch (FileNotFoundException e) { - e.printStackTrace(); - displayToast(R.string.server_is_down_message); + json_file_content = formatErrorMessage(R.string.server_is_down_message); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. if(danger_on) { json_file_content = downloadWithoutCA(url); } else { - displayToast(R.string.certificate_error); + json_file_content = formatErrorMessage(R.string.certificate_error); } } catch (KeyStoreException e) { // TODO Auto-generated catch block @@ -649,11 +684,11 @@ public class ProviderAPI extends IntentService { System.out.println("String ignoring certificate = " + string); } catch (FileNotFoundException e) { e.printStackTrace(); - displayToast(R.string.server_is_down_message); + string = formatErrorMessage(R.string.server_is_down_message); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. e.printStackTrace(); - displayToast(R.string.certificate_error); + string = formatErrorMessage(R.string.certificate_error); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); @@ -733,32 +768,40 @@ public class ProviderAPI extends IntentService { boolean danger_on = ConfigHelper.getBoolFromSharedPref(ProviderItem.DANGER_ON); String cert_string = downloadWithCommercialCA(new_cert_string_url, danger_on); if(!cert_string.isEmpty()) { - // API returns concatenated cert & key. Split them for OpenVPN options - String certificateString = null, keyString = null; - String[] certAndKey = cert_string.split("(?<=-\n)"); - for (int i=0; i < certAndKey.length-1; i++){ - if ( certAndKey[i].contains("KEY") ) { - keyString = certAndKey[i++] + certAndKey[i]; + if(ConfigHelper.checkErroneousDownload(cert_string)) { + String reason_to_fail = provider_json.getString(ERRORS); + //result.putString(ConfigHelper.ERRORS_KEY, reason_to_fail); + //result.putBoolean(ConfigHelper.RESULT_KEY, false); + return false; + } else { + + // API returns concatenated cert & key. Split them for OpenVPN options + String certificateString = null, keyString = null; + String[] certAndKey = cert_string.split("(?<=-\n)"); + for (int i=0; i < certAndKey.length-1; i++){ + if ( certAndKey[i].contains("KEY") ) { + keyString = certAndKey[i++] + certAndKey[i]; + } + else if ( certAndKey[i].contains("CERTIFICATE") ) { + certificateString = certAndKey[i++] + certAndKey[i]; + } } - else if ( certAndKey[i].contains("CERTIFICATE") ) { - certificateString = certAndKey[i++] + certAndKey[i]; + try { + RSAPrivateKey keyCert = ConfigHelper.parseRsaKeyFromString(keyString); + keyString = Base64.encodeToString( keyCert.getEncoded(), Base64.DEFAULT ); + ConfigHelper.saveSharedPref(EIP.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----"); + + X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString); + certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); + ConfigHelper.saveSharedPref(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----"); + + return true; + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return false; } } - try { - RSAPrivateKey keyCert = ConfigHelper.parseRsaKeyFromString(keyString); - keyString = Base64.encodeToString( keyCert.getEncoded(), Base64.DEFAULT ); - ConfigHelper.saveSharedPref(EIP.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----"); - - X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString); - certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); - ConfigHelper.saveSharedPref(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----"); - - return true; - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; - } } else { return false; } diff --git a/src/se/leap/leapclient/ProviderAPIResultReceiver.java b/src/se/leap/bitmaskclient/ProviderAPIResultReceiver.java index d82484c8..7b256124 100644 --- a/src/se/leap/leapclient/ProviderAPIResultReceiver.java +++ b/src/se/leap/bitmaskclient/ProviderAPIResultReceiver.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
