summaryrefslogtreecommitdiffhomepage
path: root/tunnel/src/main/java/com/wireguard/android
diff options
context:
space:
mode:
Diffstat (limited to 'tunnel/src/main/java/com/wireguard/android')
-rw-r--r--tunnel/src/main/java/com/wireguard/android/backend/BackendException.java27
-rw-r--r--tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java32
-rw-r--r--tunnel/src/main/java/com/wireguard/android/backend/Statistics.java13
-rw-r--r--tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java20
-rw-r--r--tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java19
-rw-r--r--tunnel/src/main/java/com/wireguard/android/util/ModuleLoader.java148
-rw-r--r--tunnel/src/main/java/com/wireguard/android/util/RootShell.java32
-rw-r--r--tunnel/src/main/java/com/wireguard/android/util/ToolsInstaller.java48
8 files changed, 174 insertions, 165 deletions
diff --git a/tunnel/src/main/java/com/wireguard/android/backend/BackendException.java b/tunnel/src/main/java/com/wireguard/android/backend/BackendException.java
index 0f60701b..55fdb602 100644
--- a/tunnel/src/main/java/com/wireguard/android/backend/BackendException.java
+++ b/tunnel/src/main/java/com/wireguard/android/backend/BackendException.java
@@ -9,6 +9,21 @@ import com.wireguard.util.NonNullForAll;
@NonNullForAll
public final class BackendException extends Exception {
+ private final Object[] format;
+ private final Reason reason;
+ public BackendException(final Reason reason, final Object... format) {
+ this.reason = reason;
+ this.format = format;
+ }
+
+ public Object[] getFormat() {
+ return format;
+ }
+
+ public Reason getReason() {
+ return reason;
+ }
+
public enum Reason {
UNKNOWN_KERNEL_MODULE_NAME,
WG_QUICK_CONFIG_ERROR_CODE,
@@ -18,16 +33,4 @@ public final class BackendException extends Exception {
TUN_CREATION_ERROR,
GO_ACTIVATION_ERROR_CODE
}
- private final Reason reason;
- private final Object[] format;
- public BackendException(final Reason reason, final Object ...format) {
- this.reason = reason;
- this.format = format;
- }
- public Reason getReason() {
- return reason;
- }
- public Object[] getFormat() {
- return format;
- }
}
diff --git a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java
index 54dc913a..70cdd844 100644
--- a/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java
+++ b/tunnel/src/main/java/com/wireguard/android/backend/GoBackend.java
@@ -34,25 +34,21 @@ import java9.util.concurrent.CompletableFuture;
@NonNullForAll
public final class GoBackend implements Backend {
private static final String TAG = "WireGuard/" + GoBackend.class.getSimpleName();
- private static CompletableFuture<VpnService> vpnService = new CompletableFuture<>();
- public interface AlwaysOnCallback {
- void alwaysOnTriggered();
- }
@Nullable private static AlwaysOnCallback alwaysOnCallback;
- public static void setAlwaysOnCallback(AlwaysOnCallback cb) {
- alwaysOnCallback = cb;
- }
-
+ private static CompletableFuture<VpnService> vpnService = new CompletableFuture<>();
private final Context context;
- @Nullable private Tunnel currentTunnel;
@Nullable private Config currentConfig;
+ @Nullable private Tunnel currentTunnel;
private int currentTunnelHandle = -1;
-
public GoBackend(final Context context) {
SharedLibraryLoader.loadSharedLibrary(context, "wg-go");
this.context = context;
}
+ public static void setAlwaysOnCallback(AlwaysOnCallback cb) {
+ alwaysOnCallback = cb;
