use private temp files to pass decrypted private keys

Android 10 (API 29) doesn't allow us to pass them by sharing file descriptors anymore, making the use of temp files mandatory. GitHub: https://github.com/pacien/tincapp/issues/92
author: pacien 2020-01-20 19:18:12 +0100
committer: pacien 2020-01-20 19:18:12 +0100
commit: b04d9581adb3e3176586f31ffdba123125546201 (patch)
tree: 468776749a6596b299d7075ab998117a06c58813 /app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt
parent: 883b5abc7b2a770146683e7e27bf275bd4064511 (diff)
download: tincapp-b04d9581adb3e3176586f31ffdba123125546201.tar.gz
1 files changed, 9 insertions, 7 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt b/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt
index 48cb1df..c688742 100644
--- a/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt
+++ b/app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt
@@ -102,12 +102,17 @@ class TincVpnService : VpnService() {
    log.info("Starting tinc daemon for network \"$netName\".")
    if (isConnected() || getCurrentNetName() != null) stopVpn().join()
-    // FIXME: pass decrypted private keys via temp file
    val privateKeys = try {
      TincConfiguration.fromTincConfiguration(AppPaths.existing(AppPaths.tincConfFile(netName))).let { tincCfg ->
        Pair(
-          TincKeyring.openPrivateKey(tincCfg.ed25519PrivateKeyFile ?: AppPaths.defaultEd25519PrivateKeyFile(netName), passphrase),
+          TincKeyring.unlockKey(
-          TincKeyring.openPrivateKey(tincCfg.privateKeyFile ?: AppPaths.defaultRsaPrivateKeyFile(netName), passphrase))
+            AppPaths.NET_DEFAULT_ED25519_PRIVATE_KEY_FILE,
+            tincCfg.ed25519PrivateKeyFile ?: AppPaths.defaultEd25519PrivateKeyFile(netName),
+            passphrase),
+          TincKeyring.unlockKey(
+            AppPaths.NET_DEFAULT_RSA_PRIVATE_KEY_FILE,
+            tincCfg.privateKeyFile ?: AppPaths.defaultRsaPrivateKeyFile(netName),
+            passphrase))
      }
    } catch (e: FileNotFoundException) {
      Pair(null, null)
@@ -143,15 +148,12 @@ class TincVpnService : VpnService() {
    val serverSocket = LocalServerSocket(DEVICE_FD_ABSTRACT_SOCKET)
    Executor.runAsyncTask { serveDeviceFd(serverSocket, deviceFd) }
-    // FIXME: pass decrypted private keys via temp file
+    val daemon = Tincd.start(netName, DEVICE_FD_ABSTRACT_SOCKET, privateKeys.first, privateKeys.second)
-    val daemon = Tincd.start(netName, DEVICE_FD_ABSTRACT_SOCKET, null, null)
    setState(netName, passphrase, interfaceCfg, deviceFd, daemon)
    waitForDaemonStartup().whenComplete { _, exception ->
      serverSocket.close()
      deviceFd.close()
-      privateKeys.first?.close()
-      privateKeys.second?.close()
      if (exception != null) {
        reportError(resources.getString(R.string.notification_error_message_daemon_exited, exception.cause!!.defaultMessage()), exception)
author	pacien	2020-01-20 19:18:12 +0100
committer	pacien	2020-01-20 19:18:12 +0100
commit	b04d9581adb3e3176586f31ffdba123125546201 (patch)
tree	468776749a6596b299d7075ab998117a06c58813 /app/src/main/java/org/pacien/tincapp/service/TincVpnService.kt
parent	883b5abc7b2a770146683e7e27bf275bd4064511 (diff)
download	tincapp-b04d9581adb3e3176586f31ffdba123125546201.tar.gz