AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OpenVPN over Cloak for Android and iOS (#158)

Browse source 
OpenVPN over Cloak for Android and iOS
This commit is contained in:
Mykola Baibuz 2023-05-23 18:50:36 -04:00 committed by GitHub
parent 7f02fe4157
commit 780efc2477
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
94 changed files with 3212 additions and 1287 deletions
Download patch file Download diff file Expand all files Collapse all files

26
client/android/build.gradle
View file

@ -11,6 +11,8 @@ buildscript {
streamsupportVersion = '1.7.0'
threetenabpVersion = '1.1.1'
groupName = 'org.amnezia.vpn'
minSdkVer = '24'
cmakeMinVersion = "3.25.0+"
}
repositories {
@ -36,9 +38,8 @@ apply plugin: 'kotlin-kapt'
dependencies {
implementation fileTree(dir: 'libs', include: ['*.jar', '*.aar'])
implementation group: 'org.json', name: 'json', version: '20220924'
implementation 'androidx.core:core-ktx:1.7.0'
implementation 'androidx.appcompat:appcompat:1.4.1'
implementation "androidx.security:security-crypto:1.1.0-alpha03"
@ -150,7 +151,10 @@ android {
minifyEnabled false
externalNativeBuild {
cmake {
arguments "-DANDROID_PACKAGE_NAME=${groupName}", "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}"
version cmakeMinVersion
arguments "-DANDROID_PACKAGE_NAME=${groupName}",
"-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
"-DANDROID_PLATFORM=${minSdkVer}"
}
}
}
@ -160,7 +164,10 @@ android {
minifyEnabled false
externalNativeBuild {
cmake {
arguments "-DANDROID_PACKAGE_NAME=${groupName}", "-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}"
version cmakeMinVersion
arguments "-DANDROID_PACKAGE_NAME=${groupName}",
"-DGRADLE_USER_HOME=${project.gradle.gradleUserHomeDir}",
"-DANDROID_PLATFORM=${minSdkVer}"
}
}
}
@ -172,11 +179,12 @@ android {
// }
// }
// externalNativeBuild {
// cmake {
// path 'openvpn/src/main/cpp/CMakeLists.txt'
// }
// }
externalNativeBuild {
cmake {
version cmakeMinVersion
path "${projectDir}/cpp/CMakeLists.txt"
}
}
}

267
client/android/cpp/CMakeLists.txt Normal file
View file

@ -0,0 +1,267 @@
cmake_minimum_required(VERSION 3.4.1)
project(AmneziaVPN)
# Git version string
include(GetGitRevisionDescription.cmake)
git_describe(OPENVPN2_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn" "--tags" "--always" "--long")
git_describe(OPENVPN3_GIT "${CMAKE_CURRENT_SOURCE_DIR}/openvpn3" "--tags" "--always" "--long")
message("OpenVPN 2.x version ${OPENVPN2_GIT}")
message("OpenVPN 3.x version ${OPENVPN3_GIT}")
# Set mbedtls options
OPTION(ENABLE_PROGRAMS "" OFF)
OPTION(USE_SHARED_MBEDTLS_LIBRARY "" OFF)
OPTION(ENABLE_TESTING "" OFF)
# Own options
OPTION(OPENVPN2MBED "Use mbed TLS for OpenVPN2" OFF)
OPTION(OPENVPN3OSSL "Use OpenSSL for OpenVPN3" ON)
SET(OPENVPN2MBED OFF)
SET(OPENVPN3OSSL ON)
# STATIC or SHARED
SET(SSLLIBTYPE STATIC)
SET(OPENSSL_PATH "openssl")
set(CMAKE_CXX_STANDARD 17)
#add_subdirectory(lzo)
include(tools.cmake)
include(lzo.cmake)
include(lz4.cmake)
include(openssl/openssl.cmake)
include(cloak.cmake)
if(NOT ${OPENVPN3OSSL} OR ${OPENVPN2MBED})
add_subdirectory(mbedtls)
endif()
FIND_PACKAGE(SWIG 3.0 REQUIRED)
add_custom_command(OUTPUT "ovpncli_wrap.cxx"
COMMAND ${CMAKE_COMMAND} -E make_directory ovpn3
COMMAND ${SWIG_EXECUTABLE} -outdir ovpn3
-c++
-java -package net.openvpn.ovpn3
-outcurrentdir
-DOPENVPN_PLATFORM_ANDROID
-I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
-I${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client/ovpncli.i)
link_directories(${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/)
message("${CMAKE_CURRENT_SOURCE_DIR}/cloak/${ANDROID_ABI}/"})
set(ovpn3_SRCS
openvpn3/client/ovpncli.cpp
openvpn3/openvpn/openssl/xkey/xkey_provider.c
openvpn3/openvpn/openssl/xkey/xkey_helper.c
ovpncli_wrap.cxx)
add_library(ovpn3 SHARED ${ovpn3_SRCS})
target_include_directories(ovpn3 PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}/lzo/include
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3
${CMAKE_CURRENT_SOURCE_DIR}/asio/asio/include
${CMAKE_CURRENT_SOURCE_DIR}/openvpn3/client
${CMAKE_CURRENT_SOURCE_DIR}/mbedtls/include
)
if (${OPENVPN3OSSL})
target_compile_definitions(ovpn3 PRIVATE
-DUSE_OPENSSL
)
target_link_libraries(ovpn3 crypto ssl lzo lz4 libck-ovpn-plugin)
else ()
target_compile_definitions(ovpn3 PRIVATE
-DUSE_MBEDTLS
)
target_link_libraries(ovpn3 mbedtls mbedx509 mbedcrypto lzo lz4)
endif ()
target_compile_definitions(ovpn3 PRIVATE
-DHAVE_CONFIG_H
-DHAVE_LZO
-DHAVE_LZ4
-DASIO_STANDALONE
-DUSE_ASIO
-DGIT_VERSION_STRING=\"${OPENVPN3_GIT}\"
-DOPENVPN_SHOW_SESSION_TOKEN
-DOPENSSL_API_COMPAT=0x10200000L
-DOPENVPN_ALLOW_INSECURE_CERTPROFILE
-DENABLE_EXTERNAL_PKI
)
#else ()
# message("Not budiling OpenVPN for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
#endif ()
add_library(ovpnutil SHARED ovpnutil/jniglue.c)
target_compile_definitions(ovpnutil PRIVATE -DTARGET_ARCH_ABI=\"${ANDROID_ABI}\"
-DOPENVPN2_GIT_REVISION=\"${OPENVPN2_GIT}\"
-DOPENVPN3_GIT_REVISION=\"${OPENVPN3_GIT}\"
)
target_link_libraries(ovpnutil log)
add_library(rsapss SHARED ovpnutil/rsapss.cpp)
target_link_libraries(rsapss log crypto ssl)
if (NOT ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} MATCHES "build/intermediates/cmake/.*skeleton.*/")
add_library(osslspeedtest SHARED ovpnutil/sslspeed.c)
target_link_libraries(osslspeedtest log crypto ssl)
else ()
message("Not budiling SSLSpeedTest for output dir ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}")
endif ()
set(openvpn_srcs
src/compat/compat-basename.c
src/compat/compat-daemon.c
src/compat/compat-dirname.c
src/compat/compat-gettimeofday.c
src/openvpn/argv.c
src/openvpn/auth_token.c
src/openvpn/base64.c
src/openvpn/buffer.c
src/openvpn/clinat.c
src/openvpn/console.c
src/openvpn/console_builtin.c
src/openvpn/crypto.c
src/openvpn/crypto_openssl.c
src/openvpn/crypto_mbedtls.c
src/openvpn/cryptoapi.c
src/openvpn/dhcp.c
src/openvpn/dns.c
src/openvpn/dns.h
src/openvpn/error.c
src/openvpn/event.c
src/openvpn/env_set.c
src/openvpn/fdmisc.c
src/openvpn/forward.c
src/openvpn/fragment.c
src/openvpn/gremlin.c
src/openvpn/helper.c
src/openvpn/httpdigest.c
src/openvpn/init.c
src/openvpn/interval.c
src/openvpn/list.c
src/openvpn/lladdr.c
src/openvpn/lzo.c
src/openvpn/manage.c
src/openvpn/mbuf.c
src/openvpn/misc.c
src/openvpn/mroute.c
src/openvpn/mss.c
src/openvpn/mstats.c
src/openvpn/mtcp.c
src/openvpn/mtu.c
src/openvpn/mudp.c
src/openvpn/multi.c
src/openvpn/ntlm.c
src/openvpn/occ.c
src/openvpn/openvpn.c
src/openvpn/options.c
src/openvpn/options_util.c
src/openvpn/otime.c
src/openvpn/packet_id.c
src/openvpn/perf.c
src/openvpn/ping.c
src/openvpn/pkcs11.c
src/openvpn/pkcs11_openssl.c
src/openvpn/platform.c
src/openvpn/plugin.c
src/openvpn/pool.c
src/openvpn/proto.c
src/openvpn/proxy.c
src/openvpn/ps.c
src/openvpn/push.c
src/openvpn/reliable.c
src/openvpn/route.c
src/openvpn/run_command.c
src/openvpn/schedule.c
src/openvpn/session_id.c
src/openvpn/shaper.c
src/openvpn/sig.c
src/openvpn/socket.c
src/openvpn/socks.c
src/openvpn/ssl.c
src/openvpn/ssl_openssl.c
src/openvpn/ssl_mbedtls.c
src/openvpn/ssl_ncp.c
src/openvpn/ssl_pkt.c
src/openvpn/ssl_pkt.h
src/openvpn/ssl_util.c
src/openvpn/ssl_verify.c
src/openvpn/ssl_verify_openssl.c
src/openvpn/ssl_verify_mbedtls.c
src/openvpn/status.c
src/openvpn/tls_crypt.c
src/openvpn/tun.c
src/openvpn/vlan.c
src/openvpn/xkey_helper.c
src/openvpn/xkey_provider.c
src/openvpn/comp-lz4.c
src/openvpn/comp.c
src/openvpn/compstub.c
)
PREPEND(openvpn_srcs_with_path "openvpn" ${openvpn_srcs})
add_library(openvpn SHARED ${openvpn_srcs_with_path})
target_include_directories(openvpn PRIVATE
openvpn-config
openvpn/src/compat
openvpn/include
mbedtls/include
lzo/include
openvpn
)
target_compile_definitions(openvpn PRIVATE
-DHAVE_CONFIG_H
-DCONFIGURE_GIT_REVISION=\"${OPENVPN2_GIT}\"
-DCONFIGURE_GIT_FLAGS=\"\"
-DTARGET_ABI=\"${ANDROID_ABI}\"
-DOPENSSL_API_COMPAT=0x11000000L
)
if (${OPENVPN2MBED})
target_compile_definitions(openvpn PRIVATE
-DENABLE_CRYPTO_MBEDTLS=1
)
target_link_libraries(openvpn mbedtls mbedx509 mbedcrypto lzo lz4)
else ()
target_compile_definitions(openvpn PRIVATE
-DENABLE_CRYPTO_OPENSSL=1
)
target_link_libraries(openvpn crypto ssl lzo lz4)
endif ()
add_executable(libovpnexec.so minivpn/minivpn.c)
target_compile_options(libovpnexec.so PRIVATE -fPIE)
target_link_libraries(libovpnexec.so PRIVATE openvpn -fPIE -pie)
add_executable(pie_openvpn.${ANDROID_ABI} minivpn/minivpn.c)
target_compile_options(pie_openvpn.${ANDROID_ABI} PRIVATE -fPIE)
target_link_libraries(pie_openvpn.${ANDROID_ABI} PRIVATE openvpn -fPIE -pie)
# Hack to copy OpenVPN binaries to assets directory
SET(OVPN_ASSET_DIR ${CMAKE_SOURCE_DIR}/../../../build/ovpnassets)
add_custom_target(makeassetdir ALL
COMMAND ${CMAKE_COMMAND} -E make_directory ${OVPN_ASSET_DIR})
add_custom_command(TARGET pie_openvpn.${ANDROID_ABI} POST_BUILD
COMMAND
${CMAKE_COMMAND} -E copy
$<TARGET_FILE:pie_openvpn.${ANDROID_ABI}>
${OVPN_ASSET_DIR}
)
# Hack that these targets are really executed
add_dependencies(ovpnutil pie_openvpn.${ANDROID_ABI})
add_dependencies(pie_openvpn.${ANDROID_ABI} makeassetdir)