- package se.leap.leapclient;
+ package se.leap.bitmaskclient;
import android.os.Bundle;
import android.os.Handler;
diff --git a/src/se/leap/leapclient/ProviderDetailFragment.java b/src/se/leap/bitmaskclient/ProviderDetailFragment.java index e7af140a..4006a76c 100644 --- a/src/se/leap/leapclient/ProviderDetailFragment.java +++ b/src/se/leap/bitmaskclient/ProviderDetailFragment.java @@ -1,9 +1,10 @@ -package se.leap.leapclient;
+package se.leap.bitmaskclient;
import org.json.JSONException;
import org.json.JSONObject;
-import se.leap.leapclient.ProviderListContent.ProviderItem;
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
import android.app.Activity;
import android.app.AlertDialog;
diff --git a/src/se/leap/leapclient/ProviderListContent.java b/src/se/leap/bitmaskclient/ProviderListContent.java index 6cd92430..940a594d 100644 --- a/src/se/leap/leapclient/ProviderListContent.java +++ b/src/se/leap/bitmaskclient/ProviderListContent.java @@ -14,7 +14,7 @@ * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
- package se.leap.leapclient;
+ package se.leap.bitmaskclient;
import java.io.IOException;
import java.io.InputStream;
diff --git a/src/se/leap/leapclient/ProviderListFragment.java b/src/se/leap/bitmaskclient/ProviderListFragment.java index 2fca20e2..82c4bdc8 100644 --- a/src/se/leap/leapclient/ProviderListFragment.java +++ b/src/se/leap/bitmaskclient/ProviderListFragment.java @@ -14,9 +14,10 @@ * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
- package se.leap.leapclient;
+ package se.leap.bitmaskclient;
-import se.leap.leapclient.ProviderListContent.ProviderItem;
+import se.leap.bitmaskclient.R;
+import se.leap.bitmaskclient.ProviderListContent.ProviderItem;
import android.app.Activity;
import android.app.ListFragment;
import android.os.Bundle;
diff --git a/src/se/leap/openvpn/ConfigConverter.java b/src/se/leap/openvpn/ConfigConverter.java index 8b5f316d..3c6bf91e 100644 --- a/src/se/leap/openvpn/ConfigConverter.java +++ b/src/se/leap/openvpn/ConfigConverter.java @@ -9,7 +9,8 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.util.List; import java.util.Vector; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.Activity; import android.app.AlertDialog; diff --git a/src/se/leap/openvpn/FaqFragment.java b/src/se/leap/openvpn/FaqFragment.java index 2b9f02eb..dc498087 100644 --- a/src/se/leap/openvpn/FaqFragment.java +++ b/src/se/leap/openvpn/FaqFragment.java @@ -8,7 +8,7 @@ import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; import android.widget.TextView; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class FaqFragment extends Fragment { diff --git a/src/se/leap/openvpn/FileSelect.java b/src/se/leap/openvpn/FileSelect.java index 4abf6c31..4b88e7a7 100644 --- a/src/se/leap/openvpn/FileSelect.java +++ b/src/se/leap/openvpn/FileSelect.java @@ -6,7 +6,8 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.ActionBar; import android.app.ActionBar.Tab; diff --git a/src/se/leap/openvpn/FileSelectLayout.java b/src/se/leap/openvpn/FileSelectLayout.java index 2ca4490d..ec5f3636 100644 --- a/src/se/leap/openvpn/FileSelectLayout.java +++ b/src/se/leap/openvpn/FileSelectLayout.java @@ -10,7 +10,7 @@ import android.view.View.OnClickListener; import android.widget.Button; import android.widget.LinearLayout; import