Support OpenVPN 2.5 --data-ciphers

When present, pick cipher among available data ciphers from configuration, rather than all recognized ciphers. Reorder available ciphers by decreasing "security".
2021-01-10 10:16:06 +01:00 · 2021-01-10 10:16:06 +01:00 · 81bc2a7ebd
parent 0f44e9dc71
commit 81bc2a7ebd
6 changed files with 42 additions and 19 deletions
--- a/Passepartout/App/iOS/CHANGELOG.md
+++ b/Passepartout/App/iOS/CHANGELOG.md
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## Unreleased

+### Added
+
+- Support `--data-ciphers` from OpenVPN 2.5 [tunnelkit#193](https://github.com/passepartoutvpn/tunnelkit/issues/193)
+
 ### Changed

 - Drop hosts restriction in free version ("Unlimited hosts").
--- a/Passepartout/App/iOS/Scenes/ConfigurationViewController.swift
+++ b/Passepartout/App/iOS/Scenes/ConfigurationViewController.swift
@ -352,10 +352,19 @@ extension ConfigurationViewController: UITableViewDataSource, UITableViewDelegat
        
        switch model.row(at: indexPath) {
        case .cipher:
+            var options: [OpenVPN.Cipher] = configuration.dataCiphers ?? []
+            if !options.isEmpty {
+                if let cipher = configuration.cipher, !options.contains(cipher) {
+                    options.append(cipher)
+                }
+            } else {
+                options.append(contentsOf: OpenVPN.Cipher.available)
+            }
+            
            let vc = SingleOptionViewController<OpenVPN.Cipher>()
            vc.applyTint(.current)
            vc.title = settingCell?.leftText
-            vc.options = OpenVPN.Cipher.available
+            vc.options = options
            vc.selectedOption = configuration.cipher
            vc.descriptionBlock = { $0.description }
            vc.selectionBlock = { [weak self] in
--- a/Passepartout/App/macOS/Scenes/Service/Customization/ConfigurationViewController.swift
+++ b/Passepartout/App/macOS/Scenes/Service/Customization/ConfigurationViewController.swift
@ -155,9 +155,19 @@ class ConfigurationViewController: NSViewController, ProfileCustomization {
        popupDigest.removeAllItems()
        popupCompressionFraming.removeAllItems()
        popupCompressionAlgorithm.removeAllItems()
-        for cipher in OpenVPN.Cipher.available {
+
+        var cipherOptions: [OpenVPN.Cipher] = configuration.dataCiphers ?? []
+        if !cipherOptions.isEmpty {
+            if let cipher = configuration.cipher, !cipherOptions.contains(cipher) {
+                cipherOptions.append(cipher)
+            }
+        } else {
+            cipherOptions.append(contentsOf: OpenVPN.Cipher.available)
+        }
+        for cipher in cipherOptions {
            popupCipher.addItem(withTitle: cipher.rawValue)
        }
+
        for digest in OpenVPN.Digest.available {
            popupDigest.addItem(withTitle: digest.rawValue)
        }
--- a/Passepartout/Core/Sources/Model/OpenVPNOptions.swift
+++ b/Passepartout/Core/Sources/Model/OpenVPNOptions.swift
@ -28,12 +28,12 @@ import TunnelKit

 extension OpenVPN.Cipher {
    public static let available: [OpenVPN.Cipher] = [
-        .aes128cbc,
-        .aes192cbc,
-        .aes256cbc,
-        .aes128gcm,
+        .aes256gcm,
        .aes192gcm,
-        .aes256gcm
+        .aes128gcm,
+        .aes256cbc,
+        .aes192cbc,
+        .aes128cbc
    ]
 }

