Support OpenVPN 2.5 --data-ciphers

When present, pick cipher among available data ciphers from
configuration, rather than all recognized ciphers.

Reorder available ciphers by decreasing "security".
This commit is contained in:
Davide De Rosa 2021-01-10 10:16:06 +01:00
parent 0f44e9dc71
commit 81bc2a7ebd
6 changed files with 42 additions and 19 deletions

View File

@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Unreleased ## Unreleased
### Added
- Support `--data-ciphers` from OpenVPN 2.5 [tunnelkit#193](https://github.com/passepartoutvpn/tunnelkit/issues/193)
### Changed ### Changed
- Drop hosts restriction in free version ("Unlimited hosts"). - Drop hosts restriction in free version ("Unlimited hosts").

View File

@ -352,10 +352,19 @@ extension ConfigurationViewController: UITableViewDataSource, UITableViewDelegat
switch model.row(at: indexPath) { switch model.row(at: indexPath) {
case .cipher: case .cipher:
var options: [OpenVPN.Cipher] = configuration.dataCiphers ?? []
if !options.isEmpty {
if let cipher = configuration.cipher, !options.contains(cipher) {
options.append(cipher)
}
} else {
options.append(contentsOf: OpenVPN.Cipher.available)
}
let vc = SingleOptionViewController<OpenVPN.Cipher>() let vc = SingleOptionViewController<OpenVPN.Cipher>()
vc.applyTint(.current) vc.applyTint(.current)
vc.title = settingCell?.leftText vc.title = settingCell?.leftText
vc.options = OpenVPN.Cipher.available vc.options = options
vc.selectedOption = configuration.cipher vc.selectedOption = configuration.cipher
vc.descriptionBlock = { $0.description } vc.descriptionBlock = { $0.description }
vc.selectionBlock = { [weak self] in vc.selectionBlock = { [weak self] in

View File

@ -155,9 +155,19 @@ class ConfigurationViewController: NSViewController, ProfileCustomization {
popupDigest.removeAllItems() popupDigest.removeAllItems()
popupCompressionFraming.removeAllItems() popupCompressionFraming.removeAllItems()
popupCompressionAlgorithm.removeAllItems() popupCompressionAlgorithm.removeAllItems()
for cipher in OpenVPN.Cipher.available {
var cipherOptions: [OpenVPN.Cipher] = configuration.dataCiphers ?? []
if !cipherOptions.isEmpty {
if let cipher = configuration.cipher, !cipherOptions.contains(cipher) {
cipherOptions.append(cipher)
}
} else {
cipherOptions.append(contentsOf: OpenVPN.Cipher.available)
}
for cipher in cipherOptions {
popupCipher.addItem(withTitle: cipher.rawValue) popupCipher.addItem(withTitle: cipher.rawValue)
} }
for digest in OpenVPN.Digest.available { for digest in OpenVPN.Digest.available {
popupDigest.addItem(withTitle: digest.rawValue) popupDigest.addItem(withTitle: digest.rawValue)
} }

View File

@ -28,12 +28,12 @@ import TunnelKit
extension OpenVPN.Cipher { extension OpenVPN.Cipher {
public static let available: [OpenVPN.Cipher] = [ public static let available: [OpenVPN.Cipher] = [
.aes128cbc, .aes256gcm,
.aes192cbc,
.aes256cbc,
.aes128gcm,
.aes192gcm, .aes192gcm,
.aes256gcm .aes128gcm,
.aes256cbc,
.aes192cbc,
.aes128cbc
] ]
} }

View File

@ -8,7 +8,7 @@ $tunnelkit_specs = ['Protocols/OpenVPN', 'Extra/LZO']
def shared_pods def shared_pods
#pod_version $tunnelkit_name, $tunnelkit_specs, '~> 3.1.0' #pod_version $tunnelkit_name, $tunnelkit_specs, '~> 3.1.0'
pod_git $tunnelkit_name, $tunnelkit_specs, '2886222' pod_git $tunnelkit_name, $tunnelkit_specs, 'c15d6f5'
#pod_path $tunnelkit_name, $tunnelkit_specs, '..' #pod_path $tunnelkit_name, $tunnelkit_specs, '..'
pod 'SSZipArchive' pod 'SSZipArchive'
pod 'Kvitto', :git => 'https://github.com/keeshux/Kvitto', :branch => 'enable-macos-spec' pod 'Kvitto', :git => 'https://github.com/keeshux/Kvitto', :branch => 'enable-macos-spec'