android.widget.TextView; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class FileSelectLayout extends LinearLayout implements OnClickListener { diff --git a/src/se/leap/openvpn/FileSelectionFragment.java b/src/se/leap/openvpn/FileSelectionFragment.java index 5bc981fe..80cb2c62 100644 --- a/src/se/leap/openvpn/FileSelectionFragment.java +++ b/src/se/leap/openvpn/FileSelectionFragment.java @@ -5,7 +5,8 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.TreeMap; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.AlertDialog; import android.app.ListFragment; diff --git a/src/se/leap/openvpn/GeneralSettings.java b/src/se/leap/openvpn/GeneralSettings.java index 34657914..93e4818e 100644 --- a/src/se/leap/openvpn/GeneralSettings.java +++ b/src/se/leap/openvpn/GeneralSettings.java @@ -1,6 +1,7 @@ package se.leap.openvpn; import java.io.File; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.os.Bundle; import android.preference.Preference; diff --git a/src/se/leap/openvpn/InlineFileTab.java b/src/se/leap/openvpn/InlineFileTab.java index 40995ceb..9e8041c0 100644 --- a/src/se/leap/openvpn/InlineFileTab.java +++ b/src/se/leap/openvpn/InlineFileTab.java @@ -9,7 +9,7 @@ import android.view.MenuItem; import android.view.View; import android.view.ViewGroup; import android.widget.EditText; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class InlineFileTab extends Fragment { diff --git a/src/se/leap/openvpn/LaunchVPN.java b/src/se/leap/openvpn/LaunchVPN.java index 73003c7e..89f2d372 100644 --- a/src/se/leap/openvpn/LaunchVPN.java +++ b/src/se/leap/openvpn/LaunchVPN.java @@ -20,9 +20,9 @@ import java.io.IOException; import java.util.Collection; import java.util.Vector; -import se.leap.leapclient.ConfigHelper; -import se.leap.leapclient.EIP; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.ConfigHelper; +import se.leap.bitmaskclient.EIP; +import se.leap.bitmaskclient.R; import android.app.Activity; import android.app.AlertDialog; diff --git a/src/se/leap/openvpn/LogWindow.java b/src/se/leap/openvpn/LogWindow.java index abd1acd6..c3ce8424 100644 --- a/src/se/leap/openvpn/LogWindow.java +++ b/src/se/leap/openvpn/LogWindow.java @@ -1,7 +1,8 @@ package se.leap.openvpn; import java.util.Vector; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.AlertDialog; import android.app.AlertDialog.Builder; diff --git a/src/se/leap/openvpn/MainActivity.java b/src/se/leap/openvpn/MainActivity.java index d33fd832..0a769b4d 100644 --- a/src/se/leap/openvpn/MainActivity.java +++ b/src/se/leap/openvpn/MainActivity.java @@ -1,7 +1,8 @@ package se.leap.openvpn; import java.util.List; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.content.Intent; import android.preference.PreferenceActivity; diff --git a/src/se/leap/openvpn/NetworkSateReceiver.java b/src/se/leap/openvpn/NetworkSateReceiver.java index 301803b6..777402b4 100644 --- a/src/se/leap/openvpn/NetworkSateReceiver.java +++ b/src/se/leap/openvpn/NetworkSateReceiver.java @@ -8,7 +8,7 @@ import android.net.ConnectivityManager; import android.net.NetworkInfo;
import android.net.NetworkInfo.State;
import android.preference.PreferenceManager;
-import se.leap.leapclient.R;
+import se.leap.bitmaskclient.R;
public class NetworkSateReceiver extends BroadcastReceiver {
private int lastNetwork=-1;
