passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move a few classes inside SessionProxy 

- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey

They only make sense there. Content unchanged.
This commit is contained in:
Davide De Rosa 2018-08-23 15:49:21 +02:00
parent 6d5e9f68a9
commit 2459fe1bfd
13 changed files with 547 additions and 539 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.jazzy.yaml
View File

@ -14,7 +14,6 @@ xcodebuild_arguments:
custom_categories:
- name: Core
children:
- EncryptionProxy
- IOInterface
- LinkInterface
- TunnelInterface

48
TunnelKit.xcodeproj/project.pbxproj
View File

@ -29,8 +29,8 @@
0E1108B11F77B9F900A92462 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108AF1F77B9F900A92462 /* Main.storyboard */; };
0E1108B31F77B9F900A92462 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108B21F77B9F900A92462 /* Assets.xcassets */; };
0E1108B61F77B9F900A92462 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 0E1108B41F77B9F900A92462 /* LaunchScreen.storyboard */; };
0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* PushReply.swift */; };
0E3E0F222108A8CC00B371C1 /* PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* PushReply.swift */; };
0E3E0F212108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
0E3E0F222108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */; };
0E85A25A202CC5AF0059E9F9 /* AppExtensionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E85A259202CC5AE0059E9F9 /* AppExtensionTests.swift */; };
0E9379C91F819A4300CE91B6 /* TunnelKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0E17D7F91F730D9F009EE129 /* TunnelKit.framework */; };
0EA8E2072024D4B200A92DB6 /* PIA-ECC-256k1.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EA8E2042024D4B100A92DB6 /* PIA-ECC-256k1.pem */; };
@ -83,8 +83,8 @@
0EEC49E820B5F7F6008FEB91 /* ReplayProtector.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4392006D3C800F81029 /* ReplayProtector.h */; };
0EEC49E920B5F7F6008FEB91 /* TLSBox.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4442006D3C800F81029 /* TLSBox.h */; };
0EEC49EA20B5F7F6008FEB91 /* ZeroingData.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4412006D3C800F81029 /* ZeroingData.h */; };
0EFEB4552006D3C800F81029 /* EncryptionProxy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42A2006D3C800F81029 /* EncryptionProxy.swift */; };
0EFEB4562006D3C800F81029 /* SessionKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42B2006D3C800F81029 /* SessionKey.swift */; };
0EFEB4552006D3C800F81029 /* SessionProxy+EncryptionBridge.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42A2006D3C800F81029 /* SessionProxy+EncryptionBridge.swift */; };
0EFEB4562006D3C800F81029 /* SessionProxy+SessionKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42B2006D3C800F81029 /* SessionProxy+SessionKey.swift */; };
0EFEB4582006D3C800F81029 /* MSS.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB42D2006D3C800F81029 /* MSS.h */; };
0EFEB4592006D3C800F81029 /* Allocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB42E2006D3C800F81029 /* Allocation.h */; };
0EFEB45A2006D3C800F81029 /* TunnelInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */; };
@ -96,7 +96,7 @@
0EFEB4622006D3C800F81029 /* SecureRandom.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4372006D3C800F81029 /* SecureRandom.swift */; };
0EFEB4632006D3C800F81029 /* ProtocolMacros.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4382006D3C800F81029 /* ProtocolMacros.swift */; };
0EFEB4642006D3C800F81029 /* ReplayProtector.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4392006D3C800F81029 /* ReplayProtector.h */; };
0EFEB4652006D3C800F81029 /* Authenticator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43A2006D3C800F81029 /* Authenticator.swift */; };
0EFEB4652006D3C800F81029 /* SessionProxy+Authenticator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43A2006D3C800F81029 /* SessionProxy+Authenticator.swift */; };
0EFEB4662006D3C800F81029 /* ZeroingData.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43B2006D3C800F81029 /* ZeroingData.swift */; };
0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43C2006D3C800F81029 /* SessionProxy.swift */; };
0EFEB4682006D3C800F81029 /* MSS.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43D2006D3C800F81029 /* MSS.m */; };
@ -121,15 +121,15 @@
0EFEB4872006D7C400F81029 /* TunnelKitProvider+Configuration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB44F2006D3C800F81029 /* TunnelKitProvider+Configuration.swift */; };
0EFEB4882006D7C400F81029 /* TunnelKitProvider+Interaction.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4502006D3C800F81029 /* TunnelKitProvider+Interaction.swift */; };
0EFEB48A2006D7C400F81029 /* TunnelKitProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4522006D3C800F81029 /* TunnelKitProvider.swift */; };
0EFEB48D2006D7F300F81029 /* EncryptionProxy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42A2006D3C800F81029 /* EncryptionProxy.swift */; };
0EFEB48E2006D7F300F81029 /* SessionKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42B2006D3C800F81029 /* SessionKey.swift */; };