View File

@ -24,15 +24,15 @@ PODS:
- OpenSSL-Apple (1.1.1h.10) - OpenSSL-Apple (1.1.1h.10)
- SSZipArchive (2.2.3) - SSZipArchive (2.2.3)
- SwiftyBeaver (1.9.3) - SwiftyBeaver (1.9.3)
- TunnelKit/AppExtension (3.2.0): - TunnelKit/AppExtension (3.3.0):
- SwiftyBeaver - SwiftyBeaver
- TunnelKit/Core - TunnelKit/Core
- TunnelKit/Core (3.2.0): - TunnelKit/Core (3.3.0):
- SwiftyBeaver - SwiftyBeaver
- TunnelKit/Extra/LZO (3.2.0) - TunnelKit/Extra/LZO (3.3.0)
- TunnelKit/Manager (3.2.0): - TunnelKit/Manager (3.3.0):
- SwiftyBeaver - SwiftyBeaver
- TunnelKit/Protocols/OpenVPN (3.2.0): - TunnelKit/Protocols/OpenVPN (3.3.0):
- OpenSSL-Apple (~> 1.1.1h.10) - OpenSSL-Apple (~> 1.1.1h.10)
- TunnelKit/AppExtension - TunnelKit/AppExtension
- TunnelKit/Core - TunnelKit/Core
@ -52,8 +52,8 @@ DEPENDENCIES:
- Kvitto (from `https://github.com/keeshux/Kvitto`, branch `enable-macos-spec`) - Kvitto (from `https://github.com/keeshux/Kvitto`, branch `enable-macos-spec`)
- MBProgressHUD - MBProgressHUD
- SSZipArchive - SSZipArchive
- TunnelKit/Extra/LZO (from `https://github.com/passepartoutvpn/tunnelkit`, commit `2886222`) - TunnelKit/Extra/LZO (from `https://github.com/passepartoutvpn/tunnelkit`, commit `c15d6f5`)
- TunnelKit/Protocols/OpenVPN (from `https://github.com/passepartoutvpn/tunnelkit`, commit `2886222`) - TunnelKit/Protocols/OpenVPN (from `https://github.com/passepartoutvpn/tunnelkit`, commit `c15d6f5`)
SPEC REPOS: SPEC REPOS:
https://github.com/cocoapods/specs.git: https://github.com/cocoapods/specs.git:
@ -71,7 +71,7 @@ EXTERNAL SOURCES:
:branch: enable-macos-spec :branch: enable-macos-spec
:git: https://github.com/keeshux/Kvitto :git: https://github.com/keeshux/Kvitto
TunnelKit: TunnelKit:
:commit: '2886222' :commit: c15d6f5
:git: https://github.com/passepartoutvpn/tunnelkit :git: https://github.com/passepartoutvpn/tunnelkit
CHECKOUT OPTIONS: CHECKOUT OPTIONS:
@ -82,7 +82,7 @@ CHECKOUT OPTIONS:
:commit: e263fcd1f40a6a482a0f1e424ba98009c4ad2b96 :commit: e263fcd1f40a6a482a0f1e424ba98009c4ad2b96
:git: https://github.com/keeshux/Kvitto :git: https://github.com/keeshux/Kvitto
TunnelKit: TunnelKit:
:commit: '2886222' :commit: c15d6f5
:git: https://github.com/passepartoutvpn/tunnelkit :git: https://github.com/passepartoutvpn/tunnelkit
SPEC CHECKSUMS: SPEC CHECKSUMS:
@ -93,8 +93,8 @@ SPEC CHECKSUMS:
OpenSSL-Apple: 8a8fcb06fb66f9c2f7aed45ce363668493b8e5f6 OpenSSL-Apple: 8a8fcb06fb66f9c2f7aed45ce363668493b8e5f6
SSZipArchive: 62d4947b08730e4cda640473b0066d209ff033c9 SSZipArchive: 62d4947b08730e4cda640473b0066d209ff033c9
SwiftyBeaver: 2e8acd6fc90c6d0a27055867a290794926d57c02 SwiftyBeaver: 2e8acd6fc90c6d0a27055867a290794926d57c02
TunnelKit: b9ea352cbcce641f98687109c2e7d8cb1fa40e19 TunnelKit: 2a6aadea2d772a2760b153aee27d1c334c9ca6db
PODFILE CHECKSUM: ba0c9bc518c5eaec3a015c524fb62f23396463bd PODFILE CHECKSUM: 9751a898e23369673b1dfb0c7c7fde9834a55d53
COCOAPODS: 1.10.0 COCOAPODS: 1.10.0