169
client/android/cpp/GetGitRevisionDescription.cmake Normal file
View file

@ -0,0 +1,169 @@
# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
# - Returns a version string from Git
#
# These functions force a re-configure on each git commit so that you can
# trust the values of the variables in your build system.
#
# get_git_head_revision(<refspecvar> <hashvar> [<additional arguments to git describe> ...])
#
# Returns the refspec and sha hash of the current head revision
#
# git_describe(<var> [<additional arguments to git describe> ...])
#
# Returns the results of git describe on the source tree, and adjusting
# the output so that it tests false if an error occurs.
#
# git_get_exact_tag(<var> [<additional arguments to git describe> ...])
#
# Returns the results of git describe --exact-match on the source tree,
# and adjusting the output so that it tests false if there was no exact
# matching tag.
#
# git_local_changes(<var>)
#
# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes.
# Uses the return code of "git diff-index --quiet HEAD --".
# Does not regard untracked files.
#
# Requires CMake 2.6 or newer (uses the 'function' command)
#
# Original Author:
# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
# http://academic.cleardefinition.com
# Iowa State University HCI Graduate Program/VRAC
#
# Copyright Iowa State University 2009-2010.
# Distributed under the Boost Software License, Version 1.0.
# (See accompanying file LICENSE_1_0.txt or copy at
# http://www.boost.org/LICENSE_1_0.txt)
if(__get_git_revision_description)
return()
endif()
set(__get_git_revision_description YES)
# We must run the following at "include" time, not at function call time,
# to find the path to this module rather than the path to a calling list file
get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH)
function(get_git_head_revision _refspecvar _hashvar path)
set(GIT_PARENT_DIR "${path}")
set(GIT_DIR "${GIT_PARENT_DIR}/.git")
while(NOT EXISTS "${GIT_DIR}") # .git dir not found, search parent directories
set(GIT_PREVIOUS_PARENT "${GIT_PARENT_DIR}")
get_filename_component(GIT_PARENT_DIR ${GIT_PARENT_DIR} PATH)
if(GIT_PARENT_DIR STREQUAL GIT_PREVIOUS_PARENT)
# We have reached the root directory, we are not in git
set(${_refspecvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
set(${_hashvar} "GITDIR-NOTFOUND" PARENT_SCOPE)
return()
endif()
set(GIT_DIR "${GIT_PARENT_DIR}/.git")
endwhile()
# check if this is a submodule
if(NOT IS_DIRECTORY ${GIT_DIR})
file(READ ${GIT_DIR} submodule)
string(REGEX REPLACE "gitdir: (.*)\n$" "\\1" GIT_DIR_RELATIVE ${submodule})
get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH)
get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE} ABSOLUTE)
endif()
set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data")
if(NOT EXISTS "${GIT_DATA}")
file(MAKE_DIRECTORY "${GIT_DATA}")
endif()
if(NOT EXISTS "${GIT_DIR}/HEAD")
return()
endif()
set(HEAD_FILE "${GIT_DATA}/HEAD")
configure_file("${GIT_DIR}/HEAD" "${HEAD_FILE}" COPYONLY)
configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in"
"${GIT_DATA}/grabRef.cmake"
@ONLY)
include("${GIT_DATA}/grabRef.cmake")
set(${_refspecvar} "${HEAD_REF}" PARENT_SCOPE)
set(${_hashvar} "${HEAD_HASH}" PARENT_SCOPE)
endfunction()
function(git_describe _var path)
if(NOT GIT_FOUND)
find_package(Git QUIET)
endif()
get_git_head_revision(refspec hash ${path})
if(NOT GIT_FOUND)
set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
return()
endif()
if(NOT hash)
set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
return()
endif()
# TODO sanitize
#if((${ARGN}" MATCHES "&&") OR
# (ARGN MATCHES "||") OR
# (ARGN MATCHES "\\;"))
# message("Please report the following error to the project!")
# message(FATAL_ERROR "Looks like someone's doing something nefarious with git_describe! Passed arguments ${ARGN}")
#endif()
#message(STATUS "Arguments to execute_process: ${ARGN}")
execute_process(COMMAND
"${GIT_EXECUTABLE}"
describe
${hash}
${ARGN}
WORKING_DIRECTORY
${path}
RESULT_VARIABLE
res
OUTPUT_VARIABLE
out
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
if(NOT res EQUAL 0)
set(out "${out}-${res}-NOTFOUND")
endif()
set(${_var} "${out}" PARENT_SCOPE)
endfunction()
function(git_get_exact_tag _var path)
git_describe(out ${path} --exact-match ${ARGN})
set(${_var} "${out}" PARENT_SCOPE)
endfunction()
function(git_local_changes _var path)
if(NOT GIT_FOUND)
find_package(Git QUIET)
endif()
get_git_head_revision(refspec hash path)
if(NOT GIT_FOUND)
set(${_var} "GIT-NOTFOUND" PARENT_SCOPE)
return()
endif()
if(NOT hash)
set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE)
return()
endif()
execute_process(COMMAND
"${GIT_EXECUTABLE}"
diff-index --quiet HEAD --
WORKING_DIRECTORY
${path}
RESULT_VARIABLE
res
OUTPUT_VARIABLE
out
ERROR_QUIET
OUTPUT_STRIP_TRAILING_WHITESPACE)
if(res EQUAL 0)
set(${_var} "CLEAN" PARENT_SCOPE)
else()
set(${_var} "DIRTY" PARENT_SCOPE)
endif()
endfunction()

42
client/android/cpp/GetGitRevisionDescription.cmake.in Normal file
View file

@ -0,0 +1,42 @@
# From https://raw.githubusercontent.com/rpavlik/cmake-modules/master/GetGitRevisionDescription.cmake.in
#
# Internal file for GetGitRevisionDescription.cmake
#
# Requires CMake 2.6 or newer (uses the 'function' command)
#
# Original Author:
# 2009-2010 Ryan Pavlik <rpavlik@iastate.edu> <abiryan@ryand.net>
# http://academic.cleardefinition.com
# Iowa State University HCI Graduate Program/VRAC
#
# Copyright Iowa State University 2009-2010.
# Distributed under the Boost Software License, Version 1.0.
# (See accompanying file LICENSE_1_0.txt or copy at
# http://www.boost.org/LICENSE_1_0.txt)
set(HEAD_HASH)
file(READ "@HEAD_FILE@" HEAD_CONTENTS LIMIT 1024)
string(STRIP "${HEAD_CONTENTS}" HEAD_CONTENTS)
if(HEAD_CONTENTS MATCHES "ref")
# named branch
string(REPLACE "ref: " "" HEAD_REF "${HEAD_CONTENTS}")
if(EXISTS "@GIT_DIR@/${HEAD_REF}")
configure_file("@GIT_DIR@/${HEAD_REF}" "@GIT_DATA@/head-ref" COPYONLY)
else()
configure_file("@GIT_DIR@/packed-refs" "@GIT_DATA@/packed-refs" COPYONLY)
file(READ "@GIT_DATA@/packed-refs" PACKED_REFS)
if(${PACKED_REFS} MATCHES "([0-9a-z]*) ${HEAD_REF}")
set(HEAD_HASH "${CMAKE_MATCH_1}")
endif()
endif()
else()
# detached HEAD
configure_file("@GIT_DIR@/HEAD" "@GIT_DATA@/head-ref" COPYONLY)
endif()
if(NOT HEAD_HASH)
file(READ "@GIT_DATA@/head-ref" HEAD_HASH LIMIT 1024)
string(STRIP "${HEAD_HASH}" HEAD_HASH)
endif()

1
client/android/cpp/asio Submodule

@ -0,0 +1 @@
Subproject commit 4915cfd8a1653c157a1480162ae5601318553eb8

1
client/android/cpp/cloak Submodule

@ -0,0 +1 @@
Subproject commit 28890e1c69e0b02b052fe6e438f5c3642137ab7a

50
client/android/cpp/cloak.cmake Normal file
View file

@ -0,0 +1,50 @@
cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR)
set(TARGET ck_ovpn_plugin_go)
set(CLOAK_SRCS cloak/cmd/ck-ovpn-plugin/ck-ovpn-plugin.go)
set(CLOAK_LIB libck-ovpn-plugin.so)
list(APPEND CMAKE_PROGRAM_PATH "/usr/local/go/bin")
find_program(GO_EXEC go)
set(BUILD_CMD_ARGS build)
list(APPEND BUILD_CMD_ARGS -buildmode=c-shared -o ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB} ${CMAKE_GO_FLAGS} ./...)
set(PREPARE_ENV_ARGS env)
list(APPEND PREPARE_ENV_ARGS -w CGO_ENABLED=1 GOOS=android)
string(REGEX MATCH "[0-9]+$" ANDROID_API_LEVEL ${ANDROID_PLATFORM})
message(WARNING "build cloak plugin abi=${ANDROID_ABI}, ANDROID_API_LEVEL=${ANDROID_API_LEVEL}")
if ("${ANDROID_ABI}" STREQUAL "x86")
list(APPEND PREPARE_ENV_ARGS GOARCH=386)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/i686-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "x86_64")
list(APPEND PREPARE_ENV_ARGS GOARCH=amd64)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/x86_64-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "arm64-v8a")
list(APPEND PREPARE_ENV_ARGS GOARCH=arm64)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/aarch64-linux-android${ANDROID_API_LEVEL}-clang)
elseif ("${ANDROID_ABI}" STREQUAL "armeabi-v7a")
list(APPEND PREPARE_ENV_ARGS GOARCH=arm)
list(APPEND PREPARE_ENV_ARGS GOARM=7)
list(APPEND PREPARE_ENV_ARGS CC=${ANDROID_TOOLCHAIN_ROOT}/bin/armv7a-linux-androideabi${ANDROID_API_LEVEL}-clang)
endif ()
add_custom_command(
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
DEPENDS ${CLOAK_SRCS}
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cloak/cmd/ck-ovpn-plugin
COMMAND ${GO_EXEC} ${PREPARE_ENV_ARGS}
COMMAND ${GO_EXEC} ${BUILD_CMD_ARGS}
COMMENT "Building Go library")
add_custom_target(${TARGET} DEPENDS ${CLOAK_LIB} ${HEADER})
add_library(libck-ovpn-plugin STATIC IMPORTED GLOBAL)
add_dependencies(libck-ovpn-plugin ${TARGET})
set_target_properties(libck-ovpn-plugin
PROPERTIES
IMPORTED_LOCATION ${CMAKE_CURRENT_BINARY_DIR}/${CLOAK_LIB}
INTERFACE_INCLUDE_DIRECTORIES ${CMAKE_CURRENT_BINARY_DIR})

1
client/android/cpp/lz4 Submodule

@ -0,0 +1 @@
Subproject commit d44371841a2f1728a3f36839fd4b7e872d0927d3

7
client/android/cpp/lz4.cmake Normal file
View file

@ -0,0 +1,7 @@
set(lz4_srcs
lz4.c
)
PREPEND(lz4_src_with_path "lz4/lib/" ${lz4_srcs})
add_library(lz4 ${lz4_src_with_path})
target_include_directories(lz4 PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lz4/lib")

1
client/android/cpp/lzo Submodule

@ -0,0 +1 @@
Subproject commit 5754571c8968245f77cf180da872f8f52fe52a40

78
client/android/cpp/lzo.cmake Normal file
View file

@ -0,0 +1,78 @@
# Lzo's own cmake is rather throublesome
set(lzo_srcs
lzo1.c
lzo1_99.c
lzo1a.c
lzo1a_99.c
lzo1b_1.c
lzo1b_2.c
lzo1b_3.c
lzo1b_4.c
lzo1b_5.c
lzo1b_6.c
lzo1b_7.c
lzo1b_8.c
lzo1b_9.c
lzo1b_99.c
lzo1b_9x.c
lzo1b_cc.c
lzo1b_d1.c
lzo1b_d2.c
lzo1b_rr.c
lzo1b_xx.c
lzo1c_1.c
lzo1c_2.c
lzo1c_3.c
lzo1c_4.c
lzo1c_5.c
lzo1c_6.c
lzo1c_7.c
lzo1c_8.c
lzo1c_9.c
lzo1c_99.c
lzo1c_9x.c
lzo1c_cc.c
lzo1c_d1.c
lzo1c_d2.c
lzo1c_rr.c
lzo1c_xx.c
lzo1f_1.c
lzo1f_9x.c
lzo1f_d1.c
lzo1f_d2.c
lzo1x_1.c
lzo1x_1k.c
lzo1x_1l.c
lzo1x_1o.c
lzo1x_9x.c
lzo1x_d1.c
lzo1x_d2.c
lzo1x_d3.c
lzo1x_o.c
lzo1y_1.c
lzo1y_9x.c
lzo1y_d1.c
lzo1y_d2.c
lzo1y_d3.c
lzo1y_o.c
lzo1z_9x.c
lzo1z_d1.c
lzo1z_d2.c
lzo1z_d3.c
lzo2a_9x.c
lzo2a_d1.c
lzo2a_d2.c
lzo_crc.c
lzo_init.c
lzo_ptr.c
lzo_str.c
lzo_util.c
)
PREPEND(lzo_src_with_path "lzo/src" ${lzo_srcs})
add_library(lzo ${lzo_src_with_path})
target_include_directories(lzo PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/lzo/include")
if (${ANDROID_ABI} STREQUAL "armeabi-v7a")
target_compile_options(lzo PRIVATE -O0)
endif()

