passepartoutvpn
/
passepartout-apple
mirror of https://github.com/passepartoutvpn/passepartout-apple.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5 from keeshux/integrate-tls-wrapping 

Integrate TLS wrapping
This commit is contained in:
Davide De Rosa 2018-10-19 17:50:05 +02:00 committed by GitHub
parent a4b1c13335 66f6936497
commit b38f033a13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 60 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -7,10 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Added
- Support for TLS wrapping (tls-auth and tls-crypt). [#5](https://github.com/keeshux/passepartout-ios/pull/5)
### Fixed ### Fixed
- Credentials are now optional for host profiles. [#4](https://github.com/keeshux/passepartout-ios/pull/4)
- Fixed Mullvad abrupt disconnection. [tunnelkit#30](https://github.com/keeshux/tunnelkit/issues/30) - Fixed Mullvad abrupt disconnection. [tunnelkit#30](https://github.com/keeshux/tunnelkit/issues/30)
- Credentials are now optional for host profiles. [#4](https://github.com/keeshux/passepartout-ios/pull/4)
## 1.0 beta 1018 (2018-10-18) ## 1.0 beta 1018 (2018-10-18)

10
Passepartout-iOS/Scenes/ConfigurationViewController.swift
View File

@ -195,7 +195,17 @@ extension ConfigurationViewController: UITableViewDataSource, UITableViewDelegat
case .tlsWrapping: case .tlsWrapping:
cell.leftText = L10n.Configuration.Cells.TlsWrapping.caption cell.leftText = L10n.Configuration.Cells.TlsWrapping.caption
let V = L10n.Configuration.Cells.TlsWrapping.Value.self let V = L10n.Configuration.Cells.TlsWrapping.Value.self
if let strategy = configuration.tlsWrap?.strategy {
switch strategy {
case .auth:
cell.rightText = V.auth
case .crypt:
cell.rightText = V.crypt
}
} else {
cell.rightText = V.disabled cell.rightText = V.disabled
}
cell.accessoryType = .none cell.accessoryType = .none
cell.isTappable = false cell.isTappable = false

34
Passepartout/Sources/VPN/TunnelKitProvider+FileConfiguration.swift
View File

@ -74,6 +74,10 @@ extension TunnelKitProvider.Configuration {
var clientKey: CryptoContainer? var clientKey: CryptoContainer?
var keepAliveSeconds: Int? var keepAliveSeconds: Int?
var renegotiateAfterSeconds: Int? var renegotiateAfterSeconds: Int?
var keyDirection: StaticKey.Direction?
var tlsStrategy: SessionProxy.TLSWrap.Strategy?
var tlsKeyLines: [Substring]?
var tlsWrap: SessionProxy.TLSWrap?
var currentBlockName: String? var currentBlockName: String?
var currentBlock: [String] = [] var currentBlock: [String] = []
@ -113,8 +117,13 @@ extension TunnelKitProvider.Configuration {
case "key": case "key":
clientKey = CryptoContainer(pem: currentBlock.joined(separator: "\n")) clientKey = CryptoContainer(pem: currentBlock.joined(separator: "\n"))
case "tls-auth", "tls-crypt": case "tls-auth":
unsupportedError = ApplicationError.unsupportedConfiguration(option: blockName) tlsKeyLines = currentBlock.map { Substring($0) }
tlsStrategy = .auth
case "tls-crypt":
tlsKeyLines = currentBlock.map { Substring($0) }
tlsStrategy = .crypt
default: default:
break break
@ -180,6 +189,12 @@ extension TunnelKitProvider.Configuration {
Regex.compress.enumerateComponents(in: line) { _ in Regex.compress.enumerateComponents(in: line) { _ in
compressionFraming = .compress compressionFraming = .compress
} }
Regex.keyDirection.enumerateArguments(in: line) {
guard let arg = $0.first, let value = Int(arg) else {
return
}
keyDirection = StaticKey.Direction(rawValue: value)
}
Regex.ping.enumerateArguments(in: line) { Regex.ping.enumerateArguments(in: line) {
guard let arg = $0.first else { guard let arg = $0.first else {
return return
@ -232,11 +247,26 @@ extension TunnelKitProvider.Configuration {
assert(!endpointProtocols.isEmpty, "Must define an endpoint protocol") assert(!endpointProtocols.isEmpty, "Must define an endpoint protocol")
if let keyLines = tlsKeyLines, let strategy = tlsStrategy {
let optKey: StaticKey?
switch strategy {
case .auth:
optKey = StaticKey(lines: keyLines, direction: keyDirection)
case .crypt:
optKey = StaticKey(lines: keyLines, direction: .client)
}
if let key = optKey {
tlsWrap = SessionProxy.TLSWrap(strategy: strategy, key: key)
}
}
var builder = TunnelKitProvider.ConfigurationBuilder(ca: ca) var builder = TunnelKitProvider.ConfigurationBuilder(ca: ca)
builder.endpointProtocols = endpointProtocols builder.endpointProtocols = endpointProtocols
builder.cipher = cipher ?? .aes128cbc builder.cipher = cipher ?? .aes128cbc
builder.digest = digest ?? .sha1 builder.digest = digest ?? .sha1
builder.compressionFraming = compressionFraming builder.compressionFraming = compressionFraming
builder.tlsWrap = tlsWrap
builder.clientCertificate = clientCertificate builder.clientCertificate = clientCertificate
builder.clientKey = clientKey builder.clientKey = clientKey
builder.keepAliveSeconds = keepAliveSeconds builder.keepAliveSeconds = keepAliveSeconds

