From c89fd2f73f8a84f9ef7742e39476a9645e6d3863 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 1 Feb 2018 15:30:39 +0100 Subject: #8832 add all ics-openvpn code changes --- app/src/main/java/de/blinkt/openvpn/LaunchVPN.java | 24 +---- .../main/java/de/blinkt/openvpn/VpnProfile.java | 117 ++++++++++++++------- .../java/de/blinkt/openvpn/core/ConfigParser.java | 5 +- .../blinkt/openvpn/core/ICSOpenVPNApplication.java | 2 +- .../de/blinkt/openvpn/core/OpenVPNService.java | 49 +++++---- .../java/de/blinkt/openvpn/core/OpenVPNThread.java | 5 +- .../openvpn/core/OpenVpnManagementThread.java | 19 ++-- .../de/blinkt/openvpn/core/VPNLaunchHelper.java | 1 - .../de/blinkt/openvpn/fragments/LogFragment.java | 1 - 9 files changed, 130 insertions(+), 93 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn') diff --git a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java index 0c3f20fb..4fff3071 100644 --- a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -5,47 +5,27 @@ package de.blinkt.openvpn; -import se.leap.bitmaskclient.R; - -import se.leap.bitmaskclient.R; - -import android.annotation.SuppressLint; import android.annotation.TargetApi; import android.app.Activity; import android.app.AlertDialog; import android.content.ActivityNotFoundException; -import android.content.ComponentName; -import android.content.Context; import android.content.DialogInterface; import android.content.DialogInterface.OnClickListener; import android.content.Intent; -import android.content.ServiceConnection; import android.content.SharedPreferences; import android.net.VpnService; import android.os.Build; import android.os.Bundle; -import android.os.IBinder; -import android.os.RemoteException; -import android.preference.PreferenceManager; -import android.text.InputType; -import android.text.TextUtils; -import android.text.method.PasswordTransformationMethod; -import android.view.View; -import android.widget.CheckBox; -import android.widget.CompoundButton; -import android.widget.EditText; import java.io.IOException; import de.blinkt.openvpn.activities.LogWindow; import de.blinkt.openvpn.core.ConnectionStatus; -import de.blinkt.openvpn.core.IServiceStatus; -import de.blinkt.openvpn.core.OpenVPNStatusService; -import de.blinkt.openvpn.core.PasswordCache; import de.blinkt.openvpn.core.Preferences; import de.blinkt.openvpn.core.ProfileManager; import de.blinkt.openvpn.core.VPNLaunchHelper; import de.blinkt.openvpn.core.VpnStatus; +import se.leap.bitmaskclient.R; /** * This Activity actually handles two stages of a launcher shortcut's life cycle. @@ -134,7 +114,7 @@ public class LaunchVPN extends Activity { } @Override - protected void onActivityResult (int requestCode, int resultCode, Intent data) { + protected void onActivityResult(int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); if(requestCode==START_VPN_PROFILE) { diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index aa25da48..1d6f41cd 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -5,6 +5,8 @@ package de.blinkt.openvpn; +import de.blinkt.openvpn.core.Preferences; +import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import android.annotation.SuppressLint; @@ -36,6 +38,8 @@ import java.lang.reflect.Method; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.Signature; +import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -182,7 +186,6 @@ public class VpnProfile implements Serializable, Cloneable { public boolean mUseUdp = true; - public VpnProfile(String name) { mUuid = UUID.randomUUID(); mName = name; @@ -282,30 +285,42 @@ public class VpnProfile implements Serializable, Cloneable { } + + public static boolean doUseOpenVPN3(Context c) { + SharedPreferences prefs = Preferences.getDefaultSharedPreferences(c); + boolean useOpenVPN3 = prefs.getBoolean("ovpn3", false); + if ("noovpn3".equals(BuildConfig.FLAVOR)) + useOpenVPN3 = false; + return useOpenVPN3; + } + public String getConfigFile(Context context, boolean configForOvpn3) { File cacheDir = context.getCacheDir(); String cfg = ""; - // Enable management interface - cfg += "# Enables connection to GUI\n"; - cfg += "management "; - - cfg += cacheDir.getAbsolutePath() + "/" + "mgmtsocket"; - cfg += " unix\n"; - cfg += "management-client\n"; - // Not needed, see updated man page in 