+ }
+
private static native String wgGetConfig(int handle);
private static native int wgGetSocketV4(int handle);
@@ -143,7 +139,7 @@ public final class GoBackend implements Backend {
setStateInternal(currentTunnel, null, State.DOWN);
try {
setStateInternal(tunnel, config, state);
- } catch(final Exception e) {
+ } catch (final Exception e) {
if (originalTunnel != null)
setStateInternal(originalTunnel, originalConfig, State.UP);
throw e;
@@ -209,7 +205,7 @@ public final class GoBackend implements Backend {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q)
builder.setMetered(false);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M)
- service.setUnderlyingNetworks(null);
+ service.setUnderlyingNetworks(null);
builder.setBlocking(true);
try (final ParcelFileDescriptor tun = builder.establish()) {
@@ -246,13 +242,13 @@ public final class GoBackend implements Backend {
context.startService(new Intent(context, VpnService.class));
}
+ public interface AlwaysOnCallback {
+ void alwaysOnTriggered();
+ }
+
public static class VpnService extends android.net.VpnService {
@Nullable private GoBackend owner;
- public void setOwner(final GoBackend owner) {
- this.owner = owner;
- }
-
public Builder getBuilder() {
return new Builder();
}
@@ -290,5 +286,9 @@ public final class GoBackend implements Backend {
}
return super.onStartCommand(intent, flags, startId);
}
+
+ public void setOwner(final GoBackend owner) {
+ this.owner = owner;
+ }
}
}
diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java b/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java
index 54bbe912..b4e01e76 100644
--- a/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java
+++ b/tunnel/src/main/java/com/wireguard/android/backend/Statistics.java
@@ -16,10 +16,11 @@ import java.util.Map;
@NonNullForAll
public class Statistics {
- private long lastTouched = SystemClock.elapsedRealtime();
private final Map<Key, Pair<Long, Long>> peerBytes = new HashMap<>();
+ private long lastTouched = SystemClock.elapsedRealtime();
- Statistics() { }
+ Statistics() {
+ }
void add(final Key key, final long rx, final long tx) {
peerBytes.put(key, Pair.create(rx, tx));
@@ -30,10 +31,6 @@ public class Statistics {
return SystemClock.elapsedRealtime() - lastTouched > 900;
}
- public Key[] peers() {
- return peerBytes.keySet().toArray(new Key[0]);
- }
-
public long peerRx(final Key peer) {
if (!peerBytes.containsKey(peer))
return 0;
@@ -46,6 +43,10 @@ public class Statistics {
return peerBytes.get(peer).second;
}
+ public Key[] peers() {
+ return peerBytes.keySet().toArray(new Key[0]);
+ }
+
public long totalRx() {
long rx = 0;
for (final Pair<Long, Long> val : peerBytes.values()) {
diff --git a/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java b/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java
index fccda84f..b9508b1a 100644
--- a/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java
+++ b/tunnel/src/main/java/com/wireguard/android/backend/Tunnel.java
@@ -15,16 +15,6 @@ import java.util.regex.Pattern;
@NonNullForAll
public interface Tunnel {
- enum State {
- DOWN,
- TOGGLE,
- UP;
-
- public static State of(final boolean running) {
- return running ? UP : DOWN;
- }
- }
-
int NAME_MAX_LENGTH = 15;
Pattern NAME_PATTERN = Pattern.compile("[a-zA-Z0-9_=+.-]{1,15}");
@@ -46,4 +36,14 @@ public interface Tunnel {
* @return The new state of the tunnel.