0EFEB48D2006D7F300F81029 /* SessionProxy+EncryptionBridge.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42A2006D3C800F81029 /* SessionProxy+EncryptionBridge.swift */; };
0EFEB48E2006D7F300F81029 /* SessionProxy+SessionKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42B2006D3C800F81029 /* SessionProxy+SessionKey.swift */; };
0EFEB4902006D7F300F81029 /* TunnelInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */; };
0EFEB4912006D7F300F81029 /* TLSBox.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4302006D3C800F81029 /* TLSBox.m */; };
0EFEB4922006D7F300F81029 /* ZeroingData.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4312006D3C800F81029 /* ZeroingData.m */; };
0EFEB4932006D7F300F81029 /* CryptoBox.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4322006D3C800F81029 /* CryptoBox.m */; };
0EFEB4952006D7F300F81029 /* SecureRandom.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4372006D3C800F81029 /* SecureRandom.swift */; };
0EFEB4962006D7F300F81029 /* ProtocolMacros.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4382006D3C800F81029 /* ProtocolMacros.swift */; };
0EFEB4972006D7F300F81029 /* Authenticator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43A2006D3C800F81029 /* Authenticator.swift */; };
0EFEB4972006D7F300F81029 /* SessionProxy+Authenticator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43A2006D3C800F81029 /* SessionProxy+Authenticator.swift */; };
0EFEB4982006D7F300F81029 /* ZeroingData.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43B2006D3C800F81029 /* ZeroingData.swift */; };
0EFEB4992006D7F300F81029 /* SessionProxy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43C2006D3C800F81029 /* SessionProxy.swift */; };
0EFEB49A2006D7F300F81029 /* MSS.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB43D2006D3C800F81029 /* MSS.m */; };
@ -197,7 +197,7 @@
0E1108B71F77B9F900A92462 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
0E17D7F91F730D9F009EE129 /* TunnelKit.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = TunnelKit.framework; sourceTree = BUILT_PRODUCTS_DIR; };
0E3251C51F95770D00C108D9 /* TunnelKit.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = TunnelKit.framework; sourceTree = BUILT_PRODUCTS_DIR; };
0E3E0F202108A8CC00B371C1 /* PushReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PushReply.swift; sourceTree = "<group>"; };
0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SessionProxy+PushReply.swift"; sourceTree = "<group>"; };
0E6479DD212EAC96008E6888 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
0E6479E0212EACD6008E6888 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
0E85A259202CC5AE0059E9F9 /* AppExtensionTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppExtensionTests.swift; sourceTree = "<group>"; };
@ -227,8 +227,8 @@
0EE7A79D20F6488400B42E6A /* DataPathEncryption.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DataPathEncryption.h; sourceTree = "<group>"; };
0EE7A7A020F664AB00B42E6A /* DataPathEncryptionTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = DataPathEncryptionTests.swift; sourceTree = "<group>"; };
0EEC49DB20B5E732008FEB91 /* Utils.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Utils.swift; sourceTree = "<group>"; };
0EFEB42A2006D3C800F81029 /* EncryptionProxy.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = EncryptionProxy.swift; sourceTree = "<group>"; };
0EFEB42B2006D3C800F81029 /* SessionKey.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionKey.swift; sourceTree = "<group>"; };
0EFEB42A2006D3C800F81029 /* SessionProxy+EncryptionBridge.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "SessionProxy+EncryptionBridge.swift"; sourceTree = "<group>"; };
0EFEB42B2006D3C800F81029 /* SessionProxy+SessionKey.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "SessionProxy+SessionKey.swift"; sourceTree = "<group>"; };
0EFEB42D2006D3C800F81029 /* MSS.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MSS.h; sourceTree = "<group>"; };
0EFEB42E2006D3C800F81029 /* Allocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Allocation.h; sourceTree = "<group>"; };
0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TunnelInterface.swift; sourceTree = "<group>"; };
@ -240,7 +240,7 @@
0EFEB4372006D3C800F81029 /* SecureRandom.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SecureRandom.swift; sourceTree = "<group>"; };
0EFEB4382006D3C800F81029 /* ProtocolMacros.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ProtocolMacros.swift; sourceTree = "<group>"; };
0EFEB4392006D3C800F81029 /* ReplayProtector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ReplayProtector.h; sourceTree = "<group>"; };
0EFEB43A2006D3C800F81029 /* Authenticator.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Authenticator.swift; sourceTree = "<group>"; };
0EFEB43A2006D3C800F81029 /* SessionProxy+Authenticator.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "SessionProxy+Authenticator.swift"; sourceTree = "<group>"; };
0EFEB43B2006D3C800F81029 /* ZeroingData.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ZeroingData.swift; sourceTree = "<group>"; };
0EFEB43C2006D3C800F81029 /* SessionProxy.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SessionProxy.swift; sourceTree = "<group>"; };