1
client/android/cpp/mbedtls Submodule

@ -0,0 +1 @@
Subproject commit b1c8e41ae3b36a9a88e0cbee10ed38a577b54726

0
client/android/cpp/minivpn/minivpn.c Normal file
View file

1
client/android/cpp/openssl Submodule

@ -0,0 +1 @@
Subproject commit 5a6a7d0c955b168ccaecbd16d5a8ae4d20304ff4

1
client/android/cpp/openvpn Submodule

@ -0,0 +1 @@
Subproject commit b1ae59746c150da85aa93c8e0ac1e8a0e670d6ef

684
client/android/cpp/openvpn-config/config.h Normal file
View file

@ -0,0 +1,684 @@
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* DISABLE PERSISTEN TUN */
#undef TUNSETPERSIST
/* Enable deferred authentication */
#define CONFIGURE_DEF_AUTH 1
/* Enable internal packet filter */
#undef CONFIGURE_PF //1
/* enable iproute2 support */
#undef CONFIG_FEATURE_IPROUTE
/* Use memory debugging function in OpenSSL */
/* #undef CRYPTO_MDEBUG */
#define HAVE_BASENAME
/* Use dmalloc memory debugging library */
/* #undef DMALLOC */
/* Dimension to use for empty array declaration */
#define EMPTY_ARRAY_SIZE 0
/* Enable client capability only */
#define ENABLE_CLIENT_ONLY 1
/* Enable debugging support */
#define ENABLE_DEBUG 1
/* Enable internal fragmentation support */
#define ENABLE_FRAGMENT 1
/* Enable HTTP proxy support */
#define ENABLE_HTTP_PROXY 1
/* Enable management server capability */
#define ENABLE_MANAGEMENT 1
/* Enable multi-homed UDP server capability */
#define ENABLE_MULTIHOME 0
/* Allow --askpass and --auth-user-pass passwords to be read from a file */
#define ENABLE_PASSWORD_SAVE 1
/* Enable TCP Server port sharing */
#define ENABLE_PORT_SHARE 1
/* Enable smaller executable size */
/* #undef ENABLE_SMALL */
/* Enable Socks proxy support */
#define ENABLE_SOCKS 1
/* Define to 1 if you have the `accept' function. */
#define HAVE_ACCEPT 1
/* Define to 1 if you have the <arpa/inet.h> header file. */
#define HAVE_ARPA_INET_H 1
/* Define to 1 if you have the `bind' function. */
#define HAVE_BIND 1
/* Define to 1 if you have the `chdir' function. */
#define HAVE_CHDIR 1
/* Define to 1 if you have the `chroot' function. */
#define HAVE_CHROOT 1
/* Define to 1 if you have the `chsize' function. */
/* #undef HAVE_CHSIZE */
/* struct cmsghdr needed for extended socket error support */
#define HAVE_CMSGHDR 1
/* Define to 1 if you have the `connect' function. */
#define HAVE_CONNECT 1
/* Define to 1 if your compiler supports GNU GCC-style variadic macros */
#define HAVE_CPP_VARARG_MACRO_GCC 1
/* Define to 1 if your compiler supports ISO C99 variadic macros */
#define HAVE_CPP_VARARG_MACRO_ISO 1
/* Define to 1 if you have the `ctime' function. */
#define HAVE_CTIME 1
/* Define to 1 if you have the <ctype.h> header file. */
#define HAVE_CTYPE_H 1
/* Define to 1 if you have the `daemon' function. */
#define HAVE_DAEMON 1
/* Define to 1 if you have the `dup' function. */
#define HAVE_DUP 1
/* Define to 1 if you have the `dup2' function. */
#define HAVE_DUP2 1
/* Define to 1 if you have the `ENGINE_cleanup' function. */
#define HAVE_ENGINE_CLEANUP 0
/* Define to 1 if you have the `ENGINE_load_builtin_engines' function. */
#define HAVE_ENGINE_LOAD_BUILTIN_ENGINES 0
/* Define to 1 if you have the `ENGINE_register_all_complete' function. */
#define HAVE_ENGINE_REGISTER_ALL_COMPLETE 0
/* epoll_create function is defined */
#define HAVE_EPOLL_CREATE 1
/* Define to 1 if you have the <errno.h> header file. */
#define HAVE_ERRNO_H 1
/* Define to 1 if you have the <err.h> header file. */
#define HAVE_ERR_H 1
/* Define to 1 if you have the `EVP_CIPHER_CTX_set_key_length' function. */
#define HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH 1
/* Define to 1 if you have the `execve' function. */
#define HAVE_EXECVE 1
/* Define to 1 if you have the <fcntl.h> header file. */
#define HAVE_FCNTL_H 1
/* Define to 1 if you have the `flock' function. */
#define HAVE_FLOCK 1
/* Define to 1 if you have the `fork' function. */
#define HAVE_FORK 1
/* Define to 1 if you have the `ftruncate' function. */
#define HAVE_FTRUNCATE 1
/* Define to 1 if you have the `getgrnam' function. */
#define HAVE_GETGRNAM 1
/* Define to 1 if you have the `gethostbyname' function. */
#define HAVE_GETHOSTBYNAME 1
/* Define to 1 if you have the `getpass' function. */
/* #define HAVE_GETPASS 1 */
/* Define to 1 if you have the `getpeereid' function. */
/* #undef HAVE_GETPEEREID */
/* Define to 1 if you have the `getpeername' function. */
#define HAVE_GETPEERNAME 1
/* Define to 1 if you have the `getpid' function. */
#define HAVE_GETPID 1
/* Define to 1 if you have the `getpwnam' function. */
#define HAVE_GETPWNAM 1
/* Define to 1 if you have the `getsockname' function. */
#define HAVE_GETSOCKNAME 1
/* Define to 1 if you have the `getsockopt' function. */
#define HAVE_GETSOCKOPT 1
/* Define to 1 if you have the `gettimeofday' function. */
#define HAVE_GETTIMEOFDAY 1
/* Define to 1 if you have the <grp.h> header file. */
#define HAVE_GRP_H 1
/* Define to 1 if you have the `inet_ntoa' function. */
#define HAVE_INET_NTOA 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* struct in_pktinfo needed for IP_PKTINFO support */
#define HAVE_IN_PKTINFO 1
#define HAVE_IPI_SPEC_DST 1
/* struct iovec needed for IPv6 support */
#define HAVE_IOVEC 1
/* struct iphdr needed for IPv6 support */
#define HAVE_IPHDR 1
/* Define to 1 if you have the <linux/errqueue.h> header file. */
#define HAVE_LINUX_ERRQUEUE_H 1
/* Define to 1 if you have the <linux/if_tun.h> header file. */
#define HAVE_LINUX_IF_TUN_H 1
/* Define to 1 if you have the <linux/sockios.h> header file. */
#define HAVE_LINUX_SOCKIOS_H 1
/* Define to 1 if you have the <linux/types.h> header file. */
#define HAVE_LINUX_TYPES_H 1
/* Define to 1 if you have the `listen' function. */
#define HAVE_LISTEN 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define to 1 if you have the `memset' function. */
#define HAVE_MEMSET 1
/* Define to 1 if you have the `mlockall' function. */
/* #define HAVE_MLOCKALL 1*/
/* struct msghdr needed for extended socket error support */
#define HAVE_MSGHDR 1
/* Define to 1 if you have the <netdb.h> header file. */
#define HAVE_NETDB_H 1
/* Define to 1 if you have the <netinet/if_ether.h> header file. */
#define HAVE_NETINET_IF_ETHER_H 1
/* Define to 1 if you have the <netinet/in.h> header file. */
#define HAVE_NETINET_IN_H 1
/* Define to 1 if you have the <netinet/in_systm.h> header file. */
#define HAVE_NETINET_IN_SYSTM_H 1
/* Define to 1 if you have the <netinet/ip.h> header file. */
#define HAVE_NETINET_IP_H 1
/* Define to 1 if you have the <netinet/tcp.h> header file. */
#define HAVE_NETINET_TCP_H 1
/* Define to 1 if you have the <net/if.h> header file. */
#define HAVE_NET_IF_H 1
/* Define to 1 if you have the <net/if_tun.h> header file. */
/* #undef HAVE_NET_IF_TUN_H */
/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
/* #undef HAVE_NET_TUN_IF_TUN_H */
/* Define to 1 if you have the `nice' function. */
#define HAVE_NICE 1
/* Define to 1 if you have the `openlog' function. */
#define HAVE_OPENLOG 1
/* Define to 1 if you have the <openssl/engine.h> header file. */
#define HAVE_OPENSSL_ENGINE_H 0
/* Define to 1 if you have the `poll' function. */
#define HAVE_POLL 1
/* Define if you have POSIX threads libraries and header files. */
/* #undef HAVE_PTHREAD */
/* Define to 1 if you have the `putenv' function. */
#define HAVE_PUTENV 1
/* Define to 1 if you have the <pwd.h> header file. */
#define HAVE_PWD_H 1
/* Define to 1 if you have the `readv' function. */
#define HAVE_READV 1
/* Define to 1 if you have the `recv' function. */
#define HAVE_RECV 1
/* Define to 1 if you have the `recvfrom' function. */
#define HAVE_RECVFROM 1
/* Define to 1 if you have the `recvmsg' function. */
#define HAVE_RECVMSG 1
/* Define to 1 if you have the <resolv.h> header file. */
#define HAVE_RESOLV_H 1
/* Indicates if res_init is available */
#define HAVE_RES_INIT 1
/* Define to 1 if you have the `select' function. */
#define HAVE_SELECT 1
/* Define to 1 if you have the `send' function. */
#define HAVE_SEND 1
/* Define to 1 if you have the `sendmsg' function. */
#define HAVE_SENDMSG 1
/* Define to 1 if you have the `sendto' function. */
#define HAVE_SENDTO 1
/* SELinux support */
/* #undef HAVE_SETCON */
/* Define to 1 if you have the `setgid' function. */
#define HAVE_SETGID 1
/* Define to 1 if you have the `setgroups' function. */
#define HAVE_SETGROUPS 1
/* Define to 1 if you have the `setsid' function. */
#define HAVE_SETSID 1
/* Define to 1 if you have the `setsockopt' function. */
#define HAVE_SETSOCKOPT 1
/* Define to 1 if you have the `setuid' function. */
#define HAVE_SETUID 1
/* Define to 1 if you have the <signal.h> header file. */
#define HAVE_SIGNAL_H 1
/* Define to 1 if you have the `socket' function. */
#define HAVE_SOCKET 1
/* struct sock_extended_err needed for extended socket error support */
#define HAVE_SOCK_EXTENDED_ERR 1
/* Define to 1 if you have the `stat' function. */
#define HAVE_STAT 1
/* Define to 1 if you have the <stdarg.h> header file. */
#define HAVE_STDARG_H 1
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdio.h> header file. */
#define HAVE_STDIO_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the `strdup' function. */
#define HAVE_STRDUP 1
/* Define to 1 if you have the `strerror' function. */
#define HAVE_STRERROR 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the <stropts.h> header file. */
#define HAVE_STROPTS_H 1
/* Define to 1 if you have the `syslog' function. */
#define HAVE_SYSLOG 1
/* Define to 1 if you have the <syslog.h> header file. */
#define HAVE_SYSLOG_H 1
/* Define to 1 if you have the `system' function. */
#define HAVE_SYSTEM 1
/* Define to 1 if you have the <sys/epoll.h> header file. */
#define HAVE_SYS_EPOLL_H 1
/* Define to 1 if you have the <sys/file.h> header file. */
#define HAVE_SYS_FILE_H 1
/* Define to 1 if you have the <sys/ioctl.h> header file. */
#define HAVE_SYS_IOCTL_H 1
/* Define to 1 if you have the <sys/mman.h> header file. */
#define HAVE_SYS_MMAN_H 1
/* Define to 1 if you have the <poll.h> header file. */
#define HAVE_POLL_H 1
/* Define to 1 if you have the <sys/socket.h> header file. */
#define HAVE_SYS_SOCKET_H 1
/* Define to 1 if you have the <sys/sockio.h> header file. */
/* #undef HAVE_SYS_SOCKIO_H */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/time.h> header file. */
#define HAVE_SYS_TIME_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the <sys/uio.h> header file. */
#define HAVE_SYS_UIO_H 1
/* Define to 1 if you have the <sys/un.h> header file. */
#define HAVE_SYS_UN_H 1
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
#define HAVE_SYS_WAIT_H 1
/* Define to 1 if you have the `time' function. */
#define HAVE_TIME 1
/* struct tun_pi needed for IPv6 support */
#define HAVE_TUN_PI 1
/* Define to 1 if you have the `umask' function. */
#define HAVE_UMASK 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to 1 if you have the `unlink' function. */
#define HAVE_UNLINK 1
/* Define to 1 if you have the `vfork' function. */
#define HAVE_VFORK 1
/* Define to 1 if you have the <vfork.h> header file. */
/* #undef HAVE_VFORK_H */
/* Define to 1 if you have the `vsnprintf' function. */
#define HAVE_VSNPRINTF 1
/* Define to 1 if `fork' works. */
#define HAVE_WORKING_FORK 1
/* Define to 1 if `vfork' works. */
#define HAVE_WORKING_VFORK 1
/* Define to 1 if you have the `writev' function. */
#define HAVE_WRITEV 1
/* Path to ifconfig tool */
#define IFCONFIG_PATH "/system/xbin/ifconfig"
/* Path to iproute tool */
#define IPROUTE_PATH "ip"
/* Use lzo/ directory prefix for LZO header files (for LZO 2.0) */
#define LZO_HEADER_DIR 1
/* LZO version number */
#define LZO_VERSION_NUM "2"
/* Name of package */
#define PACKAGE "openvpn"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "openvpn-users@lists.sourceforge.net"
/* Define to the full name of this package. */
#define PACKAGE_NAME "OpenVPN"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "OpenVPN 2.6-icsopenvpn"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "openvpn"
/* Define to the version of this package. */
#define PACKAGE_VERSION "2.6_master"
/* Define to the necessary symbol if this constant uses a non-standard name on
your system. */
/* #undef PTHREAD_CREATE_JOINABLE */
/* Define as the return type of signal handlers (`int' or `void'). */
#define RETSIGTYPE void
/* Path to route tool */
#define ROUTE_PATH "/system/xbin/route"
/* The size of `unsigned int', as computed by sizeof. */
#define SIZEOF_UNSIGNED_INT 4
/* The size of `unsigned long', as computed by sizeof. */
#define SIZEOF_UNSIGNED_LONG 4
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Enable strict options check between peers */
/* #undef STRICT_OPTIONS_CHECK */
/* The TAP-Win32 id defined in tap-win32/SOURCES */
#define TAP_ID "tap0901"
/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
#define TAP_WIN32_MIN_MAJOR 9
/* The TAP-Win32 version number is defined in tap-win32/SOURCES */
#define TAP_WIN32_MIN_MINOR 1
/* A string representing our target */
#define TARGET_ALIAS TARGET_ABI
/* Are we running on Mac OS X? */
/* #undef TARGET_DARWIN */
/* Are we running on DragonFlyBSD? */
/* #undef TARGET_DRAGONFLY */
/* Are we running on FreeBSD? */
/* #undef TARGET_FREEBSD */
/* Are we running on Android Linux? */
/* TARGET_LINUX is not enable since the TARGET_XXX options mainly
control different tun/tap, ifconfig behaviour and Android VpnProvider
is very different from Linux */
#define TARGET_ANDROID
/* Are we running on Linux? */
/* #define TARGET_LINUX 1 */
/* Are we running NetBSD? */
/* #undef TARGET_NETBSD */
/* Are we running on OpenBSD? */
/* #undef TARGET_OPENBSD */
/* Are we running on Solaris? */
/* #undef TARGET_SOLARIS */
/* Are we running WIN32? */
/* #undef TARGET_WIN32 */
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#define TIME_WITH_SYS_TIME 1
/* Win32 builtin */
/* #undef UF */
/* Use OpenSSL crypto library */
#define USE_CRYPTO 1
/* Use libdl for dynamic library loading */
#define USE_LIBDL 1
/* Use LoadLibrary to load DLLs on Windows */
/* #undef USE_LOAD_LIBRARY */
/* Use LZO compression library */
#define ENABLE_LZO 1
#define ENABLE_SNAPPY 1
#define ENABLE_LZ4 1
#define NEED_COMPAT_LZ4 1
/* Enable PKCS11 capability */
/* #undef USE_PKCS11 */
/* Use pthread-based multithreading */
/* #undef USE_PTHREAD */
/* Use OpenSSL SSL library */
#define ENABLE_SSL 1
#define USE_SSL 1
#define ENABLE_CRYPTO 1
/* via android.mk */
/*#define ENABLE_CRYPTO_OPENSSL 1*/
/* #define ENABLE_CRYPTO_POLARSSL 1 */
/* Use valgrind memory debugging library */
/* #undef USE_VALGRIND */
/* Version number of package */
//#define VERSION "2.3.1"
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# define _GNU_SOURCE 1
#endif
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef gid_t */
/* Some systems don't define in_addr_t */
/* #undef in_addr_t */
/* Define to `__inline__' or `__inline' if that's what the C compiler
calls it, or to nothing if 'inline' is not supported under any name. */
#ifndef __cplusplus
/* #undef inline */
#endif
/* Define to `long int' if <sys/types.h> does not define. */
/* #undef off_t */
/* Define to `int' if <sys/types.h> does not define. */
/* #undef pid_t */
/* Define to `unsigned int' if <sys/types.h> does not define. */
/* #undef size_t */
/* type to use in place of socklen_t if not defined */
/* #undef socklen_t */
/* Define to `int' if <sys/types.h> doesn't define. */
/* #undef uid_t */
/* 16-bit unsigned type */
/* #undef uint16_t */
/* 32-bit unsigned type */
/* #undef uint32_t */
/* 8-bit unsigned type */
/* #undef uint8_t */
/* Define as `fork' if `vfork' does not work. */
/* #undef vfork */
/* Define to empty if the keyword `volatile' does not work. Warning: valid
code using `volatile' can become incorrect without. Disable with care. */
/* #undef volatile */
// New version
#define HAVE_INET_NTOP 1
#define HAVE_INET_PTON 1
#define HAVE_LZO_LZOUTIL_H 1
#define HAVE_LZO_LZO1X_H 1
#define HAVE_SYS_TIME_H 1
#define HAVE_TIME_H 1
// #define HAVE_CONFIG_VERSION_H 1
#define PATH_SEPARATOR_STR "/"
#define HAVE_SA_FAMILY_T 1
// Workaround for bionc
#define IPPROTO_IP IPPROTO_IP
#define IPPROTO_TCP IPPROTO_TCP
int res_init();
#define HAVE_AEAD_CIPHER_MODES 1
#define HAVE_EVP_MD_CTX_RESET 1
#define HAVE_EVP_MD_CTX_FREE 1
#define HAVE_EVP_MD_CTX_NEW 1
#define HAVE_EVP_CIPHER_CTX_FREE 1
#define HAVE_EVP_CIPHER_CTX_NEW 1
#define HAVE_HMAC_CTX_RESET 1
#define HAVE_HMAC_CTX_FREE 1
#define HAVE_HMAC_CTX_NEW 1
#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
#define HAVE_X509_GET0_PUBKEY 1
#define HAVE_X509_STORE_GET0_OBJECTS 1
#define HAVE_X509_OBJECT_FREE 1
#define HAVE_X509_OBJECT_GET_TYPE 1
#define HAVE_EVP_PKEY_GET0_RSA 1
#define HAVE_EVP_PKEY_ID 1
#define HAVE_EVP_PKEY_GET0_DSA 1
#define HAVE_RSA_SET_FLAGS 1
#define HAVE_RSA_GET0_KEY 1
#define HAVE_RSA_SET0_KEY 1
#define HAVE_RSA_BITS 1
#define HAVE_DSA_BITS 1
#define HAVE_DSA_GET0_PQG 1
#define HAVE_RSA_METH_NEW 1
#define HAVE_RSA_METH_FREE 1
#define HAVE_RSA_METH_SET_PUB_ENC 1
#define HAVE_RSA_METH_SET_PUB_DEC 1
#define HAVE_RSA_METH_SET_PRIV_DEC 1
#define HAVE_RSA_METH_SET_PRIV_ENC 1
#define HAVE_RSA_METH_SET_INIT 1
#define HAVE_RSA_METH_SET_FINISH 1
#define HAVE_RSA_METH_SET0_APP_DATA 1
#define HAVE_EVP_PKEY_GET0_EC_KEY 1
#define HAVE_EC_GROUP_ORDER_BITS 1
#define HAVE_RSA_METH_GET0_APP_DATA 1
#define HAVE_RSA_METH_SET_SIGN 1
#define ENABLE_OFB_CFB_MODE 1
#define HAVE_X509_GET0_NOTBEFORE 1
#define HAVE_X509_GET0_NOTAFTER 1
#define HAVE_OPENSSL_VERSION 1
#define HAVE_EVP_CIPHER_CTX_RESET
#define _SOCKLEN_T_DECLARED 1

