7 months agowip: unit-tests: Add QSKE exchange tests ikev2-qske
Tobias Brunner [Mon, 16 Jul 2018 13:50:56 +0000 (15:50 +0200)]
wip: unit-tests: Add QSKE exchange tests

wip: IKE rekey collisions are not properly handled at all. The passive
rekey job is adopted by the active one, and is therefore not able to
handle the IKE_AUX request.

7 months agounit-tests: Add mock QSKE implementation
Tobias Brunner [Mon, 16 Jul 2018 13:50:09 +0000 (15:50 +0200)]
unit-tests: Add mock QSKE implementation

7 months agoike-sa-manager: Log SPIs when checking in an IKE_SA
Tobias Brunner [Mon, 16 Jul 2018 13:48:30 +0000 (15:48 +0200)]
ike-sa-manager: Log SPIs when checking in an IKE_SA

7 months agowip: CHILD_SA rekey and creation testing
Tobias Brunner [Fri, 13 Jul 2018 16:45:53 +0000 (18:45 +0200)]
wip: CHILD_SA rekey and creation testing

7 months agowip: child-rekey: Support CHILD_SA rekeying with QSKE
Tobias Brunner [Fri, 13 Jul 2018 16:43:26 +0000 (18:43 +0200)]
wip: child-rekey: Support CHILD_SA rekeying with QSKE

7 months agowip: child-create: Prototypical IKE_AUX exchange for QSKE mechanism
Tobias Brunner [Fri, 13 Jul 2018 14:07:43 +0000 (16:07 +0200)]
wip: child-create: Prototypical IKE_AUX exchange for QSKE mechanism

The CREATE_CHILD_SA exchange is followed by an IKE_AUX exchange, the
CHILD_SA is only installed then (i.e. the SA is not first installed with
regular keys and then replaced when QSKE is complete).

wip: For some errors a more specific notify might be preferable (e.g.
INVALID_SYNTAX if a QSKE payload is missing or an exchange other than
IKE_AUX follows CREATE_CHILD_SA if a QSKE mechanism was negotiated).
wip: This construct would theoretically allow us to use IKE_AUX after
IKE_AUTH to have stronger PFS directly for the first SA (although it
couldn't be combined with classic DH there, as is possible later and for
rekeyings). So maybe relying on childless SAs is the better approach to
have independent keys for CHILD_SAs.

7 months agokeymat_v2: Add optional qske_t argument to derive_child_keys()
Tobias Brunner [Fri, 13 Jul 2018 13:31:34 +0000 (15:31 +0200)]
keymat_v2: Add optional qske_t argument to derive_child_keys()

7 months agochild-create: Split select_and_install() into two functions
Tobias Brunner [Fri, 13 Jul 2018 12:50:22 +0000 (14:50 +0200)]
child-create: Split select_and_install() into two functions

This will allow us to select a proposal and TS during CREATE_CHILD_SA
and then install the CHILD_SA later during IKE_AUX.

7 months agowip: keymat_v2: Cache initial IKE messages for auth octets
Tobias Brunner [Tue, 10 Jul 2018 14:26:58 +0000 (16:26 +0200)]
wip: keymat_v2: Cache initial IKE messages for auth octets

This avoids pre-generating the message to be sent and supports fragments
as used for IKE_AUX.

In scenarios with IKE_AUX this basically changes the auth octets as follows:

  InitiatorSignedOctets = RealMessage1(INIT) | RealMessage3(AUX) | ...
                          NonceRData | MACedIDForI


  ResponderSignedOctets = RealMessage2(INIT) | RealMessage4(AUX) | ...
                          NonceIData | MACedIDForR

wip: Since this requires keeping around quite some data, alternatives would
be to hash the message (with some negotiated or fixed hash function) or
applying the PRF (if it is QC-safe, e.g. with a zero key or the ones we
derived from DH).