0EFEB43D2006D3C800F81029 /* MSS.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSS.m; sourceTree = "<group>"; };
@ -422,7 +422,6 @@
children = (
0EFEB42E2006D3C800F81029 /* Allocation.h */,
0EFEB4462006D3C800F81029 /* Allocation.m */,
0EFEB43A2006D3C800F81029 /* Authenticator.swift */,
0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */,
0E07597C20F0060E00F38FD8 /* CryptoAEAD.h */,
0E07597D20F0060E00F38FD8 /* CryptoAEAD.m */,
@ -436,7 +435,6 @@
0EFEB44C2006D3C800F81029 /* DataPath.m */,
0EE7A79D20F6488400B42E6A /* DataPathEncryption.h */,
0E07596A20EF79AB00F38FD8 /* Encryption.h */,
0EFEB42A2006D3C800F81029 /* EncryptionProxy.swift */,
0EFEB4362006D3C800F81029 /* Errors.h */,
0EFEB44B2006D3C800F81029 /* Errors.m */,
0EFEB4452006D3C800F81029 /* IOInterface.swift */,
@ -448,14 +446,16 @@
0EE7A79420F61EDC00B42E6A /* PacketMacros.h */,
0EE7A79720F6296F00B42E6A /* PacketMacros.m */,
0EFEB4382006D3C800F81029 /* ProtocolMacros.swift */,
0E3E0F202108A8CC00B371C1 /* PushReply.swift */,
0EFEB4392006D3C800F81029 /* ReplayProtector.h */,
0EFEB4482006D3C800F81029 /* ReplayProtector.m */,
0EFEB4372006D3C800F81029 /* SecureRandom.swift */,
0E0C2123212ED29D008AB282 /* SessionError.swift */,
0EFEB42B2006D3C800F81029 /* SessionKey.swift */,
0EFEB43C2006D3C800F81029 /* SessionProxy.swift */,
0EFEB43A2006D3C800F81029 /* SessionProxy+Authenticator.swift */,
0E0C2124212ED29D008AB282 /* SessionProxy+Configuration.swift */,
0EFEB42A2006D3C800F81029 /* SessionProxy+EncryptionBridge.swift */,
0E3E0F202108A8CC00B371C1 /* SessionProxy+PushReply.swift */,
0EFEB42B2006D3C800F81029 /* SessionProxy+SessionKey.swift */,
0EFEB4442006D3C800F81029 /* TLSBox.h */,
0EFEB4302006D3C800F81029 /* TLSBox.m */,
0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */,
@ -881,10 +881,10 @@
0EBBF2F5208505D700E36B40 /* NETunnelInterface.swift in Sources */,
0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */,
0EBBF2F8208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
0EFEB4652006D3C800F81029 /* Authenticator.swift in Sources */,
0EFEB4652006D3C800F81029 /* SessionProxy+Authenticator.swift in Sources */,
0EE7A79820F6296F00B42E6A /* PacketMacros.m in Sources */,
0EEC49DC20B5E732008FEB91 /* Utils.swift in Sources */,
0EFEB4562006D3C800F81029 /* SessionKey.swift in Sources */,
0EFEB4562006D3C800F81029 /* SessionProxy+SessionKey.swift in Sources */,
0EC1BBA520D71190007C4C7B /* DNSResolver.swift in Sources */,
0EFEB4AB200760EC00F81029 /* MemoryDestination.swift in Sources */,
0EFEB4AE2007625E00F81029 /* Keychain.swift in Sources */,
@ -894,7 +894,7 @@
0EFEB45D2006D3C800F81029 /* CryptoBox.m in Sources */,
0EBBF2FA2085061600E36B40 /* NETCPInterface.swift in Sources */,
0E0C2125212ED29D008AB282 /* SessionError.swift in Sources */,
0EFEB4552006D3C800F81029 /* EncryptionProxy.swift in Sources */,
0EFEB4552006D3C800F81029 /* SessionProxy+EncryptionBridge.swift in Sources */,
0EFEB45C2006D3C800F81029 /* ZeroingData.m in Sources */,
0EFEB4632006D3C800F81029 /* ProtocolMacros.swift in Sources */,
0EFEB4AC200760EC00F81029 /* InterfaceObserver.swift in Sources */,
@ -915,7 +915,7 @@
0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */,
0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */,
0EFEB4782006D3C800F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */,
0E3E0F212108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */,
0EFEB4752006D3C800F81029 /* Errors.m in Sources */,
0EBBF2E52084FE6F00E36B40 /* GenericSocket.swift in Sources */,
0EFEB4762006D3C800F81029 /* DataPath.m in Sources */,
@ -952,7 +952,7 @@
0EFEB4952006D7F300F81029 /* SecureRandom.swift in Sources */,
0EFEB49A2006D7F300F81029 /* MSS.m in Sources */,
0ECE352A212EB88E0040F253 /* Certificate.swift in Sources */,
0EFEB48D2006D7F300F81029 /* EncryptionProxy.swift in Sources */,
0EFEB48D2006D7F300F81029 /* SessionProxy+EncryptionBridge.swift in Sources */,
0EFEB4922006D7F300F81029 /* ZeroingData.m in Sources */,
0E07596020EF6D1400F38FD8 /* CryptoCBC.m in Sources */,
0EC1BBA920D7D803007C4C7B /* ConnectionStrategy.swift in Sources */,
@ -963,15 +963,15 @@
0EFEB4902006D7F300F81029 /* TunnelInterface.swift in Sources */,
0EFEB49E2006D7F300F81029 /* Allocation.m in Sources */,
0EFEB4B02007627700F81029 /* Keychain.swift in Sources */,
0EFEB48E2006D7F300F81029 /* SessionKey.swift in Sources */,
0EFEB48E2006D7F300F81029 /* SessionProxy+SessionKey.swift in Sources */,
0EFEB4AF2007627700F81029 /* InterfaceObserver.swift in Sources */,
0EFEB4A42006D7F300F81029 /* DataPath.m in Sources */,
0EBBF2E62084FE6F00E36B40 /* GenericSocket.swift in Sources */,
0E3E0F222108A8CC00B371C1 /* PushReply.swift in Sources */,
0E3E0F222108A8CC00B371C1 /* SessionProxy+PushReply.swift in Sources */,
0EFEB4912006D7F300F81029 /* TLSBox.m in Sources */,
0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */,
0E0C2128212ED29D008AB282 /* SessionProxy+Configuration.swift in Sources */,
0EFEB4972006D7F300F81029 /* Authenticator.swift in Sources */,
0EFEB4972006D7F300F81029 /* SessionProxy+Authenticator.swift in Sources */,
0EFEB49B2006D7F300F81029 /* Packet.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;

