From ab86d5bc54f10fa043972c9f7cc6f6898ac34b0c Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 14 Sep 2020 00:31:00 +0200 Subject: Include --cipher into --data-ciphers for the sake of compatibility --- .../main/java/de/blinkt/openvpn/VpnProfile.java | 13 +++++- .../java/de/blinkt/openvpn/core/ConfigParser.java | 23 +++++++++++ main/src/main/res/values/strings.xml | 6 +-- .../de/blinkt/openvpn/core/TestConfigParser.kt | 46 ++++++++++++++++++++++ .../openvpn/fragments/Settings_Authentication.java | 18 ++++----- main/src/ui/res/xml/vpn_authentification.xml | 2 +- 6 files changed, 94 insertions(+), 14 deletions(-) (limited to 'main/src') diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 921ea4db..6806232b 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -60,7 +60,7 @@ public class VpnProfile implements Serializable, Cloneable { public static final String INLINE_TAG = "[[INLINE]]"; public static final String DISPLAYNAME_TAG = "[[NAME]]"; public static final int MAXLOGLEVEL = 4; - public static final int CURRENT_PROFILE_VERSION = 8; + public static final int CURRENT_PROFILE_VERSION = 9; public static final int DEFAULT_MSSFIX_SIZE = 1280; public static final int TYPE_CERTIFICATES = 0; public static final int TYPE_PKCS12 = 1; @@ -162,6 +162,7 @@ public class VpnProfile implements Serializable, Cloneable { // set members to default values private UUID mUuid; private int mProfileVersion; + public String mDataCiphers = ""; public boolean mBlockUnusedAddressFamilies =true; @@ -304,6 +305,11 @@ public class VpnProfile implements Serializable, Cloneable { case 7: if (mAllowAppVpnBypass) mBlockUnusedAddressFamilies = !mAllowAppVpnBypass; + case 8: + if (!TextUtils.isEmpty(mCipher) && !"BF-CBC".equals(mCipher)) + { + mDataCiphers = "AES-256-GCM:AES-128-GCM:" + mCipher; + } default: } @@ -612,6 +618,11 @@ public class VpnProfile implements Serializable, Cloneable { cfg.append("remote-cert-tls server\n"); } + if (!TextUtils.isEmpty(mDataCiphers)) + { + cfg.append("data-ciphers ").append(mDataCiphers).append("\n"); + } + if (!TextUtils.isEmpty(mCipher)) { cfg.append("cipher ").append(mCipher).append("\n"); } diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 340853d3..6e4d8151 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -531,10 +531,33 @@ public class ConfigParser { if (getOption("comp-lzo", 0, 1) != null) np.mUseLzo = true; + Vector ncp_ciphers = getOption("ncp-ciphers", 1, 1); + Vector data_ciphers = getOption("data-ciphers", 1, 1); Vector cipher = getOption("cipher", 1, 1); + if (cipher != null) np.mCipher = cipher.get(1); + if (data_ciphers == null) + { + data_ciphers = ncp_ciphers; + } + + /* The world is not yet ready to only use data-ciphers, add --cipher to data-ciphers + * for now on import */ + if (data_ciphers != null) + { + np.mDataCiphers = data_ciphers.get(1); + + if (!TextUtils.isEmpty(np.mCipher) && !np.mDataCiphers.contains(np.mCipher)) + { + np.mDataCiphers += ":" + np.mCipher; + } + } else if (!TextUtils.isEmpty(np.mCipher) && !np.mCipher.equals("AES-128-GCM") && !np.mCipher.equals("AES-256")) + { + np.mDataCiphers += "AES-256-GCM:AES-128-GCM:" + np.mCipher; + } + Vector auth = getOption("auth", 1, 1); if (auth != null) np.mAuth = auth.get(1); diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 82633350..3e272762 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -125,8 +125,8 @@ You can place a shortcut to start OpenVPN on your desktop. Depending on your homescreen program you will have to add either a shortcut or a widget. Your image does not support the VPNService API, sorry :( Encryption - Enter encryption method - Enter the encryption cipher algorithm used by OpenVPN. Leave empty to use default cipher. + Enter data encryption methods + Enter the data encryption cipher algorithms used by OpenVPN separated by : (--data-ciphers). Leave empty to use the default of AES-256-GCM:AES-128-GCM. Enter the authentication digest used for OpenVPN. Leave empty to use default digest. Authentication/Encryption File Explorer @@ -257,7 +257,7 @@ Connecting to VPN %s Connecting to VPN %s Some versions of Android 4.1 have problems if the name of the keystore certificate contains non alphanumeric characters (like spaces, underscores or dashes). Try to reimport the certificate without special characters - Encryption cipher + Encryption ciphers Packet authentication Enter packet authentication method built by %s diff --git a/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt b/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt index 11d7092b..2983982d 100644 --- a/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt +++ b/main/src/test/java/de/blinkt/openvpn/core/TestConfigParser.kt @@ -106,6 +106,52 @@ class TestConfigParser { Assert.assertEquals(vp.mExcludedRoutes.trim(), "8.8.8.8/32"); } + + @Test + fun testCipherImport() { + val config = ("client\n" + + "tun-mtu 1234\n" + + "\n" + + "remote foo.bar\n" + + "tun-mtu 1222\n" + + "\n" + + "route 8.8.8.8 255.255.255.255 net_gateway\n") + + + val config1 = config + "cipher AES-128-GCM\n" + + val cp = ConfigParser() + cp.parseConfig(StringReader(config1)) + val vp = cp.convertProfile() + + Assert.assertEquals("", vp.mDataCiphers) + Assert.assertEquals("AES-128-GCM", vp.mCipher) + + val config2 = config + "cipher AES-128-GCM\ndata-ciphers AES-128-GCM:AES-256-GCM:BF-CBC\n" + + cp.parseConfig(StringReader(config2)) + val vp2 = cp.convertProfile() + + Assert.assertEquals("AES-128-GCM:AES-256-GCM:BF-CBC", vp2.mDataCiphers) + + val config3 = config + "cipher AES-128-GCM\n" + + cp.parseConfig(StringReader(config3)) + val vp3 = cp.convertProfile() + + Assert.assertEquals(vp3.mDataCiphers, "") + + val config4 = config + "cipher BF-CBC\nncp-ciphers AES-128-GCM:AES-256-GCM:CHACHA20-POLY1305\n" + cp.parseConfig(StringReader(config4)) + val vp4 = cp.convertProfile() + + Assert.assertEquals("AES-128-GCM:AES-256-GCM:CHACHA20-POLY1305:BF-CBC", vp4.mDataCiphers) + + + + } + + @Test @Throws(IOException::class, ConfigParser.ConfigParseError::class) fun testSockProxyImport() { diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java index 8e6fbb1a..48e98cb9 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.java @@ -38,7 +38,7 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen private ListPreference mTLSAuthDirection; private Preference mTLSAuthFile; private SwitchPreference mUseTLSAuth; - private EditTextPreference mCipher; + private EditTextPreference mDataCiphers; private String mTlsAuthFileData; private EditTextPreference mAuth; private EditTextPreference mRemoteX509Name; @@ -65,8 +65,8 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mTLSAuthFile.setOnPreferenceClickListener(this); - mCipher = (EditTextPreference) findPreference("cipher"); - mCipher.setOnPreferenceChangeListener(this); + mDataCiphers = (EditTextPreference) findPreference("dataciphers"); + mDataCiphers.setOnPreferenceChangeListener(this); mAuth = (EditTextPreference) findPreference("auth"); mAuth.setOnPreferenceChangeListener(this); @@ -97,8 +97,8 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mTlsAuthFileData = mProfile.mTLSAuthFilename; setTlsAuthSummary(mTlsAuthFileData); mTLSAuthDirection.setValue(mProfile.mTLSAuthDirection); - mCipher.setText(mProfile.mCipher); - onPreferenceChange(mCipher, mProfile.mCipher); + mDataCiphers.setText(mProfile.mDataCiphers); + onPreferenceChange(mDataCiphers, mProfile.mDataCiphers); mAuth.setText(mProfile.mAuth); onPreferenceChange(mAuth, mProfile.mAuth); @@ -129,10 +129,10 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen else mProfile.mTLSAuthDirection = mTLSAuthDirection.getValue(); - if (mCipher.getText() == null) - mProfile.mCipher = null; + if (mDataCiphers.getText() == null) + mProfile.mDataCiphers = null; else - mProfile.mCipher = mCipher.getText(); + mProfile.mDataCiphers = mDataCiphers.getText(); if (mAuth.getText() == null) mProfile.mAuth = null; @@ -160,7 +160,7 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen preference.setSummary(getX509String(authtype, dn)); } - } else if (preference == mCipher || preference == mAuth) { + } else if (preference == mDataCiphers || preference == mAuth) { preference.setSummary((CharSequence) newValue); } else if (preference == mRemoteX509Name) { preference.setSummary(TextUtils.isEmpty((CharSequence) newValue) ? "CN (default)" : (CharSequence) newValue); diff --git a/main/src/ui/res/xml/vpn_authentification.xml b/main/src/ui/res/xml/vpn_authentification.xml index 374431e7..be24495a 100644 --- a/main/src/ui/res/xml/vpn_authentification.xml +++ b/main/src/ui/res/xml/vpn_authentification.xml @@ -52,7 +52,7 @@