*/
void onStateChange(State newState);
+
+ enum State {
+ DOWN,
+ TOGGLE,
+ UP;
+
+ public static State of(final boolean running) {
+ return running ? UP : DOWN;
+ }
+ }
}
diff --git a/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java b/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java
index d57a92f9..e731a92c 100644
--- a/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java
+++ b/tunnel/src/main/java/com/wireguard/android/backend/WgQuickBackend.java
@@ -42,11 +42,10 @@ import java9.util.stream.Stream;
@NonNullForAll
public final class WgQuickBackend implements Backend {
private static final String TAG = "WireGuard/" + WgQuickBackend.class.getSimpleName();
-
- private final RootShell rootShell;
- private final ToolsInstaller toolsInstaller;
private final File localTemporaryDir;
+ private final RootShell rootShell;
private final Map<Tunnel, Config> runningConfigs = new HashMap<>();
+ private final ToolsInstaller toolsInstaller;
private boolean multipleTunnels;
public WgQuickBackend(final Context context, final RootShell rootShell, final ToolsInstaller toolsInstaller) {
@@ -55,10 +54,6 @@ public final class WgQuickBackend implements Backend {
this.toolsInstaller = toolsInstaller;
}
- public void setMultipleTunnels(boolean on) {
- multipleTunnels = on;
- }
-
@Override
public Set<String> getRunningTunnelNames() {
final List<String> output = new ArrayList<>();
@@ -110,6 +105,10 @@ public final class WgQuickBackend implements Backend {
return output.get(0);
}
+ public void setMultipleTunnels(boolean on) {
+ multipleTunnels = on;
+ }
+
@Override
public State setState(final Tunnel tunnel, State state, @Nullable final Config config) throws Exception {
final State originalState = getState(tunnel);
@@ -135,7 +134,8 @@ public final class WgQuickBackend implements Backend {
for (final Pair<Tunnel, Config> entry : rewind) {
setStateInternal(entry.first, entry.second, State.UP);
}
- } catch (final Exception ignored) { }
+ } catch (final Exception ignored) {
+ }
throw e;
}
}
@@ -153,7 +153,8 @@ public final class WgQuickBackend implements Backend {
setStateInternal(entry.getKey(), entry.getValue(), State.UP);
}
}
- } catch (final Exception ignored) { }
+ } catch (final Exception ignored) {
+ }
throw e;
}
} else if (state == State.DOWN) {
diff --git a/tunnel/src/main/java/com/wireguard/android/util/ModuleLoader.java b/tunnel/src/main/java/com/wireguard/android/util/ModuleLoader.java
index 519ad5cf..82e6a096 100644
--- a/tunnel/src/main/java/com/wireguard/android/util/ModuleLoader.java
+++ b/tunnel/src/main/java/com/wireguard/android/util/ModuleLoader.java
@@ -39,15 +39,14 @@ import androidx.annotation.Nullable;
@NonNullForAll
public class ModuleLoader {
- private static final String MODULE_PUBLIC_KEY_BASE64 = "RWRmHuT9PSqtwfsLtEx+QS06BJtLgFYteL9WCNjH7yuyu5Y1DieSN7If";
private static final String MODULE_LIST_URL = "https://download.wireguard.com/android-module/modules.txt.sig";
- private static final String MODULE_URL = "https://download.wireguard.com/android-module/%s";
private static final String MODULE_NAME = "wireguard-%s.ko";
-
- private final RootShell rootShell;
- private final String userAgent;
+ private static final String MODULE_PUBLIC_KEY_BASE64 = "RWRmHuT9PSqtwfsLtEx+QS06BJtLgFYteL9WCNjH7yuyu5Y1DieSN7If";
+ private static final String MODULE_URL = "https://download.wireguard.com/android-module/%s";
private final File moduleDir;
+ private final RootShell rootShell;
private final File tmpDir;
+ private final String userAgent;
public ModuleLoader(final Context context, final RootShell rootShell, final String userAgent) {
