From ba4844b8a72d7149af5774a4abdbf44fea90d662 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 15 Jul 2012 16:16:57 +0200 Subject: Add support for Certificates from Keystore under Jelly Beans (Thanks Kenny Root for the right pointers) Move jniglue/minivpn files to more sensitive places --- src/de/blinkt/openvpn/OpenVpnManagementThread.java | 66 +++++++++++++++++++--- src/de/blinkt/openvpn/VpnProfile.java | 3 - 2 files changed, 59 insertions(+), 10 deletions(-) (limited to 'src/de/blinkt/openvpn') diff --git a/src/de/blinkt/openvpn/OpenVpnManagementThread.java b/src/de/blinkt/openvpn/OpenVpnManagementThread.java index 69129eb1..4b0cf5ac 100644 --- a/src/de/blinkt/openvpn/OpenVpnManagementThread.java +++ b/src/de/blinkt/openvpn/OpenVpnManagementThread.java @@ -17,6 +17,7 @@ import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import android.net.LocalSocket; +import android.os.Build; import android.os.ParcelFileDescriptor; import android.util.Base64; import android.util.Log; @@ -34,6 +35,9 @@ public class OpenVpnManagementThread implements Runnable { private String mCurrentstate; private static Vector active=new Vector(); + + static private native void jniclose(int fdint); + static private native byte[] rsasign(byte[] input,int pkey) throws InvalidKeyException; public OpenVpnManagementThread(VpnProfile profile, LocalSocket mgmtsocket, OpenVpnService openVpnService) { mProfile = profile; @@ -333,12 +337,7 @@ public class OpenVpnManagementThread implements Runnable { } return false; } - - - private native void jniclose(int fdint); - - - + private void processPWCommand(String argument) { //argument has the form Need 'Private Key' password @@ -401,11 +400,21 @@ public class OpenVpnManagementThread implements Runnable { } private void processSignCommand(String b64data) { + PrivateKey privkey = mProfile.getKeystoreKey(); Exception err =null; + // The Jelly Bean *evil* Hack + + byte[] data = Base64.decode(b64data, Base64.DEFAULT); + + if(Build.VERSION.SDK_INT==16){ + processSignJellyBeans(privkey,data); + return; + } + try{ - byte[] data = Base64.decode(b64data, Base64.DEFAULT); + Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); @@ -433,4 +442,47 @@ public class OpenVpnManagementThread implements Runnable { } + + private void processSignJellyBeans(PrivateKey privkey, byte[] data) { + Exception err =null; + try { + Method[] allm = privkey.getClass().getSuperclass().getDeclaredMethods(); + System.out.println(allm); + Method getKey = privkey.getClass().getSuperclass().getDeclaredMethod("getOpenSSLKey"); + getKey.setAccessible(true); + + // Real object type is OpenSSLKey + Object opensslkey = getKey.invoke(privkey); + + getKey.setAccessible(false); + + Method getPkeyContext = opensslkey.getClass().getDeclaredMethod("getPkeyContext"); + + // integer pointer to EVP_pkey + getPkeyContext.setAccessible(true); + int pkey = (Integer) getPkeyContext.invoke(opensslkey); + getPkeyContext.setAccessible(false); + + byte[] signed_bytes = rsasign(data, pkey); + String signed_string = Base64.encodeToString(signed_bytes, Base64.NO_WRAP); + managmentCommand("rsa-sig\n"); + managmentCommand(signed_string); + managmentCommand("\nEND\n"); + + } catch (NoSuchMethodException e) { + err=e; + } catch (IllegalArgumentException e) { + err=e; + } catch (IllegalAccessException e) { + err=e; + } catch (InvocationTargetException e) { + err=e; + } catch (InvalidKeyException e) { + err=e; + } + if(err !=null) { + OpenVPN.logError(R.string.error_rsa_sign,err.getClass().toString(),err.getLocalizedMessage()); + } + + } } diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index b495cc9e..64ca3db6 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -24,7 +24,6 @@ import org.spongycastle.util.io.pem.PemWriter; import android.content.Context; import android.content.Intent; import android.content.pm.ApplicationInfo; -import android.os.Build; import android.security.KeyChain; import android.security.KeyChainException; @@ -555,8 +554,6 @@ public class VpnProfile implements Serializable{ if(mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) { if(mAlias==null) return R.string.no_keystore_cert_selected; - if(Build.VERSION.SDK_INT >= 16 && !Build.MODEL.equals("sdk") ) - return R.string.keychain_jellybeans; } if(!mUsePull) { -- cgit v1.2.3