diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2018-01-16 23:43:20 +0100 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2018-01-16 23:43:20 +0100 |
| commit | e517204bd5cf3864290618c7ef3323f9af72a1f2 (patch) | |
| tree | 1ef81be454455a383c5602043debc273294e7630 | |
| parent | 44c2b489a05990b17097eb5a015d0422612b6058 (diff) | |
Implement ecdsa certificate signing for OpenVPN 2.x
4 files changed, 15 insertions, 8 deletions
diff --git a/main/src/main/cpp/openvpn b/main/src/main/cpp/openvpn -Subproject ff7f708142677fa5663a93a1174727a5da02a46 +Subproject 29ac12a2f338f6aa026a4e112f59c6557439203 diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 5f997f72..ca6d4c5f 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1082,7 +1082,7 @@ public class VpnProfile implements Serializable, Cloneable { return mPrivateKey; } - public String getSignedData(String b64data) { + public String getSignedData(String b64data, boolean ecdsa) { PrivateKey privkey = getKeystoreKey(); byte[] data = Base64.decode(b64data, Base64.DEFAULT); @@ -1121,7 +1121,7 @@ public class VpnProfile implements Serializable, Cloneable { return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); } catch (NoSuchAlgorithmException | InvalidKeyException | IllegalBlockSizeException - | BadPaddingException | NoSuchPaddingException | SignatureException e) { + | BadPaddingException | NoSuchPaddingException | SignatureException e) { VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage()); return null; } diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index d891148c..2282bd43 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -260,7 +260,10 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { processLogMessage(argument);
break;
case "RSA_SIGN":
- processSignCommand(argument);
+ processSignCommand(argument, false);
+ break;
+ case "ECDSA_SIGN":
+ processSignCommand(argument, true);
break;
default:
VpnStatus.logWarning("MGMT: Got unrecognized command" + command);
@@ -631,16 +634,20 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold();
}
- private void processSignCommand(String b64data) {
+ private void processSignCommand(String b64data, boolean ecdsa) {
+
+ String signed_string = mProfile.getSignedData(b64data, ecdsa);
+ String signcmd = "rsa-sig\n";
+ if (ecdsa)
+ signcmd = "ecdsa-sig\n";
- String signed_string = mProfile.getSignedData(b64data);
if (signed_string == null) {
- managmentCommand("rsa-sig\n");
+ managmentCommand(signcmd);
managmentCommand("\nEND\n");
stopOpenVPN();
return;
}
- managmentCommand("rsa-sig\n");
+ managmentCommand(signcmd);
managmentCommand(signed_string);
managmentCommand("\nEND\n");
}
diff --git a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index 8ff32027..62e3a64e 100644 --- a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -223,7 +223,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable @Override public void external_pki_sign_request(ClientAPI_ExternalPKISignRequest signreq) { - signreq.setSig(mVp.getSignedData(signreq.getData())); + signreq.setSig(mVp.getSignedData(signreq.getData(), false)); } void setUserPW() { |