--- a/2
+++ b/2
@ -8,7 +8,7 @@ $tunnelkit_specs = ['Protocols/OpenVPN', 'Extra/LZO']

 def shared_pods
    #pod_version $tunnelkit_name, $tunnelkit_specs, '~> 3.1.0'
-    pod_git $tunnelkit_name, $tunnelkit_specs, '2886222'
+    pod_git $tunnelkit_name, $tunnelkit_specs, 'c15d6f5'
    #pod_path $tunnelkit_name, $tunnelkit_specs, '..'
    pod 'SSZipArchive'
    pod 'Kvitto', :git => 'https://github.com/keeshux/Kvitto', :branch => 'enable-macos-spec'
--- a/Podfile.lock
+++ b/Podfile.lock
@ -24,15 +24,15 @@ PODS:
  - OpenSSL-Apple (1.1.1h.10)
  - SSZipArchive (2.2.3)
  - SwiftyBeaver (1.9.3)
-  - TunnelKit/AppExtension (3.2.0):
+  - TunnelKit/AppExtension (3.3.0):
    - SwiftyBeaver
    - TunnelKit/Core
-  - TunnelKit/Core (3.2.0):
+  - TunnelKit/Core (3.3.0):
    - SwiftyBeaver
-  - TunnelKit/Extra/LZO (3.2.0)
-  - TunnelKit/Manager (3.2.0):
+  - TunnelKit/Extra/LZO (3.3.0)
+  - TunnelKit/Manager (3.3.0):
    - SwiftyBeaver
-  - TunnelKit/Protocols/OpenVPN (3.2.0):
+  - TunnelKit/Protocols/OpenVPN (3.3.0):
    - OpenSSL-Apple (~> 1.1.1h.10)
    - TunnelKit/AppExtension
    - TunnelKit/Core
@ -52,8 +52,8 @@ DEPENDENCIES:
  - Kvitto (from `https://github.com/keeshux/Kvitto`, branch `enable-macos-spec`)
  - MBProgressHUD
  - SSZipArchive
-  - TunnelKit/Extra/LZO (from `https://github.com/passepartoutvpn/tunnelkit`, commit `2886222`)
-  - TunnelKit/Protocols/OpenVPN (from `https://github.com/passepartoutvpn/tunnelkit`, commit `2886222`)
+  - TunnelKit/Extra/LZO (from `https://github.com/passepartoutvpn/tunnelkit`, commit `c15d6f5`)
+  - TunnelKit/Protocols/OpenVPN (from `https://github.com/passepartoutvpn/tunnelkit`, commit `c15d6f5`)

 SPEC REPOS:
  https://github.com/cocoapods/specs.git:
@ -71,7 +71,7 @@ EXTERNAL SOURCES:
    :branch: enable-macos-spec
    :git: https://github.com/keeshux/Kvitto
  TunnelKit:
-    :commit: '2886222'
+    :commit: c15d6f5
    :git: https://github.com/passepartoutvpn/tunnelkit

 CHECKOUT OPTIONS:
@ -82,7 +82,7 @@ CHECKOUT OPTIONS:
    :commit: e263fcd1f40a6a482a0f1e424ba98009c4ad2b96
    :git: https://github.com/keeshux/Kvitto
  TunnelKit:
-    :commit: '2886222'
+    :commit: c15d6f5
    :git: https://github.com/passepartoutvpn/tunnelkit

 SPEC CHECKSUMS:
@ -93,8 +93,8 @@ SPEC CHECKSUMS:
  OpenSSL-Apple: 8a8fcb06fb66f9c2f7aed45ce363668493b8e5f6
  SSZipArchive: 62d4947b08730e4cda640473b0066d209ff033c9
  SwiftyBeaver: 2e8acd6fc90c6d0a27055867a290794926d57c02
-  TunnelKit: b9ea352cbcce641f98687109c2e7d8cb1fa40e19
+  TunnelKit: 2a6aadea2d772a2760b153aee27d1c334c9ca6db

-PODFILE CHECKSUM: ba0c9bc518c5eaec3a015c524fb62f23396463bd
+PODFILE CHECKSUM: 9751a898e23369673b1dfb0c7c7fde9834a55d53

 COCOAPODS: 1.10.0