From e517204bd5cf3864290618c7ef3323f9af72a1f2 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 16 Jan 2018 23:43:20 +0100 Subject: Implement ecdsa certificate signing for OpenVPN 2.x --- main/src/main/cpp/openvpn | 2 +- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 4 ++-- .../de/blinkt/openvpn/core/OpenVpnManagementThread.java | 17 ++++++++++++----- .../java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 2 +- 4 files changed, 16 insertions(+), 9 deletions(-) (limited to 'main/src') diff --git a/main/src/main/cpp/openvpn b/main/src/main/cpp/openvpn index ff7f7081..29ac12a2 160000 --- a/main/src/main/cpp/openvpn +++ b/main/src/main/cpp/openvpn @@ -1 +1 @@ -Subproject commit ff7f708142677fa5663a93a1174727a5da02a465 +Subproject commit 29ac12a2f338f6aa026a4e112f59c65574392032 diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 5f997f72..ca6d4c5f 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1082,7 +1082,7 @@ public class VpnProfile implements Serializable, Cloneable { return mPrivateKey; } - public String getSignedData(String b64data) { + public String getSignedData(String b64data, boolean ecdsa) { PrivateKey privkey = getKeystoreKey(); byte[] data = Base64.decode(b64data, Base64.DEFAULT); @@ -1121,7 +1121,7 @@ public class VpnProfile implements Serializable, Cloneable { return Base64.encodeToString(signed_bytes, Base64.NO_WRAP); } catch (NoSuchAlgorithmException | InvalidKeyException | IllegalBlockSizeException - | BadPaddingException | NoSuchPaddingException | SignatureException e) { + | BadPaddingException | NoSuchPaddingException | SignatureException e) { VpnStatus.logError(R.string.error_rsa_sign, e.getClass().toString(), e.getLocalizedMessage()); return null; } diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index d891148c..2282bd43 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -260,7 +260,10 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { processLogMessage(argument); break; case "RSA_SIGN": - processSignCommand(argument); + processSignCommand(argument, false); + break; + case "ECDSA_SIGN": + processSignCommand(argument, true); break; default: VpnStatus.logWarning("MGMT: Got unrecognized command" + command); @@ -631,16 +634,20 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold(); } - private void processSignCommand(String b64data) { + private void processSignCommand(String b64data, boolean ecdsa) { + + String signed_string = mProfile.getSignedData(b64data, ecdsa); + String signcmd = "rsa-sig\n"; + if (ecdsa) + signcmd = "ecdsa-sig\n"; - String signed_string = mProfile.getSignedData(b64data); if (signed_string == null) { - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand("\nEND\n"); stopOpenVPN(); return; } - managmentCommand("rsa-sig\n"); + managmentCommand(signcmd); managmentCommand(signed_string); managmentCommand("\nEND\n"); } diff --git a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index 8ff32027..62e3a64e 100644 --- a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -223,7 +223,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable @Override public void external_pki_sign_request(ClientAPI_ExternalPKISignRequest signreq) { - signreq.setSig(mVp.getSignedData(signreq.getData())); + signreq.setSig(mVp.getSignedData(signreq.getData(), false)); } void setUserPW() { -- cgit v1.2.3