875
client/android/cpp/openvpn-config/openvpn-plugin.h Normal file
View file

@ -0,0 +1,875 @@
/* include/openvpn-plugin.h. Generated from openvpn-plugin.h.in by configure. */
/*
* OpenVPN -- An application to securely tunnel IP networks
* over a single TCP/UDP port, with support for SSL/TLS-based
* session authentication and key exchange,
* packet encryption, packet authentication, and
* packet compression.
*
* Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_H_
#define OPENVPN_PLUGIN_VERSION 3
#ifdef ENABLE_CRYPTO_MBEDTLS
#include <mbedtls/x509_crt.h>
#ifndef __OPENVPN_X509_CERT_T_DECLARED
#define __OPENVPN_X509_CERT_T_DECLARED
typedef mbedtls_x509_crt openvpn_x509_cert_t;
#endif
#else /* ifdef ENABLE_CRYPTO_MBEDTLS */
#include <openssl/x509.h>
#ifndef __OPENVPN_X509_CERT_T_DECLARED
#define __OPENVPN_X509_CERT_T_DECLARED
typedef X509 openvpn_x509_cert_t;
#endif
#endif
#include <stdarg.h>
#include <stddef.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Provide some basic version information to plug-ins at OpenVPN compile time
* This is will not be the complete version
*/
#define OPENVPN_VERSION_MAJOR 2
#define OPENVPN_VERSION_MINOR 5
#define OPENVPN_VERSION_PATCH "_git"
/*
* Plug-in types. These types correspond to the set of script callbacks
* supported by OpenVPN.
*
* This is the general call sequence to expect when running in server mode:
*
* Initial Server Startup:
*
* FUNC: openvpn_plugin_open_v1
* FUNC: openvpn_plugin_client_constructor_v1 (this is the top-level "generic"
* client template)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_UP
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ROUTE_UP
*
* New Client Connection:
*
* FUNC: openvpn_plugin_client_constructor_v1
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_IPCHANGE
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we don't proceed until authentication is verified via auth_control_file]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_CONNECT_V2
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS
*
* [Client session ensues]
*
* For each "TLS soft reset", according to reneg-sec option (or similar):
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_ENABLE_PF
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_VERIFY (called once for every cert
* in the server chain)
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_TLS_FINAL
*
* [If OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY returned OPENVPN_PLUGIN_FUNC_DEFERRED,
* we expect that authentication is verified via auth_control_file within
* the number of seconds defined by the "hand-window" option. Data channel traffic
* will continue to flow uninterrupted during this period.]
*
* [Client session continues]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_CLIENT_DISCONNECT
* FUNC: openvpn_plugin_client_destructor_v1
*
* [ some time may pass ]
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_LEARN_ADDRESS (this coincides with a
* lazy free of initial
* learned addr object)
* Server Shutdown:
*
* FUNC: openvpn_plugin_func_v1 OPENVPN_PLUGIN_DOWN
* FUNC: openvpn_plugin_client_destructor_v1 (top-level "generic" client)
* FUNC: openvpn_plugin_close_v1
*/
#define OPENVPN_PLUGIN_UP 0
#define OPENVPN_PLUGIN_DOWN 1
#define OPENVPN_PLUGIN_ROUTE_UP 2
#define OPENVPN_PLUGIN_IPCHANGE 3
#define OPENVPN_PLUGIN_TLS_VERIFY 4
#define OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY 5
#define OPENVPN_PLUGIN_CLIENT_CONNECT 6
#define OPENVPN_PLUGIN_CLIENT_DISCONNECT 7
#define OPENVPN_PLUGIN_LEARN_ADDRESS 8
#define OPENVPN_PLUGIN_CLIENT_CONNECT_V2 9
#define OPENVPN_PLUGIN_TLS_FINAL 10
#define OPENVPN_PLUGIN_ENABLE_PF 11
#define OPENVPN_PLUGIN_ROUTE_PREDOWN 12
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER 13
#define OPENVPN_PLUGIN_CLIENT_CONNECT_DEFER_V2 14
#define OPENVPN_PLUGIN_CLIENT_CRRESPONSE 15
#define OPENVPN_PLUGIN_N 16
/*
* Build a mask out of a set of plug-in types.
*/
#define OPENVPN_PLUGIN_MASK(x) (1<<(x))
/*
* A pointer to a plugin-defined object which contains
* the object state.
*/
typedef void *openvpn_plugin_handle_t;
/*
* Return value for openvpn_plugin_func_v1 function
*/
#define OPENVPN_PLUGIN_FUNC_SUCCESS 0
#define OPENVPN_PLUGIN_FUNC_ERROR 1
#define OPENVPN_PLUGIN_FUNC_DEFERRED 2
/*
* For Windows (needs to be modified for MSVC)
*/
#if defined(_WIN32) && !defined(OPENVPN_PLUGIN_H)
#define OPENVPN_EXPORT __declspec(dllexport)
#else
#define OPENVPN_EXPORT
#endif
/*
* If OPENVPN_PLUGIN_H is defined, we know that we are being
* included in an OpenVPN compile, rather than a plugin compile.
*/
#ifdef OPENVPN_PLUGIN_H
/*
* We are compiling OpenVPN.
*/
#define OPENVPN_PLUGIN_DEF typedef
#define OPENVPN_PLUGIN_FUNC(name) (*name)
#else /* ifdef OPENVPN_PLUGIN_H */
/*
* We are compiling plugin.
*/
#define OPENVPN_PLUGIN_DEF OPENVPN_EXPORT
#define OPENVPN_PLUGIN_FUNC(name) name
#endif
/*
* Used by openvpn_plugin_func to return structured
* data. The plugin should allocate all structure
* instances, name strings, and value strings with
* malloc, since OpenVPN will assume that it
* can free the list by calling free() over the same.
*/
struct openvpn_plugin_string_list
{
struct openvpn_plugin_string_list *next;
char *name;
char *value;
};
/* openvpn_plugin_{open,func}_v3() related structs */
/**
* Defines version of the v3 plugin argument structs
*
* Whenever one or more of these structs are modified, this constant
* must be updated. A changelog should be appended in this comment
* as well, to make it easier to see what information is available
* in the different versions.
*
* Version Comment
* 1 Initial plugin v3 structures providing the same API as
* the v2 plugin interface, X509 certificate information +
* a logging API for plug-ins.
*
* 2 Added ssl_api member in struct openvpn_plugin_args_open_in
* which identifies the SSL implementation OpenVPN is compiled
* against.
*
* 3 Added ovpn_version, ovpn_version_major, ovpn_version_minor
* and ovpn_version_patch to provide the runtime version of
* OpenVPN to plug-ins.
*
* 4 Exported secure_memzero() as plugin_secure_memzero()
*
* 5 Exported openvpn_base64_encode() as plugin_base64_encode()
* Exported openvpn_base64_decode() as plugin_base64_decode()
*/
#define OPENVPN_PLUGINv3_STRUCTVER 5
/**
* Definitions needed for the plug-in callback functions.
*/
typedef enum
{
PLOG_ERR = (1 << 0),/* Error condition message */
PLOG_WARN = (1 << 1),/* General warning message */
PLOG_NOTE = (1 << 2),/* Informational message */
PLOG_DEBUG = (1 << 3),/* Debug message, displayed if verb >= 7 */
PLOG_ERRNO = (1 << 8),/* Add error description to message */
PLOG_NOMUTE = (1 << 9), /* Mute setting does not apply for message */
} openvpn_plugin_log_flags_t;
#ifdef __GNUC__
#if __USE_MINGW_ANSI_STDIO
#define _ovpn_chk_fmt(a, b) __attribute__ ((format(gnu_printf, (a), (b))))
#else
#define _ovpn_chk_fmt(a, b) __attribute__ ((format(__printf__, (a), (b))))
#endif
#else /* ifdef __GNUC__ */
#define _ovpn_chk_fmt(a, b)
#endif
typedef void (*plugin_log_t)(openvpn_plugin_log_flags_t flags,
const char *plugin_name,
const char *format, ...) _ovpn_chk_fmt (3, 4);
typedef void (*plugin_vlog_t)(openvpn_plugin_log_flags_t flags,
const char *plugin_name,
const char *format,
va_list arglist) _ovpn_chk_fmt (3, 0);
/* #undef _ovpn_chk_fmt */
/**
* Export of secure_memzero() to be used inside plug-ins
*
* @param data Pointer to data to zeroise
* @param len Length of data, in bytes
*
*/
typedef void (*plugin_secure_memzero_t)(void *data, size_t len);
/**
* Export of openvpn_base64_encode() to be used inside plug-ins
*
* @param data Pointer to data to BASE64 encode
* @param size Length of data, in bytes
* @param *str Pointer to the return buffer. This needed memory is
* allocated by openvpn_base64_encode() and needs to be free()d
* after use.
*
* @return int Returns the length of the buffer created, or -1 on error.
*
*/
typedef int (*plugin_base64_encode_t)(const void *data, int size, char **str);
/**
* Export of openvpn_base64_decode() to be used inside plug-ins
*
* @param str Pointer to the BASE64 encoded data
* @param data Pointer to the buffer where save the decoded data
* @param size Size of the destination buffer
*
* @return int Returns the length of the decoded data, or -1 on error or
* if the destination buffer is too small.
*
*/
typedef int (*plugin_base64_decode_t)(const char *str, void *data, int size);
/**
* Used by the openvpn_plugin_open_v3() function to pass callback
* function pointers to the plug-in.
*
* plugin_log
* plugin_vlog : Use these functions to add information to the OpenVPN log file.
* Messages will only be displayed if the plugin_name parameter
* is set. PLOG_DEBUG messages will only be displayed with plug-in
* debug log verbosity (at the time of writing that's verb >= 7).
*
* plugin_secure_memzero
* : Use this function to securely wipe sensitive information from
* memory. This function is declared in a way that the compiler
* will not remove these function calls during the compiler
* optimization phase.
*/
struct openvpn_plugin_callbacks
{
plugin_log_t plugin_log;
plugin_vlog_t plugin_vlog;
plugin_secure_memzero_t plugin_secure_memzero;
plugin_base64_encode_t plugin_base64_encode;
plugin_base64_decode_t plugin_base64_decode;
};
/**
* Used by the openvpn_plugin_open_v3() function to indicate to the
* plug-in what kind of SSL implementation OpenVPN uses. This is
* to avoid SEGV issues when OpenVPN is complied against mbed TLS
* and the plug-in against OpenSSL.
*/
typedef enum {
SSLAPI_NONE,
SSLAPI_OPENSSL,
SSLAPI_MBEDTLS
} ovpnSSLAPI;
/**
* Arguments used to transport variables to the plug-in.
* The struct openvpn_plugin_args_open_in is only used
* by the openvpn_plugin_open_v3() function.
*
* STRUCT MEMBERS
*
* type_mask : Set by OpenVPN to the logical OR of all script
* types which this version of OpenVPN supports.
*
* argv : a NULL-terminated array of options provided to the OpenVPN
* "plug-in" directive. argv[0] is the dynamic library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* callbacks : a pointer to the plug-in callback function struct.
*
*/
struct openvpn_plugin_args_open_in
{
const int type_mask;
const char **const argv;
const char **const envp;
struct openvpn_plugin_callbacks *callbacks;
const ovpnSSLAPI ssl_api;
const char *ovpn_version;
const unsigned int ovpn_version_major;
const unsigned int ovpn_version_minor;
const char *const ovpn_version_patch;
};
/**
* Arguments used to transport variables from the plug-in back
* to the OpenVPN process. The struct openvpn_plugin_args_open_return
* is only used by the openvpn_plugin_open_v3() function.
*
* STRUCT MEMBERS
*
* type_mask : The plug-in should set this value to the logical OR of all script
* types which the plug-in wants to intercept. For example, if the
* script wants to intercept the client-connect and client-disconnect
* script types:
*
* type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
*
* handle : Pointer to a global plug-in context, created by the plug-in. This pointer
* is passed on to the other plug-in calls.
*
* return_list : used to return data back to OpenVPN.
*
*/
struct openvpn_plugin_args_open_return
{
int type_mask;
openvpn_plugin_handle_t handle;
struct openvpn_plugin_string_list **return_list;
};
/**
* Arguments used to transport variables to and from the
* plug-in. The struct openvpn_plugin_args_func is only used
* by the openvpn_plugin_func_v3() function.
*
* STRUCT MEMBERS:
*
* type : one of the PLUGIN_x types.
*
* argv : a NULL-terminated array of "command line" options which
* would normally be passed to the script. argv[0] is the dynamic
* library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* handle : Pointer to a global plug-in context, created by the plug-in's openvpn_plugin_open_v3().