2
Podfile
View File

@ -3,7 +3,7 @@ use_frameworks!
def shared_pods def shared_pods
#pod 'TunnelKit', '~> 1.1.2' #pod 'TunnelKit', '~> 1.1.2'
pod 'TunnelKit', :git => 'https://github.com/keeshux/tunnelkit', :commit => 'ca192e4' pod 'TunnelKit', :git => 'https://github.com/keeshux/tunnelkit', :commit => '29ec39f'
#pod 'TunnelKit', :path => '../tunnelkit' #pod 'TunnelKit', :path => '../tunnelkit'
end end

20
Podfile.lock
View File

@ -2,19 +2,19 @@ PODS:
- MBProgressHUD (1.1.0) - MBProgressHUD (1.1.0)
- OpenSSL-Apple (1.1.0i-v2) - OpenSSL-Apple (1.1.0i-v2)
- SwiftyBeaver (1.6.1) - SwiftyBeaver (1.6.1)
- TunnelKit (1.1.2): - TunnelKit (1.2.0):
- TunnelKit/AppExtension (= 1.1.2) - TunnelKit/AppExtension (= 1.2.0)
- TunnelKit/Core (= 1.1.2) - TunnelKit/Core (= 1.2.0)
- TunnelKit/AppExtension (1.1.2): - TunnelKit/AppExtension (1.2.0):
- SwiftyBeaver - SwiftyBeaver
- TunnelKit/Core - TunnelKit/Core
- TunnelKit/Core (1.1.2): - TunnelKit/Core (1.2.0):
- OpenSSL-Apple (~> 1.1.0h) - OpenSSL-Apple (~> 1.1.0h)
- SwiftyBeaver - SwiftyBeaver
DEPENDENCIES: DEPENDENCIES:
- MBProgressHUD - MBProgressHUD
- TunnelKit (from `https://github.com/keeshux/tunnelkit`, commit `ca192e4`) - TunnelKit (from `https://github.com/keeshux/tunnelkit`, commit `29ec39f`)
SPEC REPOS: SPEC REPOS:
https://github.com/cocoapods/specs.git: https://github.com/cocoapods/specs.git:
@ -24,20 +24,20 @@ SPEC REPOS:
EXTERNAL SOURCES: EXTERNAL SOURCES:
TunnelKit: TunnelKit:
:commit: ca192e4 :commit: 29ec39f
:git: https://github.com/keeshux/tunnelkit :git: https://github.com/keeshux/tunnelkit
CHECKOUT OPTIONS: CHECKOUT OPTIONS:
TunnelKit: TunnelKit:
:commit: ca192e4 :commit: 29ec39f
:git: https://github.com/keeshux/tunnelkit :git: https://github.com/keeshux/tunnelkit
SPEC CHECKSUMS: SPEC CHECKSUMS:
MBProgressHUD: e7baa36a220447d8aeb12769bf0585582f3866d9 MBProgressHUD: e7baa36a220447d8aeb12769bf0585582f3866d9
OpenSSL-Apple: a93b8f2eec8783ff40d9a9304de180ab68bb647c OpenSSL-Apple: a93b8f2eec8783ff40d9a9304de180ab68bb647c
SwiftyBeaver: ccfcdf85a04d429f1633f668650b0ce8020bda3a SwiftyBeaver: ccfcdf85a04d429f1633f668650b0ce8020bda3a
TunnelKit: 8167e45290d15e2c7c789d8d4c0d5f084f532335 TunnelKit: aad1982c96ba0eace1494d4020ecdd1a34c5a788
PODFILE CHECKSUM: a720594d8829c15b76e9ea32e2bd98a4854961cf PODFILE CHECKSUM: 3d7c4db47830b499bdcf24c498e36b5c619e2ad1
COCOAPODS: 1.6.0.beta.2 COCOAPODS: 1.6.0.beta.2

5
README.md
View File

@ -67,11 +67,8 @@ In preset mode, you can pick pre-resolved IPv4 endpoints when DNS is problematic
Passepartout can import .ovpn configuration files. This way you can fine-tune encryption without tweaking and reimporting a new configuration. Below are a few limitations worth mentioning. Passepartout can import .ovpn configuration files. This way you can fine-tune encryption without tweaking and reimporting a new configuration. Below are a few limitations worth mentioning.
Unsupported (yet): Unsupported:
- TLS wrapping
- `--tls-auth`
- `--tls-crypt`
- UDP fragmentation, i.e. `--fragment` - UDP fragmentation, i.e. `--fragment`
Unsupported (probably ever): Unsupported (probably ever):