2.3 - //cfg += "management-signal\n"; - cfg += "management-query-passwords\n"; - cfg += "management-hold\n\n"; - if (!configForOvpn3) { + // Enable management interface + cfg += "# Config for OpenVPN 2.x\n"; + cfg += "# Enables connection to GUI\n"; + cfg += "management "; + + cfg += cacheDir.getAbsolutePath() + "/" + "mgmtsocket"; + cfg += " unix\n"; + cfg += "management-client\n"; + // Not needed, see updated man page in 2.3 + //cfg += "management-signal\n"; + cfg += "management-query-passwords\n"; + cfg += "management-hold\n\n"; + cfg += String.format("setenv IV_GUI_VER %s \n", openVpnEscape(getVersionEnvString(context))); - String versionString = String.format(Locale.US, "%d %s %s %s %s %s", Build.VERSION.SDK_INT, Build.VERSION.RELEASE, - NativeUtils.getNativeAPI(), Build.BRAND, Build.BOARD, Build.MODEL); + String versionString = getPlatformVersionEnvString(); cfg += String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString)); + } else { + cfg += "# Config for OpeNVPN 3 C++\n"; } + cfg += "machine-readable-output\n"; cfg += "allow-recursive-routing\n"; @@ -418,8 +433,7 @@ public class VpnProfile implements Serializable, Cloneable { cfg += insertFileData("ca", mCaFilename); } - if (isUserPWAuth()) - { + if (isUserPWAuth()) { if (mAuthenticationType == AUTH_RETRY_NOINTERACT) cfg += "auth-retry nointeract"; } @@ -456,7 +470,7 @@ public class VpnProfile implements Serializable, Cloneable { if (!TextUtils.isEmpty(mIPv6Address)) { // Use our own ip as gateway since we ignore it anyway String fakegw = mIPv6Address.split("/", 2)[0]; - cfg += "ifconfig-ipv6 " + mIPv6Address + " " + fakegw +"\n"; + cfg += "ifconfig-ipv6 " + mIPv6Address + " " + fakegw + "\n"; } } @@ -490,16 +504,12 @@ public class VpnProfile implements Serializable, Cloneable { if (mOverrideDNS || !mUsePull) { if (!TextUtils.isEmpty(mDNS1)) { - if (mDNS1.contains(":")) - cfg += "dhcp-option DNS6 " + mDNS1 + "\n"; - else - cfg += "dhcp-option DNS " + mDNS1 + "\n"; - } if (!TextUtils.isEmpty(mDNS2)) { - if (mDNS2.contains(":")) - cfg += "dhcp-option DNS6 " + mDNS2 + "\n"; - else - cfg += "dhcp-option DNS " + mDNS2 + "\n"; - } if (!TextUtils.isEmpty(mSearchDomain)) + cfg += "dhcp-option DNS " + mDNS1 + "\n"; + } + if (!TextUtils.isEmpty(mDNS2)) { + cfg += "dhcp-option DNS " + mDNS2 + "\n"; + } + if (!TextUtils.isEmpty(mSearchDomain)) cfg += "dhcp-option DOMAIN " + mSearchDomain + "\n"; } @@ -511,9 +521,8 @@ public class VpnProfile implements Serializable, Cloneable { cfg += "mssfix\n"; } - if (mTunMtu >= 48 && mTunMtu != 1500) - { - cfg+= String.format(Locale.US, "tun-mtu %d\n", mTunMtu); + if (mTunMtu >= 48 && mTunMtu != 1500) { + cfg += String.format(Locale.US, "tun-mtu %d\n", mTunMtu); } if (mNobind) @@ -580,7 +589,7 @@ public class VpnProfile implements Serializable, Cloneable { SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context); boolean usesystemproxy = prefs.getBoolean("usesystemproxy", true); - if (usesystemproxy && !mIsOpenVPN22) { + if (usesystemproxy && !mIsOpenVPN22 && !configForOvpn3) { cfg += "# Use system proxy setting\n"; cfg += "management-query-proxy\n"; } @@ -609,6 +618,11 @@ public class VpnProfile implements Serializable, Cloneable { return cfg; } + public String getPlatformVersionEnvString() { + return String.format(Locale.US, "%d %s %s %s %s %s", Build.VERSION.SDK_INT, Build.VERSION.RELEASE, + NativeUtils.getNativeAPI(), Build.BRAND, Build.BOARD, Build.MODEL); + } + public String getVersionEnvString(Context c) { String version = "unknown"; try { @@ -907,12 +921,12 @@ public class VpnProfile implements Serializable, Cloneable { if (mAuthenticationType == TYPE_KEYSTORE || mAuthenticationType == TYPE_USERPASS_KEYSTORE) { if (mAlias == null) return R.string.no_keystore_cert_selected; - } else if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES){ + } else if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) { if (TextUtils.isEmpty(mCaFilename)) return R.string.no_ca_cert_selected; } - if (mCheckRemoteCN && mX509AuthType==X509_VERIFY_TLSREMOTE) + if (mCheckRemoteCN && mX509AuthType == X509_VERIFY_TLSREMOTE) return R.string.deprecated_tls_remote; if (!mUsePull || mAuthenticationType == TYPE_STATICKEYS) { @@ -948,6 +962,15 @@ public class VpnProfile implements Serializable, Cloneable { if (noRemoteEnabled) return R.string.remote_no_server_selected; + if (doUseOpenVPN3(context)) { + if (mAuthenticationType == TYPE_STATICKEYS) { + return R.string.openvpn3_nostatickeys; + } + if (mAuthenticationType == TYPE_PKCS12 || mAuthenticationType == TYPE_USERPASS_PKCS12) { + return R.string.openvpn3_pkcs12; + } + } + // Everything okay return R.string.no_error_found; @@ -1068,7 +1091,7 @@ public class VpnProfile implements Serializable, Cloneable { return mPrivateKey; } - public String getSignedData(String b64data) { + public String getSignedData(String b64data, boolean ecdsa) { PrivateKey privkey = getKeystoreKey(); byte[] data = Base64.decode(b64data, Base64.DEFAULT); @@ -1081,19 +1104,33 @@ public class VpnProfile implements Serializable, Cloneable { try { + @SuppressLint("GetInstance") + String keyalgorithm = privkey.getAlgorithm(); + + byte[] signed_bytes; + if (keyalgorithm.equals("EC")) { + Signature signer = Signature.getInstance("NONEwithECDSA"); + + signer.initSign(privkey); + signer.update(data); + signed_bytes = signer.sign(); + + } else { /* ECB is perfectly fine in this special case, since we are using it for the public/private part in the TLS exchange */ - @SuppressLint("GetInstance") - Cipher rsaSigner = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); + Cipher signer; + signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); + - rsaSigner.init(Cipher.ENCRYPT_MODE, privkey); + signer.init(Cipher.ENCRYPT_MODE, privkey); - byte[] signed_bytes = rsaSigner.doFinal(data); + signed_bytes = signer.doFinal(data); + } return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); } catch (NoSuchAlgorithmException | InvalidKeyException | IllegalBlockSizeException - | BadPaddingException | NoSuchPaddingException e) { + | BadPaddingException | NoSuchPaddingException | SignatureException e) { VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage()); return null; } diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 74afd61e..9889754d 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -261,6 +261,7 @@ public class ConfigParser { "group", "allow-recursive-routing", "ip-win32", + "ifconfig-nowarn", "management-hold", "management", "management-client", @@ -275,6 +276,7 @@ public class ConfigParser { "management-client-user", "management-client-group", "pause-exit", + "preresolve", "plugin", "machine-readable-output", "persist-key", @@ -300,7 +302,8 @@ public class ConfigParser { {"setenv", "IV_GUI_VER"}, {"setenv", "IV_OPENVPN_GUI_VERSION"}, {"engine", "dynamic"}, - {"setenv", "CLIENT_CERT"} + {"setenv", "CLIENT_CERT"}, + {"resolve-retry","60"} }; final String[] connectionOptions = { diff --git a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java index e7019f42..38f51807 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ICSOpenVPNApplication.java @@ -57,7 +57,7 @@ public class ICSOpenVPNApplication extends Application { name = getString(R.string.channel_name_status); mChannel = new NotificationChannel(OpenVPNService.NOTIFICATION_CHANNEL_NEWSTATUS_ID, - name, NotificationManager.IMPORTANCE_DEFAULT); + name, NotificationManager.IMPORTANCE_LOW); mChannel.setDescription(getString(R.string.channel_description_status)); mChannel.enableLights(true); diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index c15f659a..6c312c87 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -11,7 +11,6 @@ import android.app.Notification; import android.app.UiModeManager; import android.content.Intent; import android.content.IntentFilter; -import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.content.pm.ShortcutManager; import android.content.res.Configuration; @@ -43,7 +42,6 @@ import java.util.Vector; import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.VpnStatus.ByteCountListener; import de.blinkt.openvpn.core.VpnStatus.StateListener; -import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.VpnNotificationManager; @@ -61,6 +59,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private static final String RESUME_VPN = "se.leap.bitmaskclient.RESUME_VPN"; public static final String NOTIFICATION_CHANNEL_BG_ID = "openvpn_bg"; public static final String NOTIFICATION_CHANNEL_NEWSTATUS_ID = "openvpn_newstat"; + public static final String VPNSERVICE_TUN = "vpnservice-tun"; private