android: Add flag to enable RSA/PSS

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
index 84ac65f706f37f851a5032047b95b8eb4ea326f8..8e19d99e81dceecdd1285dc0adadd5e1aebedf51 100644 (file)
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfile.java
@@ -35,6 +35,7 @@ public class VpnProfile implements Cloneable
        public static final int FLAGS_DISABLE_CRL = 1 << 1;
        public static final int FLAGS_DISABLE_OCSP = 1 << 2;
        public static final int FLAGS_STRICT_REVOCATION = 1 << 3;
+       public static final int FLAGS_RSA_PSS = 1 << 4;
 
        private String mName, mGateway, mUsername, mPassword, mCertificate, mUserCertificate;
        private String mRemoteId, mLocalId, mExcludedSubnets, mIncludedSubnets, mSelectedApps;

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
index 34e7938940bd3ae0e9c13d68675b913b57e97f96..803b205a78e08fd288d0d757e92f67e277fe23a6 100644 (file)
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/CharonVpnService.java
@@ -301,6 +301,7 @@ public class CharonVpnService extends VpnService implements Runnable, VpnStateSe
                                                        writer.setValue("global.language", Locale.getDefault().getLanguage());
                                                        writer.setValue("global.mtu", mCurrentProfile.getMTU());
                                                        writer.setValue("global.nat_keepalive", mCurrentProfile.getNATKeepAlive());
+                                                       writer.setValue("global.rsa_pss", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_RSA_PSS) != 0);
                                                        writer.setValue("global.crl", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_CRL) == 0);
                                                        writer.setValue("global.ocsp", (mCurrentProfile.getFlags() & VpnProfile.FLAGS_DISABLE_OCSP) == 0);
                                                        writer.setValue("connection.type", mCurrentProfile.getVpnType().getIdentifier());

diff --git a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
index cc3edbdf45f8ed25c96ca8278db0a85b30d93a9a..1a6a7e680355b7025436dc31e4a1506205f84c3b 100644 (file)
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/charonservice.c
@@ -418,6 +418,9 @@ static void initiate(settings_t *settings)
        lib->settings->set_bool(lib->settings,
                                                "charon.plugins.revocation.enable_ocsp",
                                                settings->get_bool(settings, "global.ocsp", TRUE));
+       lib->settings->set_bool(lib->settings,
+                                               "charon.rsa_pss",
+                                               settings->get_bool(settings, "global.rsa_pss", FALSE));
        /* this is actually the size of the complete IKE/IP packet, so if the MTU
         * for the TUN devices has to be reduced to pass traffic the IKE packets
         * will be a bit smaller than necessary as there is no IPsec overhead like