Handle server-initiated SOFT_RESET

2018-10-24 10:40:48 +02:00 · 2018-10-24 10:40:48 +02:00 · 0b79ce4194
parent 3f3a712bac
commit 0b79ce4194
1 changed files with 19 additions and 8 deletions
--- a/TunnelKit/Sources/Core/SessionProxy.swift
+++ b/TunnelKit/Sources/Core/SessionProxy.swift
@ -466,6 +466,9 @@ public class SessionProxy {
 //                deferStop(.shutdown, e)
 //                return
            }
+            if (code == .softResetV1) && (negotiationKey.state != .softReset) {
+                softReset(isServerInitiated: true)
+            }

            sendAck(for: controlPacket)

@ -574,8 +577,12 @@ public class SessionProxy {
    }
    
    // Ruby: soft_reset
-    private func softReset() {
-        log.debug("Send soft reset")
+    private func softReset(isServerInitiated: Bool) {
+        if isServerInitiated {
+            log.debug("Handle soft reset")
+        } else {
+            log.debug("Send soft reset")
+        }
        
        resetControlChannel(forNewSession: false)
        negotiationKeyIdx = max(1, (negotiationKeyIdx + 1) % ProtocolMacros.numberOfKeys)
@ -586,7 +593,9 @@ public class SessionProxy {
        negotiationKey.state = .softReset
        negotiationKey.softReset = true
        loopNegotiation()
-        enqueueControlPackets(code: .softResetV1, key: UInt8(negotiationKeyIdx), payload: Data())
+        if !isServerInitiated {
+            enqueueControlPackets(code: .softResetV1, key: UInt8(negotiationKeyIdx), payload: Data())
+        }
    }
    
    // Ruby: on_tls_connect
@ -667,7 +676,7 @@ public class SessionProxy {
        let elapsed = -negotiationKey.startTime.timeIntervalSinceNow
        if (elapsed > renegotiatesAfter) {
            log.debug("Renegotiating after \(elapsed) seconds")
-            softReset()
+            softReset(isServerInitiated: false)
        }
    }
    
@ -683,15 +692,16 @@ public class SessionProxy {

    // Ruby: handle_ctrl_pkt
    private func handleControlPacket(_ packet: ControlPacket) {
-        guard (packet.key == negotiationKey.id) else {
+        guard packet.key == negotiationKey.id else {
            log.error("Bad key in control packet (\(packet.key) != \(negotiationKey.id))")
 //            deferStop(.shutdown, SessionError.badKey)
            return
        }
        
-        if (((packet.code == .hardResetServerV2) && (negotiationKey.state == .hardReset)) ||
-            ((packet.code == .softResetV1) && (negotiationKey.state == .softReset))) {
-            
+        // start new TLS handshake
+        if ((packet.code == .hardResetServerV2) && (negotiationKey.state == .hardReset)) ||
+            ((packet.code == .softResetV1) && (negotiationKey.state == .softReset)) {
+ 
            if negotiationKey.state == .hardReset {
                controlChannel.remoteSessionId = packet.sessionId
            }
@ -738,6 +748,7 @@ public class SessionProxy {
            log.debug("TLS.connect: Pulled ciphertext (\(cipherTextOut.count) bytes)")
            enqueueControlPackets(code: .controlV1, key: negotiationKey.id, payload: cipherTextOut)
        }
+        // exchange TLS ciphertext
        else if ((packet.code == .controlV1) && (negotiationKey.state == .tls)) {
            guard let remoteSessionId = controlChannel.remoteSessionId else {
                log.error("No remote sessionId found in packet (control packets before server HARD_RESET)")