7 months agowip: ike-rekey: Support IKE rekeying with QSKE
Tobias Brunner [Tue, 10 Jul 2018 12:36:28 +0000 (14:36 +0200)]
wip: ike-rekey: Support IKE rekeying with QSKE

wip: Special situations like collisions etc. are not tested yet (collisions
could theoretically be resolved before completing the IKE_AUX exchange as the
nonces are known before initiating that).
wip: While waiting for the IKE_AUX exchange we don't set the IKE_SAs
state to IKE_REKEYING (we currently use that state to detect whether we
initiated a rekeying ourseleves).

7 months agochild-cfg: Strip QSKE mechanisms from ESP proposal when we strip DH groups
Tobias Brunner [Mon, 9 Jul 2018 14:59:05 +0000 (16:59 +0200)]
child-cfg: Strip QSKE mechanisms from ESP proposal when we strip DH groups

7 months agoproposal: Generalize DH methods
Tobias Brunner [Mon, 9 Jul 2018 14:27:04 +0000 (16:27 +0200)]
proposal: Generalize DH methods

7 months agotest-vectors: Added QSKE vectors
Andreas Steffen [Tue, 10 Jul 2018 07:31:26 +0000 (09:31 +0200)]
test-vectors: Added QSKE vectors

7 months agoscripts: nist-kam-kat generates KEM KAT test data
Andreas Steffen [Fri, 6 Jul 2018 06:06:16 +0000 (08:06 +0200)]
scripts: nist-kam-kat generates KEM KAT test data

The script converts the Known-Answers-Test data (KAT) for the NIST
post-quantum round 1 submission Key Encapsulation Mechanism (KEM)
candidates into a C struct amenable for our unit-tests.

7 months agounit-tests: Tests for oqs plugin
Andreas Steffen [Wed, 4 Jul 2018 17:15:41 +0000 (19:15 +0200)]
unit-tests: Tests for oqs plugin

7 months agounit-tests: Fixed newhope plugin test
Andreas Steffen [Wed, 4 Jul 2018 17:12:19 +0000 (19:12 +0200)]
unit-tests: Fixed newhope plugin test

7 months agotesting: Added swanctl/rw-qske-l1 and swanctl/rw-qske-l5 scenarios
Andreas Steffen [Mon, 18 Jun 2018 22:06:35 +0000 (00:06 +0200)]
testing: Added swanctl/rw-qske-l1 and swanctl/rw-qske-l5 scenarios

7 months agowip: ike-init: Prototypical IKE_AUX exchange for QSKE mechanisms
Tobias Brunner [Mon, 25 Jun 2018 15:19:39 +0000 (17:19 +0200)]
wip: ike-init: Prototypical IKE_AUX exchange for QSKE mechanisms

wip: HA and the ike_keys() hook on listener_t currently handle only
classic key derivation.
Proper error handling (i.e. returning error notifies and handling them) is
missing on both ends.
wip: Do retransmits work after changing the keys? (Probably not, as
parse_body() will fail, so we might have to keep the old keys around
until we processed the IKE_AUTH request.)

7 months agokeymat_v2: Add optional qske_t argument to derive_ike_keys()
Tobias Brunner [Thu, 28 Jun 2018 09:40:49 +0000 (11:40 +0200)]
keymat_v2: Add optional qske_t argument to derive_ike_keys()

If given, it's used to get the shared secret instead of the
diffie_hellman_t implementation.

7 months agokeymat_v2: Proper cleanup if derive_ike_keys() is called multiple times
Tobias Brunner [Thu, 28 Jun 2018 13:33:35 +0000 (15:33 +0200)]
keymat_v2: Proper cleanup if derive_ike_keys() is called multiple times

7 months agokeymat_v2: Add method to create QSKE implementation
Tobias Brunner [Thu, 28 Jun 2018 09:38:54 +0000 (11:38 +0200)]
keymat_v2: Add method to create QSKE implementation

7 months agoikev2: Allow tasks to do work after generating requests/responses
Tobias Brunner [Thu, 28 Jun 2018 08:44:40 +0000 (10:44 +0200)]
ikev2: Allow tasks to do work after generating requests/responses

