Make compression framing an enum option

- Disabled: no framing (default)
- CompLZO: NO_COMPRESS
- Compress: NO_COMPRESS_SWAP
This commit is contained in:
Davide De Rosa 2018-08-30 11:05:34 +02:00
parent b2d4530f19
commit 209889b9d2
19 changed files with 162 additions and 65 deletions

View File

@ -36,7 +36,7 @@ extension ViewController {
builder.cipher = .aes128cbc
builder.digest = .sha1
builder.mtu = 1350
builder.LZOFraming = true
builder.compressionFraming = .compLZO
builder.renegotiatesAfterSeconds = nil
builder.shouldDebug = true
builder.debugLogKey = "Log"

View File

@ -37,7 +37,7 @@ extension ViewController {
builder.cipher = .aes128cbc
builder.digest = .sha1
builder.mtu = 1350
builder.LZOFraming = true
builder.compressionFraming = .compLZO
builder.renegotiatesAfterSeconds = nil
builder.shouldDebug = true
builder.debugLogKey = "Log"

View File

@ -29,6 +29,7 @@
0E1108B11F77B9F900A92462 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108AF1F77B9F900A92462 /* Main.storyboard */; };
0E1108B31F77B9F900A92462 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108B21F77B9F900A92462 /* Assets.xcassets */; };
0E1108B61F77B9F900A92462 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108B41F77B9F900A92462 /* LaunchScreen.storyboard */; };
0E245D6C2137F73600B012A2 /* CompressionFraming.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E245D6B2137F73600B012A2 /* CompressionFraming.h */; };
0E3E0F212108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
0E3E0F222108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
0E85A25A202CC5AF0059E9F9 /* AppExtensionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E85A259202CC5AE0059E9F9 /* AppExtensionTests.swift */; };
@ -184,6 +185,7 @@
0E1108B51F77B9F900A92462 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = "<group>"; };
0E1108B71F77B9F900A92462 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
0E17D7F91F730D9F009EE129 /* TunnelKit.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = TunnelKit.framework; sourceTree = BUILT_PRODUCTS_DIR; };
0E245D6B2137F73600B012A2 /* CompressionFraming.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CompressionFraming.h; sourceTree = "<group>"; };
0E3251C51F95770D00C108D9 /* TunnelKit.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = TunnelKit.framework; sourceTree = BUILT_PRODUCTS_DIR; };
0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SessionProxy+PushReply.swift"; sourceTree = "<group>"; };
0E6479DD212EAC96008E6888 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
@ -403,6 +405,7 @@
children = (
0EFEB42E2006D3C800F81029 /* Allocation.h */,
0EFEB4462006D3C800F81029 /* Allocation.m */,
0E245D6B2137F73600B012A2 /* CompressionFraming.h */,
0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */,
0E07597C20F0060E00F38FD8 /* CryptoAEAD.h */,
0E07597D20F0060E00F38FD8 /* CryptoAEAD.m */,
@ -505,6 +508,7 @@
0EFEB46B2006D3C800F81029 /* CryptoBox.h in Headers */,
0EFEB4592006D3C800F81029 /* Allocation.h in Headers */,
0EFEB4582006D3C800F81029 /* MSS.h in Headers */,
0E245D6C2137F73600B012A2 /* CompressionFraming.h in Headers */,
0EFEB4602006D3C800F81029 /* DataPath.h in Headers */,
0E07597E20F0060E00F38FD8 /* CryptoAEAD.h in Headers */,
0EFEB46C2006D3C800F81029 /* ZeroingData.h in Headers */,