diff --git a/src/se/leap/openvpn/OpenVPN.java b/src/se/leap/openvpn/OpenVPN.java index 3ffc47cb..d7d17b4f 100644 --- a/src/se/leap/openvpn/OpenVPN.java +++ b/src/se/leap/openvpn/OpenVPN.java @@ -3,11 +3,13 @@ package se.leap.openvpn; import java.util.LinkedList; import java.util.Locale; import java.util.Vector; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.content.Context; import android.os.Build; +import android.util.Log; public class OpenVPN { @@ -56,6 +58,7 @@ public class OpenVPN { public LogItem(String message) { + mMessage = message; } @@ -112,7 +115,7 @@ public class OpenVPN { synchronized static void logMessage(int level,String prefix, String message) { newlogItem(new LogItem(prefix + message)); - + Log.d("OpenVPN log item", message); } synchronized static void clearLog() { diff --git a/src/se/leap/openvpn/OpenVPNThread.java b/src/se/leap/openvpn/OpenVPNThread.java index 3f9a0d91..0c383ab0 100644 --- a/src/se/leap/openvpn/OpenVPNThread.java +++ b/src/se/leap/openvpn/OpenVPNThread.java @@ -7,7 +7,8 @@ import java.io.IOException; import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.LinkedList;
-import se.leap.leapclient.R;
+
+import se.leap.bitmaskclient.R;
import android.util.Log;
import se.leap.openvpn.OpenVPN.LogItem;
diff --git a/src/se/leap/openvpn/OpenVpnManagementThread.java b/src/se/leap/openvpn/OpenVpnManagementThread.java index 43d4f701..78ce5a2b 100644 --- a/src/se/leap/openvpn/OpenVpnManagementThread.java +++ b/src/se/leap/openvpn/OpenVpnManagementThread.java @@ -17,7 +17,8 @@ import javax.crypto.BadPaddingException; import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
-import se.leap.leapclient.R;
+
+import se.leap.bitmaskclient.R;
import android.content.SharedPreferences;
import android.net.LocalServerSocket;
@@ -181,7 +182,6 @@ public class OpenVpnManagementThread implements Runnable { String cmd = parts[0].substring(1);
String argument = parts[1];
-
if(cmd.equals("INFO")) {
// Ignore greeting from mgmt
//logStatusMessage(command);
@@ -272,13 +272,14 @@ public class OpenVpnManagementThread implements Runnable { private void processState(String argument) {
String[] args = argument.split(",",3);
String currentstate = args[1];
+ Log.d("OpenVPN log", argument);
if(args[2].equals(",,"))
OpenVPN.updateStateString(currentstate,"");
else
OpenVPN.updateStateString(currentstate,args[2]);
}
-
+ private static int repeated_byte_counts = 0;
private void processByteCount(String argument) {
// >BYTECOUNT:{BYTES_IN},{BYTES_OUT}
int comma = argument.indexOf(',');
@@ -287,7 +288,10 @@ public class OpenVpnManagementThread implements Runnable { long diffin = in - mLastIn;
long diffout = out - mLastOut;
-
+ if(diffin == 0 && diffout == 0)
+ repeated_byte_counts++;
+ if(repeated_byte_counts > 3)
+ Log.d("OpenVPN log", "Repeated byte count = " + repeated_byte_counts);
mLastIn=in;
mLastOut=out;
@@ -329,7 +333,8 @@ public class OpenVpnManagementThread implements Runnable { mOpenVPNService.setDomain(extra);
} else if (needed.equals("ROUTE")) {
String[] routeparts = extra.split(" ");
- mOpenVPNService.addRoute(routeparts[0], routeparts[1]);
+ if(!mOpenVPNService.isRunning()) // We cannot add routes to an existing openvpn session
+ mOpenVPNService.addRoute(routeparts[0], routeparts[1]);
} else if (needed.equals("ROUTE6")) {
mOpenVPNService.addRoutev6(extra);
} else if (needed.equals("IFCONFIG")) {
diff --git a/src/se/leap/openvpn/OpenVpnPreferencesFragment.java b/src/se/leap/openvpn/OpenVpnPreferencesFragment.java index 31746332..190a48fe 100644 --- a/src/se/leap/openvpn/OpenVpnPreferencesFragment.java +++ b/src/se/leap/openvpn/OpenVpnPreferencesFragment.java @@ -2,7 +2,7 @@ package se.leap.openvpn; import android.os.Bundle;
import android.preference.PreferenceFragment;
-import se.leap.leapclient.R;
+import se.leap.bitmaskclient.R;
public abstract class OpenVpnPreferencesFragment extends PreferenceFragment {