7 months agotask: Add optional post_build() method
Tobias Brunner [Thu, 28 Jun 2018 08:44:03 +0000 (10:44 +0200)]
task: Add optional post_build() method

This will allow tasks to do some work after the message has been

7 months agounit-tests: Use a simple default IKE proposal to avoid issues with IKE_AUX
Tobias Brunner [Tue, 26 Jun 2018 08:13:05 +0000 (10:13 +0200)]
unit-tests: Use a simple default IKE proposal to avoid issues with IKE_AUX

The exchange tests don't expect an IKE_AUX exchange so we don't want any
QSKE methods getting negotiated (in case they are proposed in the default

7 months agoike-auth: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 12:27:16 +0000 (14:27 +0200)]
ike-auth: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH

7 months agochild-create: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 12:14:59 +0000 (14:14 +0200)]
child-create: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH

Handling of IKE_AUX when creating new CHILD_SAs or rekeying is not yet

7 months agoike-mobike: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 12:03:56 +0000 (14:03 +0200)]
ike-mobike: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH

This changes the MID of the first IKE_AUTH message.

7 months agoike-config: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 10:32:27 +0000 (12:32 +0200)]
ike-config: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH

This changes the MID of the first IKE_AUTH message.

7 months agoike-cert-post: Make absolutely sure certificates are only added to IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 10:23:50 +0000 (12:23 +0200)]
ike-cert-post: Make absolutely sure certificates are only added to IKE_AUTH

The AUTH payload check should be fine, but add some extra checks just to make
really sure and also for clarification.

7 months agoike-cert-pre: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH
Tobias Brunner [Mon, 25 Jun 2018 10:07:50 +0000 (12:07 +0200)]
ike-cert-pre: Support IKE_AUX exchange between IKE_SA_INIT and IKE_AUTH

The first IKE_AUTH does not have MID 1 if that's the case.

7 months agostatus: Add return_need_more() utility function
Tobias Brunner [Fri, 13 Jul 2018 12:52:05 +0000 (14:52 +0200)]
status: Add return_need_more() utility function

7 months agooqs: Created QSKE plugin based on OQS library
Andreas Steffen [Wed, 27 Jun 2018 11:22:58 +0000 (13:22 +0200)]
oqs: Created QSKE plugin based on OQS library

7 months agoqske-newhope: Created NewHope QSKE plugin
Andreas Steffen [Wed, 20 Jun 2018 12:51:07 +0000 (14:51 +0200)]
qske-newhope: Created NewHope QSKE plugin

7 months agostroke: Support for QSKE mechanisms
Andreas Steffen [Thu, 21 Jun 2018 08:23:52 +0000 (10:23 +0200)]
stroke: Support for QSKE mechanisms

7 months agoswanctl: Support for QSKE mechanisms
Andreas Steffen [Mon, 18 Jun 2018 22:30:11 +0000 (00:30 +0200)]
swanctl: Support for QSKE mechanisms

7 months agovici: Support for QSKE mechanisms
Andreas Steffen [Mon, 18 Jun 2018 22:29:39 +0000 (00:29 +0200)]
vici: Support for QSKE mechanisms

7 months agoencoding: Transport of QSKE payload via IKE_AUX
Andreas Steffen [Mon, 18 Jun 2018 15:48:04 +0000 (17:48 +0200)]
encoding: Transport of QSKE payload via IKE_AUX

7 months agocrypto: Support for QSKE mechanisms
Andreas Steffen [Mon, 18 Jun 2018 15:43:11 +0000 (17:43 +0200)]
crypto: Support for QSKE mechanisms

A new transform type for Quantum-Safe Key Encapsulation (QSKE)
mechanisms is defined.

