From e7f221f12403dcb4081d08e28c54d3b2a1ab05ee Mon Sep 17 00:00:00 2001 From: Chung-yih Wang Date: Tue, 14 Apr 2009 16:37:04 +0800 Subject: [PATCH] This change is for enabling the pppd for vpn authentication and setup. It includes: 1. Enable the CHAPMS authentication for talking to MS vpn server. 2. Reuse the message digest/hashing functions in openssl instead of the md4, md5 and sha1 functions in the package to save the space. 3. Enable the execution the ip-up/ip-down script on Android. Update: add comment and replace tab with spaces. --- pppd/Android.mk | 10 +++++----- pppd/chap-new.c | 6 ++++++ pppd/chap_ms.c | 9 +++++++++ pppd/ipcp.c | 14 ++++++++++++++ pppd/openssl-hash.c | 41 +++++++++++++++++++++++++++++++++++++++ pppd/openssl-hash.h | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++ pppd/pppcrypt.c | 2 +- pppd/pppcrypt.h | 4 ++++ 8 files changed, 135 insertions(+), 6 deletions(-) create mode 100644 pppd/openssl-hash.c create mode 100644 pppd/openssl-hash.h diff --git a/pppd/Android.mk b/pppd/Android.mk index 01928b1..4155fe3 100644 --- a/pppd/Android.mk +++ b/pppd/Android.mk @@ -11,28 +11,28 @@ LOCAL_SRC_FILES:= \ ipcp.c \ upap.c \ chap-new.c \ - md5.c \ ccp.c \ ecp.c \ ipxcp.c \ auth.c \ options.c \ sys-linux.c \ - md4.c \ chap_ms.c \ demand.c \ utils.c \ tty.c \ eap.c \ - chap-md5.c + chap-md5.c \ + pppcrypt.c \ + openssl-hash.c LOCAL_SHARED_LIBRARIES := \ - libcutils + libcutils libcrypto libssl LOCAL_C_INCLUDES := \ $(LOCAL_PATH)/include -LOCAL_CFLAGS := -DANDROID_CHANGES +LOCAL_CFLAGS := -DANDROID_CHANGES -DCHAPMS=1 -Iexternal/openssl/include LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) LOCAL_MODULE_TAGS := eng diff --git a/pppd/chap-new.c b/pppd/chap-new.c index b09fa3e..7d1aecd 100644 --- a/pppd/chap-new.c +++ b/pppd/chap-new.c @@ -35,6 +35,9 @@ #include "pppd.h" #include "chap-new.h" #include "chap-md5.h" +#ifdef ANDROID_CHANGES +#include "openssl-hash.h" +#endif #ifdef CHAPMS #include "chap_ms.h" @@ -141,6 +144,9 @@ chap_init(int unit) memset(&client, 0, sizeof(client)); memset(&server, 0, sizeof(server)); +#ifdef ANDROID_CHANGES + openssl_hash_init(); +#endif chap_md5_init(); #ifdef CHAPMS chapms_init(); diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index fb65d56..5f2c0e2 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -89,8 +89,12 @@ #include "pppd.h" #include "chap-new.h" #include "chap_ms.h" +#ifdef ANDROID_CHANGES +#include "openssl-hash.h" +#else #include "md4.h" #include "sha1.h" +#endif #include "pppcrypt.h" #include "magic.h" @@ -514,12 +518,17 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) static void NTPasswordHash(char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { +#ifdef ANDROID_CHANGES + /* We link with MD4 routines in openssl, we have to take bytes instead */ + int mdlen = secret_len; +#else #ifdef __NetBSD__ /* NetBSD uses the libc md4 routines which take bytes instead of bits */ int mdlen = secret_len; #else int mdlen = secret_len * 8; #endif +#endif MD4_CTX md4Context; MD4Init(&md4Context); diff --git a/pppd/ipcp.c b/pppd/ipcp.c index 52eb3ca..a7b984f 100644 --- a/pppd/ipcp.c +++ b/pppd/ipcp.c @@ -55,6 +55,9 @@ #include #include #include +#ifdef ANDROID_CHANGES +#include +#endif #include "pppd.h" #include "fsm.h" @@ -1712,6 +1715,9 @@ ipcp_up(f) } script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0); script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1); +#ifdef ANDROID_CHANGES + script_setenv("PATH","/sbin:/system/sbin:/system/bin:/system/xbin", 0); +#endif if (go->dnsaddr[0]) script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0); @@ -1978,6 +1984,13 @@ ipcp_script(script) slprintf(strlocal, sizeof(strlocal), "%I", ipcp_gotoptions[0].ouraddr); slprintf(strremote, sizeof(strremote), "%I", ipcp_hisoptions[0].hisaddr); +#ifdef ANDROID_CHANGES + argv[0] = "sh"; + argv[1] = "-c"; + argv[2] = script; + argv[3] = NULL; + ipcp_script_pid = run_program(_PATH_BSHELL, argv, 0, ipcp_script_done, NULL); +#else argv[0] = script; argv[1] = ifname; argv[2] = devnam; @@ -1987,6 +2000,7 @@ ipcp_script(script) argv[6] = ipparam; argv[7] = NULL; ipcp_script_pid = run_program(script, argv, 0, ipcp_script_done, NULL); +#endif } /* diff --git a/pppd/openssl-hash.c b/pppd/openssl-hash.c new file mode 100644 index 0000000..840a68c --- /dev/null +++ b/pppd/openssl-hash.c @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +const EVP_MD *sha1_md; +const EVP_MD *md4_md; +const EVP_MD *md5_md; + +void openssl_hash_init() { + /* Use the SHA1 functions in openssl to save the flash space.*/ + OpenSSL_add_all_digests(); + sha1_md = EVP_get_digestbyname("sha1"); + if (!sha1_md) { + dbglog("Error Unknown message digest SHA1\n"); + exit(1); + } + md4_md = EVP_get_digestbyname("md4"); + if (!md4_md) { + dbglog("Error Unknown message digest MD4\n"); + exit(1); + } + md5_md = EVP_get_digestbyname("md5"); + if (!md5_md) { + dbglog("Error Unknown message digest MD5\n"); + exit(1); + } +} diff --git a/pppd/openssl-hash.h b/pppd/openssl-hash.h new file mode 100644 index 0000000..a2a5abe --- /dev/null +++ b/pppd/openssl-hash.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __OPENSSL_HASH__ +#define __OPENSSL_HASH__ + +#include + +extern const EVP_MD *sha1_md; +#define SHA1_SIGNATURE_SIZE 20 +#define SHA1_CTX EVP_MD_CTX +#define SHA1_Init(ctx) { \ + EVP_MD_CTX_init(ctx); \ + EVP_DigestInit_ex(ctx, sha1_md, NULL); \ +} +#define SHA1_Update EVP_DigestUpdate +#define SHA1_Final(digest, ctx) { \ + int md_len; \ + EVP_DigestFinal_ex(ctx, digest, &md_len); \ +} + +extern const EVP_MD *md4_md; +#define MD4_CTX EVP_MD_CTX +#define MD4Init(ctx) { \ + EVP_MD_CTX_init(ctx); \ + EVP_DigestInit_ex(ctx, md4_md, NULL); \ +} +#define MD4Update EVP_DigestUpdate +#define MD4Final SHA1_Final + +extern const EVP_MD *md5_md; +#define MD5_CTX EVP_MD_CTX +#define MD5_Init(ctx) { \ + EVP_MD_CTX_init(ctx); \ + EVP_DigestInit_ex(ctx, md5_md, NULL); \ +} +#define MD5_Update EVP_DigestUpdate +#define MD5_Final SHA1_Final + +extern void openssl_hash_init(); + +#endif diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c index 8b85b13..1302c83 100644 --- a/pppd/pppcrypt.c +++ b/pppd/pppcrypt.c @@ -171,7 +171,7 @@ u_char *key; } bool -DesEncrypt(clear, key, cipher) +DesEncrypt(clear, cipher) u_char *clear; /* IN 8 octets */ u_char *cipher; /* OUT 8 octets */ { diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h index adcdcbc..33b956d 100644 --- a/pppd/pppcrypt.h +++ b/pppd/pppcrypt.h @@ -38,8 +38,12 @@ #endif #ifndef USE_CRYPT +#ifdef ANDROID_CHANGES +#include +#else #include #endif +#endif extern bool DesSetkey __P((u_char *)); extern bool DesEncrypt __P((u_char *, u_char *)); -- 2.11.0