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* current_cert_depth : Certificate depth of the certificate being passed over
*
* *current_cert : X509 Certificate object received from the client
*
*/
struct openvpn_plugin_args_func_in
{
const int type;
const char **const argv;
const char **const envp;
openvpn_plugin_handle_t handle;
void *per_client_context;
int current_cert_depth;
openvpn_x509_cert_t *current_cert;
};
/**
* Arguments used to transport variables to and from the
* plug-in. The struct openvpn_plugin_args_func is only used
* by the openvpn_plugin_func_v3() function.
*
* STRUCT MEMBERS:
*
* return_list : used to return data back to OpenVPN for further processing/usage by
* the OpenVPN executable.
*
*/
struct openvpn_plugin_args_func_return
{
struct openvpn_plugin_string_list **return_list;
};
/*
* Multiple plugin modules can be cascaded, and modules can be
* used in tandem with scripts. The order of operation is that
* the module func() functions are called in the order that
* the modules were specified in the config file. If a script
* was specified as well, it will be called last. If the
* return code of the module/script controls an authentication
* function (such as tls-verify or auth-user-pass-verify), then
* every module and script must return success (0) in order for
* the connection to be authenticated.
*
* Notes:
*
* Plugins which use a privilege-separation model (by forking in
* their initialization function before the main OpenVPN process
* downgrades root privileges and/or executes a chroot) must
* daemonize after a fork if the "daemon" environmental variable is
* set. In addition, if the "daemon_log_redirect" variable is set,
* the plugin should preserve stdout/stderr across the daemon()
* syscall. See the daemonize() function in plugin/auth-pam/auth-pam.c
* for an example.
*/
/*
* Prototypes for functions which OpenVPN plug-ins must define.
*/
/*
* FUNCTION: openvpn_plugin_open_v2
*
* REQUIRED: YES
*
* Called on initial plug-in load. OpenVPN will preserve plug-in state
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
* will cause the plugin to be closed and reopened.
*
* ARGUMENTS
*
* *type_mask : Set by OpenVPN to the logical OR of all script
* types which this version of OpenVPN supports. The plug-in
* should set this value to the logical OR of all script types
* which the plug-in wants to intercept. For example, if the
* script wants to intercept the client-connect and
* client-disconnect script types:
*
* *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT)
* | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT)
*
* argv : a NULL-terminated array of options provided to the OpenVPN
* "plug-in" directive. argv[0] is the dynamic library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* An openvpn_plugin_handle_t value on success, NULL on failure
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v2)
(unsigned int *type_mask,
const char *argv[],
const char *envp[],
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_func_v2
*
* Called to perform the work of a given script type.
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* type : one of the PLUGIN_x types
*
* argv : a NULL-terminated array of "command line" options which
* would normally be passed to the script. argv[0] is the dynamic
* library pathname.
*
* envp : a NULL-terminated array of OpenVPN-set environmental
* variables in "name=value" format. Note that for security reasons,
* these variables are not actually written to the "official"
* environmental variable store of the process.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*
* In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
* OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous
* authentication where the plugin (or one of its agents) may indicate
* authentication success/failure some number of seconds after the return
* of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
* char to the file named by auth_control_file in the environmental variable
* list (envp).
*
* first char of auth_control_file:
* '0' -- indicates auth failure
* '1' -- indicates auth success
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2)
(openvpn_plugin_handle_t handle,
const int type,
const char *argv[],
const char *envp[],
void *per_client_context,
struct openvpn_plugin_string_list **return_list);
/*
* FUNCTION: openvpn_plugin_open_v3
*
* REQUIRED: YES
*
* Called on initial plug-in load. OpenVPN will preserve plug-in state
* across SIGUSR1 restarts but not across SIGHUP restarts. A SIGHUP reset
* will cause the plugin to be closed and reopened.
*
* ARGUMENTS
*
* version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in
* should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER
* value.
*
* arguments : Structure with all arguments available to the plug-in.
*
* retptr : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v3)
(const int version,
struct openvpn_plugin_args_open_in const *arguments,
struct openvpn_plugin_args_open_return *retptr);
/*
* FUNCTION: openvpn_plugin_func_v3
*
* Called to perform the work of a given script type.
*
* REQUIRED: YES
*
* ARGUMENTS
*
* version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in
* should validate that this value is matching the OPENVPN_PLUGIN_VERSION value.
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* return_list : used to return data back to OpenVPN.
*
* RETURN VALUE
*
* OPENVPN_PLUGIN_FUNC_SUCCESS on success, OPENVPN_PLUGIN_FUNC_ERROR on failure
*
* In addition, OPENVPN_PLUGIN_FUNC_DEFERRED may be returned by
* OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY. This enables asynchronous
* authentication where the plugin (or one of its agents) may indicate
* authentication success/failure some number of seconds after the return
* of the OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY handler by writing a single
* char to the file named by auth_control_file in the environmental variable
* list (envp).
*
* first char of auth_control_file:
* '0' -- indicates auth failure
* '1' -- indicates auth success
*
* OpenVPN will delete the auth_control_file after it goes out of scope.
*
* If an OPENVPN_PLUGIN_ENABLE_PF handler is defined and returns success
* for a particular client instance, packet filtering will be enabled for that
* instance. OpenVPN will then attempt to read the packet filter configuration
* from the temporary file named by the environmental variable pf_file. This
* file may be generated asynchronously and may be dynamically updated during the
* client session, however the client will be blocked from sending or receiving
* VPN tunnel packets until the packet filter file has been generated. OpenVPN
* will periodically test the packet filter file over the life of the client
* instance and reload when modified. OpenVPN will delete the packet filter file
* when the client instance goes out of scope.
*
* Packet filter file grammar:
*
* [CLIENTS DROP|ACCEPT]
* {+|-}common_name1
* {+|-}common_name2
* . . .
* [SUBNETS DROP|ACCEPT]
* {+|-}subnet1
* {+|-}subnet2
* . . .
* [END]
*
* Subnet: IP-ADDRESS | IP-ADDRESS/NUM_NETWORK_BITS
*
* CLIENTS refers to the set of clients (by their common-name) which
* this instance is allowed ('+') to connect to, or is excluded ('-')
* from connecting to. Note that in the case of client-to-client
* connections, such communication must be allowed by the packet filter
* configuration files of both clients.
*
* SUBNETS refers to IP addresses or IP address subnets which this
* instance may connect to ('+') or is excluded ('-') from connecting
* to.
*
* DROP or ACCEPT defines default policy when there is no explicit match
* for a common-name or subnet. The [END] tag must exist. A special
* purpose tag called [KILL] will immediately kill the client instance.
* A given client or subnet rule applies to both incoming and outgoing
* packets.
*
* See plugin/defer/simple.c for an example on using asynchronous
* authentication and client-specific packet filtering.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v3)
(const int version,
struct openvpn_plugin_args_func_in const *arguments,
struct openvpn_plugin_args_func_return *retptr);
/*
* FUNCTION: openvpn_plugin_close_v1
*
* REQUIRED: YES
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called immediately prior to plug-in unload.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_close_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_abort_v1
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* Called when OpenVPN is in the process of aborting due to a fatal error.
* Will only be called on an open context returned by a prior successful
* openvpn_plugin_open callback.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_abort_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_constructor_v1
*
* Called to allocate a per-client memory region, which
* is then passed to the openvpn_plugin_func_v2 function.
* This function is called every time the OpenVPN server
* constructs a client instance object, which normally
* occurs when a session-initiating packet is received
* by a new client, even before the client has authenticated.
*
* This function should allocate the private memory needed
* by the plugin to track individual OpenVPN clients, and
* return a void * to this memory region.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* RETURN VALUE
*
* void * pointer to plugin's private per-client memory region, or NULL
* if no memory region is required.
*/
OPENVPN_PLUGIN_DEF void *OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_constructor_v1)
(openvpn_plugin_handle_t handle);
/*
* FUNCTION: openvpn_plugin_client_destructor_v1
*
* This function is called on client instance object destruction.
*
* REQUIRED: NO
*
* ARGUMENTS
*
* handle : the openvpn_plugin_handle_t value which was returned by
* openvpn_plugin_open.
*
* per_client_context : the per-client context pointer which was returned by
* openvpn_plugin_client_constructor_v1, if defined.
*/
OPENVPN_PLUGIN_DEF void OPENVPN_PLUGIN_FUNC(openvpn_plugin_client_destructor_v1)
(openvpn_plugin_handle_t handle, void *per_client_context);
/*
* FUNCTION: openvpn_plugin_select_initialization_point_v1
*
* Several different points exist in OpenVPN's initialization sequence where
* the openvpn_plugin_open function can be called. While the default is
* OPENVPN_PLUGIN_INIT_PRE_DAEMON, this function can be used to select a
* different initialization point. For example, if your plugin needs to
* return configuration parameters to OpenVPN, use
* OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE.
*
* REQUIRED: NO
*
* RETURN VALUE:
*
* An OPENVPN_PLUGIN_INIT_x value.
*/
#define OPENVPN_PLUGIN_INIT_PRE_CONFIG_PARSE 1
#define OPENVPN_PLUGIN_INIT_PRE_DAEMON 2 /* default */
#define OPENVPN_PLUGIN_INIT_POST_DAEMON 3
#define OPENVPN_PLUGIN_INIT_POST_UID_CHANGE 4
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_select_initialization_point_v1)
(void);
/*
* FUNCTION: openvpn_plugin_min_version_required_v1
*
* This function is called by OpenVPN to query the minimum
* plugin interface version number required by the plugin.
*
* REQUIRED: NO
*
* RETURN VALUE
*
* The minimum OpenVPN plugin interface version number necessary to support
* this plugin.
*/
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_min_version_required_v1)
(void);
/*
* Deprecated functions which are still supported for backward compatibility.
*/
OPENVPN_PLUGIN_DEF openvpn_plugin_handle_t OPENVPN_PLUGIN_FUNC(openvpn_plugin_open_v1)
(unsigned int *type_mask,
const char *argv[],
const char *envp[]);
OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v1)
(openvpn_plugin_handle_t handle, const int type, const char *argv[], const char *envp[]);
#ifdef __cplusplus
}
#endif
#endif /* OPENVPN_PLUGIN_H_ */

