2018-09-10 22:06:38 +00:00
|
|
|
//
|
|
|
|
// StaticKey.swift
|
|
|
|
// TunnelKit
|
|
|
|
//
|
|
|
|
// Created by Davide De Rosa on 9/10/18.
|
2022-02-04 11:42:58 +00:00
|
|
|
// Copyright (c) 2022 Davide De Rosa. All rights reserved.
|
2018-09-10 22:06:38 +00:00
|
|
|
//
|
2019-05-14 08:58:47 +00:00
|
|
|
// https://github.com/passepartoutvpn
|
2018-09-10 22:06:38 +00:00
|
|
|
//
|
|
|
|
// This file is part of TunnelKit.
|
|
|
|
//
|
|
|
|
// TunnelKit is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// TunnelKit is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with TunnelKit. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
//
|
|
|
|
|
|
|
|
import Foundation
|
2021-10-25 14:27:27 +00:00
|
|
|
import TunnelKitCore
|
2021-11-07 20:54:05 +00:00
|
|
|
import CTunnelKitCore
|
2018-09-10 22:06:38 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
extension OpenVPN {
|
2018-09-10 22:06:38 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
/// Represents an OpenVPN static key file (as generated with --genkey)
|
|
|
|
public class StaticKey: Codable {
|
|
|
|
enum CodingKeys: CodingKey {
|
|
|
|
case data
|
|
|
|
|
|
|
|
case dir
|
|
|
|
}
|
2018-09-10 22:06:38 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
/// The key-direction field, usually 0 on servers and 1 on clients.
|
|
|
|
public enum Direction: Int, Codable {
|
2018-09-10 22:06:38 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
/// Conventional server direction (implicit for tls-crypt).
|
|
|
|
case server = 0
|
2018-09-18 14:33:48 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
/// Conventional client direction (implicit for tls-crypt).
|
|
|
|
case client = 1
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
private static let contentLength = 256 // 2048-bit
|
|
|
|
|
|
|
|
private static let keyCount = 4
|
|
|
|
|
|
|
|
private static let keyLength = StaticKey.contentLength / StaticKey.keyCount
|
|
|
|
|
|
|
|
private static let fileHead = "-----BEGIN OpenVPN Static key V1-----"
|
|
|
|
|
|
|
|
private static let fileFoot = "-----END OpenVPN Static key V1-----"
|
|
|
|
|
|
|
|
private static let nonHexCharset = CharacterSet(charactersIn: "0123456789abcdefABCDEF").inverted
|
|
|
|
|
|
|
|
private let secureData: ZeroingData
|
2018-09-18 14:33:48 +00:00
|
|
|
|
2021-11-07 20:54:05 +00:00
|
|
|
public let direction: Direction?
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/// Returns the encryption key.
|
|
|
|
///
|
|
|
|
/// - Precondition: `direction` must be non-nil.
|
|
|
|
/// - Seealso: `ConfigurationBuilder.tlsWrap`
|
|
|
|
public var cipherEncryptKey: ZeroingData {
|
|
|
|
guard let direction = direction else {
|
|
|
|
preconditionFailure()
|
|
|
|
}
|
|
|
|
switch direction {
|
|
|
|
case .server:
|
|
|
|
return key(at: 0)
|
|
|
|
|
|
|
|
case .client:
|
|
|
|
return key(at: 2)
|
|
|
|
}
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/// Returns the decryption key.
|
|
|
|
///
|
|
|
|
/// - Precondition: `direction` must be non-nil.
|
|
|
|
/// - Seealso: `ConfigurationBuilder.tlsWrap`
|
|
|
|
public var cipherDecryptKey: ZeroingData {
|
|
|
|
guard let direction = direction else {
|
|
|
|
preconditionFailure()
|
|
|
|
}
|
|
|
|
switch direction {
|
|
|
|
case .server:
|
|
|
|
return key(at: 2)
|
|
|
|
|
|
|
|
case .client:
|
|
|
|
return key(at: 0)
|
|
|
|
}
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/// Returns the HMAC sending key.
|
|
|
|
///
|
|
|
|
/// - Seealso: `ConfigurationBuilder.tlsWrap`
|
|
|
|
public var hmacSendKey: ZeroingData {
|
|
|
|
guard let direction = direction else {
|
|
|
|
return key(at: 1)
|
|
|
|
}
|
|
|
|
switch direction {
|
|
|
|
case .server:
|
|
|
|
return key(at: 1)
|
|
|
|
|
|
|
|
case .client:
|
|
|
|
return key(at: 3)
|
|
|
|
}
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/// Returns the HMAC receiving key.