2
TunnelKit/Sources/AppExtension/TunnelKitProvider.swift
View File

@ -134,7 +134,7 @@ open class TunnelKitProvider: NEPacketTunnelProvider {
log.info("Starting tunnel...")
guard EncryptionProxy.prepareRandomNumberGenerator(seedLength: prngSeedLength) else {
guard SessionProxy.EncryptionBridge.prepareRandomNumberGenerator(seedLength: prngSeedLength) else {
completionHandler(ProviderError.prngInitialization)
return
}

150
TunnelKit/Sources/Core/Authenticator.swift
View File

@ -1,150 +0,0 @@
//
// Authenticator.swift
// TunnelKit
//
// Created by Davide De Rosa on 2/9/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import SwiftyBeaver
import __TunnelKitNative
private let log = SwiftyBeaver.self
fileprivate extension ZeroingData {
fileprivate func appendSized(_ buf: ZeroingData) {
append(Z(UInt16(buf.count).bigEndian))
append(buf)
}
}
class Authenticator {
private var controlBuffer: ZeroingData
private(set) var preMaster: ZeroingData
private(set) var random1: ZeroingData
private(set) var random2: ZeroingData
private(set) var serverRandom1: ZeroingData?
private(set) var serverRandom2: ZeroingData?
let username: ZeroingData
let password: ZeroingData
init(_ username: String, _ password: String) throws {
preMaster = try SecureRandom.safeData(length: CoreConfiguration.preMasterLength)
random1 = try SecureRandom.safeData(length: CoreConfiguration.randomLength)
random2 = try SecureRandom.safeData(length: CoreConfiguration.randomLength)
// XXX: not 100% secure, can't erase input username/password
self.username = Z(username, nullTerminated: true)
self.password = Z(password, nullTerminated: true)
controlBuffer = Z()
}
// MARK: Authentication request
// Ruby: on_tls_connect
func putAuth(into: TLSBox) throws {
let raw = Z(ProtocolMacros.tlsPrefix)
// local keys
raw.append(preMaster)
raw.append(random1)
raw.append(random2)
// opts
raw.appendSized(Z(UInt8(0)))
// credentials
raw.appendSized(username)
raw.appendSized(password)
// peer info
raw.appendSized(Z(CoreConfiguration.peerInfo))
if CoreConfiguration.logsSensitiveData {
log.debug("TLS.auth: Put plaintext (\(raw.count) bytes): \(raw.toHex())")
} else {
log.debug("TLS.auth: Put plaintext (\(raw.count) bytes)")
}
try into.putRawPlainText(raw.bytes, length: raw.count)
}
// MARK: Server replies
func appendControlData(_ data: ZeroingData) {
controlBuffer.append(data)
}
func parseAuthReply() throws -> Bool {
let prefixLength = ProtocolMacros.tlsPrefix.count
// TLS prefix + random (x2) + opts length [+ opts]
guard (controlBuffer.count >= prefixLength + 2 * CoreConfiguration.randomLength + 2) else {
return false
}
let prefix = controlBuffer.withOffset(0, count: prefixLength)
guard prefix.isEqual(to: ProtocolMacros.tlsPrefix) else {
throw SessionError.wrongControlDataPrefix
}
var offset = ProtocolMacros.tlsPrefix.count
let serverRandom1 = controlBuffer.withOffset(offset, count: CoreConfiguration.randomLength)
offset += CoreConfiguration.randomLength
let serverRandom2 = controlBuffer.withOffset(offset, count: CoreConfiguration.randomLength)
offset += CoreConfiguration.randomLength
let serverOptsLength = Int(controlBuffer.networkUInt16Value(fromOffset: offset))
offset += 2
guard controlBuffer.count >= offset + serverOptsLength else {
return false
}
let serverOpts = controlBuffer.withOffset(offset, count: serverOptsLength)
offset += serverOptsLength
if CoreConfiguration.logsSensitiveData {
log.debug("TLS.auth: Parsed server random: [\(serverRandom1.toHex()), \(serverRandom2.toHex())]")
} else {
log.debug("TLS.auth: Parsed server random")
}
if let serverOptsString = serverOpts.nullTerminatedString(fromOffset: 0) {
log.debug("TLS.auth: Parsed server opts: \"\(serverOptsString)\"")
}
self.serverRandom1 = serverRandom1
self.serverRandom2 = serverRandom2
controlBuffer.remove(untilOffset: offset)
return true
}
func parseMessages() -> [String] {
var messages = [String]()
var offset = 0
while true {
guard let msg = controlBuffer.nullTerminatedString(fromOffset: offset) else {
break
}
messages.append(msg)
offset += msg.count + 1
}
controlBuffer.remove(untilOffset: offset)
return messages
}
}