7 months agotesting: Optionally build/install strongSwan only on a specific guest
Tobias Brunner [Wed, 11 Jul 2018 16:38:09 +0000 (18:38 +0200)]
testing: Optionally build/install strongSwan only on a specific guest

This may be used to test different strongSwan versions against each

7 months agoconf: Fix bench_time documentation
Tobias Brunner [Mon, 9 Jul 2018 16:10:07 +0000 (18:10 +0200)]
conf: Fix bench_time documentation

7 months agomessage: Report the size of the complete reassembled IKE message
Tobias Brunner [Thu, 5 Jul 2018 15:36:21 +0000 (17:36 +0200)]
message: Report the size of the complete reassembled IKE message

This way we see the same size on both ends, namely that of the complete
IKE message as if it was sent in a single packet (excluding UDP/IP headers).

7 months agoencrypted-payload: Change how the length for reassembled messages is calculated
Tobias Brunner [Thu, 5 Jul 2018 15:21:47 +0000 (17:21 +0200)]
encrypted-payload: Change how the length for reassembled messages is calculated

If we have an AEAD transform we add the overhead as if the data would have
been transported in a single encrypted payload.

7 months agoencrypted-payload: Add getter for the used AEAD transform
Tobias Brunner [Thu, 5 Jul 2018 15:20:52 +0000 (17:20 +0200)]
encrypted-payload: Add getter for the used AEAD transform

7 months agotesting: Fix checks after changing fragmentation log messages
Tobias Brunner [Thu, 5 Jul 2018 15:19:39 +0000 (17:19 +0200)]
testing: Fix checks after changing fragmentation log messages

7 months agocharon-nm: Parse any type of private key in need_secrets
SC Lee [Mon, 9 Jul 2018 09:54:25 +0000 (17:54 +0800)]
charon-nm: Parse any type of private key in need_secrets

Previously, when the user supplied an ECDSA key for public key authentication,
the user was always asked to provide a password, even if the key was not

Related: 954f73ea6e7e ("charon-nm: Parse any type of private key not only RSA")
Closes strongswan/strongswan#108.

7 months agokernel-pfkey: Add support for native ChaCha20/Poly1305 on macOS
Tobias Brunner [Fri, 6 Jul 2018 08:17:52 +0000 (10:17 +0200)]
kernel-pfkey: Add support for native ChaCha20/Poly1305 on macOS

7 months agokernel-pfkey: Enable macOS native AES_GCM_ICV16 support
Ruben Tytgat [Thu, 5 Jul 2018 15:54:42 +0000 (17:54 +0200)]
kernel-pfkey: Enable macOS native AES_GCM_ICV16 support

macOS supports AES_GCM_ICV16 natively using PF_KEYv2.

This change enables AES_GCM if the corresponding definition is detected
in the headers.

With this change it is no longer necessary to use the libipsec module to
use AES_GCM on macOS.

Closes strongswan/strongswan#107.

7 months agotesting: The dhcp plugin uses the DHCP client port again by default
Tobias Brunner [Thu, 5 Jul 2018 16:12:40 +0000 (18:12 +0200)]
testing: The dhcp plugin uses the DHCP client port again by default

This reverts parts of commit becf027cd9b0af162247015a9fff6c00e59fd6ce.

Fixes: 707b70725a7d ("dhcp: Only use DHCP server port if explicitly configured")

7 months agoandroid: New release after fixing EAP-PEAP issue and Autofill crash
Tobias Brunner [Wed, 4 Jul 2018 09:51:44 +0000 (11:51 +0200)]
android: New release after fixing EAP-PEAP issue and Autofill crash

7 months agoRevert "android: Enable the eap-ttls and eap-peap plugins"
Tobias Brunner [Wed, 4 Jul 2018 17:35:55 +0000 (19:35 +0200)]
Revert "android: Enable the eap-ttls and eap-peap plugins"

This reverts commit 064c97afaeabc341f98577eae67073641b1591db.

