From a58f08a66abe3de7b93aa64026d99f56ba4f8292 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 31 Jan 2018 10:58:16 +0100 Subject: Upgrade OpenVPN code an EC signing code --- main/src/main/cpp/CMakeLists.txt | 4 ++-- main/src/main/cpp/openvpn | 2 +- main/src/main/java/de/blinkt/openvpn/VpnProfile.java | 2 +- .../de/blinkt/openvpn/activities/OpenSSLSpeed.java | 3 ++- .../blinkt/openvpn/core/OpenVpnManagementThread.java | 19 +++++++------------ .../java/de/blinkt/openvpn/core/OpenVPNThreadv3.java | 2 +- 6 files changed, 14 insertions(+), 18 deletions(-) (limited to 'main') diff --git a/main/src/main/cpp/CMakeLists.txt b/main/src/main/cpp/CMakeLists.txt index 4ef0975a..fa88ee4d 100644 --- a/main/src/main/cpp/CMakeLists.txt +++ b/main/src/main/cpp/CMakeLists.txt @@ -23,12 +23,12 @@ include(openssl.cmake) if (NOT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} MATCHES "build/intermediates/cmake/.*noovpn3.*/") add_subdirectory(mbedtls) add_custom_command(OUTPUT "javacli/ovpncli_wrap.cxx" - file(MAKE_DIRECTORY ovpn3/java/net/openvpn/ovpn3) + file(MAKE_DIRECTORY ovpn3/java/net/openvpn/ovpn3/) COMMAND swig -outdir ovpn3/java/net/openvpn/ovpn3/ -c++ -java -package net.openvpn.ovpn3 -I${CMAKE_SOURCE_DIR}/openvpn3/client -I${CMAKE_SOURCE_DIR}/openvpn3 ${CMAKE_SOURCE_DIR}/openvpn3/javacli/ovpncli.i) set(ovpn3_SRCS openvpn3/client/ovpncli.cpp - openvpn3/javacli/ovpncli_wrap.cxx) + javacli/ovpncli_wrap.cxx) add_library(ovpn3 SHARED ${ovpn3_SRCS}) diff --git a/main/src/main/cpp/openvpn b/main/src/main/cpp/openvpn index a46cc806..e375db48 160000 --- a/main/src/main/cpp/openvpn +++ b/main/src/main/cpp/openvpn @@ -1 +1 @@ -Subproject commit a46cc8067dac073a32ba03f4b2154d9a77b4da41 +Subproject commit e375db48adf11834721053b6defd58998722866e diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 50668b88..ce33b537 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -1076,7 +1076,7 @@ public class VpnProfile implements Serializable, Cloneable { return mPrivateKey; } - public String getSignedData(String b64data, boolean ecdsa) { + public String getSignedData(String b64data) { PrivateKey privkey = getKeystoreKey(); byte[] data = Base64.decode(b64data, Base64.DEFAULT); diff --git a/main/src/main/java/de/blinkt/openvpn/activities/OpenSSLSpeed.java b/main/src/main/java/de/blinkt/openvpn/activities/OpenSSLSpeed.java index e10778f1..4720dd60 100644 --- a/main/src/main/java/de/blinkt/openvpn/activities/OpenSSLSpeed.java +++ b/main/src/main/java/de/blinkt/openvpn/activities/OpenSSLSpeed.java @@ -147,7 +147,8 @@ public class OpenSSLSpeed extends Activity { for (String algorithm : strings) { - for (int i = 0; i < NativeUtils.openSSLlengths.length && !mCancel; i++) { + // Skip 16b and 16k as they are not relevevant for VPN + for (int i = 1; i < NativeUtils.openSSLlengths.length -1 && !mCancel; i++) { SpeedResult result = new SpeedResult(algorithm); result.length = NativeUtils.openSSLlengths[i]; mResult.add(result); diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java index 2282bd43..70e2d1f6 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java +++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVpnManagementThread.java @@ -148,6 +148,7 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { // Closing one of the two sockets also closes the other //mServerSocketLocal.close(); + managmentCommand("version 2\n"); while (true) { @@ -259,11 +260,8 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { case "LOG": processLogMessage(argument); break; - case "RSA_SIGN": - processSignCommand(argument, false); - break; - case "ECDSA_SIGN": - processSignCommand(argument, true); + case "PK_SIGN": + processSignCommand(argument); break; default: VpnStatus.logWarning("MGMT: Got unrecognized command" + command); @@ -634,20 +632,17 @@ public class OpenVpnManagementThread implements Runnable, OpenVPNManagement { releaseHold(); } - private void processSignCommand(String b64data, boolean ecdsa) { + private void processSignCommand(String b64data) { - String signed_string = mProfile.getSignedData(b64data, ecdsa); - String signcmd = "rsa-sig\n"; - if (ecdsa) - signcmd = "ecdsa-sig\n"; + String signed_string = mProfile.getSignedData(b64data); if (signed_string == null) { - managmentCommand(signcmd); + managmentCommand("pk-sig\n"); managmentCommand("\nEND\n"); stopOpenVPN(); return; } - managmentCommand(signcmd); + managmentCommand("pk-sig\n"); managmentCommand(signed_string); managmentCommand("\nEND\n"); } diff --git a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java index 6c40cca0..54029628 100644 --- a/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java +++ b/main/src/ovpn3/java/de/blinkt/openvpn/core/OpenVPNThreadv3.java @@ -224,7 +224,7 @@ public class OpenVPNThreadv3 extends ClientAPI_OpenVPNClient implements Runnable @Override public void external_pki_sign_request(ClientAPI_ExternalPKISignRequest signreq) { VpnStatus.logDebug("Got external PKI signing request from OpenVPN core"); - signreq.setSig(mVp.getSignedData(signreq.getData(), false)); + signreq.setSig(mVp.getSignedData(signreq.getData())); } void setUserPW() { -- cgit v1.2.3