150
TunnelKit/Sources/Core/EncryptionProxy.swift
View File

@ -1,150 +0,0 @@
//
// EncryptionProxy.swift
// TunnelKit
//
// Created by Davide De Rosa on 2/8/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import __TunnelKitNative
/// Bridges native encryption for high-level operations.
public class EncryptionProxy {
private static let maxHmacLength = 100
private let box: CryptoBox
/**
Initializes the PRNG. Must be issued before using `SessionProxy`.
- Parameter seedLength: The length in bytes of the pseudorandom seed that will feed the PRNG.
*/
public static func prepareRandomNumberGenerator(seedLength: Int) -> Bool {
let seed: ZeroingData
do {
seed = try SecureRandom.safeData(length: seedLength)
} catch {
return false
}
return CryptoBox.preparePRNG(withSeed: seed.bytes, length: seed.count)
}
// Ruby: keys_prf
private static func keysPRF(
_ label: String,
_ secret: ZeroingData,
_ clientSeed: ZeroingData,
_ serverSeed: ZeroingData,
_ clientSessionId: Data?,
_ serverSessionId: Data?,
_ size: Int) throws -> ZeroingData {
let seed = Z(label)
seed.append(clientSeed)
seed.append(serverSeed)
if let csi = clientSessionId {
seed.append(Z(csi))
}
if let ssi = serverSessionId {
seed.append(Z(ssi))
}
let len = secret.count / 2
let lenx = len + (secret.count & 1)
let secret1 = secret.withOffset(0, count: lenx)
let secret2 = secret.withOffset(len, count: lenx)
let hash1 = try keysHash("md5", secret1, seed, size)
let hash2 = try keysHash("sha1", secret2, seed, size)
let prf = Z()
for i in 0..<hash1.count {
let h1 = hash1.bytes[i]
let h2 = hash2.bytes[i]
prf.append(Z(h1 ^ h2))
}
return prf
}
// Ruby: keys_hash
private static func keysHash(_ digestName: String, _ secret: ZeroingData, _ seed: ZeroingData, _ size: Int) throws -> ZeroingData {
let out = Z()
let buffer = Z(count: EncryptionProxy.maxHmacLength)
var chain = try EncryptionProxy.hmac(buffer, digestName, secret, seed)
while (out.count < size) {
out.append(try EncryptionProxy.hmac(buffer, digestName, secret, chain.appending(seed)))
chain = try EncryptionProxy.hmac(buffer, digestName, secret, chain)
}
return out.withOffset(0, count: size)
}
// Ruby: hmac
private static func hmac(_ buffer: ZeroingData, _ digestName: String, _ secret: ZeroingData, _ data: ZeroingData) throws -> ZeroingData {
var length = 0
try CryptoBox.hmac(
withDigestName: digestName,
secret: secret.bytes,
secretLength: secret.count,
data: data.bytes,
dataLength: data.count,
hmac: buffer.mutableBytes,
hmacLength: &length
)
return buffer.withOffset(0, count: length)
}
convenience init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ auth: Authenticator,
_ sessionId: Data, _ remoteSessionId: Data) throws {
guard let serverRandom1 = auth.serverRandom1, let serverRandom2 = auth.serverRandom2 else {
fatalError("Configuring encryption without server randoms")
}
let masterData = try EncryptionProxy.keysPRF(
CoreConfiguration.label1, auth.preMaster, auth.random1,
serverRandom1, nil, nil,
CoreConfiguration.preMasterLength
)
let keysData = try EncryptionProxy.keysPRF(
CoreConfiguration.label2, masterData, auth.random2,
serverRandom2, sessionId, remoteSessionId,
CoreConfiguration.keysCount * CoreConfiguration.keyLength
)
var keysArray = [ZeroingData]()
for i in 0..<CoreConfiguration.keysCount {
let offset = i * CoreConfiguration.keyLength
let zbuf = keysData.withOffset(offset, count: CoreConfiguration.keyLength)
keysArray.append(zbuf)
}
let cipherEncKey = keysArray[0]
let hmacEncKey = keysArray[1]
let cipherDecKey = keysArray[2]
let hmacDecKey = keysArray[3]
try self.init(cipher, digest, cipherEncKey, cipherDecKey, hmacEncKey, hmacDecKey)
}
init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ cipherEncKey: ZeroingData, _ cipherDecKey: ZeroingData, _ hmacEncKey: ZeroingData, _ hmacDecKey: ZeroingData) throws {
box = CryptoBox(cipherAlgorithm: cipher.rawValue, digestAlgorithm: digest.rawValue)
try box.configure(
withCipherEncKey: cipherEncKey,
cipherDecKey: cipherDecKey,
hmacEncKey: hmacEncKey,
hmacDecKey: hmacDecKey
)
}
func encrypter() -> DataPathEncrypter {
return box.encrypter().dataPathEncrypter()
}
func decrypter() -> DataPathDecrypter {
return box.decrypter().dataPathDecrypter()
}
}