diff --git a/src/se/leap/openvpn/OpenVpnService.java b/src/se/leap/openvpn/OpenVpnService.java index 47f9ca44..bec7dcee 100644 --- a/src/se/leap/openvpn/OpenVpnService.java +++ b/src/se/leap/openvpn/OpenVpnService.java @@ -5,8 +5,8 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.util.Vector; -import se.leap.leapclient.Dashboard; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.Dashboard; +import se.leap.bitmaskclient.R; import android.annotation.TargetApi; import android.app.Notification; diff --git a/src/se/leap/openvpn/ProxyDetection.java b/src/se/leap/openvpn/ProxyDetection.java index 7114857d..c7b3d196 100644 --- a/src/se/leap/openvpn/ProxyDetection.java +++ b/src/se/leap/openvpn/ProxyDetection.java @@ -8,7 +8,8 @@ import java.net.SocketAddress; import java.net.URISyntaxException; import java.net.URL; import java.util.List; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; public class ProxyDetection { static SocketAddress detectProxy(VpnProfile vp) { diff --git a/src/se/leap/openvpn/Settings_Authentication.java b/src/se/leap/openvpn/Settings_Authentication.java index 00f4c08a..7824d790 100644 --- a/src/se/leap/openvpn/Settings_Authentication.java +++ b/src/se/leap/openvpn/Settings_Authentication.java @@ -11,7 +11,7 @@ import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; import android.preference.Preference.OnPreferenceClickListener; import android.preference.SwitchPreference; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class Settings_Authentication extends OpenVpnPreferencesFragment implements OnPreferenceChangeListener, OnPreferenceClickListener { diff --git a/src/se/leap/openvpn/Settings_Basic.java b/src/se/leap/openvpn/Settings_Basic.java index f3510da9..014c71a1 100644 --- a/src/se/leap/openvpn/Settings_Basic.java +++ b/src/se/leap/openvpn/Settings_Basic.java @@ -39,8 +39,8 @@ import android.widget.EditText; import android.widget.Spinner; import android.widget.TextView; import android.widget.ToggleButton; -import se.leap.leapclient.R.id; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.R.id; public class Settings_Basic extends Fragment implements View.OnClickListener, OnItemSelectedListener, Callback { private static final int CHOOSE_FILE_OFFSET = 1000; diff --git a/src/se/leap/openvpn/Settings_IP.java b/src/se/leap/openvpn/Settings_IP.java index df2efb40..bb605937 100644 --- a/src/se/leap/openvpn/Settings_IP.java +++ b/src/se/leap/openvpn/Settings_IP.java @@ -6,7 +6,7 @@ import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; import android.preference.PreferenceManager; import android.preference.SwitchPreference; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class Settings_IP extends OpenVpnPreferencesFragment implements OnPreferenceChangeListener { private EditTextPreference mIPv4; diff --git a/src/se/leap/openvpn/Settings_Obscure.java b/src/se/leap/openvpn/Settings_Obscure.java index ffbce971..6ba98606 100644 --- a/src/se/leap/openvpn/Settings_Obscure.java +++ b/src/se/leap/openvpn/Settings_Obscure.java @@ -6,7 +6,7 @@ import android.preference.EditTextPreference; import android.preference.ListPreference; import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPreferenceChangeListener { private CheckBoxPreference mUseRandomHostName; diff --git a/src/se/leap/openvpn/Settings_Routing.java b/src/se/leap/openvpn/Settings_Routing.java index 48c09ff0..3cbdac0f 100644 --- a/src/se/leap/openvpn/Settings_Routing.java +++ b/src/se/leap/openvpn/Settings_Routing.java @@ -4,7 +4,7 @@ import android.preference.CheckBoxPreference; import android.preference.EditTextPreference; import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class