1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
From 80c47e577b80364c995aa0530a48e17c1a7e460f Mon Sep 17 00:00:00 2001
From: PJ Beers <pj@floorenpj.nl>
Date: Wed, 1 Dec 2021 20:36:55 +0100
Subject: [PATCH] OpenVPN: Import tls-crypt keys
Enable importing tls-crypt keys from an openvpn config file. Previously,
inline tls-crypt keys from *.ovpn files were ignored, causing the
associated connection to fail after import.
---
vpn/openvpn/openvpn.cpp | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/vpn/openvpn/openvpn.cpp b/vpn/openvpn/openvpn.cpp
index 9d1bf8ea..b69f7ec0 100644
--- a/vpn/openvpn/openvpn.cpp
+++ b/vpn/openvpn/openvpn.cpp
@@ -55,6 +55,7 @@ K_PLUGIN_CLASS_WITH_JSON(OpenVpnUiPlugin, "plasmanetworkmanagement_openvpnui.jso
#define RPORT_TAG "rport"
#define SECRET_TAG "secret"
#define TLS_AUTH_TAG "tls-auth"
+#define TLS_CRYPT_TAG "tls-crypt"
#define TLS_CLIENT_TAG "tls-client"
#define TLS_REMOTE_TAG "tls-remote"
#define TUNMTU_TAG "tun-mtu"
@@ -70,6 +71,8 @@ K_PLUGIN_CLASS_WITH_JSON(OpenVpnUiPlugin, "plasmanetworkmanagement_openvpnui.jso
#define END_KEY_SECRET_TAG "</secret>"
#define BEGIN_TLS_AUTH_TAG "<tls-auth>"
#define END_TLS_AUTH_TAG "</tls-auth>"
+#define BEGIN_TLS_CRYPT_TAG "<tls-crypt>"
+#define END_TLS_CRYPT_TAG "</tls-crypt>"
#define PROC_TYPE_TAG "Proc-Type: 4,ENCRYPTED"
#define PKCS8_TAG "-----BEGIN ENCRYPTED PRIVATE KEY-----"
@@ -497,6 +500,27 @@ NMVariantMapMap OpenVpnUiPlugin::importConnectionSettings(const QString &fileNam
}
continue;
}
+ if (key_value[0] == TLS_CRYPT_TAG && key_value.count() > 1) {
+ key_value[1] = line.right(line.length() - line.indexOf(QRegExp("\\s"))); // Get whole string after key
+
+ // We will copy inline certificate later when we reach <tls-crypt> tag.
+ if (key_value[1].trimmed() != QLatin1String("[inline]")) {
+ if (copyCertificates) {
+ const QString absoluteFilePath = tryToCopyToCertificatesDirectory(connectionName, unQuote(key_value[1], fileName));
+ dataMap.insert(QLatin1String(NM_OPENVPN_KEY_TLS_CRYPT), absoluteFilePath);
+ } else {
+ dataMap.insert(QLatin1String(NM_OPENVPN_KEY_TLS_CRYPT), unQuote(key_value[1], fileName));
+ }
+ }
+
+ if (key_value.count() > 2) {
+ key_value[2] = key_value[1];
+ if (!key_value[2].isEmpty() && (key_value[2].toLong() == 0 || key_value[2].toLong() == 1)) {
+ dataMap.insert(QLatin1String(NM_OPENVPN_KEY_TA_DIR), key_value[2]);
+ }
+ }
+ continue;
+ }
if (key_value[0] == CIPHER_TAG) {
if (key_value.count() == 2) {
dataMap.insert(QLatin1String(NM_OPENVPN_KEY_CIPHER), key_value[1]);
@@ -596,6 +620,16 @@ NMVariantMapMap OpenVpnUiPlugin::importConnectionSettings(const QString &fileNam
}
}
continue;
+ } else if (key_value[0] == BEGIN_TLS_CRYPT_TAG) {
+ const QString tlsAuthAbsolutePath = saveFile(in, QLatin1String(END_TLS_CRYPT_TAG), connectionName, "tls_crypt.key");
+ if (!tlsAuthAbsolutePath.isEmpty()) {
+ dataMap.insert(QLatin1String(NM_OPENVPN_KEY_TLS_CRYPT), tlsAuthAbsolutePath);
+
+ if (key_direction > -1) {
+ dataMap.insert(QLatin1String(NM_OPENVPN_KEY_TA_DIR), QString().setNum(key_direction));
+ }
+ }
+ continue;
}
// Import X-NM-Routes if present
--
GitLab
|