View File

@ -38,6 +38,7 @@
import Foundation
import NetworkExtension
import SwiftyBeaver
import __TunnelKitNative
private let log = SwiftyBeaver.self
@ -163,9 +164,8 @@ extension TunnelKitProvider {
/// The MTU of the link.
public var mtu: Int
/// Enables LZO framing (deprecated).
// @available(*, deprecated)
public var LZOFraming: Bool
/// Sets compression framing, disabled by default.
public var compressionFraming: CompressionFraming
/// The number of seconds after which a renegotiation is started. Set to `nil` to disable renegotiation (default).
public var renegotiatesAfterSeconds: Int?
@ -197,7 +197,7 @@ extension TunnelKitProvider {
digest = .sha1
ca = nil
mtu = 1500
LZOFraming = false
compressionFraming = .disabled
renegotiatesAfterSeconds = nil
shouldDebug = false
debugLogKey = nil
@ -265,7 +265,11 @@ extension TunnelKitProvider {
self.clientCertificate = clientCertificate
self.clientKey = clientKey
mtu = providerConfiguration[S.mtu] as? Int ?? 1250
LZOFraming = providerConfiguration[S.LZOFraming] as? Bool ?? false
if let compressionFramingValue = providerConfiguration[S.compressionFraming] as? Int, let compressionFraming = CompressionFraming(rawValue: compressionFramingValue) {
self.compressionFraming = compressionFraming
} else {
compressionFraming = .disabled
}
renegotiatesAfterSeconds = providerConfiguration[S.renegotiatesAfter] as? Int
shouldDebug = providerConfiguration[S.debug] as? Bool ?? false
@ -301,7 +305,7 @@ extension TunnelKitProvider {
clientCertificate: clientCertificate,
clientKey: clientKey,
mtu: mtu,
LZOFraming: LZOFraming,
compressionFraming: compressionFraming,
renegotiatesAfterSeconds: renegotiatesAfterSeconds,
shouldDebug: shouldDebug,
debugLogKey: shouldDebug ? debugLogKey : nil,
@ -333,7 +337,7 @@ extension TunnelKitProvider {
static let mtu = "MTU"
static let LZOFraming = "LZOFraming"
static let compressionFraming = "CompressionFraming"
static let renegotiatesAfter = "RenegotiatesAfter"
@ -374,8 +378,8 @@ extension TunnelKitProvider {
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.mtu`
public let mtu: Int
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.LZOFraming`
public let LZOFraming: Bool
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.compressionFraming`
public let compressionFraming: CompressionFraming
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.renegotiatesAfterSeconds`
public let renegotiatesAfterSeconds: Int?
@ -447,9 +451,7 @@ extension TunnelKitProvider {
if let resolvedAddresses = resolvedAddresses {
dict[S.resolvedAddresses] = resolvedAddresses
}
if LZOFraming {
dict[S.LZOFraming] = LZOFraming
}
dict[S.compressionFraming] = compressionFraming.rawValue
if let renegotiatesAfterSeconds = renegotiatesAfterSeconds {
dict[S.renegotiatesAfter] = renegotiatesAfterSeconds
}
@ -509,7 +511,7 @@ extension TunnelKitProvider {
log.info("Client verification: disabled")
}
log.info("MTU: \(mtu)")
log.info("LZO framing: \(LZOFraming ? "enabled" : "disabled")")
log.info("Compression framing: \(compressionFraming)")
if let renegotiatesAfterSeconds = renegotiatesAfterSeconds {
log.info("Renegotiation: \(renegotiatesAfterSeconds) seconds")
} else {
@ -538,7 +540,7 @@ extension TunnelKitProvider.Configuration: Equatable {
builder.clientCertificate = clientCertificate
builder.clientKey = clientKey
builder.mtu = mtu
builder.LZOFraming = LZOFraming
builder.compressionFraming = compressionFraming
builder.renegotiatesAfterSeconds = renegotiatesAfterSeconds
builder.shouldDebug = shouldDebug
builder.debugLogKey = debugLogKey
@ -555,7 +557,7 @@ extension TunnelKitProvider.Configuration: Equatable {
(lhs.clientCertificate == rhs.clientCertificate) &&
(lhs.clientKey == rhs.clientKey) &&
(lhs.mtu == rhs.mtu) &&
(lhs.LZOFraming == rhs.LZOFraming) &&
(lhs.compressionFraming == rhs.compressionFraming) &&
(lhs.renegotiatesAfterSeconds == rhs.renegotiatesAfterSeconds)
)
}

View File

@ -215,7 +215,7 @@ open class TunnelKitProvider: NEPacketTunnelProvider {
sessionConfiguration.caPath = caPath
sessionConfiguration.clientCertificatePath = clientCertificatePath
sessionConfiguration.clientKeyPath = clientKeyPath
sessionConfiguration.LZOFraming = cfg.LZOFraming
sessionConfiguration.compressionFraming = cfg.compressionFraming
if let renegotiatesAfterSeconds = cfg.renegotiatesAfterSeconds {
sessionConfiguration.renegotiatesAfter = Double(renegotiatesAfterSeconds)
}