We have to make this optional and more configurable.  It seems some
commercial VPN providers use self-signed certificates for their AAA

7 months agoandroid: Move hint from TextInputEditText to TextInputLayout
Tobias Brunner [Wed, 4 Jul 2018 09:43:40 +0000 (11:43 +0200)]
android: Move hint from TextInputEditText to TextInputLayout

This avoids a NullPointerException on Android 8 related to the optional
Autofill functionality.  The bug has been fixed in Android 8.1 [1] but there
is no fix for Android 8.


7 months agoandroid: Don't enforce the server address as AAA identity for EAP-PEAP/TTLS
Tobias Brunner [Wed, 4 Jul 2018 09:17:04 +0000 (11:17 +0200)]
android: Don't enforce the server address as AAA identity for EAP-PEAP/TTLS

This is similar to EAP-TLS.  We could probably make this configurable

7 months agoandroid: New release after fixing cancelling connecting on older systems
Tobias Brunner [Tue, 3 Jul 2018 13:43:32 +0000 (15:43 +0200)]
android: New release after fixing cancelling connecting on older systems

7 months agoandroid: Poll dropper TUN device for data on older Android systems
Tobias Brunner [Tue, 3 Jul 2018 13:03:51 +0000 (15:03 +0200)]
android: Poll dropper TUN device for data on older Android systems

It seems that even the NIO version of read() is uninterruptible on
platforms < Android 7 (24).

7 months agoMerge branch 'android-updates'
Tobias Brunner [Tue, 3 Jul 2018 10:15:52 +0000 (12:15 +0200)]
Merge branch 'android-updates'

Lots of new features, e.g. Quick Settings tile, Always-on VPN, error
recovery, and lots of improvements under the hood.

7 months agoandroid: New version after adding lots of new features
Tobias Brunner [Thu, 21 Jun 2018 17:06:49 +0000 (19:06 +0200)]
android: New version after adding lots of new features

7 months agoandroid: Use ListView for log messages
Tobias Brunner [Mon, 2 Jul 2018 16:05:13 +0000 (18:05 +0200)]
android: Use ListView for log messages

This is hopefully a bit more efficient for large log files than the previous
single TextView.  The ListView widget also provides an auto-scroll mechanism.

7 months agoandroid: Simplify error handling in VPN state fragment
Tobias Brunner [Fri, 29 Jun 2018 14:42:18 +0000 (16:42 +0200)]
android: Simplify error handling in VPN state fragment

Always reset the error state when disconnecting via state service. This
way the error state is also cleared when the connection is terminated
directly via control activity.

7 months agoandroid: Remove MIME type filter when importing trusted certificates
Tobias Brunner [Fri, 29 Jun 2018 14:04:10 +0000 (16:04 +0200)]
android: Remove MIME type filter when importing trusted certificates

This way we should see files even if the MIME type has not been set
correctly while downloading it.

7 months agoandroid: Show date/thread prefix in log view if we have enough space
Tobias Brunner [Fri, 29 Jun 2018 10:50:31 +0000 (12:50 +0200)]
android: Show date/thread prefix in log view if we have enough space

This is the case for tablets or even phones in landscape orientation.
600dp is the breaking point for small tablets according to Google's

7 months agoandroid: Change log message when initializing the native code and add a divider
Tobias Brunner [Fri, 29 Jun 2018 10:07:17 +0000 (12:07 +0200)]
android: Change log message when initializing the native code and add a divider

We don't really start a daemon and the divider should make it easier to
identify retries.

7 months agoandroid: Don't use infinite keying tries on Android 5+
Tobias Brunner [Fri, 29 Jun 2018 09:41:41 +0000 (11:41 +0200)]
android: Don't use infinite keying tries on Android 5+

This way we get some feedback about the issue in the GUI (otherwise it
would just switch to connecting state) and also some delays between retries.

7 months agoandroid: Allow explicit termination of a profile without confirmation
Tobias Brunner [Mon, 25 Jun 2018 09:02:08 +0000 (11:02 +0200)]
android: Allow explicit termination of a profile without confirmation

7 months agoandroid: Handle restarts of the control Activity better
Tobias Brunner [Fri, 22 Jun 2018 11:57:51 +0000 (13:57 +0200)]
android: Handle restarts of the control Activity better

For instance, rotating a device will restart it and this previously
could have started the wrong profile or shown the system's VPN
confirmation dialog twice.