Settings_Routing extends OpenVpnPreferencesFragment implements OnPreferenceChangeListener { diff --git a/src/se/leap/openvpn/ShowConfigFragment.java b/src/se/leap/openvpn/ShowConfigFragment.java index 9bce67a6..194f87d4 100644 --- a/src/se/leap/openvpn/ShowConfigFragment.java +++ b/src/se/leap/openvpn/ShowConfigFragment.java @@ -10,7 +10,7 @@ import android.view.MenuItem; import android.view.View; import android.view.ViewGroup; import android.widget.TextView; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.R; public class ShowConfigFragment extends Fragment { diff --git a/src/se/leap/openvpn/VPNLaunchHelper.java b/src/se/leap/openvpn/VPNLaunchHelper.java index 59303748..418cf7e9 100644 --- a/src/se/leap/openvpn/VPNLaunchHelper.java +++ b/src/se/leap/openvpn/VPNLaunchHelper.java @@ -4,7 +4,8 @@ import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.content.Context; import android.content.Intent; diff --git a/src/se/leap/openvpn/VPNPreferences.java b/src/se/leap/openvpn/VPNPreferences.java index 81d854ce..e3052050 100644 --- a/src/se/leap/openvpn/VPNPreferences.java +++ b/src/se/leap/openvpn/VPNPreferences.java @@ -1,7 +1,8 @@ package se.leap.openvpn; import java.util.List; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.AlertDialog; import android.content.DialogInterface; diff --git a/src/se/leap/openvpn/VPNProfileList.java b/src/se/leap/openvpn/VPNProfileList.java index a7132c9e..0ef611df 100644 --- a/src/se/leap/openvpn/VPNProfileList.java +++ b/src/se/leap/openvpn/VPNProfileList.java @@ -3,7 +3,8 @@ package se.leap.openvpn; import java.util.Collection; import java.util.Comparator; import java.util.TreeSet; -import se.leap.leapclient.R; + +import se.leap.bitmaskclient.R; import android.app.Activity; import android.app.AlertDialog; diff --git a/src/se/leap/openvpn/VpnProfile.java b/src/se/leap/openvpn/VpnProfile.java index 5752081a..41cf574b 100644 --- a/src/se/leap/openvpn/VpnProfile.java +++ b/src/se/leap/openvpn/VpnProfile.java @@ -21,10 +21,10 @@ import java.util.Vector; import org.spongycastle.util.io.pem.PemObject; import org.spongycastle.util.io.pem.PemWriter; -import se.leap.leapclient.ConfigHelper; -import se.leap.leapclient.EIP; -import se.leap.leapclient.Provider; -import se.leap.leapclient.R; +import se.leap.bitmaskclient.ConfigHelper; +import se.leap.bitmaskclient.EIP; +import se.leap.bitmaskclient.Provider; +import se.leap.bitmaskclient.R; import android.content.Context; import android.content.Intent; @@ -50,7 +50,7 @@ public class VpnProfile implements Serializable{ public static final int TYPE_USERPASS_KEYSTORE = 7; // Don't change this, not all parts of the program use this constant - public static final String EXTRA_PROFILEUUID = "se.leap.leapclient.profileUUID"; // TODO this feels wrong. See Issue #1494 + public static final String EXTRA_PROFILEUUID = "se.leap.bitmaskclient.profileUUID"; // TODO this feels wrong. See Issue #1494 public static final String INLINE_TAG = "[[INLINE]]"; private static final String OVPNCONFIGFILE = "android.conf"; @@ -108,7 +108,7 @@ public class VpnProfile implements Serializable{ public String mKeyPassword=""; public boolean mPersistTun = false; public String mConnectRetryMax="5"; - public String mConnectRetry="5"; + public String mConnectRetry="10"; public boolean mUserEditable=true; static final String MINIVPN = "miniopenvpn"; @@ -211,7 +211,7 @@ public class VpnProfile implements Serializable{ cfg+="connect-retry-max " + mConnectRetryMax+ "\n"; if(mConnectRetry==null) - mConnectRetry="5"; + mConnectRetry="10"; cfg+="connect-retry " + mConnectRetry + "\n"; |