diff options
6 files changed, 94 insertions, 14 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 921ea4db..6806232b 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -60,7 +60,7 @@ public class VpnProfile implements Serializable, Cloneable { public static final String INLINE_TAG = "[[INLINE]]"; public static final String DISPLAYNAME_TAG = "[[NAME]]"; public static final int MAXLOGLEVEL = 4; - public static final int CURRENT_PROFILE_VERSION = 8; + public static final int CURRENT_PROFILE_VERSION = 9; public static final int DEFAULT_MSSFIX_SIZE = 1280; public static final int TYPE_CERTIFICATES = 0; public static final int TYPE_PKCS12 = 1; @@ -162,6 +162,7 @@ public class VpnProfile implements Serializable, Cloneable { // set members to default values private UUID mUuid; private int mProfileVersion; + public String mDataCiphers = ""; public boolean mBlockUnusedAddressFamilies =true; @@ -304,6 +305,11 @@ public class VpnProfile implements Serializable, Cloneable { case 7: if (mAllowAppVpnBypass) mBlockUnusedAddressFamilies = !mAllowAppVpnBypass; + case 8: + if (!TextUtils.isEmpty(mCipher) && !"BF-CBC".equals(mCipher)) + { + mDataCiphers = "AES-256-GCM:AES-128-GCM:" + mCipher; + } default: } @@ -612,6 +618,11 @@ public class VpnProfile implements Serializable, Cloneable { cfg.append("remote-cert-tls server\n"); } + if (!TextUtils.isEmpty(mDataCiphers)) + { + cfg.append("data-ciphers ").append(mDataCiphers).append("\n"); + } + if (!TextUtils.isEmpty(mCipher)) { cfg.append("cipher ").append(mCipher).append("\n"); } diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 340853d3..6e4d8151 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -531,10 +531,33 @@ public class ConfigParser { if (getOption("comp-lzo", 0, 1) != null) np.mUseLzo = true; + Vector<String> ncp_ciphers = getOption("ncp-ciphers", 1, 1); + Vector<String> data_ciphers = getOption("data-ciphers", 1, 1); Vector<String> cipher = getOption("cipher", 1, 1); + if (cipher != null) np.mCipher = cipher.get(1); + if (data_ciphers == null) + { + data_ciphers = ncp_ciphers; + } + + /* The world is not yet ready to only use data-ciphers, add --cipher to data-ciphers + * for now on import */ + if (data_ciphers != null) + { + np.mDataCiphers = data_ciphers.get(1); + + if (!TextUtils.isEmpty(np.mCipher) && !np.mDataCiphers.contains(np.mCipher)) + { + np.mDataCiphers += ":" + np.mCipher; + } + } else if (!TextUtils.isEmpty(np.mCipher) && !np.mCipher.equals("AES-128-GCM") && !np.mCipher.equals("AES-256")) + { + np.mDataCiphers += "AES-256-GCM:AES-128-GCM:" + np.mCipher; + } + Vector<String> auth = getOption("auth", 1, 1); if (auth != null) np.mAuth = auth.get(1); diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 82633350..3e272762 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -125,8 +125,8 @@ <string name="faq_howto_shortcut">You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you will have to add either a shortcut or a widget.</string> <string name="no_vpn_support_image">Your image does not support the VPNService API, sorry :(</string> <string name="encryption">Encryption</string> - <string name="cipher_dialog_title">Enter encryption method</string> - <string name="chipher_dialog_message">Enter the encryption cipher algorithm used by OpenVPN. Leave empty to use default cipher.</string> + <string name="cipher_dialog_title">Enter data encryption methods</string> + <string name="chipher_dialog_message">Enter the data encryption cipher algorithms used by OpenVPN separated by : (--data-ciphers). Leave empty to use the default of AES-256-GCM:AES-128-GCM.</string> <string name="auth_dialog_message">Enter the authentication digest used for OpenVPN. Leave empty to use default digest.</string> <string name="settings_auth">Authentication/Encryption</string> <string name="file_explorer_tab">File Explorer</string> @@ -257,7 +257,7 @@ <string name="start_vpn_title">Connecting to VPN %s</string> <string name="start_vpn_ticker">Connecting to VPN %s</string> <string name="jelly_keystore_alphanumeric_bug">Some versions of Android 4.1 have problems if the name of the keystore certificate contains non alphanumeric characters (like spaces, underscores or dashes). Try to reimport the certificate without special characters</string> - <string name="encryption_cipher">Encryption cipher</string> + <string name="encryption_cipher">Encryption ciphers</string> <string name="packet_auth">Packet authentication</string> <string name="auth_dialog_title">Enter packet authentication method</string> <string