7 months agoandroid: Properly handle pressing home when VPN confirmation dialog is shown
Tobias Brunner [Fri, 22 Jun 2018 09:22:23 +0000 (11:22 +0200)]
android: Properly handle pressing home when VPN confirmation dialog is shown

As documented, onActivityResult() is called right before onResume() when
the activity is reactivated.  However, if the system's VPN confirmation
dialog is shown and the home button is pressed, the activity is stopped
and not just paused, so its state is saved.  And onActivityResult() is
actually also called before onStart().  This means that no fragment
transactions may be committed (i.e. no dialog may be shown) when the
activity is later restarted (e.g. because there is another attempt to
connect the VPN) until onStart() has been called.  So if we'd try to show
the error dialog in onActivityResult() after returning to the launcher
it would result in an IllegalStateException.

However, showing the dialog for the previous confirmation dialog is not
ideal anyway, so we just ignore that result.

7 months agoandroid: Crudely catch exception if no file browser is available
Tobias Brunner [Thu, 21 Jun 2018 17:05:33 +0000 (19:05 +0200)]
android: Crudely catch exception if no file browser is available

Seen on Android TV in the emulator.

7 months agoandroid: Enable the eap-ttls and eap-peap plugins
Tobias Brunner [Thu, 21 Jun 2018 16:35:37 +0000 (18:35 +0200)]
android: Enable the eap-ttls and eap-peap plugins

7 months agoandroid: Pass UUID to VPN service to initiate profiles
Tobias Brunner [Thu, 21 Jun 2018 14:46:13 +0000 (16:46 +0200)]
android: Pass UUID to VPN service to initiate profiles

7 months agoandroid: Remove Suite B ESP proposals and reorder some algorithms
Tobias Brunner [Thu, 21 Jun 2018 12:49:22 +0000 (14:49 +0200)]
android: Remove Suite B ESP proposals and reorder some algorithms

7 months agoandroid: Make RSA/PSS flag configurable in the GUI
Tobias Brunner [Thu, 21 Jun 2018 10:51:51 +0000 (12:51 +0200)]
android: Make RSA/PSS flag configurable in the GUI

7 months agoandroid: Import RSA/PSS flag
Tobias Brunner [Thu, 21 Jun 2018 10:25:28 +0000 (12:25 +0200)]
android: Import RSA/PSS flag

7 months agoandroid: Add flag to enable RSA/PSS
Tobias Brunner [Thu, 21 Jun 2018 10:09:47 +0000 (12:09 +0200)]
android: Add flag to enable RSA/PSS

7 months agoandroid: Make fetching OCSP/CRL interruptible
Tobias Brunner [Thu, 21 Jun 2018 09:17:22 +0000 (11:17 +0200)]
android: Make fetching OCSP/CRL interruptible

This allows cancelling connecting if e.g. the OCSP server is not
reachable. Previously this caused some delay in disconnecting state but
even worse it cause an ANR if the user tried reconnecting during that
time as the main thread would get struck in setNextProfile() (we could
probably find a better solution there too in the future).

7 months agoandroid: Make CRL/OCSP/strict flags configurable in the GUI
Tobias Brunner [Wed, 20 Jun 2018 15:37:44 +0000 (17:37 +0200)]
android: Make CRL/OCSP/strict flags configurable in the GUI

7 months agoandroid: Import CRL/OCSP/strict flags
Tobias Brunner [Wed, 20 Jun 2018 15:25:18 +0000 (17:25 +0200)]
android: Import CRL/OCSP/strict flags

7 months agoandroid: Fix import of certificate request flag
Tobias Brunner [Wed, 20 Jun 2018 15:23:08 +0000 (17:23 +0200)]
android: Fix import of certificate request flag