View File

@ -0,0 +1,35 @@
//
// CompressionFraming.h
// TunnelKit
//
// Created by Davide De Rosa on 8/30/18.
// Copyright (c) 2018 Davide De Rosa. All rights reserved.
//
// https://github.com/keeshux
//
// This file is part of TunnelKit.
//
// TunnelKit is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// TunnelKit is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with TunnelKit. If not, see <http://www.gnu.org/licenses/>.
//
#import <Foundation/Foundation.h>
typedef NS_ENUM(NSInteger, CompressionFraming) {
CompressionFramingDisabled,
CompressionFramingCompress,
CompressionFramingCompLZO __attribute__((deprecated))
};
#define CompressionFramingNoCompress 0xfa
#define CompressionFramingNoCompressSwap 0xfb

View File

@ -52,7 +52,7 @@ NS_ASSUME_NONNULL_BEGIN
@interface DataPathCryptoAEAD : NSObject <DataPathEncrypter, DataPathDecrypter>
@property (nonatomic, assign) uint32_t peerId;
@property (nonatomic, assign) BOOL LZOFraming;// DEPRECATED_ATTRIBUTE;
@property (nonatomic, assign) CompressionFraming compressionFraming;
- (instancetype)initWithCrypto:(nonnull CryptoAEAD *)crypto;

View File

@ -292,12 +292,30 @@ const NSInteger CryptoAEADTagLength = 16;
- (void)assembleDataPacketWithPacketId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length
{
uint8_t *ptr = dest;
if (self.LZOFraming) {
*ptr = DataPacketLZONoCompress;
ptr += sizeof(uint8_t);
}
memcpy(ptr, payload.bytes, payload.length);
*length = (int)(ptr - dest + payload.length);
switch (self.compressionFraming) {
case CompressionFramingDisabled:
memcpy(ptr, payload.bytes, payload.length);
break;
case CompressionFramingCompress:
memcpy(ptr, payload.bytes, payload.length);
ptr[payload.length] = *ptr;
*ptr = CompressionFramingNoCompressSwap;
*length += sizeof(uint8_t);
break;
case CompressionFramingCompLZO:
memcpy(ptr + sizeof(uint8_t), payload.bytes, payload.length);
*ptr = CompressionFramingNoCompress;
*length += sizeof(uint8_t);
break;
default:
break;
}
}
- (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError *__autoreleasing *)error
@ -361,15 +379,26 @@ const NSInteger CryptoAEADTagLength = 16;
return YES;
}
- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length
- (const uint8_t *)parsePayloadWithDataPacket:(uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length
{
const uint8_t *ptr = packet;
if (self.LZOFraming) {
NSAssert(*ptr == DataPacketLZONoCompress, @"Expected LZO NO_COMPRESS");
// *compression = *ptr;
ptr += sizeof(uint8_t); // compression byte
}
uint8_t *ptr = packet;
*length = packetLength - (int)(ptr - packet);
if (self.compressionFraming != CompressionFramingDisabled) {
switch (*ptr) {
case CompressionFramingNoCompress:
ptr += sizeof(uint8_t);
break;
case CompressionFramingNoCompressSwap:
*ptr = packet[packetLength - 1];
break;
default:
NSAssert(NO, @"Compression not supported (found %X)", *ptr);
break;
}
*length -= sizeof(uint8_t);
}
return ptr;
}

View File

@ -51,7 +51,7 @@ NS_ASSUME_NONNULL_BEGIN
@interface DataPathCryptoCBC : NSObject <DataPathEncrypter, DataPathDecrypter>
@property (nonatomic, assign) uint32_t peerId;
@property (nonatomic, assign) BOOL LZOFraming;// DEPRECATED_ATTRIBUTE;
@property (nonatomic, assign) CompressionFraming compressionFraming;
- (instancetype)initWithCrypto:(nonnull CryptoCBC *)crypto;