moduleDir = new File(context.getCacheDir(), "kmod");
@@ -56,84 +55,17 @@ public class ModuleLoader {
this.userAgent = userAgent;
}
- public boolean moduleMightExist() {
- return moduleDir.exists() && moduleDir.isDirectory();
- }
-
- public void loadModule() throws IOException, RootShellException {
- rootShell.run(null, String.format("insmod \"%s/wireguard-$(sha256sum /proc/version|cut -d ' ' -f 1).ko\"", moduleDir.getAbsolutePath()));
- }
-
public static boolean isModuleLoaded() {
return new File("/sys/module/wireguard").exists();
}
- private static final class Sha256Digest {
- private byte[] bytes;
- private Sha256Digest(final String hex) {
- if (hex.length() != 64)
- throw new InvalidParameterException("SHA256 hashes must be 32 bytes long");
- bytes = new byte[32];
- for (int i = 0; i < 32; ++i)
- bytes[i] = (byte)Integer.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
- }
- }
-
- @Nullable
- private Map<String, Sha256Digest> verifySignedHashes(final String signifyDigest) {
- final byte[] publicKeyBytes = Base64.decode(MODULE_PUBLIC_KEY_BASE64, Base64.DEFAULT);
-
- if (publicKeyBytes == null || publicKeyBytes.length != 32 + 10 || publicKeyBytes[0] != 'E' || publicKeyBytes[1] != 'd')
- return null;
-
- final String[] lines = signifyDigest.split("\n", 3);
- if (lines.length != 3)
- return null;
- if (!lines[0].startsWith("untrusted comment: "))
- return null;
-
- final byte[] signatureBytes = Base64.decode(lines[1], Base64.DEFAULT);
- if (signatureBytes == null || signatureBytes.length != 64 + 10)
- return null;
- for (int i = 0; i < 10; ++i) {
- if (signatureBytes[i] != publicKeyBytes[i])
- return null;
- }
-
- try {
- EdDSAParameterSpec parameterSpec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
- Signature signature = new EdDSAEngine(MessageDigest.getInstance(parameterSpec.getHashAlgorithm()));
- byte[] rawPublicKeyBytes = new byte[32];
- System.arraycopy(publicKeyBytes, 10, rawPublicKeyBytes, 0, 32);
- signature.initVerify(new EdDSAPublicKey(new EdDSAPublicKeySpec(rawPublicKeyBytes, parameterSpec)));
- signature.update(lines[2].getBytes(StandardCharsets.UTF_8));
- if (!signature.verify(signatureBytes, 10, 64))
- return null;
- } catch (final Exception ignored) {
- return null;
- }
-
- Map<String, Sha256Digest> hashes = new HashMap<>();
- for (final String line : lines[2].split("\n")) {
- final String[] components = line.split(" ", 2);
- if (components.length != 2)
- return null;
- try {
- hashes.put(components[1], new Sha256Digest(components[0]));
- } catch (final Exception ignored) {
- return null;
- }
- }
- return hashes;
- }
-
public Integer download() throws IOException, RootShellException, NoSuchAlgorithmException {
final List<String> output = new ArrayList<>();
rootShell.run(output, "sha256sum /proc/version|cut -d ' ' -f 1");
if (output.size() != 1 || output.get(0).length() != 64)
throw new InvalidParameterException("Invalid sha256 of /proc/version");
final String moduleName = String.format(MODULE_NAME, output.get(0));
- HttpURLConnection connection = (HttpURLConnection)new URL(MODULE_LIST_URL).openConnection();
+ HttpURLConnection connection = (HttpURLConnection) new URL(MODULE_LIST_URL).openConnection();
connection.setRequestProperty("User-Agent", userAgent);
connection.connect();
if (connection.getResponseCode() != HttpURLConnection.HTTP_OK)
@@ -150,7 +82,7 @@ public class ModuleLoader {
throw new InvalidParameterException("The signature did not verify or invalid hash list format");
if (!modules.containsKey(moduleName))
return OsConstants.ENOENT;
- connection = (HttpURLConnection)new URL(String.format(MODULE_URL, moduleName)).openConnection();