7 months agoandroid: Add flags to control CRL/OCSP fetching and strict revocation
Tobias Brunner [Wed, 20 Jun 2018 15:18:03 +0000 (17:18 +0200)]
android: Add flags to control CRL/OCSP fetching and strict revocation

7 months agorevocation: Support en-/disabling CRL/OCSP at runtime
Tobias Brunner [Thu, 21 Jun 2018 06:59:40 +0000 (08:59 +0200)]
revocation: Support en-/disabling CRL/OCSP at runtime

7 months agoandroid: Use activity when reconnecting without (or a possibly wrong) password
Tobias Brunner [Wed, 20 Jun 2018 10:25:09 +0000 (12:25 +0200)]
android: Use activity when reconnecting without (or a possibly wrong) password

7 months agoandroid: Use startForegroundService() to start VpnService
Tobias Brunner [Tue, 19 Jun 2018 15:31:51 +0000 (17:31 +0200)]
android: Use startForegroundService() to start VpnService

This gives us some time to call startForeground() so we don't get

7 months agoandroid: Install a blocking TUN device until the VPN is established
Tobias Brunner [Tue, 19 Jun 2018 15:14:17 +0000 (17:14 +0200)]
android: Install a blocking TUN device until the VPN is established

It's reinstalled when reconnecting (or during error recovery) and
eventually uninstalled after disconnecting.

Only on Android 5+, otherwise we'd block our fetcher (and Android 4.4 is
stupid in regards to overlapping TUN devices anyway).

Note that Android 8's blocking feature blocks everything that passes by
the VPN, so this only works when tunneling everything (i.e. neither subnets,
nor apps can be excluded from the VPN if that feature is enabled).

7 months agoandroid: Exclude our own app from the VPN
Tobias Brunner [Tue, 19 Jun 2018 15:01:21 +0000 (17:01 +0200)]
android: Exclude our own app from the VPN

Otherwise, a blocking VPN interface would prevent our fetcher from working
as we currently rely on an interface that doesn't allow access to the
underlying socket/FD, which would be required to call VpnService.protect().

7 months agoandroid: Log retries to the same log file
Tobias Brunner [Tue, 19 Jun 2018 09:15:16 +0000 (11:15 +0200)]
android: Log retries to the same log file

It's cleared when a new connection is started or there is a manual

7 months agoandroid: Use capped exponential backoff for automatic retries
Tobias Brunner [Mon, 18 Jun 2018 17:04:03 +0000 (19:04 +0200)]
android: Use capped exponential backoff for automatic retries

7 months agoandroid: Show countdown and retry button in notification
Tobias Brunner [Mon, 18 Jun 2018 14:57:03 +0000 (16:57 +0200)]
android: Show countdown and retry button in notification

7 months agoandroid: Avoid IllegalStateException in state fragments
Tobias Brunner [Mon, 18 Jun 2018 14:45:37 +0000 (16:45 +0200)]
android: Avoid IllegalStateException in state fragments

This happened if the state service got connected while such a fragment was
not visible (anymore or at all).

7 months agoandroid: Don't hide the notification if we are connecting to a profile
Tobias Brunner [Mon, 18 Jun 2018 14:30:26 +0000 (16:30 +0200)]
android: Don't hide the notification if we are connecting to a profile

In particular, if we are reconnecting after an error.

7 months agoandroid: Add an automatic reconnect on errors
Tobias Brunner [Fri, 15 Jun 2018 12:40:01 +0000 (14:40 +0200)]
android: Add an automatic reconnect on errors

This way the connection will be attempted to be kept up even on "fatal"
errors like authentication failures.

7 months agoike-sa-manager: Fix races when changing initiator SPI of an IKE_SA
Tobias Brunner [Fri, 15 Jun 2018 10:34:15 +0000 (12:34 +0200)]
ike-sa-manager: Fix races when changing initiator SPI of an IKE_SA

Removing and readding the entry to a potentially different row/segment,
while driving out waiting and new threads, could prevent threads from
acquiring the SA even if they were waiting to check it out by unique
ID (which doesn't change), or if they were just trying to enumerate it.
With this change the row and segment doesn't change anymore and waiting
threads may acquire the SA. However, those looking for an IKE_SA by SPIs
might get one back that has a different SPI (but that's probably not
something that happens very often this early).