static boolean mNotificationAlwaysVisible = false; private final Vector mDnslist = new Vector<>(); @@ -76,7 +75,6 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private boolean mDisplayBytecount = false; private boolean mStarting = false; private long mConnecttime; - private boolean mOvpn3 = false; private OpenVPNManagement mManagement; private String mLastTunCfg; private String mRemoteGW; @@ -169,7 +167,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } // Similar to revoke but do not try to stop process - public void processDied() { + public void openvpnStopped() { endVpnService(); } @@ -291,6 +289,18 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac return START_REDELIVER_INTENT; } + /* TODO: check that for Bitmask */ + // Always show notification here to avoid problem with startForeground timeout + VpnStatus.logInfo(R.string.building_configration); + VpnStatus.updateStateString("VPN_GENERATE_CONFIG", "", R.string.building_configration, ConnectionStatus.LEVEL_START); + notificationManager.buildOpenVpnNotification( + mProfile != null ? mProfile.mName : "", + VpnStatus.getLastCleanLogMessage(this), + VpnStatus.getLastCleanLogMessage(this), + ConnectionStatus.LEVEL_START, + 0, + NOTIFICATION_CHANNEL_NEWSTATUS_ID); + if (intent != null && intent.hasExtra(getPackageName() + ".profileUUID")) { String profileUUID = intent.getStringExtra(getPackageName() + ".profileUUID"); int profileVersion = intent.getIntExtra(getPackageName() + ".profileVersion", 0); @@ -319,6 +329,12 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mProfile.checkForRestart(this); } + if (mProfile == null) { + stopSelf(startId); + return START_NOT_STICKY; + } + + /* start the OpenVPN process itself in a background thread */ new Thread(new Runnable() { @Override @@ -343,6 +359,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } private void startOpenVPN() { + /** + * see change above (l. 292 ff) + */ VpnStatus.logInfo(R.string.building_configration); VpnStatus.updateStateString("VPN_GENERATE_CONFIG", "", R.string.building_configration, ConnectionStatus.LEVEL_START); @@ -369,14 +388,10 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac mStarting = false; // Start a new session by creating a new thread. - SharedPreferences prefs = Preferences.getDefaultSharedPreferences(this); - - mOvpn3 = prefs.getBoolean("ovpn3", false); - if (!"ovpn3".equals(BuildConfig.FLAVOR)) - mOvpn3 = false; + boolean useOpenVPN3 = VpnProfile.doUseOpenVPN3(this); // Open the Management Interface - if (!mOvpn3) { + if (!useOpenVPN3) { // start a Thread that handles incoming messages of the managment socket OpenVpnManagementThread ovpnManagementThread = new OpenVpnManagementThread(mProfile, this); if (ovpnManagementThread.openManagementInterface(this)) { @@ -392,15 +407,11 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac } Runnable processThread; - if (mOvpn3) - + if (useOpenVPN3) { - OpenVPNManagement mOpenVPN3 = instantiateOpenVPN3Core(); processThread = (Runnable) mOpenVPN3; mManagement = mOpenVPN3; - - } else { processThread = new OpenVPNThread(this, argv, nativeLibraryDirectory); mOpenVPNThread = processThread; @@ -757,8 +768,8 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac /** * Route that is always included, used by the v3 core */ - public void addRoute(CIDRIP route) { - mRoutes.addIP(route, true); + public void addRoute(CIDRIP route, boolean include) { + mRoutes.addIP(route, include); } public void addRoute(String dest, String mask, String gateway, String device) { @@ -810,7 +821,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac private boolean isAndroidTunDevice(String device) { return device != null && - (device.startsWith("tun") || "(null)".equals(device) || "vpnservice-tun".equals(device)); + (device.startsWith("tun") || "(null)".equals(device) || VPNSERVICE_TUN.equals(device)); } public void setMtu(int mtu) { @@ -859,7 +870,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac if (mLocalIP.len <= 31 && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) { CIDRIP interfaceRoute = new CIDRIP(mLocalIP.mIp, mLocalIP.len); interfaceRoute.normalise(); - addRoute(interfaceRoute); + addRoute(interfaceRoute ,true); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java index c96f88c4..b902f5d7 