88
TunnelKit/Sources/Core/PushReply.swift
View File

@ -1,88 +0,0 @@
//
// PushReply.swift
// TunnelKit
//
// Created by Davide De Rosa on 25/07/2018.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
struct PushReply {
private static let ifconfigRegexp = try! NSRegularExpression(pattern: "ifconfig [\\d\\.]+ [\\d\\.]+", options: [])
private static let dnsRegexp = try! NSRegularExpression(pattern: "dhcp-option DNS [\\d\\.]+", options: [])
private static let authTokenRegexp = try! NSRegularExpression(pattern: "auth-token [a-zA-Z0-9/=+]+", options: [])
private static let peerIdRegexp = try! NSRegularExpression(pattern: "peer-id [0-9]+", options: [])
let address: String
let gatewayAddress: String
let dnsServers: [String]
let authToken: String?
let peerId: UInt32?
init?(message: String) throws {
guard message.hasPrefix("PUSH_REPLY") else {
return nil
}
var ifconfigComponents: [String]?
var dnsServers = [String]()
var authToken: String?
var peerId: UInt32?
PushReply.ifconfigRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
ifconfigComponents = match.components(separatedBy: " ")
}
guard let addresses = ifconfigComponents, addresses.count >= 2 else {
throw SessionError.malformedPushReply
}
PushReply.dnsRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let dnsEntryComponents = match.components(separatedBy: " ")
dnsServers.append(dnsEntryComponents[2])
}
PushReply.authTokenRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let tokenComponents = match.components(separatedBy: " ")
if (tokenComponents.count > 1) {
authToken = tokenComponents[1]
}
}
PushReply.peerIdRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let tokenComponents = match.components(separatedBy: " ")
if (tokenComponents.count > 1) {
peerId = UInt32(tokenComponents[1])
}
}
address = addresses[1]
gatewayAddress = addresses[2]
self.dnsServers = dnsServers
self.authToken = authToken
self.peerId = peerId
}
}

120
TunnelKit/Sources/Core/SessionKey.swift
View File

@ -1,120 +0,0 @@
//
// SessionKey.swift
// TunnelKit
//
// Created by Davide De Rosa on 4/12/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import __TunnelKitNative
import SwiftyBeaver
private let log = SwiftyBeaver.self
class SessionKey {
enum State {
case invalid, hardReset, softReset, tls
}
enum ControlState {
case preAuth, preIfConfig, connected
}
let id: UInt8 // 3-bit
let startTime: Date
var state = State.invalid
var controlState: ControlState?
var tlsOptional: TLSBox?
var tls: TLSBox {
guard let tls = tlsOptional else {
fatalError("TLSBox accessed when nil")
}
return tls
}
var dataPath: DataPath?
var softReset: Bool
private var isTLSConnected: Bool
private var canHandlePackets: Bool
init(id: UInt8) {
self.id = id
startTime = Date()
state = .invalid
softReset = false
isTLSConnected = false
canHandlePackets = false
}
// Ruby: Key.hard_reset_timeout
func didHardResetTimeOut(link: LinkInterface) -> Bool {
return ((state == .hardReset) && (-startTime.timeIntervalSinceNow > link.hardResetTimeout))
}
// Ruby: Key.negotiate_timeout
func didNegotiationTimeOut(link: LinkInterface) -> Bool {
let timeout = (softReset ? CoreConfiguration.softNegotiationTimeout : link.negotiationTimeout)
return ((controlState != .connected) && (-startTime.timeIntervalSinceNow > timeout))
}
// Ruby: Key.on_tls_connect
func shouldOnTLSConnect() -> Bool {
guard !isTLSConnected else {
return false
}
if tls.isConnected() {
isTLSConnected = true
}
return isTLSConnected
}
func startHandlingPackets(withPeerId peerId: UInt32? = nil) {
dataPath?.setPeerId(peerId ?? PacketPeerIdDisabled)
canHandlePackets = true
}
func encrypt(packets: [Data]) throws -> [Data]? {
guard let dataPath = dataPath else {
log.warning("Data: Set dataPath first")
return nil
}
guard canHandlePackets else {
log.warning("Data: Invoke startHandlingPackets() before encrypting")
return nil
}
return try dataPath.encryptPackets(packets, key: id)
}
func decrypt(packets: [Data]) throws -> [Data]? {
guard let dataPath = dataPath else {
log.warning("Data: Set dataPath first")
return nil
}
guard canHandlePackets else {
log.warning("Data: Invoke startHandlingPackets() before decrypting")
return nil
}
var keepAlive = false
let decrypted = try dataPath.decryptPackets(packets, keepAlive: &keepAlive)
if keepAlive {
log.debug("Data: Received ping, do nothing")
}
return decrypted
}
// func dispose() {
// tlsOptional = nil
// dataPath = nil
// }
}