This was noticed because we check out SAs by unique ID in the Android
app to terminate them after failed retransmits if we are not reestablishing
the SA (otherwise we continue), and this sometimes failed.

Fixes: eaedcf8c0054 ("ike-sa-manager: Add method to change the initiator SPI of an IKE_SA")

7 months agoandroid: Show a retry button in the error banner
Tobias Brunner [Fri, 15 Jun 2018 09:00:08 +0000 (11:00 +0200)]
android: Show a retry button in the error banner

The button to view the log is now below the status info.  And since the
IMC results are just below that we don't need a special handling for
that anymore.

7 months agoandroid: Add function to quickly reconnect the current profile
Tobias Brunner [Fri, 15 Jun 2018 08:58:59 +0000 (10:58 +0200)]
android: Add function to quickly reconnect the current profile

7 months agoandroid: Use Java 8 features
Tobias Brunner [Thu, 14 Jun 2018 16:13:44 +0000 (18:13 +0200)]
android: Use Java 8 features

7 months agoandroid: Show an error if client certificate is unavailable
Tobias Brunner [Thu, 14 Jun 2018 13:20:57 +0000 (15:20 +0200)]
android: Show an error if client certificate is unavailable

This can happen on systems (e.g. Android 7.x) where Always-on VPNs are
triggered right after booting before the KeyChain is unlocked by the user.
Retrieving the certificate chain or private key then fails with
"KeyChainException: IllegalStateException: keystore is LOCKED" until the
user unlocks the screen once.

The built-in client actually also fails in this situation (e.g. with XAuth
RSA), it tries three times then stops and shows an error notification.

7 months agoandroid: Show an error if a profile without a password is initiated
Tobias Brunner [Thu, 14 Jun 2018 13:16:45 +0000 (15:16 +0200)]
android: Show an error if a profile without a password is initiated

This could happen if an incomplete profile is used with Always-on VPN.

7 months agoandroid: Use modern shortcuts on Android 8+
Tobias Brunner [Tue, 19 Jun 2018 10:32:55 +0000 (12:32 +0200)]
android: Use modern shortcuts on Android 8+

7 months agoandroid: Add an adaptive launcher icon
Tobias Brunner [Thu, 14 Jun 2018 12:02:22 +0000 (14:02 +0200)]
android: Add an adaptive launcher icon

Using <inset> in a mipmap folder apparently is not fully valid, at least
Android Studio complains about it (it seems to work fine, though).

7 months agoandroid: Show the actual error description in the notification
Tobias Brunner [Wed, 13 Jun 2018 14:31:41 +0000 (16:31 +0200)]
android: Show the actual error description in the notification

7 months agoandroid: Change format for error strings
Tobias Brunner [Wed, 13 Jun 2018 14:42:24 +0000 (16:42 +0200)]
android: Change format for error strings

Place the dot in the main message not the descriptions of the individual

7 months agoandroid: Collapse Quick Settings drawer if password entry is required
Tobias Brunner [Wed, 13 Jun 2018 14:07:28 +0000 (16:07 +0200)]
android: Collapse Quick Settings drawer if password entry is required

7 months agoandroid: Initiate configured default profile when triggered as Always-on VPN
Tobias Brunner [Tue, 12 Jun 2018 15:46:08 +0000 (17:46 +0200)]
android: Initiate configured default profile when triggered as Always-on VPN

With Android 8.1 this isn't triggered after a reboot until the device
has been unlocked once (solving the issue with the key store) and traffic
may optionally be blocked by the user until the VPN is established.

There are still some issues (e.g. password prompts and fatal errors), and we
might need some workaround for older Android releases.