From: Tobias Brunner Date: Tue, 14 Nov 2017 10:18:13 +0000 (+0100) Subject: android: Make IKE/ESP proposals configurable in the GUI X-Git-Tag: 5.6.2dr1~4^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2d1f65feb3d901c126df47b2e690818192a80f43;p=thirdparty%2Fstrongswan.git android: Make IKE/ESP proposals configurable in the GUI --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java index 8792fd7e47..6ba8f80fb8 100644 --- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java @@ -37,6 +37,7 @@ import android.text.SpannableString; import android.text.Spanned; import android.text.TextUtils; import android.text.TextWatcher; +import android.text.method.LinkMovementMethod; import android.util.Log; import android.view.Menu; import android.view.MenuInflater; @@ -126,6 +127,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity private CheckBox mBlockIPv6; private Spinner mSelectSelectedAppsHandling; private RelativeLayout mSelectApps; + private TextInputLayoutHelper mIkeProposalWrap; + private EditText mIkeProposal; + private TextInputLayoutHelper mEspProposalWrap; + private EditText mEspProposal; @Override public void onCreate(Bundle savedInstanceState) @@ -181,6 +186,13 @@ public class VpnProfileDetailActivity extends AppCompatActivity mSelectSelectedAppsHandling = (Spinner)findViewById(R.id.apps_handling); mSelectApps = (RelativeLayout)findViewById(R.id.select_applications); + mIkeProposal = (EditText)findViewById(R.id.ike_proposal); + mIkeProposalWrap = (TextInputLayoutHelper)findViewById(R.id.ike_proposal_wrap); + mEspProposal = (EditText)findViewById(R.id.esp_proposal); + mEspProposalWrap = (TextInputLayoutHelper)findViewById(R.id.esp_proposal_wrap); + /* make the link clickable */ + ((TextView)findViewById(R.id.proposal_intro)).setMovementMethod(LinkMovementMethod.getInstance()); + final SpaceTokenizer spaceTokenizer = new SpaceTokenizer(); mName.setTokenizer(spaceTokenizer); mRemoteId.setTokenizer(spaceTokenizer); @@ -546,7 +558,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.getPort() != null || mProfile.getNATKeepAlive() != null || (flags != null && flags != 0) || (st != null && st != 0) || mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null || - mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE; + mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE || + mProfile.getIkeProposal() != null || mProfile.getEspProposal() != null; } mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE); mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE); @@ -686,6 +699,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity mProfile.setSplitTunneling(st == 0 ? null : st); mProfile.setSelectedAppsHandling(mSelectedAppsHandling); mProfile.setSelectedApps(mSelectedApps); + String ike = mIkeProposal.getText().toString().trim(); + mProfile.setIkeProposal(ike.isEmpty() ? null : ike); + String esp = mEspProposal.getText().toString().trim(); + mProfile.setEspProposal(esp.isEmpty() ? null : esp); } /** @@ -719,6 +736,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0); mSelectedAppsHandling = mProfile.getSelectedAppsHandling(); mSelectedApps = mProfile.getSelectedAppsSet(); + mIkeProposal.setText(mProfile.getIkeProposal()); + mEspProposal.setText(mProfile.getEspProposal()); flags = mProfile.getFlags(); useralias = mProfile.getUserCertificateAlias(); local_id = mProfile.getLocalId(); diff --git a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml index f765dbcf19..d4d88314d0 100644 --- a/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml +++ b/src/frontends/android/app/src/main/res/layout/profile_detail_view.xml @@ -362,6 +362,58 @@ android:id="@+id/select_applications" layout="@layout/two_line_button" /> + + + + + + + + + + + + + + + + diff --git a/src/frontends/android/app/src/main/res/values-de/strings.xml b/src/frontends/android/app/src/main/res/values-de/strings.xml index 84d6bcd018..93eeb2a51a 100644 --- a/src/frontends/android/app/src/main/res/values-de/strings.xml +++ b/src/frontends/android/app/src/main/res/values-de/strings.xml @@ -96,6 +96,12 @@ Keine Apps ausgewählt Eine App ausgewählt %1$d Apps ausgewählt + Algorithmen + Optionale spezifische Algorithmen für IKEv2 und/oder IPsec/ESP die statt der Standardwerte verwendet werden sollen. Eine Liste gültiger Algorithmen kann unserem Wiki entnommen werden (nicht alle werden von dieser App unterstützt). Beide Felder erwarten eine Liste von Algorithmen, jeweils mit einem Bindestrich getrennt. + IKEv2 Algorithmen + Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus, eine pseudozufällige Funktion (PRF, optional, ansonsten wird eine auf dem Integritätsalgorithmus basierende verwendet) und eine Diffie-Hellman Gruppe benötigt (z.B. aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen aber eine PRF wird benötigt (z.B. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithmen + Für non-AEAD/klassische Verschlüsselungsalgorithmen wird ein Integritätsalgorithmus benötigt, eine Diffie-Hellman Gruppe ist optional (z.B. aes256-sha256 oder aes256-sha256-ecp256). Für kombinierte/AEAD Algorithmen wird der Integritätsalgorithmus weggelassen (z.B. aes256gcm16 oder aes256gcm16-ecp256). Falls eine DH Gruppe angegeben wird, kommt während dem IPsec SA Rekeying ein DH Schlüsselaustausch zur Anwendung. Beim initialen Verbindungsaufbau hat eine DH Gruppe hier keinen Einfluss, weil die Schlüssel dort von der IKE SA abgeleitet werden. Deshalb wird eine Fehlkonfiguration mit dem Server erst später während dem Rekeying zu einem Fehler führen. VPN Profile importieren VPN Profil-Import fehlgeschlagen VPN Profil-Import fehlgeschlagen: %1$s diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml index c6a8b53f33..cc48a9b282 100644 --- a/src/frontends/android/app/src/main/res/values-pl/strings.xml +++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml @@ -96,6 +96,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. Import VPN profile Failed to import VPN profile Failed to import VPN profile: %1$s diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml index b47c4993a0..a422300993 100644 --- a/src/frontends/android/app/src/main/res/values-ru/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml @@ -93,6 +93,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. Import VPN profile Failed to import VPN profile Failed to import VPN profile: %1$s diff --git a/src/frontends/android/app/src/main/res/values-ua/strings.xml b/src/frontends/android/app/src/main/res/values-ua/strings.xml index 69258b0480..3f4a4c62f0 100644 --- a/src/frontends/android/app/src/main/res/values-ua/strings.xml +++ b/src/frontends/android/app/src/main/res/values-ua/strings.xml @@ -94,6 +94,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. Import VPN profile Failed to import VPN profile Failed to import VPN profile: %1$s diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml index a88e7aa9e5..7d0d529a42 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml @@ -93,6 +93,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. 导入VPN配置 导入VPN配置失败 导入VPN配置失败: %1$s diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml index 8ef0feb2ee..4e87530a98 100644 --- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml +++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml @@ -93,6 +93,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. 匯入VPN設定檔 匯入VPN設定檔失敗 匯入VPN設定檔失敗: %1$s diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml index a02de6b1ce..c51f373ea9 100644 --- a/src/frontends/android/app/src/main/res/values/strings.xml +++ b/src/frontends/android/app/src/main/res/values/strings.xml @@ -96,6 +96,12 @@ No applications selected One application selected %1$d applications selected + Algorithms + Optionally configure specific algorithms to use for IKEv2 and/or IPsec/ESP instead of the defaults. Refer to our wiki for a list of algorithm identifiers (note that not all are supported by this app). Both fields take a list of algorithms, each separated by a hyphen. + IKEv2 Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm, a pseudo random function (optional, defaults to one based on the integrity algorithm) and a Diffie-Hellman group are required (e.g. aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted but a PRF is required (e.g. aes256gcm16-prfsha256-ecp256). + IPsec/ESP Algorithms + For non-AEAD/classic encryption algorithms, an integrity algorithm is required, a Diffie-Hellman group is optional (e.g. aes256-sha256 or aes256-sha256-ecp256). For combined-mode/AEAD algorithms, the integrity algorithm is omitted (e.g. aes256gcm16 or aes256gcm16-ecp256). If a DH group is specified IPsec SA rekeying will use a DH key exchange. However, DH groups specified here are not used when the connection is established initially because the keys there are derived from the IKE SA key material. Therefore, any configuration mismatch with the server will only cause errors later during rekeying. Import VPN profile Failed to import VPN profile Failed to import VPN profile: %1$s