152
TunnelKit/Sources/Core/SessionProxy+Authenticator.swift Normal file
View File

@ -0,0 +1,152 @@
//
// SessionProxy+Authenticator.swift
// TunnelKit
//
// Created by Davide De Rosa on 2/9/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import SwiftyBeaver
import __TunnelKitNative
private let log = SwiftyBeaver.self
fileprivate extension ZeroingData {
fileprivate func appendSized(_ buf: ZeroingData) {
append(Z(UInt16(buf.count).bigEndian))
append(buf)
}
}
extension SessionProxy {
class Authenticator {
private var controlBuffer: ZeroingData
private(set) var preMaster: ZeroingData
private(set) var random1: ZeroingData
private(set) var random2: ZeroingData
private(set) var serverRandom1: ZeroingData?
private(set) var serverRandom2: ZeroingData?
let username: ZeroingData
let password: ZeroingData
init(_ username: String, _ password: String) throws {
preMaster = try SecureRandom.safeData(length: CoreConfiguration.preMasterLength)
random1 = try SecureRandom.safeData(length: CoreConfiguration.randomLength)
random2 = try SecureRandom.safeData(length: CoreConfiguration.randomLength)
// XXX: not 100% secure, can't erase input username/password
self.username = Z(username, nullTerminated: true)
self.password = Z(password, nullTerminated: true)
controlBuffer = Z()
}
// MARK: Authentication request
// Ruby: on_tls_connect
func putAuth(into: TLSBox) throws {
let raw = Z(ProtocolMacros.tlsPrefix)
// local keys
raw.append(preMaster)
raw.append(random1)
raw.append(random2)
// opts
raw.appendSized(Z(UInt8(0)))
// credentials
raw.appendSized(username)
raw.appendSized(password)
// peer info
raw.appendSized(Z(CoreConfiguration.peerInfo))
if CoreConfiguration.logsSensitiveData {
log.debug("TLS.auth: Put plaintext (\(raw.count) bytes): \(raw.toHex())")
} else {
log.debug("TLS.auth: Put plaintext (\(raw.count) bytes)")
}
try into.putRawPlainText(raw.bytes, length: raw.count)
}
// MARK: Server replies
func appendControlData(_ data: ZeroingData) {
controlBuffer.append(data)
}
func parseAuthReply() throws -> Bool {
let prefixLength = ProtocolMacros.tlsPrefix.count
// TLS prefix + random (x2) + opts length [+ opts]
guard (controlBuffer.count >= prefixLength + 2 * CoreConfiguration.randomLength + 2) else {
return false
}
let prefix = controlBuffer.withOffset(0, count: prefixLength)
guard prefix.isEqual(to: ProtocolMacros.tlsPrefix) else {
throw SessionError.wrongControlDataPrefix
}
var offset = ProtocolMacros.tlsPrefix.count
let serverRandom1 = controlBuffer.withOffset(offset, count: CoreConfiguration.randomLength)
offset += CoreConfiguration.randomLength
let serverRandom2 = controlBuffer.withOffset(offset, count: CoreConfiguration.randomLength)
offset += CoreConfiguration.randomLength
let serverOptsLength = Int(controlBuffer.networkUInt16Value(fromOffset: offset))
offset += 2
guard controlBuffer.count >= offset + serverOptsLength else {
return false
}
let serverOpts = controlBuffer.withOffset(offset, count: serverOptsLength)
offset += serverOptsLength
if CoreConfiguration.logsSensitiveData {
log.debug("TLS.auth: Parsed server random: [\(serverRandom1.toHex()), \(serverRandom2.toHex())]")
} else {
log.debug("TLS.auth: Parsed server random")
}
if let serverOptsString = serverOpts.nullTerminatedString(fromOffset: 0) {
log.debug("TLS.auth: Parsed server opts: \"\(serverOptsString)\"")
}
self.serverRandom1 = serverRandom1
self.serverRandom2 = serverRandom2
controlBuffer.remove(untilOffset: offset)
return true
}
func parseMessages() -> [String] {
var messages = [String]()
var offset = 0
while true {
guard let msg = controlBuffer.nullTerminatedString(fromOffset: offset) else {
break
}
messages.append(msg)
offset += msg.count + 1
}
controlBuffer.remove(untilOffset: offset)
return messages
}
}
}

