Tobias Brunner
d67a5b0c4d
android: Use the default scheduler for short-term events
...
Using AlarmManager has quite some overhead, so we use our regular
scheduler for events that are to be executed in the near future.
2020-06-02 14:07:06 +02:00
Tobias Brunner
1b4c4123c2
android: Use Android-specific scheduler on Android 6 and later
2020-06-02 14:07:06 +02:00
Tobias Brunner
b7d66ae2cd
android: Add Android-specific implementation of scheduler_t
...
This uses AlarmManager to schedule events in a way that ensures the app
is woken up (requires whitelisting when in Doze mode to be woken up at
the exact time, otherwise there are delays of up to 15 minutes).
2020-06-02 14:07:06 +02:00
Tobias Brunner
f3695d089b
android: Change how initial log handler is registered
...
Previously, if the two utility functions were called while the VPN
connection was established (i.e. charon was initialized) the logger for
libstrongswan would get reset to the initial log handler. So certain
log messages would not get logged to the log file after the TUN device
was created (one of the helpers is used to convert IPs there).
2020-06-02 14:07:06 +02:00
Tobias Brunner
070cd12dfb
android: Check the current path using DPD after a roaming event
...
A new NAT mapping might be created even if the IP stays the same. Due to
the DPD fallback with NAT keep-alives this might only be necessary in
corner cases, if at all.
2020-06-02 14:07:06 +02:00
Tobias Brunner
664389ebc4
android: Enable switch from NAT interval to DPDs after 20 seconds
2020-06-02 14:07:06 +02:00
Noel Kuntze
09f4bccfea
kernel-netlink: Implement passthrough type routes and use them on Linux
...
Enables us to ignore any future kernel features for routes unless
we actually need to consider them for the source IP routes.
Also enables us to actually really skip IPsec processing for those networks
(because even the routes don't touch those packets). It's more what
users expect.
Co-authored-by: Tobias Brunner <tobias@strongswan.org>
2020-03-10 10:20:58 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
07a6e59b1c
android: Fix remote identity fallback after changing IKE config creation
...
Fixes: 9486a2e5b0
("ike-cfg: Pass arguments as struct")
2019-06-18 10:22:57 +02:00
Tobias Brunner
44e74d9f3e
android: Fix typo when building IKE config
...
Fixes: 9486a2e5b0
("ike-cfg: Pass arguments as struct")
2019-06-18 10:21:07 +02:00
Tobias Brunner
9486a2e5b0
ike-cfg: Pass arguments as struct
2019-04-25 14:31:33 +02:00
Tobias Brunner
7028e9d31e
android: Add helper to parse IP addresses from strings
...
Using InetAddress.fromName() is not ideal as it might result in a DNS
resolution, which causes an exception if we do it from the main thread.
2019-03-05 18:56:09 +01:00
Tobias Brunner
ecfe67550d
signature-params: Provide option for maximum RSA/PSS salt length
...
However, the length now has to be resolved early, so we don't operate on
the negative constant values e.g. when generating the encoding.
2018-10-26 09:03:26 +02:00
Tobias Brunner
7a6426082a
android: Fix implementation of change_state() method in Android IMC
...
The signature was changed with 731e043c8e
("libimcv: Reset of IMC state for
new measurement cycle").
2018-09-21 10:55:34 +02:00
Tobias Brunner
948c42ab2e
android: Properly set log file path
2018-09-12 11:44:57 +02:00
Tobias Brunner
485d202adc
android: Don't enforce the server address as AAA identity for EAP-PEAP/TTLS
...
This is similar to EAP-TLS. We could probably make this configurable
later.
2018-07-04 11:52:23 +02:00
Tobias Brunner
19c95c9bc4
android: Change log message when initializing the native code and add a divider
...
We don't really start a daemon and the divider should make it easier to
identify retries.
2018-07-03 11:31:44 +02:00
Tobias Brunner
ef0f0cc839
android: Don't use infinite keying tries on Android 5+
...
This way we get some feedback about the issue in the GUI (otherwise it
would just switch to connecting state) and also some delays between retries.
2018-07-03 11:31:43 +02:00
Tobias Brunner
163f752022
android: Remove Suite B ESP proposals and reorder some algorithms
2018-07-03 11:31:42 +02:00
Tobias Brunner
205ec47ddb
android: Add flag to enable RSA/PSS
2018-07-03 11:31:42 +02:00
Tobias Brunner
a706058118
android: Add flags to control CRL/OCSP fetching and strict revocation
2018-07-03 11:31:40 +02:00
Tobias Brunner
fb3772ec95
android: Log retries to the same log file
...
It's cleared when a new connection is started or there is a manual
retry.
2018-07-03 11:31:39 +02:00
Tobias Brunner
ab5dbbc4ab
android: Show an error if client certificate is unavailable
...