|
|
|
|
///
|
|
|
|
/// - Seealso: `ConfigurationBuilder.tlsWrap`
|
|
|
|
public var hmacReceiveKey: ZeroingData {
|
|
|
|
guard let direction = direction else {
|
|
|
|
return key(at: 1)
|
|
|
|
}
|
|
|
|
switch direction {
|
|
|
|
case .server:
|
|
|
|
return key(at: 3)
|
|
|
|
|
|
|
|
case .client:
|
|
|
|
return key(at: 1)
|
|
|
|
}
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
Initializes with data and direction.
|
|
|
|
|
|
|
|
- Parameter data: The key data.
|
|
|
|
- Parameter direction: The key direction, or bidirectional if nil. For tls-crypt behavior, must not be nil.
|
|
|
|
*/
|
|
|
|
public init(data: Data, direction: Direction?) {
|
|
|
|
precondition(data.count == StaticKey.contentLength)
|
|
|
|
secureData = Z(data)
|
|
|
|
self.direction = direction
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
Initializes with file content and direction.
|
|
|
|
|
|
|
|
- Parameter file: The text file containing the key.
|
|
|
|
- Parameter direction: The key direction, or bidirectional if nil.
|
|
|
|
*/
|
|
|
|
public convenience init?(file: String, direction: Direction?) {
|
|
|
|
let lines = file.split(separator: "\n")
|
|
|
|
self.init(lines: lines, direction: direction)
|
2018-09-18 14:33:48 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
public convenience init?(lines: [Substring], direction: Direction?) {
|
|
|
|
var isHead = true
|
|
|
|
var hexLines: [Substring] = []
|
2018-09-11 11:56:17 +00:00
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
for l in lines {
|
|
|
|
if isHead {
|
|
|
|
guard !l.hasPrefix("#") else {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
guard l == StaticKey.fileHead else {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
isHead = false
|
2018-09-11 11:56:17 +00:00
|
|
|
continue
|
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
guard let first = l.first else {
|
2018-09-11 11:56:17 +00:00
|
|
|
return nil
|
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
if first == "-" {
|
|
|
|
guard l == StaticKey.fileFoot else {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
break
|
|
|
|
}
|
|
|
|
hexLines.append(l)
|
2018-09-11 11:56:17 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
let hex = String(hexLines.joined())
|
|
|
|
guard hex.count == 2 * StaticKey.contentLength else {
|
2018-09-11 11:56:17 +00:00
|
|
|
return nil
|
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
if let _ = hex.rangeOfCharacter(from: StaticKey.nonHexCharset) {
|
|
|
|
return nil
|
2018-09-11 11:56:17 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
let data = Data(hex: hex)
|
|
|
|
|
|
|
|
self.init(data: data, direction: direction)
|
2018-09-11 11:56:17 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
Initializes as bidirectional.
|
|
|
|
|
|
|
|
- Parameter biData: The key data.
|
|
|
|
*/
|
|
|
|
public convenience init(biData data: Data) {
|
|
|
|
self.init(data: data, direction: nil)
|
2018-09-11 11:56:17 +00:00
|
|
|
}
|
2019-05-19 12:04:41 +00:00
|
|
|
|
|
|
|
private func key(at: Int) -> ZeroingData {
|
|
|
|
let size = secureData.count / StaticKey.keyCount // 64 bytes each
|
|
|
|
assert(size == StaticKey.keyLength)
|
|
|
|
return secureData.withOffset(at * size, count: size)
|
2018-09-11 11:56:17 +00:00
|
|
|
}
|
|
|
|
|
2019-05-19 12:04:41 +00:00
|
|
|
public static func deserialized(_ data: Data) throws -> StaticKey {
|
|
|
|
return try JSONDecoder().decode(StaticKey.self, from: data)
|
|
|
|
}
|
|
|
|
|
|
|
|
public func serialized() -> Data? {
|
|
|
|
return try? JSONEncoder().encode(self)
|
|
|
|
}
|
|
|
|
|
|
|
|
// MARK: Codable
|
|
|
|
|
|
|
|
public required init(from decoder: Decoder) throws {
|
|
|
|
let container = try decoder.container(keyedBy: CodingKeys.self)
|
|
|
|
secureData = Z(try container.decode(Data.self, forKey: .data))
|
|
|
|
direction = try container.decodeIfPresent(Direction.self, forKey: .dir)
|
|
|
|
}
|
|
|
|
|
|
|
|
public func encode(to encoder: Encoder) throws {
|
|
|
|
var container = encoder.container(keyedBy: CodingKeys.self)
|
|
|
|
try container.encode(secureData.toData(), forKey: .data)
|
|
|
|
try container.encodeIfPresent(direction, forKey: .dir)
|
|
|
|
}
|
2022-03-07 22:50:38 +00:00
|
|
|
|
|
|
|
public var hexString: String {
|
|
|
|
return secureData.toHex()
|
|
|
|
}
|
2018-09-10 22:06:38 +00:00
|
|
|
}
|
|
|
|
}
|