name="built_by">built by %s</string> diff --git a/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt b/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt index 11d7092b..2983982d 100644 --- a/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt +++ b/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt @@ -106,6 +106,52 @@ class TestConfigParser { Assert.assertEquals(vp.mExcludedRoutes.trim(), "8.8.8.8/32"); } + + @Test + fun testCipherImport() { + val config = ("client\n" + + "tun-mtu 1234\n" + + "<connection>\n" + + "remote foo.bar\n" + + "tun-mtu 1222\n" + + "</connection>\n" + + "route 8.8.8.8 255.255.255.255 net_gateway\n") + + + val config1 = config + "cipher AES-128-GCM\n" + + val cp = ConfigParser() + cp.parseConfig(StringReader(config1)) + val vp = cp.convertProfile() + + Assert.assertEquals("", vp.mDataCiphers) + Assert.assertEquals("AES-128-GCM", vp.mCipher) + + val config2 = config + "cipher AES-128-GCM\ndata-ciphers AES-128-GCM:AES-256-GCM:BF-CBC\n" + + cp.parseConfig(StringReader(config2)) + val vp2 = cp.convertProfile() + + Assert.assertEquals("AES-128-GCM:AES-256-GCM:BF-CBC", vp2.mDataCiphers) + + val config3 = config + "cipher AES-128-GCM\n" + + cp.parseConfig(StringReader(config3)) + val vp3 = cp.convertProfile() + + Assert.assertEquals(vp3.mDataCiphers, "") + + val config4 = config + "cipher BF-CBC\nncp-ciphers AES-128-GCM:AES-256-GCM:CHACHA20-POLY1305\n" + cp.parseConfig(StringReader(config4)) + val vp4 = cp.convertProfile() + + Assert.assertEquals("AES-128-GCM:AES-256-GCM:CHACHA20-POLY1305:BF-CBC", vp4.mDataCiphers) + + + + } + + @Test @Throws(IOException::class, ConfigParser.ConfigParseError::class) fun testSockProxyImport() { diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java index 8e6fbb1a..48e98cb9 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java @@ -38,7 +38,7 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen private ListPreference mTLSAuthDirection; private Preference mTLSAuthFile; private SwitchPreference mUseTLSAuth; - private EditTextPreference mCipher; + private EditTextPreference mDataCiphers; private String mTlsAuthFileData; private EditTextPreference mAuth; private EditTextPreference mRemoteX509Name; @@ -65,8 +65,8 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mTLSAuthFile.setOnPreferenceClickListener(this); - mCipher = (EditTextPreference) findPreference("cipher"); - mCipher.setOnPreferenceChangeListener(this); + mDataCiphers = (EditTextPreference) findPreference("dataciphers"); + mDataCiphers.setOnPreferenceChangeListener(this); mAuth = (EditTextPreference) findPreference("auth"); mAuth.setOnPreferenceChangeListener(this); @@ -97,8 +97,8 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mTlsAuthFileData = mProfile.mTLSAuthFilename; setTlsAuthSummary(mTlsAuthFileData); mTLSAuthDirection.setValue(mProfile.mTLSAuthDirection); - mCipher.setText(mProfile.mCipher); - onPreferenceChange(mCipher, mProfile.mCipher); + mDataCiphers.setText(mProfile.mDataCiphers); + onPreferenceChange(mDataCiphers, mProfile.mDataCiphers); mAuth.setText(mProfile.mAuth); onPreferenceChange(mAuth, mProfile.mAuth); @@ -129,10 +129,10 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen else mProfile.mTLSAuthDirection = mTLSAuthDirection.getValue(); - if (mCipher.getText() == null) - mProfile.mCipher = null; + if (mDataCiphers.getText() == null) + mProfile.mDataCiphers = null; else - mProfile.mCipher = mCipher.getText(); + mProfile.mDataCiphers = mDataCiphers.getText(); if (mAuth.getText() == null) mProfile.mAuth = null; @@ -160,7 +160,7 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen preference.setSummary(getX509String(authtype, dn)); } - } else if (preference == mCipher || preference == mAuth) { + } else if (preference == mDataCiphers || preference == mAuth) { preference.setSummary((CharSequence) newValue); } else if (preference == mRemoteX509Name) { preference.setSummary(TextUtils.isEmpty((CharSequence) newValue) ? "CN (default)" : (CharSequence) newValue); diff --git a/main/src/ui/res/xml/vpn_authentification.xml b/main/src/ui/res/xml/vpn_authentification.xml index 374431e7..be24495a 100644 --- a/main/src/ui/res/xml/vpn_authentification.xml +++ b/main/src/ui/res/xml/vpn_authentification.xml @@ -52,7 +52,7 @@ <EditTextPreference android:dialogMessage="@string/chipher_dialog_message" android:dialogTitle="@string/cipher_dialog_title" - android:key="cipher" + android:key="dataciphers" android:persistent="false" android:title="@string/encryption_cipher" /> <EditTextPreference |