1
client/android/cpp/openvpn3 Submodule

@ -0,0 +1 @@
Subproject commit dd6e82ba9fff32e4f4a3965750f3ec9106131a44

40
client/android/cpp/ovpnutil/jniglue.c Normal file
View file

@ -0,0 +1,40 @@
#include <jni.h>
#include <android/log.h>
#include <stdlib.h>
#include <unistd.h>
#include "jniglue.h"
jint JNI_OnLoad(JavaVM *vm, void *reserved) {
#ifndef NDEBUG
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Loading openvpn native library $id$ compiled on " __DATE__ " " __TIME__ );
#endif
return JNI_VERSION_1_2;
}
void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1)
{
__android_log_print(ANDROID_LOG_DEBUG,"openvpn","%s%s%s",prefix,prefix_sep,m1);
}
//! Hack to get the current installed ABI of the libraries. See also https://github.com/schwabe/ics-openvpn/issues/391
jstring Java_de_blinkt_openvpn_core_NativeUtils_getJNIAPI(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, TARGET_ARCH_ABI);
}
jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN2GitVersion(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, OPENVPN2_GIT_REVISION);
}
jstring Java_de_blinkt_openvpn_core_NativeUtils_getOpenVPN3GitVersion(JNIEnv *env, jclass jo)
{
return (*env)->NewStringUTF(env, OPENVPN3_GIT_REVISION);
}

21
client/android/cpp/ovpnutil/jniglue.h Normal file
View file

@ -0,0 +1,21 @@
//
// jniglue.h
// xcopenvpn
//
// Created by Arne Schwabe on 29.03.12.
// Copyright (c) 2012 Universität Paderborn. All rights reserved.
//
#ifndef xcopenvpn_jniglue_h
#define xcopenvpn_jniglue_h
void android_openvpn_log(int level,const char* prefix,const char* prefix_sep,const char* m1);
#endif
#ifdef __cplusplus
extern "C" {
#endif
int jniThrowException(JNIEnv* env, const char* className, const char* msg);
#ifdef __cplusplus
}
#endif

146
client/android/cpp/ovpnutil/rsapss.cpp Normal file
View file

@ -0,0 +1,146 @@
/* Adapted from OpenSSL's rsa_pss.c from OpenSSL 3.0.1 */
/*
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "jni.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <array>
static const unsigned char zeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
static char opensslerr[1024];
extern "C" jbyteArray Java_de_blinkt_openvpn_core_NativeUtils_rsapss(JNIEnv *env,
jclass,
jint hashtype,
jint MSBits,
jint rsa_size,
jbyteArray from) {
/*
unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen)
*/
jbyte *data = env->GetByteArrayElements(from, nullptr);
int datalen = env->GetArrayLength(from);
const auto *mHash = reinterpret_cast<const unsigned char *>(data);
const EVP_MD *Hash;
if (hashtype == 0) {
Hash = EVP_md5();
} else if (hashtype == 1) {
Hash = EVP_sha1();
} else if (hashtype == 2) {
Hash = EVP_sha224();
} else if (hashtype == 3) {
Hash = EVP_sha256();
} else if (hashtype == 4) {
Hash = EVP_sha384();
} else if (hashtype == 5) {
Hash = EVP_sha512();
}
const EVP_MD *mgf1Hash = Hash;
int ret = 0;
int maskedDBLen, emLen;
unsigned char *H, *salt = nullptr, *p;
EVP_MD_CTX *ctx = nullptr;
int hLen = EVP_MD_get_size(Hash);
int sLen = hLen; /* RSA_PSS_SALTLEN_DIGEST */
std::array<unsigned char, 2048> buf{};
unsigned char *EM = buf.data();
if (hLen < 0)
goto err;
emLen = rsa_size;
if (MSBits == 0) {
*EM++ = 0;
emLen--;
}
if (emLen < hLen + 2) {
goto err;
}
if (sLen == RSA_PSS_SALTLEN_MAX) {
sLen = emLen - hLen - 2;
} else if (sLen > emLen - hLen - 2) {
goto err;
}
if (sLen > 0) {
salt = (unsigned char *) OPENSSL_malloc(sLen);
if (salt == nullptr) {
goto err;
}
if (RAND_bytes_ex(nullptr, salt, sLen, 0) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
ctx = EVP_MD_CTX_new();
if (ctx == nullptr)
goto err;
if (!EVP_DigestInit_ex(ctx, Hash, nullptr)
|| !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
|| !EVP_DigestUpdate(ctx, mHash, hLen))
goto err;
if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
goto err;
if (!EVP_DigestFinal_ex(ctx, H, nullptr))
goto err;
/* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
goto err;
p = EM;
/*
* Initial PS XORs with all zeroes which is a NOP so just update pointer.
* Note from a test above this value is guaranteed to be non-negative.
*/
p += emLen - sLen - hLen - 2;
*p++ ^= 0x1;
if (sLen > 0) {
for (int i = 0; i < sLen; i++)
*p++ ^= salt[i];
}
if (MSBits)
EM[0] &= 0xFF >> (8 - MSBits);
/* H is already in place so just set final 0xbc */
EM[emLen - 1] = 0xbc;
ret = 1;
err:
EVP_MD_CTX_free(ctx);
OPENSSL_clear_free(salt, (size_t) sLen); /* salt != NULL implies sLen > 0 */
jbyteArray jb;
jb = env->NewByteArray(emLen);
env->SetByteArrayRegion(jb, 0, emLen, (jbyte *) EM);
return jb;
}

334
client/android/cpp/ovpnutil/sslspeed.c Normal file
View file

@ -0,0 +1,334 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* The ECDH and ECDSA speed test software is originally written by
* Sumit Gupta of Sun Microsystems Laboratories.
*
*/
// Modified by Arne Schwabe to give a simple openssl evp speed java api
#include <jni.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <sys/times.h>
#include <linux/if.h>
#include <android/log.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#include "jniglue.h"
#include <android/log.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/async.h>
#include <openssl/provider.h>
/* This file just contains code thrown together until it works */
#undef SECONDS
#define SECONDS 3
#define PRIME_SECONDS 10
#define RSA_SECONDS 10
#define DSA_SECONDS 10
#define ECDSA_SECONDS 10
#define ECDH_SECONDS 10
typedef struct loopargs_st {
unsigned char *buf;
unsigned char *buf2;
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned int siglen;
EVP_CIPHER_CTX *ctx;
HMAC_CTX *hctx;
} loopargs_t;
#undef BUFSIZE
#define BUFSIZE (1024*16+1)
#define MAX_MISALIGNMENT 63
#define MAX_BLOCK_SIZE 128
static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
#define SIZE_NUM 7
static const int lengths[SIZE_NUM] = {
16, 64, 256, 1024, 1500, 8 * 1024, 16 * 1024
};
static int testnum;
# define COND(unused_cond) (run && count<0x7fffffff)
static volatile int run = 0;
#ifdef SIGALRM
# if defined(__STDC__) || defined(sgi) || defined(_AIX)
# define SIGRETTYPE void
# else
# define SIGRETTYPE int
# endif
#define START 0
#define STOP 1
#define TM_START 0
#define TM_STOP 1
static int usertime = 1;
double app_tminterval(int stop, int usertime)
{
double ret = 0;
struct tms rus;
clock_t now = times(&rus);
static clock_t tmstart;
if (usertime)
now = rus.tms_utime;
if (stop == TM_START)
tmstart = now;
else {
long int tck = sysconf(_SC_CLK_TCK);
ret = (now - tmstart) / (double)tck;
}
return (ret);
}
static double Time_F(int s)
{
double ret = app_tminterval(s, usertime);
if (s == STOP)
alarm(0);
return ret;
}
#endif
static long save_count = 0;
static int decrypt = 0;
static int EVP_Update_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count;
if (decrypt)
for (count = 0; COND(nb_iter); count++)
EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
else
for (count = 0; COND(nb_iter); count++)
EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (decrypt)
EVP_DecryptFinal_ex(ctx, buf, &outl);
else
EVP_EncryptFinal_ex(ctx, buf, &outl);
return count;
}
static const EVP_MD *evp_md = NULL;
static int EVP_Digest_loop(void *args)
{
loopargs_t *tempargs = *(loopargs_t **)args;
unsigned char *buf = tempargs->buf;
unsigned char md[EVP_MAX_MD_SIZE];
int count;
for (count = 0; COND(nb_iter); count++) {
if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
return -1;
}
return count;
}
static int run_benchmark(int async_jobs,
int (*loop_function)(void *), loopargs_t *loopargs)
{
int job_op_count = 0;
int total_op_count = 0;
int num_inprogress = 0;
int error = 0, i = 0, ret = 0;
OSSL_ASYNC_FD job_fd = 0;
size_t num_job_fds = 0;
run = 1;
if (async_jobs == 0) {
return loop_function((void *)&loopargs);
}
return 1234567;
}
static void* stop_run(void* arg)
{
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread started");
sleep(3);
run=0;
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "stop run thread stopped");
return NULL;
}
jdoubleArray Java_de_blinkt_openvpn_core_NativeUtils_getOpenSSLSpeed(JNIEnv* env, jclass thiz, jstring algorithm, jint testnumber)
{
OSSL_PROVIDER *legacy;
OSSL_PROVIDER *deflt;
OSSL_LIB_CTX *lib_ctx = OSSL_LIB_CTX_new();
/* Load Multiple providers into the default (NULL) library context */
legacy = OSSL_PROVIDER_load(lib_ctx, "legacy");
if (legacy == NULL) {
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Legacy provider\n");
return NULL;
}
deflt = OSSL_PROVIDER_load(lib_ctx, "default");
if (deflt == NULL) {
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Failed to load Default provider\n");
OSSL_PROVIDER_unload(legacy);
return NULL;
}
static const unsigned char key16[16] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
};
const EVP_CIPHER *evp_cipher = NULL;
const char* alg = (*env)->GetStringUTFChars( env, algorithm , NULL ) ;
evp_cipher = EVP_CIPHER_fetch(lib_ctx, alg, NULL);
if (evp_cipher == NULL)
evp_md = EVP_MD_fetch(lib_ctx, alg, NULL);
if (evp_cipher == NULL && evp_md == NULL) {
// BIO_printf(bio_err, "%s: %s is an unknown cipher or digest\n", prog, opt_arg());
//jniThrowException(env, "java/security/NoSuchAlgorithmException", "Algorithm not found");
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "Algorithm not found");
return NULL;
}
loopargs_t *loopargs = NULL;
int loopargs_len = 1;
int async_jobs = 0;
loopargs = malloc(loopargs_len * sizeof(loopargs_t));
memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
jdoubleArray ret = (*env)->NewDoubleArray(env, 3);
if (testnum < 0 || testnum >= SIZE_NUM)
goto error;
testnum = testnumber;
for (int i = 0; i < loopargs_len; i++) {
int misalign=0;
loopargs[i].buf_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
loopargs[i].buf2_malloc = malloc((int)BUFSIZE + MAX_MISALIGNMENT + 1);
/* Align the start of buffers on a 64 byte boundary */
loopargs[i].buf = loopargs[i].buf_malloc + misalign;
loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
}
int count;
double d;
if (evp_cipher) {
/*
* -O3 -fschedule-insns messes up an optimization here!
* names[D_EVP] somehow becomes NULL
*/
for (int k = 0; k < loopargs_len; k++) {
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (decrypt)
EVP_DecryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
else
EVP_EncryptInit_ex(loopargs[k].ctx, evp_cipher, NULL, key16, iv);
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
}
Time_F(START);
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
goto error;
count = run_benchmark(async_jobs, EVP_Update_loop, loopargs);
d = Time_F(STOP);
for (int k = 0; k < loopargs_len; k++) {
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
}
if (evp_md) {
pthread_t timer_thread;
if (pthread_create(&timer_thread, NULL, stop_run, NULL))
{
__android_log_write(ANDROID_LOG_DEBUG,"openvpn", "creating thread failed");
goto error;
}
Time_F(START);
count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
d = Time_F(STOP);
}
// Save results in hacky way
double results[] = {(double) lengths[testnum], (double) count, d};
(*env)->SetDoubleArrayRegion(env, ret, 0, 3, results);
// print_result(D_EVP, testnum, count, d);
OSSL_LIB_CTX_free(lib_ctx);
free(loopargs);
return ret;
error:
for (int k = 0; k < loopargs_len; k++) {
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
free(loopargs);
OSSL_LIB_CTX_free(lib_ctx);
return NULL;
}