+ connection = (HttpURLConnection) new URL(String.format(MODULE_URL, moduleName)).openConnection();
connection.setRequestProperty("User-Agent", userAgent);
connection.connect();
if (connection.getResponseCode() != HttpURLConnection.HTTP_OK)
@@ -185,4 +117,72 @@ public class ModuleLoader {
}
return OsConstants.EXIT_SUCCESS;
}
+
+ public void loadModule() throws IOException, RootShellException {
+ rootShell.run(null, String.format("insmod \"%s/wireguard-$(sha256sum /proc/version|cut -d ' ' -f 1).ko\"", moduleDir.getAbsolutePath()));
+ }
+
+ public boolean moduleMightExist() {
+ return moduleDir.exists() && moduleDir.isDirectory();
+ }
+
+ @Nullable
+ private Map<String, Sha256Digest> verifySignedHashes(final String signifyDigest) {
+ final byte[] publicKeyBytes = Base64.decode(MODULE_PUBLIC_KEY_BASE64, Base64.DEFAULT);
+
+ if (publicKeyBytes == null || publicKeyBytes.length != 32 + 10 || publicKeyBytes[0] != 'E' || publicKeyBytes[1] != 'd')
+ return null;
+
+ final String[] lines = signifyDigest.split("\n", 3);
+ if (lines.length != 3)
+ return null;
+ if (!lines[0].startsWith("untrusted comment: "))
+ return null;
+
+ final byte[] signatureBytes = Base64.decode(lines[1], Base64.DEFAULT);
+ if (signatureBytes == null || signatureBytes.length != 64 + 10)
+ return null;
+ for (int i = 0; i < 10; ++i) {
+ if (signatureBytes[i] != publicKeyBytes[i])
+ return null;
+ }
+
+ try {
+ EdDSAParameterSpec parameterSpec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
+ Signature signature = new EdDSAEngine(MessageDigest.getInstance(parameterSpec.getHashAlgorithm()));
+ byte[] rawPublicKeyBytes = new byte[32];
+ System.arraycopy(publicKeyBytes, 10, rawPublicKeyBytes, 0, 32);
+ signature.initVerify(new EdDSAPublicKey(new EdDSAPublicKeySpec(rawPublicKeyBytes, parameterSpec)));
+ signature.update(lines[2].getBytes(StandardCharsets.UTF_8));
+ if (!signature.verify(signatureBytes, 10, 64))
+ return null;
+ } catch (final Exception ignored) {
+ return null;
+ }
+
+ Map<String, Sha256Digest> hashes = new HashMap<>();
+ for (final String line : lines[2].split("\n")) {
+ final String[] components = line.split(" ", 2);
+ if (components.length != 2)
+ return null;
+ try {
+ hashes.put(components[1], new Sha256Digest(components[0]));
+ } catch (final Exception ignored) {
+ return null;
+ }
+ }
+ return hashes;
+ }
+
+ private static final class Sha256Digest {
+ private byte[] bytes;
+
+ private Sha256Digest(final String hex) {
+ if (hex.length() != 64)
+ throw new InvalidParameterException("SHA256 hashes must be 32 bytes long");
+ bytes = new byte[32];
+ for (int i = 0; i < 32; ++i)
+ bytes[i] = (byte) Integer.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+ }
+ }
}
diff --git a/tunnel/src/main/java/com/wireguard/android/util/RootShell.java b/tunnel/src/main/java/com/wireguard/android/util/RootShell.java
index 9f941815..160ba12f 100644
--- a/tunnel/src/main/java/com/wireguard/android/util/RootShell.java
+++ b/tunnel/src/main/java/com/wireguard/android/util/RootShell.java
@@ -187,28 +187,32 @@ public class RootShell {
}
public static class RootShellException extends Exception {
- public enum Reason {
- NO_ROOT_ACCESS,
- SHELL_MARKER_COUNT_ERROR,
- SHELL_EXIT_STATUS_READ_ERROR,
- SHELL_START_ERROR,
- CREATE_BIN_DIR_ERROR,
- CREATE_TEMP_DIR_ERROR
- }
- private final Reason reason;
private final Object[] format;
- public RootShellException(final Reason reason, final Object ...format) {
+ private final Reason reason;
+ public RootShellException(final Reason reason, final Object... format) {
this.reason = reason;
this.format = format;
}
