This change is for enabling the pppd for vpn authentication and setup.
It includes:
1. Enable the CHAPMS authentication for talking to MS vpn server.
2. Reuse the message digest/hashing functions in openssl instead of
the md4, md5 and sha1 functions in the package to save the space.
3. Enable the execution the ip-up/ip-down script on Android.
Update: add comment and replace tab with spaces.
diff --git a/pppd/Android.mk b/pppd/Android.mk
index 01928b1..4155fe3 100644
--- a/pppd/Android.mk
+++ b/pppd/Android.mk
@@ -11,28 +11,28 @@
ipcp.c \
upap.c \
chap-new.c \
- md5.c \
ccp.c \
ecp.c \
ipxcp.c \
auth.c \
options.c \
sys-linux.c \
- md4.c \
chap_ms.c \
demand.c \
utils.c \
tty.c \
eap.c \
- chap-md5.c
+ chap-md5.c \
+ pppcrypt.c \
+ openssl-hash.c
LOCAL_SHARED_LIBRARIES := \
- libcutils
+ libcutils libcrypto libssl
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/include
-LOCAL_CFLAGS := -DANDROID_CHANGES
+LOCAL_CFLAGS := -DANDROID_CHANGES -DCHAPMS=1 -Iexternal/openssl/include
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := eng
diff --git a/pppd/chap-new.c b/pppd/chap-new.c
index b09fa3e..7d1aecd 100644
--- a/pppd/chap-new.c
+++ b/pppd/chap-new.c
@@ -35,6 +35,9 @@
#include "pppd.h"
#include "chap-new.h"
#include "chap-md5.h"
+#ifdef ANDROID_CHANGES
+#include "openssl-hash.h"
+#endif
#ifdef CHAPMS
#include "chap_ms.h"
@@ -141,6 +144,9 @@
memset(&client, 0, sizeof(client));
memset(&server, 0, sizeof(server));
+#ifdef ANDROID_CHANGES
+ openssl_hash_init();
+#endif
chap_md5_init();
#ifdef CHAPMS
chapms_init();
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
index fb65d56..5f2c0e2 100644
--- a/pppd/chap_ms.c
+++ b/pppd/chap_ms.c
@@ -89,8 +89,12 @@
#include "pppd.h"
#include "chap-new.h"
#include "chap_ms.h"
+#ifdef ANDROID_CHANGES
+#include "openssl-hash.h"
+#else
#include "md4.h"
#include "sha1.h"
+#endif
#include "pppcrypt.h"
#include "magic.h"
@@ -514,12 +518,17 @@
static void
NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
{
+#ifdef ANDROID_CHANGES
+ /* We link with MD4 routines in openssl, we have to take bytes instead */
+ int mdlen = secret_len;
+#else
#ifdef __NetBSD__
/* NetBSD uses the libc md4 routines which take bytes instead of bits */
int mdlen = secret_len;
#else
int mdlen = secret_len * 8;
#endif
+#endif
MD4_CTX md4Context;
MD4Init(&md4Context);
diff --git a/pppd/ipcp.c b/pppd/ipcp.c
index 52eb3ca..a7b984f 100644
--- a/pppd/ipcp.c
+++ b/pppd/ipcp.c
@@ -55,6 +55,9 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#ifdef ANDROID_CHANGES
+#include <paths.h>
+#endif
#include "pppd.h"
#include "fsm.h"
@@ -1712,6 +1715,9 @@
}
script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
+#ifdef ANDROID_CHANGES
+ script_setenv("PATH","/sbin:/system/sbin:/system/bin:/system/xbin", 0);
+#endif
if (go->dnsaddr[0])
script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
@@ -1978,6 +1984,13 @@
slprintf(strlocal, sizeof(strlocal), "%I", ipcp_gotoptions[0].ouraddr);
slprintf(strremote, sizeof(strremote), "%I", ipcp_hisoptions[0].hisaddr);
+#ifdef ANDROID_CHANGES
+ argv[0] = "sh";
+ argv[1] = "-c";
+ argv[2] = script;
+ argv[3] = NULL;
+ ipcp_script_pid = run_program(_PATH_BSHELL, argv, 0, ipcp_script_done, NULL);
+#else
argv[0] = script;
argv[1] = ifname;
argv[2] = devnam;
@@ -1987,6 +2000,7 @@
argv[6] = ipparam;
argv[7] = NULL;
ipcp_script_pid = run_program(script, argv, 0, ipcp_script_done, NULL);
+#endif
}
/*
diff --git a/pppd/openssl-hash.c b/pppd/openssl-hash.c
new file mode 100644
index 0000000..840a68c
--- /dev/null
+++ b/pppd/openssl-hash.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <openssl/evp.h>
+
+const EVP_MD *sha1_md;
+const EVP_MD *md4_md;
+const EVP_MD *md5_md;
+
+void openssl_hash_init() {
+ /* Use the SHA1 functions in openssl to save the flash space.*/
+ OpenSSL_add_all_digests();
+ sha1_md = EVP_get_digestbyname("sha1");
+ if (!sha1_md) {
+ dbglog("Error Unknown message digest SHA1\n");
+ exit(1);
+ }
+ md4_md = EVP_get_digestbyname("md4");
+ if (!md4_md) {
+ dbglog("Error Unknown message digest MD4\n");
+ exit(1);
+ }
+ md5_md = EVP_get_digestbyname("md5");
+ if (!md5_md) {
+ dbglog("Error Unknown message digest MD5\n");
+ exit(1);
+ }
+}
diff --git a/pppd/openssl-hash.h b/pppd/openssl-hash.h
new file mode 100644
index 0000000..a2a5abe
--- /dev/null
+++ b/pppd/openssl-hash.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __OPENSSL_HASH__
+#define __OPENSSL_HASH__
+
+#include <openssl/evp.h>
+
+extern const EVP_MD *sha1_md;
+#define SHA1_SIGNATURE_SIZE 20
+#define SHA1_CTX EVP_MD_CTX
+#define SHA1_Init(ctx) { \
+ EVP_MD_CTX_init(ctx); \
+ EVP_DigestInit_ex(ctx, sha1_md, NULL); \
+}
+#define SHA1_Update EVP_DigestUpdate
+#define SHA1_Final(digest, ctx) { \
+ int md_len; \
+ EVP_DigestFinal_ex(ctx, digest, &md_len); \
+}
+
+extern const EVP_MD *md4_md;
+#define MD4_CTX EVP_MD_CTX
+#define MD4Init(ctx) { \
+ EVP_MD_CTX_init(ctx); \
+ EVP_DigestInit_ex(ctx, md4_md, NULL); \
+}
+#define MD4Update EVP_DigestUpdate
+#define MD4Final SHA1_Final
+
+extern const EVP_MD *md5_md;
+#define MD5_CTX EVP_MD_CTX
+#define MD5_Init(ctx) { \
+ EVP_MD_CTX_init(ctx); \
+ EVP_DigestInit_ex(ctx, md5_md, NULL); \
+}
+#define MD5_Update EVP_DigestUpdate
+#define MD5_Final SHA1_Final
+
+extern void openssl_hash_init();
+
+#endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b13..1302c83 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -171,7 +171,7 @@
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h
index adcdcbc..33b956d 100644
--- a/pppd/pppcrypt.h
+++ b/pppd/pppcrypt.h
@@ -38,8 +38,12 @@
#endif
#ifndef USE_CRYPT
+#ifdef ANDROID_CHANGES
+#include <openssl/des.h>
+#else
#include <des.h>
#endif
+#endif
extern bool DesSetkey __P((u_char *));
extern bool DesEncrypt __P((u_char *, u_char *));