From 34f9c3afec04f8d36a11e37346549e613e1b4bb8 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sat, 19 Nov 2016 18:15:42 +0100 Subject: Implement tis-crypt --- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 6 +++++- main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java | 6 ++++++ main/src/main/res/values-de/strings.xml | 1 - main/src/main/res/values/arrays.xml | 1 + main/src/main/res/values/strings.xml | 2 +- main/src/main/res/values/untranslatable.xml | 1 + main/src/main/res/xml/vpn_authentification.xml | 2 +- 7 files changed, 15 insertions(+), 4 deletions(-) diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index fe8cb19a..c39603b2 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -399,12 +399,16 @@ public class VpnProfile implements Serializable, Cloneable { } if (mUseTLSAuth) { + boolean useTlsCrypt = mTLSAuthDirection.equals("tls-crypt"); + if (mAuthenticationType == TYPE_STATICKEYS) cfg += insertFileData("secret", mTLSAuthFilename); + else if(useTlsCrypt) + cfg += insertFileData("tls-crypt", mTLSAuthFilename); else cfg += insertFileData("tls-auth", mTLSAuthFilename); - if (!TextUtils.isEmpty(mTLSAuthDirection)) { + if (!TextUtils.isEmpty(mTLSAuthDirection) && !useTlsCrypt) { cfg += "key-direction "; cfg += mTLSAuthDirection; cfg += "\n"; diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index e0aac552..b716d2ca 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -422,6 +422,12 @@ public class ConfigParser { if (direction != null) np.mTLSAuthDirection = direction.get(1); + Vector tlscrypt = getOption("tls-crypt", 1, 1); + if (tlscrypt!=null) { + np.mUseTLSAuth = true; + np.mTLSAuthDirection = "tls-crypt"; + } + Vector> defgw = getAllOption("redirect-gateway", 0, 5); if (defgw != null) { np.mUseDefaultRoute = true; diff --git a/main/src/main/res/values-de/strings.xml b/main/src/main/res/values-de/strings.xml index 67ef166c..e5cd8937 100755 --- a/main/src/main/res/values-de/strings.xml +++ b/main/src/main/res/values-de/strings.xml @@ -164,7 +164,6 @@ Passphrase des privaten Schlüssels Passwort Dateisymbol - TLS-Authentifizierung Generierte Konfiguration Einstellungen Versucht, den Eigentümer von /dev/tun auf system zu ändern. Einige Cyanogenmod 9-ROM-Versionen benötigen diese Option, damit die VPN-API funktioniert. Benötigt root. diff --git a/main/src/main/res/values/arrays.xml b/main/src/main/res/values/arrays.xml index cf02d1b8..7ade38fe 100644 --- a/main/src/main/res/values/arrays.xml +++ b/main/src/main/res/values/arrays.xml @@ -20,6 +20,7 @@ 0 1 Unspecified + Encryption (tls-crypt) No reconnection retries diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index e8762203..faab789c 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -162,7 +162,7 @@ Private Key Password Password file icon - TLS Authentication + TLS Authentication/Encryption Generated Config Settings Tries to set the owner of /dev/tun to system. Some CM9 images need this to make the VPNService API work. Requires root. diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml index 372ae0aa..8e6f2c75 100644 --- a/main/src/main/res/values/untranslatable.xml +++ b/main/src/main/res/values/untranslatable.xml @@ -33,6 +33,7 @@ 0 1 + tls-crypt 1 diff --git a/main/src/main/res/xml/vpn_authentification.xml b/main/src/main/res/xml/vpn_authentification.xml index 09354de3..458378b7 100644 --- a/main/src/main/res/xml/vpn_authentification.xml +++ b/main/src/main/res/xml/vpn_authentification.xml @@ -21,9 +21,9 @@ -- cgit v1.2.3