- public boolean isIORelated() {
- return reason != Reason.NO_ROOT_ACCESS;
+
+ public Object[] getFormat() {
+ return format;
}
+
public Reason getReason() {
return reason;
}
- public Object[] getFormat() {
- return format;
+
+ public boolean isIORelated() {
+ return reason != Reason.NO_ROOT_ACCESS;
+ }
+
+ public enum Reason {
+ NO_ROOT_ACCESS,
+ SHELL_MARKER_COUNT_ERROR,
+ SHELL_EXIT_STATUS_READ_ERROR,
+ SHELL_START_ERROR,
+ CREATE_BIN_DIR_ERROR,
+ CREATE_TEMP_DIR_ERROR
}
}
}
diff --git a/tunnel/src/main/java/com/wireguard/android/util/ToolsInstaller.java b/tunnel/src/main/java/com/wireguard/android/util/ToolsInstaller.java
index f12e755f..f3565c1e 100644
--- a/tunnel/src/main/java/com/wireguard/android/util/ToolsInstaller.java
+++ b/tunnel/src/main/java/com/wireguard/android/util/ToolsInstaller.java
@@ -40,9 +40,9 @@ public final class ToolsInstaller {
private static final String TAG = "WireGuard/" + ToolsInstaller.class.getSimpleName();
private final Context context;
- private final RootShell rootShell;
private final File localBinaryDir;
private final Object lock = new Object();
+ private final RootShell rootShell;
@Nullable private Boolean areToolsAvailable;
@Nullable private Boolean installAsMagiskModule;
@@ -107,6 +107,29 @@ public final class ToolsInstaller {
}
}
+ public boolean extract() throws IOException {
+ localBinaryDir.mkdirs();
+ final File files[] = new File[EXECUTABLES.length];
+ final File tempFiles[] = new File[EXECUTABLES.length];
+ boolean allExist = true;
+ for (int i = 0; i < files.length; ++i) {
+ files[i] = new File(localBinaryDir, EXECUTABLES[i]);
+ tempFiles[i] = new File(localBinaryDir, EXECUTABLES[i] + ".tmp");
+ allExist &= files[i].exists();
+ }
+ if (allExist)
+ return false;
+ for (int i = 0; i < files.length; ++i) {
+ if (!SharedLibraryLoader.extractLibrary(context, EXECUTABLES[i], tempFiles[i]))
+ throw new FileNotFoundException("Unable to find " + EXECUTABLES[i]);
+ if (!tempFiles[i].setExecutable(true, false))
+ throw new IOException("Unable to mark " + tempFiles[i].getAbsolutePath() + " as executable");
+ if (!tempFiles[i].renameTo(files[i]))
+ throw new IOException("Unable to rename " + tempFiles[i].getAbsolutePath() + " to " + files[i].getAbsolutePath());
+ }
+ return true;
+ }
+
public int install() throws RootShellException, IOException {
if (!context.getPackageName().startsWith("com.wireguard."))
throw new SecurityException("The tools may only be installed system-wide from the main WireGuard app.");
@@ -161,29 +184,6 @@ public final class ToolsInstaller {
}
}
- public boolean extract() throws IOException {
- localBinaryDir.mkdirs();
- final File files[] = new File[EXECUTABLES.length];
- final File tempFiles[] = new File[EXECUTABLES.length];
- boolean allExist = true;
- for (int i = 0; i < files.length; ++i) {
- files[i] = new File(localBinaryDir, EXECUTABLES[i]);
- tempFiles[i] = new File(localBinaryDir, EXECUTABLES[i] + ".tmp");
- allExist &= files[i].exists();
- }
- if (allExist)
- return false;
- for (int i = 0; i < files.length; ++i) {
- if (!SharedLibraryLoader.extractLibrary(context, EXECUTABLES[i], tempFiles[i]))
- throw new FileNotFoundException("Unable to find " + EXECUTABLES[i]);
- if (!tempFiles[i].setExecutable(true, false))
- throw new IOException("Unable to mark " + tempFiles[i].getAbsolutePath() + " as executable");
- if (!tempFiles[i].renameTo(files[i]))
- throw new IOException("Unable to rename " + tempFiles[i].getAbsolutePath() + " to " + files[i].getAbsolutePath());
- }
- return true;
- }
-
private boolean willInstallAsMagiskModule() {
synchronized (lock) {
if (installAsMagiskModule == null) {