7
client/android/cpp/tools.cmake Normal file
View file

@ -0,0 +1,7 @@
FUNCTION(PREPEND var prefix)
SET(listVar "")
FOREACH(f ${ARGN})
LIST(APPEND listVar "${prefix}/${f}")
ENDFOREACH(f)
SET(${var} "${listVar}" PARENT_SCOPE)
ENDFUNCTION(PREPEND)

BIN
client/android/lib/openvpn/arm64-v8a/libjbcrypto.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/arm64-v8a/libopenvpn.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/arm64-v8a/libopvpnutil.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/arm64-v8a/libovpn3.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/arm64-v8a/libovpnexec.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/armeabi-v7a/libjbcrypto.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/armeabi-v7a/libopenvpn.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/armeabi-v7a/libopvpnutil.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/armeabi-v7a/libovpn3.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/armeabi-v7a/libovpnexec.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86/libjbcrypto.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86/libopenvpn.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86/libopvpnutil.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86/libovpn3.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86/libovpnexec.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86_64/libjbcrypto.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86_64/libopenvpn.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86_64/libopvpnutil.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86_64/libovpn3.so
View file

Binary file not shown.

BIN
client/android/lib/openvpn/x86_64/libovpnexec.so
View file

Binary file not shown.

50
client/android/src/net/openvpn/ovpn3/ClientAPI_Config.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.
@ -117,12 +117,12 @@ public class ClientAPI_Config {
return ovpncliJNI.ClientAPI_Config_protoVersionOverride_get(swigCPtr, this);
}
public void setIpv6(String value) {
ovpncliJNI.ClientAPI_Config_ipv6_set(swigCPtr, this, value);
public void setAllowUnusedAddrFamilies(String value) {
ovpncliJNI.ClientAPI_Config_allowUnusedAddrFamilies_set(swigCPtr, this, value);
}
public String getIpv6() {
return ovpncliJNI.ClientAPI_Config_ipv6_get(swigCPtr, this);
public String getAllowUnusedAddrFamilies() {
return ovpncliJNI.ClientAPI_Config_allowUnusedAddrFamilies_get(swigCPtr, this);
}
public void setConnTimeout(int value) {
@ -221,14 +221,6 @@ public class ClientAPI_Config {
return ovpncliJNI.ClientAPI_Config_defaultKeyDirection_get(swigCPtr, this);
}
public void setForceAesCbcCiphersuites(boolean value) {
ovpncliJNI.ClientAPI_Config_forceAesCbcCiphersuites_set(swigCPtr, this, value);
}
public boolean getForceAesCbcCiphersuites() {
return ovpncliJNI.ClientAPI_Config_forceAesCbcCiphersuites_get(swigCPtr, this);
}
public void setTlsVersionMinOverride(String value) {
ovpncliJNI.ClientAPI_Config_tlsVersionMinOverride_set(swigCPtr, this, value);
}
@ -366,6 +358,14 @@ public class ClientAPI_Config {
return ovpncliJNI.ClientAPI_Config_gremlinConfig_get(swigCPtr, this);
}
public void setUsePluggableTransports(boolean value) {
ovpncliJNI.ClientAPI_Config_usePluggableTransports_set(swigCPtr, this, value);
}
public boolean getUsePluggableTransports() {
return ovpncliJNI.ClientAPI_Config_usePluggableTransports_get(swigCPtr, this);
}
public void setWintun(boolean value) {
ovpncliJNI.ClientAPI_Config_wintun_set(swigCPtr, this, value);
}
@ -374,6 +374,30 @@ public class ClientAPI_Config {
return ovpncliJNI.ClientAPI_Config_wintun_get(swigCPtr, this);
}
public void setAllowLocalDnsResolvers(boolean value) {
ovpncliJNI.ClientAPI_Config_allowLocalDnsResolvers_set(swigCPtr, this, value);
}
public boolean getAllowLocalDnsResolvers() {
return ovpncliJNI.ClientAPI_Config_allowLocalDnsResolvers_get(swigCPtr, this);
}
public void setEnableLegacyAlgorithms(boolean value) {
ovpncliJNI.ClientAPI_Config_enableLegacyAlgorithms_set(swigCPtr, this, value);
}
public boolean getEnableLegacyAlgorithms() {
return ovpncliJNI.ClientAPI_Config_enableLegacyAlgorithms_get(swigCPtr, this);
}
public void setEnableNonPreferredDCAlgorithms(boolean value) {
ovpncliJNI.ClientAPI_Config_enableNonPreferredDCAlgorithms_set(swigCPtr, this, value);
}
public boolean getEnableNonPreferredDCAlgorithms() {
return ovpncliJNI.ClientAPI_Config_enableNonPreferredDCAlgorithms_get(swigCPtr, this);
}
public ClientAPI_Config() {
this(ovpncliJNI.new_ClientAPI_Config(), true);
}

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ConnectionInfo.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_DynamicChallenge.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_EvalConfig.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_Event.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKIBase.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKICertRequest.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKIRequestBase.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ExternalPKISignRequest.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_InterfaceStats.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_KeyValue.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_LLVector.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_LogInfo.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_MergeConfig.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

38
client/android/src/net/openvpn/ovpn3/ClientAPI_OpenVPNClient.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.
@ -56,26 +56,6 @@ public class ClientAPI_OpenVPNClient extends ClientAPI_TunBuilderBase {
ovpncliJNI.ClientAPI_OpenVPNClient_director_connect(this, swigCPtr, true, true);
}
public static ClientAPI_MergeConfig merge_config_static(String path, boolean follow_references) {
return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClient_merge_config_static(path, follow_references), true);
}
public static ClientAPI_MergeConfig merge_config_string_static(String config_content) {
return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClient_merge_config_string_static(config_content), true);
}
public static ClientAPI_EvalConfig eval_config_static(ClientAPI_Config config) {
return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClient_eval_config_static(ClientAPI_Config.getCPtr(config), config), true);
}
public static int max_profile_size() {
return ovpncliJNI.ClientAPI_OpenVPNClient_max_profile_size();
}
public static boolean parse_dynamic_challenge(String cookie, ClientAPI_DynamicChallenge dc) {
return ovpncliJNI.ClientAPI_OpenVPNClient_parse_dynamic_challenge(cookie, ClientAPI_DynamicChallenge.getCPtr(dc), dc);
}
public ClientAPI_EvalConfig eval_config(ClientAPI_Config arg0) {
return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClient_eval_config(swigCPtr, this, ClientAPI_Config.getCPtr(arg0), arg0), true);
}
@ -176,20 +156,4 @@ public class ClientAPI_OpenVPNClient extends ClientAPI_TunBuilderBase {
if (getClass() == ClientAPI_OpenVPNClient.class) ovpncliJNI.ClientAPI_OpenVPNClient_clock_tick(swigCPtr, this); else ovpncliJNI.ClientAPI_OpenVPNClient_clock_tickSwigExplicitClientAPI_OpenVPNClient(swigCPtr, this);
}
public static String crypto_self_test() {
return ovpncliJNI.ClientAPI_OpenVPNClient_crypto_self_test();
}
public static int app_expire() {
return ovpncliJNI.ClientAPI_OpenVPNClient_app_expire();
}
public static String platform() {
return ovpncliJNI.ClientAPI_OpenVPNClient_platform();
}
public static String copyright() {
return ovpncliJNI.ClientAPI_OpenVPNClient_copyright();
}
}

75
client/android/src/net/openvpn/ovpn3/ClientAPI_OpenVPNClientHelper.java Normal file
View file

@ -0,0 +1,75 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.
* ----------------------------------------------------------------------------- */
package net.openvpn.ovpn3;
public class ClientAPI_OpenVPNClientHelper {
private transient long swigCPtr;
protected transient boolean swigCMemOwn;
protected ClientAPI_OpenVPNClientHelper(long cPtr, boolean cMemoryOwn) {
swigCMemOwn = cMemoryOwn;
swigCPtr = cPtr;
}
protected static long getCPtr(ClientAPI_OpenVPNClientHelper obj) {
return (obj == null) ? 0 : obj.swigCPtr;
}
@SuppressWarnings("deprecation")
protected void finalize() {
delete();
}
public synchronized void delete() {
if (swigCPtr != 0) {
if (swigCMemOwn) {
swigCMemOwn = false;
ovpncliJNI.delete_ClientAPI_OpenVPNClientHelper(swigCPtr);
}
swigCPtr = 0;
}
}
public ClientAPI_OpenVPNClientHelper() {
this(ovpncliJNI.new_ClientAPI_OpenVPNClientHelper(), true);
}
public ClientAPI_MergeConfig merge_config(String path, boolean follow_references) {
return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_merge_config(swigCPtr, this, path, follow_references), true);
}
public ClientAPI_MergeConfig merge_config_string(String config_content) {
return new ClientAPI_MergeConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_merge_config_string(swigCPtr, this, config_content), true);
}
public ClientAPI_EvalConfig eval_config(ClientAPI_Config config) {
return new ClientAPI_EvalConfig(ovpncliJNI.ClientAPI_OpenVPNClientHelper_eval_config(swigCPtr, this, ClientAPI_Config.getCPtr(config), config), true);
}
public static int max_profile_size() {
return ovpncliJNI.ClientAPI_OpenVPNClientHelper_max_profile_size();
}
public static boolean parse_dynamic_challenge(String cookie, ClientAPI_DynamicChallenge dc) {
return ovpncliJNI.ClientAPI_OpenVPNClientHelper_parse_dynamic_challenge(cookie, ClientAPI_DynamicChallenge.getCPtr(dc), dc);
}
public String crypto_self_test() {
return ovpncliJNI.ClientAPI_OpenVPNClientHelper_crypto_self_test(swigCPtr, this);
}
public static String platform() {
return ovpncliJNI.ClientAPI_OpenVPNClientHelper_platform();
}
public static String copyright() {
return ovpncliJNI.ClientAPI_OpenVPNClientHelper_copyright();
}
}

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ProvideCreds.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_RemoteOverride.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ServerEntry.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_ServerEntryVector.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_SessionToken.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_Status.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_StringVec.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ClientAPI_TransportStats.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

6
client/android/src/net/openvpn/ovpn3/ClientAPI_TunBuilderBase.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.
@ -104,8 +104,8 @@ public class ClientAPI_TunBuilderBase {
return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_add_wins_server(swigCPtr, this, address);
}
public boolean tun_builder_set_block_ipv6(boolean block_ipv6) {
return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_set_block_ipv6(swigCPtr, this, block_ipv6);
public boolean tun_builder_set_allow_family(int af, boolean allow) {
return ovpncliJNI.ClientAPI_TunBuilderBase_tun_builder_set_allow_family(swigCPtr, this, af, allow);
}
public boolean tun_builder_set_adapter_domain_suffix(String name) {

2
client/android/src/net/openvpn/ovpn3/SWIGTYPE_p_std__string.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/SWIGTYPE_p_std__vectorT_openvpn__ClientAPI__KeyValue_t.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

2
client/android/src/net/openvpn/ovpn3/ovpncli.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.