View File

@ -292,12 +292,29 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
uint8_t *ptr = dest;
*(uint32_t *)ptr = htonl(packetId);
ptr += sizeof(uint32_t);
if (self.LZOFraming) {
*ptr = DataPacketLZONoCompress;
ptr += sizeof(uint8_t);
}
memcpy(ptr, payload.bytes, payload.length);
*length = (int)(ptr - dest + payload.length);
switch (self.compressionFraming) {
case CompressionFramingDisabled:
memcpy(ptr, payload.bytes, payload.length);
break;
case CompressionFramingCompress:
memcpy(ptr, payload.bytes, payload.length);
ptr[payload.length] = *ptr;
*ptr = CompressionFramingNoCompressSwap;
*length += sizeof(uint8_t);
break;
case CompressionFramingCompLZO:
memcpy(ptr + sizeof(uint8_t), payload.bytes, payload.length);
*ptr = CompressionFramingNoCompress;
*length += sizeof(uint8_t);
break;
default:
break;
}
}
- (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError *__autoreleasing *)error
@ -348,16 +365,27 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
return YES;
}
- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length
- (const uint8_t *)parsePayloadWithDataPacket:(uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length
{
const uint8_t *ptr = packet;
uint8_t *ptr = packet;
ptr += sizeof(uint32_t); // packet id
if (self.LZOFraming) {
NSAssert(*ptr == DataPacketLZONoCompress, @"Expected LZO NO_COMPRESS");
// *compression = *ptr;
ptr += sizeof(uint8_t); // compression byte
}
*length = packetLength - (int)(ptr - packet);
if (self.compressionFraming != CompressionFramingDisabled) {
switch (*ptr) {
case CompressionFramingNoCompress:
ptr += sizeof(uint8_t);
break;
case CompressionFramingNoCompressSwap:
*ptr = packet[packetLength - 1];
break;
default:
NSAssert(NO, @"Compression not supported (found %X)", *ptr);
break;
}
*length -= sizeof(uint8_t);
}
return ptr;
}

View File

@ -51,7 +51,7 @@
usesReplayProtection:(BOOL)usesReplayProtection;
- (void)setPeerId:(uint32_t)peerId; // 24-bit, discard most significant byte
- (void)setLZOFraming:(BOOL)LZOFraming;// DEPRECATED_ATTRIBUTE;
- (void)setCompressionFraming:(CompressionFraming)compressionFraming;
- (NSArray<NSData *> *)encryptPackets:(nonnull NSArray<NSData *> *)packets key:(uint8_t)key error:(NSError **)error;
- (NSArray<NSData *> *)decryptPackets:(nonnull NSArray<NSData *> *)packets keepAlive:(nullable bool *)keepAlive error:(NSError **)error;

View File

@ -160,13 +160,13 @@
self.decrypter.peerId = peerId;
}
- (void)setLZOFraming:(BOOL)LZOFraming
- (void)setCompressionFraming:(CompressionFraming)compressionFraming
{
NSAssert(self.encrypter, @"Setting LZOFraming to nil encrypter");
NSAssert(self.decrypter, @"Setting LZOFraming to nil decrypter");
NSAssert(self.encrypter, @"Setting compressionFraming to nil encrypter");
NSAssert(self.decrypter, @"Setting compressionFraming to nil decrypter");
self.encrypter.LZOFraming = LZOFraming;
self.decrypter.LZOFraming = LZOFraming;
self.encrypter.compressionFraming = compressionFraming;
self.decrypter.compressionFraming = compressionFraming;
}
#pragma mark DataPath

View File

@ -41,8 +41,8 @@
- (int)overheadLength;
- (uint32_t)peerId;
- (void)setPeerId:(uint32_t)peerId;
- (BOOL)LZOFraming;// DEPRECATED_ATTRIBUTE;
- (void)setLZOFraming:(BOOL)LZOFraming;// DEPRECATED_ATTRIBUTE;
- (CompressionFraming)compressionFraming;
- (void)setCompressionFraming:(CompressionFraming)compressionFraming;
@end
@ -56,6 +56,6 @@
@protocol DataPathDecrypter <DataPathChannel>
- (BOOL)decryptDataPacket:(nonnull NSData *)packet into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length packetId:(nonnull uint32_t *)packetId error:(NSError **)error;
- (nonnull const uint8_t *)parsePayloadWithDataPacket:(nonnull const uint8_t *)packet packetLength:(NSInteger)packetLength length:(nonnull NSInteger *)length;
- (nonnull const uint8_t *)parsePayloadWithDataPacket:(nonnull uint8_t *)packet packetLength:(NSInteger)packetLength length:(nonnull NSInteger *)length;
@end

