Implement tis-crypt

author: Arne Schwabe <arne@rfc2549.org> 2016-11-19 18:15:42 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2016-11-19 18:15:42 +0100
commit: 34f9c3afec04f8d36a11e37346549e613e1b4bb8 (patch)
tree: fd1e1939bb906d7bac682b30f508fda1a972c673
parent: fc24fcf01e55d51b091c451f69e441ad2115af87 (diff)
7 files changed, 15 insertions, 4 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index fe8cb19a..c39603b2 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -399,12 +399,16 @@ public class VpnProfile implements Serializable, Cloneable {
         }
 
         if (mUseTLSAuth) {
+            boolean useTlsCrypt = mTLSAuthDirection.equals("tls-crypt");
+
             if (mAuthenticationType == TYPE_STATICKEYS)
                 cfg += insertFileData("secret", mTLSAuthFilename);
+            else if(useTlsCrypt)
+                cfg += insertFileData("tls-crypt", mTLSAuthFilename);
             else
                 cfg += insertFileData("tls-auth", mTLSAuthFilename);
 
-            if (!TextUtils.isEmpty(mTLSAuthDirection)) {
+            if (!TextUtils.isEmpty(mTLSAuthDirection) && !useTlsCrypt) {
                 cfg += "key-direction ";
                 cfg += mTLSAuthDirection;
                 cfg += "\n";
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index e0aac552..b716d2ca 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -422,6 +422,12 @@ public class ConfigParser {
         if (direction != null)
             np.mTLSAuthDirection = direction.get(1);
 
+        Vector<String> tlscrypt = getOption("tls-crypt", 1, 1);
+        if (tlscrypt!=null) {
+            np.mUseTLSAuth = true;
+            np.mTLSAuthDirection = "tls-crypt";
+        }
+
         Vector<Vector<String>> defgw = getAllOption("redirect-gateway", 0, 5);
         if (defgw != null) {
             np.mUseDefaultRoute = true;
diff --git a/main/src/main/res/values-de/strings.xml b/main/src/main/res/values-de/strings.xml
index 67ef166c..e5cd8937 100755
--- a/main/src/main/res/values-de/strings.xml
+++ b/main/src/main/res/values-de/strings.xml
@@ -164,7 +164,6 @@
   <string name="private_key_password">Passphrase des privaten Schlüssels</string>
   <string name="password">Passwort</string>
   <string name="file_icon">Dateisymbol</string>
-  <string name="tls_authentication">TLS-Authentifizierung</string>
   <string name="generated_config">Generierte Konfiguration</string>
   <string name="generalsettings">Einstellungen</string>
   <string name="owner_fix_summary">Versucht, den Eigentümer von /dev/tun auf system zu ändern. Einige Cyanogenmod 9-ROM-Versionen benötigen diese Option, damit die VPN-API funktioniert. Benötigt root.</string>
diff --git a/main/src/main/res/values/arrays.xml b/main/src/main/res/values/arrays.xml
index cf02d1b8..7ade38fe 100644
--- a/main/src/main/res/values/arrays.xml
+++ b/main/src/main/res/values/arrays.xml
@@ -20,6 +20,7 @@
         <item translatable="false">0</item>
         <item translatable="false">1</item>
         <item>Unspecified</item>
+        <item>Encryption (tls-crypt)</item>
     </string-array>
     <string-array name="crm_entries">
         <item>No reconnection retries</item>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index e8762203..faab789c 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -162,7 +162,7 @@
     <string name="private_key_password">Private Key Password</string>
     <string name="password">Password</string>
     <string name="file_icon">file icon</string>
-    <string name="tls_authentication">TLS Authentication</string>
+    <string name="tls_authentication">TLS Authentication/Encryption</string>
     <string name="generated_config">Generated Config</string>
     <string name="generalsettings">Settings</string>
     <string name="owner_fix_summary">Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root.</string>
diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml
index 372ae0aa..8e6f2c75 100644
--- a/main/src/main/res/values/untranslatable.xml
+++ b/main/src/main/res/values/untranslatable.xml
@@ -33,6 +33,7 @@
         <item>0</item>
         <item>1</item>
         <item></item>
+        <item>tls-crypt</item>
     </string-array>
     <string-array name="crm_values" translatable="false">
         <item>1</item>
diff --git a/main/src/main/res/xml/vpn_authentification.xml b/main/src/main/res/xml/vpn_authentification.xml
index 09354de3..458378b7 100644
--- a/main/src/main/res/xml/vpn_authentification.xml
+++ b/main/src/main/res/xml/vpn_authentification.xml
@@ -21,9 +21,9 @@
 
         <EditTextPreference
             android:dependency="checkRemoteCN"
+            android:dialogMessage="Field  in  the X.509 certificate subject to be used as the username (default=CN)."
             android:key="remotex509name"
             android:persistent="false"
-            android:dialogMessage="Field  in  the X.509 certificate subject to be used as the username (default=CN)."
             android:title="X509 Username Field" />
 
     </PreferenceCategory>
author	Arne Schwabe <arne@rfc2549.org>	2016-11-19 18:15:42 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2016-11-19 18:15:42 +0100
commit	34f9c3afec04f8d36a11e37346549e613e1b4bb8 (patch)
tree	fd1e1939bb906d7bac682b30f508fda1a972c673
parent	fc24fcf01e55d51b091c451f69e441ad2115af87 (diff)