41
client/android/src/net/openvpn/ovpn3/ovpncliJNI.java
View file

@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
* Version 4.0.2
* Version 4.0.1
*
* Do not make changes to this file unless you know what you are doing--modify
* the SWIG interface file instead.
@ -73,7 +73,7 @@ public class ovpncliJNI {
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_proxy_http(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2, int jarg3);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_proxy_https(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2, int jarg3);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_add_wins_server(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_block_ipv6(long jarg1, ClientAPI_TunBuilderBase jarg1_, boolean jarg2);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_allow_family(long jarg1, ClientAPI_TunBuilderBase jarg1_, int jarg2, boolean jarg3);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_set_adapter_domain_suffix(long jarg1, ClientAPI_TunBuilderBase jarg1_, String jarg2);
public final static native int ClientAPI_TunBuilderBase_tun_builder_establish(long jarg1, ClientAPI_TunBuilderBase jarg1_);
public final static native boolean ClientAPI_TunBuilderBase_tun_builder_persist(long jarg1, ClientAPI_TunBuilderBase jarg1_);
@ -183,8 +183,8 @@ public class ovpncliJNI {
public final static native String ClientAPI_Config_protoOverride_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_protoVersionOverride_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
public final static native int ClientAPI_Config_protoVersionOverride_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_ipv6_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
public final static native String ClientAPI_Config_ipv6_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_allowUnusedAddrFamilies_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
public final static native String ClientAPI_Config_allowUnusedAddrFamilies_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_connTimeout_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
public final static native int ClientAPI_Config_connTimeout_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_tunPersist_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
@ -209,8 +209,6 @@ public class ovpncliJNI {
public final static native String ClientAPI_Config_privateKeyPassword_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_defaultKeyDirection_set(long jarg1, ClientAPI_Config jarg1_, int jarg2);
public final static native int ClientAPI_Config_defaultKeyDirection_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_forceAesCbcCiphersuites_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_forceAesCbcCiphersuites_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_tlsVersionMinOverride_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
public final static native String ClientAPI_Config_tlsVersionMinOverride_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_tlsCertProfileOverride_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
@ -245,8 +243,16 @@ public class ovpncliJNI {
public final static native long ClientAPI_Config_clockTickMS_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_gremlinConfig_set(long jarg1, ClientAPI_Config jarg1_, String jarg2);
public final static native String ClientAPI_Config_gremlinConfig_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_usePluggableTransports_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_usePluggableTransports_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_wintun_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_wintun_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_allowLocalDnsResolvers_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_allowLocalDnsResolvers_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_enableLegacyAlgorithms_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_enableLegacyAlgorithms_get(long jarg1, ClientAPI_Config jarg1_);
public final static native void ClientAPI_Config_enableNonPreferredDCAlgorithms_set(long jarg1, ClientAPI_Config jarg1_, boolean jarg2);
public final static native boolean ClientAPI_Config_enableNonPreferredDCAlgorithms_get(long jarg1, ClientAPI_Config jarg1_);
public final static native long new_ClientAPI_Config();
public final static native void delete_ClientAPI_Config(long jarg1);
public final static native void ClientAPI_Event_error_set(long jarg1, ClientAPI_Event jarg1_, boolean jarg2);
@ -372,13 +378,18 @@ public class ovpncliJNI {
public final static native String ClientAPI_RemoteOverride_error_get(long jarg1, ClientAPI_RemoteOverride jarg1_);
public final static native long new_ClientAPI_RemoteOverride();
public final static native void delete_ClientAPI_RemoteOverride(long jarg1);
public final static native long new_ClientAPI_OpenVPNClientHelper();
public final static native void delete_ClientAPI_OpenVPNClientHelper(long jarg1);
public final static native long ClientAPI_OpenVPNClientHelper_merge_config(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, String jarg2, boolean jarg3);
public final static native long ClientAPI_OpenVPNClientHelper_merge_config_string(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, String jarg2);
public final static native long ClientAPI_OpenVPNClientHelper_eval_config(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_, long jarg2, ClientAPI_Config jarg2_);
public final static native int ClientAPI_OpenVPNClientHelper_max_profile_size();
public final static native boolean ClientAPI_OpenVPNClientHelper_parse_dynamic_challenge(String jarg1, long jarg2, ClientAPI_DynamicChallenge jarg2_);
public final static native String ClientAPI_OpenVPNClientHelper_crypto_self_test(long jarg1, ClientAPI_OpenVPNClientHelper jarg1_);
public final static native String ClientAPI_OpenVPNClientHelper_platform();
public final static native String ClientAPI_OpenVPNClientHelper_copyright();
public final static native long new_ClientAPI_OpenVPNClient();
public final static native void delete_ClientAPI_OpenVPNClient(long jarg1);
public final static native long ClientAPI_OpenVPNClient_merge_config_static(String jarg1, boolean jarg2);
public final static native long ClientAPI_OpenVPNClient_merge_config_string_static(String jarg1);
public final static native long ClientAPI_OpenVPNClient_eval_config_static(long jarg1, ClientAPI_Config jarg1_);
public final static native int ClientAPI_OpenVPNClient_max_profile_size();
public final static native boolean ClientAPI_OpenVPNClient_parse_dynamic_challenge(String jarg1, long jarg2, ClientAPI_DynamicChallenge jarg2_);
public final static native long ClientAPI_OpenVPNClient_eval_config(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_Config jarg2_);
public final static native long ClientAPI_OpenVPNClient_provide_creds(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_ProvideCreds jarg2_);
public final static native boolean ClientAPI_OpenVPNClient_socket_protect(long jarg1, ClientAPI_OpenVPNClient jarg1_, int jarg2, String jarg3, boolean jarg4);
@ -408,10 +419,6 @@ public class ovpncliJNI {
public final static native void ClientAPI_OpenVPNClient_remote_overrideSwigExplicitClientAPI_OpenVPNClient(long jarg1, ClientAPI_OpenVPNClient jarg1_, long jarg2, ClientAPI_RemoteOverride jarg2_);
public final static native void ClientAPI_OpenVPNClient_clock_tick(long jarg1, ClientAPI_OpenVPNClient jarg1_);
public final static native void ClientAPI_OpenVPNClient_clock_tickSwigExplicitClientAPI_OpenVPNClient(long jarg1, ClientAPI_OpenVPNClient jarg1_);
public final static native String ClientAPI_OpenVPNClient_crypto_self_test();
public final static native int ClientAPI_OpenVPNClient_app_expire();
public final static native String ClientAPI_OpenVPNClient_platform();
public final static native String ClientAPI_OpenVPNClient_copyright();
public final static native void ClientAPI_OpenVPNClient_director_connect(ClientAPI_OpenVPNClient obj, long cptr, boolean mem_own, boolean weak_global);
public final static native void ClientAPI_OpenVPNClient_change_ownership(ClientAPI_OpenVPNClient obj, long cptr, boolean take_or_release);
public final static native long ClientAPI_ExternalPKICertRequest_SWIGUpcast(long jarg1);
@ -469,8 +476,8 @@ public class ovpncliJNI {
public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_add_wins_server(ClientAPI_OpenVPNClient jself, String address) {
return jself.tun_builder_add_wins_server(address);
}
public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_block_ipv6(ClientAPI_OpenVPNClient jself, boolean block_ipv6) {
return jself.tun_builder_set_block_ipv6(block_ipv6);
public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_allow_family(ClientAPI_OpenVPNClient jself, int af, boolean allow) {
return jself.tun_builder_set_allow_family(af, allow);
}
public static boolean SwigDirector_ClientAPI_OpenVPNClient_tun_builder_set_adapter_domain_suffix(ClientAPI_OpenVPNClient jself, String name) {
return jself.tun_builder_set_adapter_domain_suffix(name);

46
client/android/src/org/amnezia/vpn/OpenVPNThreadv3.kt
View file

@ -14,6 +14,7 @@ import com.wireguard.android.util.SharedLibraryLoader
import com.wireguard.config.*
import com.wireguard.crypto.Key
import org.json.JSONObject
import java.util.Base64
import net.openvpn.ovpn3.ClientAPI_Config
import net.openvpn.ovpn3.ClientAPI_EvalConfig
@ -25,6 +26,7 @@ import net.openvpn.ovpn3.ClientAPI_OpenVPNClient
import net.openvpn.ovpn3.ClientAPI_ProvideCreds
import net.openvpn.ovpn3.ClientAPI_Status
import net.openvpn.ovpn3.ClientAPI_TransportStats
import java.lang.StringBuilder
class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runnable {
private val tag = "OpenVPNThreadv3"
@ -59,7 +61,48 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
override fun run() {
val config: ClientAPI_Config = ClientAPI_Config()
config.content = mService.getVpnConfig().getJSONObject("openvpn_config_data").getString("config")
val jsonVpnConfig = mService.getVpnConfig()
val ovpnConfig = jsonVpnConfig.getJSONObject("openvpn_config_data").getString("config")
val resultingConfig = StringBuilder()
resultingConfig.append(ovpnConfig)
if (jsonVpnConfig.getString("protocol") == "cloak") {
val cloakConfigJson: JSONObject = jsonVpnConfig.getJSONObject("cloak_config_data")
if (cloakConfigJson.keySet().contains("NumConn")) {
cloakConfigJson.put("NumConn", 1)
}
if (cloakConfigJson.keySet().contains("ProxyMethod")) {
cloakConfigJson.put("ProxyMethod", "openvpn")
}
if (cloakConfigJson.keySet().contains("port")) {
val portValue = cloakConfigJson.get("port")
cloakConfigJson.remove("port")
cloakConfigJson.put("RemotePort", portValue)
}
if (cloakConfigJson.keySet().contains("remote")) {
val hostValue = cloakConfigJson.get("remote")
cloakConfigJson.remove("remote")
cloakConfigJson.put("RemoteHost", hostValue)
}
val cloakConfig = Base64.getEncoder().encodeToString(
jsonVpnConfig.getJSONObject("cloak_config_data").toString().toByteArray()
)
resultingConfig.append("\n<cloak>\n")
resultingConfig.append(cloakConfig)
resultingConfig.append("\n</cloak>\n")
config.setUsePluggableTransports(true)
}
config.content = resultingConfig.toString()
eval_config(config)
@ -67,7 +110,6 @@ class OpenVPNThreadv3(var service: VPNService): ClientAPI_OpenVPNClient(), Runna
if (status.getError()) {
Log.i(tag, "connect() error: " + status.getError() + ": " + status.getMessage())
}
}
override fun log(arg0: ClientAPI_LogInfo){

27
client/android/src/org/amnezia/vpn/VPNService.kt
View file

@ -176,7 +176,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
}
override fun onUnbind(intent: Intent?): Boolean {
Log.v(tag, "Aman: onUnbind....................")
if (!isUp) {
// If the Qt Client got closed while we were not connected
// we do not need to stay as a foreground service.
@ -185,12 +184,17 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
return super.onUnbind(intent)
}
override fun onDestroy() {
turnOff()
super.onDestroy()
}
/**
* EntryPoint for the Service, gets Called when AndroidController.cpp
* calles bindService. Returns the [VPNServiceBinder] so QT can send Requests to it.
*/
override fun onBind(intent: Intent): IBinder {
Log.v(tag, "Aman: onBind....................")
when (mProtocol) {
"shadowsocks" -> {
@ -214,7 +218,6 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
* or from Booting the device and having "connect on boot" enabled.
*/
override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
Log.v(tag, "Aman: onStartCommand....................")
this.intent = intent
this.flags = flags
this.startId = startId
@ -278,6 +281,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
var isUp: Boolean = false
get() {
return when (mProtocol) {
"cloak",
"openvpn" -> {
field
}
@ -303,6 +307,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
val deviceIpv4: String = ""
val status = when (mProtocol) {
"cloak",
"openvpn" -> {
if (mOpenVPNThreadv3 == null) {
Status(null, null, null, null)
@ -373,7 +378,9 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
Log.i(tag, "Config: $mConfig")
mProtocol = mConfig!!.getString("protocol")
Log.i(tag, "Protocol: $mProtocol")
when (mProtocol) {
"cloak",
"openvpn" -> {
startOpenVpn()
}
@ -447,8 +454,13 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
fun turnOff() {
Log.v(tag, "Aman: turnOff....................")
when (mProtocol) {
"wireguard" -> wgTurnOff(currentTunnelHandle)
"openvpn" -> ovpnTurnOff()
"wireguard" -> {
wgTurnOff(currentTunnelHandle)
}
"cloak",
"openvpn" -> {
ovpnTurnOff()
}
"shadowsocks" -> {
stopRunner(false)
stopTest()
@ -457,6 +469,7 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
Log.e(tag, "No protocol")
}
}
currentTunnelHandle = -1
stopForeground(true)
isUp = false
@ -688,6 +701,10 @@ class VPNService : BaseVpnService(), LocalDnsService.Interface {
}
private fun startOpenVpn() {
if (isUp || mOpenVPNThreadv3 != null) {
ovpnTurnOff()
}
mOpenVPNThreadv3 = OpenVPNThreadv3(this)
Thread({