View File

@ -51,7 +51,6 @@ typedef NS_ENUM(uint8_t, PacketCode) {
PacketCodeUnknown = 0xff
};
extern const uint8_t DataPacketLZONoCompress;
extern const uint8_t DataPacketPingData[16];
static inline int PacketHeaderSet(uint8_t *_Nonnull to, PacketCode code, uint8_t key)

View File

@ -37,5 +37,4 @@
#import "PacketMacros.h"
const uint8_t DataPacketLZONoCompress = 0xfa;
const uint8_t DataPacketPingData[] = { 0x2a, 0x18, 0x7b, 0xf3, 0x64, 0x1e, 0xb4, 0xcb, 0x07, 0xed, 0x2d, 0x0a, 0x98, 0x1f, 0xc7, 0x48 };

View File

@ -36,6 +36,7 @@
//
import Foundation
import __TunnelKitNative
extension SessionProxy {
@ -87,9 +88,8 @@ extension SessionProxy {
/// The path to the optional CA for TLS negotiation (PEM format).
public var caPath: String?
/// Enables LZO compression framing (deprecated in OpenVPN 2.4).
// @available(*, deprecated)
public var LZOFraming: Bool
/// Sets compression framing, disabled by default.
public var compressionFraming: CompressionFraming
/// The path to the optional client certificate for TLS negotiation (PEM format).
public var clientCertificatePath: String?
@ -112,7 +112,7 @@ extension SessionProxy {
caPath = nil
clientCertificatePath = nil
clientKeyPath = nil
LZOFraming = false
compressionFraming = .disabled
keepAliveInterval = nil
renegotiatesAfter = nil
}
@ -131,7 +131,7 @@ extension SessionProxy {
caPath: caPath,
clientCertificatePath: clientCertificatePath,
clientKeyPath: clientKeyPath,
LZOFraming: LZOFraming,
compressionFraming: compressionFraming,
keepAliveInterval: keepAliveInterval,
renegotiatesAfter: renegotiatesAfter
)
@ -162,8 +162,8 @@ extension SessionProxy {
/// - Seealso: `SessionProxy.ConfigurationBuilder.clientKeyPath`
public let clientKeyPath: String?
/// - Seealso: `SessionProxy.ConfigurationBuilder.LZOFraming`
public let LZOFraming: Bool
/// - Seealso: `SessionProxy.ConfigurationBuilder.compressionFraming`
public let compressionFraming: CompressionFraming
/// - Seealso: `SessionProxy.ConfigurationBuilder.keepAliveInterval`
public let keepAliveInterval: TimeInterval?

View File

@ -109,9 +109,9 @@ extension SessionProxy {
return isTLSConnected
}
func startHandlingPackets(withPeerId peerId: UInt32? = nil, LZOFraming: Bool = false) {
func startHandlingPackets(withPeerId peerId: UInt32? = nil, compressionFraming: CompressionFraming = .disabled) {
dataPath?.setPeerId(peerId ?? PacketPeerIdDisabled)
dataPath?.setLZOFraming(LZOFraming)
dataPath?.setCompressionFraming(compressionFraming)
canHandlePackets = true
}

View File

@ -896,7 +896,7 @@ public class SessionProxy {
authenticator = nil
negotiationKey.startHandlingPackets(
withPeerId: peerId,
LZOFraming: configuration.LZOFraming
compressionFraming: configuration.compressionFraming
)
negotiationKey.controlState = .connected
connectedDate = Date()

View File

@ -43,6 +43,7 @@ module __TunnelKitNative {
header "MSS.h"
header "PacketMacros.h"
header "ReplayProtector.h"
header "CompressionFraming.h"
header "DataPath.h"
header "DataPathEncryption.h"
export *