This can happen on systems (e.g. Android 7.x) where Always-on VPNs are
triggered right after booting before the KeyChain is unlocked by the user.
Retrieving the certificate chain or private key then fails with
"KeyChainException: IllegalStateException: keystore is LOCKED" until the
user unlocks the screen once.
The built-in client actually also fails in this situation (e.g. with XAuth
RSA), it tries three times then stops and shows an error notification.
2018-07-03 11:31:37 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
7b72909774
controller: Add option to force destruction of an IKE_SA
...
It's optionally possible to wait for a timeout to destroy the SA.
2018-05-22 10:06:07 +02:00
Tobias Brunner
2db6d5b8b3
Fixed some typos, courtesy of codespell
2018-02-13 12:19:54 +01:00
Tobias Brunner
6bafa2d346
android: Always send the client certificate
...
In scenarios where the server accepts client certificates from dozens or
even hundreds of CAs it might be necessary to omit certificate request
payloads from the IKE_SA_INIT response to avoid fragmentation.
As it is rarely the case in road-warrior scenarios that the server
already has the client certificate installed it should not be a problem
to always send it.
2018-02-08 12:15:36 +01:00
Tobias Brunner
0729be1bfe
Merge branch 'android-proposals'
...
Makes IKE and ESP proposals configurable.
2017-11-28 16:23:41 +01:00
Tobias Brunner
4a79434b11
android: Remove modp1024 from the ESP proposals
2017-11-28 16:19:08 +01:00
Tobias Brunner
836a943804
android: Add utility JNI function to validate proposal strings
2017-11-17 18:11:39 +01:00
Tobias Brunner
a7c43544dd
android: Use optional custom proposals for IKE and ESP
...
If the proposal is invalid we fall back to the defaults.
2017-11-17 14:31:06 +01:00
Tobias Brunner
8b6c23342c
android: Free settings string passed via JNI
2017-11-17 14:31:06 +01:00
Tobias Brunner
72b7c0ffd8
android: Add support for creating RSASSA-PSS signatures via JNI
2017-11-08 16:48:10 +01:00
Tobias Brunner
de280c2e03
private-key: Add optional parameters argument to sign() method
2017-11-08 16:48:10 +01:00
Tobias Brunner
1fe71a50f1
android: Add log message if failed to retrieve user certificate encoding
2017-11-02 12:19:36 +01:00
Tobias Brunner
829cc56a53
android: Add support to POST data via SimpleFetcher
...
That's required for OCSP verification.
2017-09-04 10:41:29 +02:00
Tobias Brunner
0bebbae9e3
android: Cache CRLs in app directory
...
Fixes #2405 .
2017-09-04 10:41:25 +02:00
Tobias Brunner
3fe9a436ee
android: Pass absolute path to the app's data directory via JNI
2017-09-04 10:41:25 +02:00
Tobias Brunner
ca280574ba
Fixed some typos, courtesy of codespell
2017-08-07 17:22:01 +02:00
Tobias Brunner
3f0592d0fd
android: Add flag to suppress sending certificate requests
2017-07-03 10:37:09 +02:00
Tobias Brunner
db599d6b28
android: Use configured NAT-T keepalive interval
2017-07-03 10:33:29 +02:00
Tobias Brunner
c5ba381757
android: Log some information about the Android version and the device
2017-07-03 10:27:51 +02:00
Tobias Brunner
7b4177578b
android: Add a simple HTTP(S) fetcher for CRLs
2017-07-03 10:27:50 +02:00
Tobias Brunner
2e4d110d1e
linked-list: Change return value of find_first() and signature of its callback
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
Tobias Brunner
8a2e4d4a8b
linked-list: Change interface of callback for invoke_function()
...
This avoids the unportable five pointer hack.
2017-05-26 13:56:44 +02:00
Tobias Brunner
95a63bf281
Migrate all enumerators to venumerate() interface change
2017-05-26 13:56:44 +02:00
Tobias Brunner
94375d46dc
android: Send network change events from a separate thread via JNI
...
Doing this from the main UI thread (which delivers the broadcast) might
cause an ANR if there is a delay (e.g. while acquiring a mutex in the
native parts). There might also have been a race condition during
termination previously because Unregister() was not synchronized so there
might have been dangling events that got delivered while or after the mutex
in the native parts was destroyed.
2017-02-17 13:07:30 +01:00
Tobias Brunner
9665686bd8
daemon: Use separate method to set default loggers
...
This way it is not necessary to pass the same values to reload the
loggers.
2017-01-25 14:58:09 +01:00
Tobias Brunner
9920824e70
android: Make sure libtpmtss is loaded on older systems
...
On newer Android systems this seems to happen automatically (or does at
least not cause crashes if the library is not loaded).
2016-12-09 11:16:42 +01:00
Tobias Brunner
e03c936982
android: Log any installed DNS servers
2016-12-08 17:14:49 +01:00