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNThread.java @@ -111,7 +111,8 @@ public class OpenVPNThread implements Runnable { } } - mService.processDied(); + if (!mNoProcessExitStatus) + mService.openvpnStopped(); Log.i(TAG, "Exiting"); } } @@ -177,7 +178,7 @@ public class OpenVPNThread implements Runnable { VpnStatus.logMessageOpenVPN(logStatus, logLevel, msg); if (logerror==1) - VpnStatus.logError("OpenSSL reproted a certificate with a weak hash, please the in app FAQ about weak hashes"); + VpnStatus.logError("OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes"); } else { VpnStatus.logInfo("P:" + logline); diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 492e8913..1124c5b7 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -260,7 +260,10 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { processLogMessage(argument); break; case "RSA_SIGN": - processSignCommand(argument); + processSignCommand(argument, false); + break; + case "ECDSA_SIGN": + processSignCommand(argument, true); break; default: VpnStatus.logWarning("MGMT: Got unrecognized command" + command); @@ -606,7 +609,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { if (mWaitingForRelease) releaseHold(); else if (samenetwork) - managmentCommand("network-change\n"); + managmentCommand("network-change samenetwork\n"); else managmentCommand("network-change\n"); } @@ -631,16 +634,20 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold(); } - private void processSignCommand(String b64data) { + private void processSignCommand(String b64data, boolean ecdsa) { + + String signed_string = mProfile.getSignedData(b64data, ecdsa); + String signcmd = "rsa-sig\n"; + if (ecdsa) + signcmd = "ecdsa-sig\n"; - String signed_string = mProfile.getSignedData(b64data); if (signed_string == null) { - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand("\nEND\n"); stopOpenVPN(); return; } - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand(signed_string); managmentCommand("\nEND\n"); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java index f3b40381..97a73964 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java +++ b/app/src/main/java/de/blinkt/openvpn/core/VPNLaunchHelper.java @@ -6,7 +6,6 @@ package de.blinkt.openvpn.core; import android.annotation.TargetApi; -import android.app.NotificationManager; import android.content.Context; import android.content.Intent; import android.os.Build; diff --git a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java index a1fc7cdc..1a207a25 100644 --- a/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java +++ b/app/src/main/java/de/blinkt/openvpn/fragments/LogFragment.java @@ -23,7 +23,6 @@ import android.os.Bundle; import android.os.Handler; import android.os.Handler.Callback; import android.os.Message; -import android.preference.Preference; import android.preference.PreferenceManager; import android.support.annotation.Nullable; import android.text.SpannableString; -- cgit v1.2.3 From d4633f0549b3c3c23e27fba3ab14d1a1a62978af Mon Sep 17 00:00:00 2001 From: cyBerta Date: Tue, 6 Feb 2018 14:09:37 +0100 Subject: #8832 more upsteam changes --- app/src/main/java/de/blinkt/openvpn/VpnProfile.java | 20 ++++---------------- .../java/de/blinkt/openvpn/core/NativeUtils.java | 7 +++++++ .../blinkt/openvpn/core/OpenVpnManagementThread.java | 19 +++++++------------ 3 files changed, 18 insertions(+), 28 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn') diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 1d6f41cd..1cef6670 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -5,7 +5,6 @@ package de.blinkt.openvpn; -import de.blinkt.openvpn.core.Preferences; import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; @@ -23,6 +22,7 @@ import android.support.annotation.NonNull; import android.text.TextUtils; import android.util.Base64; +import de.blinkt.openvpn.core.*; import org.spongycastle.util.io.pem.PemObject; import org.spongycastle.util.io.pem.PemWriter; @@ -35,11 +35,7 @@ import java.io.Serializable; import java.io.StringWriter; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Signature; -import java.security.SignatureException; +import java.security.*; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -54,14 +50,6 @@ import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; -import de.blinkt.openvpn.core.Connection; -import de.blinkt.openvpn.core.NativeUtils; -import de.blinkt.openvpn.core.OpenVPNService; -import de.blinkt.openvpn.core.PasswordCache; -import de.blinkt.openvpn.core.VPNLaunchHelper; -import de.blinkt.openvpn.core.VpnStatus; -import de.blinkt.openvpn.core.X509Utils; - public class VpnProfile implements Serializable, Cloneable { // Note that this class cannot be moved to core where it belongs since // the profile loading depends on it being here @@ -289,7 +277,7 @@ public class VpnProfile implements Serializable, Cloneable { public static boolean doUseOpenVPN3(Context c) { SharedPreferences prefs = Preferences.getDefaultSharedPreferences(c); boolean useOpenVPN3 = prefs.getBoolean("ovpn3", false); - if ("noovpn3".equals(BuildConfig.FLAVOR)) + if (!BuildConfig.openvpn3) useOpenVPN3 = false; return useOpenVPN3; } @@ -1091,7 +1079,7 @@ public class VpnProfile implements Serializable, Cloneable { return mPrivateKey; } - public String getSignedData(String b64data, boolean ecdsa) { + public String getSignedData(String b64data) { PrivateKey privkey = getKeystoreKey(); byte[] data = Base64.decode(b64data, Base64.DEFAULT); diff --git a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java index ea003d41..70c7455a 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java +++ b/app/src/main/java/de/blinkt/openvpn/core/NativeUtils.java @@ -18,6 +18,13 @@ public class NativeUtils { public static native String getNativeAPI(); + + public final static int[] openSSLlengths = { + 16, 64, 256, 1024, 8 * 1024, 16 * 1024 + }; + + public static native double[] getOpenSSLSpeed(String algorithm, int testnum); + static { System.loadLibrary("opvpnutil"); if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 1124c5b7..2b6df9af 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -148,6 +148,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { // Closing one of the two sockets also closes the other //mServerSocketLocal.close(); + managmentCommand("version 2\n"); while (true) { @@ -259,11 +260,8 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { case "LOG": processLogMessage(argument); break; - case "RSA_SIGN": - processSignCommand(argument, false); - break; - case "ECDSA_SIGN": - processSignCommand(argument, true); + case "PK_SIGN": + processSignCommand(argument); break; default: VpnStatus.logWarning("MGMT: Got unrecognized command" + command); @@ -634,20 +632,17 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold(); } - private void processSignCommand(String b64data, boolean ecdsa) { + private void processSignCommand(String b64data) { - String signed_string = mProfile.getSignedData(b64data, ecdsa); - String signcmd = "rsa-sig\n"; - if (ecdsa) - signcmd = "ecdsa-sig\n"; + String signed_string = mProfile.getSignedData(b64data); if (signed_string == null) { - managmentCommand(signcmd); + managmentCommand("pk-sig\n"); managmentCommand("\nEND\n"); stopOpenVPN(); return; } - managmentCommand(signcmd); + managmentCommand("pk-sig\n"); managmentCommand(signed_string); managmentCommand("\nEND\n"); } -- cgit v1.2.3 From d2d61a16fd2a3ea0fd42073de98d1311b184444d Mon Sep 17 00:00:00 2001 From: cyBerta Date: Tue, 6 Feb 2018 14:31:07 +0100 Subject: fix build after reenabling copy classes from ics-openvpn build job --- app/src/main/java/de/blinkt/openvpn/LaunchVPN.java | 2 ++ app/src/main/java/de/blinkt/openvpn/VpnProfile.java | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'app/src/main/java/de/blinkt/openvpn') diff --git a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java index 4fff3071..b2bf6b46 100644 --- a/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/app/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -5,6 +5,8 @@ package de.blinkt.openvpn; +import se.leap.bitmaskclient.R; + import android.annotation.TargetApi; import android.app.Activity; import android.app.AlertDialog; diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 1cef6670..4becdc32 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -5,9 +5,10 @@ package de.blinkt.openvpn; -import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.BuildConfig; + import android.annotation.SuppressLint; import android.content.Context; import android.content.Intent; -- cgit v1.2.3