153
TunnelKit/Sources/Core/SessionProxy+EncryptionBridge.swift Normal file
View File

@ -0,0 +1,153 @@
//
// SessionProxy+EncryptionBridge.swift
// TunnelKit
//
// Created by Davide De Rosa on 2/8/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import __TunnelKitNative
extension SessionProxy {
/// Bridges native encryption for high-level operations.
public class EncryptionBridge {
private static let maxHmacLength = 100
private let box: CryptoBox
/**
Initializes the PRNG. Must be issued before using `SessionProxy`.
- Parameter seedLength: The length in bytes of the pseudorandom seed that will feed the PRNG.
*/
public static func prepareRandomNumberGenerator(seedLength: Int) -> Bool {
let seed: ZeroingData
do {
seed = try SecureRandom.safeData(length: seedLength)
} catch {
return false
}
return CryptoBox.preparePRNG(withSeed: seed.bytes, length: seed.count)
}
// Ruby: keys_prf
private static func keysPRF(
_ label: String,
_ secret: ZeroingData,
_ clientSeed: ZeroingData,
_ serverSeed: ZeroingData,
_ clientSessionId: Data?,
_ serverSessionId: Data?,
_ size: Int) throws -> ZeroingData {
let seed = Z(label)
seed.append(clientSeed)
seed.append(serverSeed)
if let csi = clientSessionId {
seed.append(Z(csi))
}
if let ssi = serverSessionId {
seed.append(Z(ssi))
}
let len = secret.count / 2
let lenx = len + (secret.count & 1)
let secret1 = secret.withOffset(0, count: lenx)
let secret2 = secret.withOffset(len, count: lenx)
let hash1 = try keysHash("md5", secret1, seed, size)
let hash2 = try keysHash("sha1", secret2, seed, size)
let prf = Z()
for i in 0..<hash1.count {
let h1 = hash1.bytes[i]
let h2 = hash2.bytes[i]
prf.append(Z(h1 ^ h2))
}
return prf
}
// Ruby: keys_hash
private static func keysHash(_ digestName: String, _ secret: ZeroingData, _ seed: ZeroingData, _ size: Int) throws -> ZeroingData {
let out = Z()
let buffer = Z(count: EncryptionBridge.maxHmacLength)
var chain = try EncryptionBridge.hmac(buffer, digestName, secret, seed)
while (out.count < size) {
out.append(try EncryptionBridge.hmac(buffer, digestName, secret, chain.appending(seed)))
chain = try EncryptionBridge.hmac(buffer, digestName, secret, chain)
}
return out.withOffset(0, count: size)
}
// Ruby: hmac
private static func hmac(_ buffer: ZeroingData, _ digestName: String, _ secret: ZeroingData, _ data: ZeroingData) throws -> ZeroingData {
var length = 0
try CryptoBox.hmac(
withDigestName: digestName,
secret: secret.bytes,
secretLength: secret.count,
data: data.bytes,
dataLength: data.count,
hmac: buffer.mutableBytes,
hmacLength: &length
)
return buffer.withOffset(0, count: length)
}
convenience init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ auth: SessionProxy.Authenticator,
_ sessionId: Data, _ remoteSessionId: Data) throws {
guard let serverRandom1 = auth.serverRandom1, let serverRandom2 = auth.serverRandom2 else {
fatalError("Configuring encryption without server randoms")
}
let masterData = try EncryptionBridge.keysPRF(
CoreConfiguration.label1, auth.preMaster, auth.random1,
serverRandom1, nil, nil,
CoreConfiguration.preMasterLength
)
let keysData = try EncryptionBridge.keysPRF(
CoreConfiguration.label2, masterData, auth.random2,
serverRandom2, sessionId, remoteSessionId,
CoreConfiguration.keysCount * CoreConfiguration.keyLength
)
var keysArray = [ZeroingData]()
for i in 0..<CoreConfiguration.keysCount {
let offset = i * CoreConfiguration.keyLength
let zbuf = keysData.withOffset(offset, count: CoreConfiguration.keyLength)
keysArray.append(zbuf)
}
let cipherEncKey = keysArray[0]
let hmacEncKey = keysArray[1]
let cipherDecKey = keysArray[2]
let hmacDecKey = keysArray[3]
try self.init(cipher, digest, cipherEncKey, cipherDecKey, hmacEncKey, hmacDecKey)
}
init(_ cipher: SessionProxy.Cipher, _ digest: SessionProxy.Digest, _ cipherEncKey: ZeroingData, _ cipherDecKey: ZeroingData, _ hmacEncKey: ZeroingData, _ hmacDecKey: ZeroingData) throws {
box = CryptoBox(cipherAlgorithm: cipher.rawValue, digestAlgorithm: digest.rawValue)
try box.configure(
withCipherEncKey: cipherEncKey,
cipherDecKey: cipherDecKey,
hmacEncKey: hmacEncKey,
hmacDecKey: hmacDecKey
)
}
func encrypter() -> DataPathEncrypter {
return box.encrypter().dataPathEncrypter()
}
func decrypter() -> DataPathDecrypter {
return box.decrypter().dataPathDecrypter()
}
}
}

90
TunnelKit/Sources/Core/SessionProxy+PushReply.swift Normal file
View File

@ -0,0 +1,90 @@
//
// SessionProxy+PushReply.swift
// TunnelKit
//
// Created by Davide De Rosa on 25/07/2018.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
extension SessionProxy {
struct PushReply {
private static let ifconfigRegexp = try! NSRegularExpression(pattern: "ifconfig [\\d\\.]+ [\\d\\.]+", options: [])
private static let dnsRegexp = try! NSRegularExpression(pattern: "dhcp-option DNS [\\d\\.]+", options: [])
private static let authTokenRegexp = try! NSRegularExpression(pattern: "auth-token [a-zA-Z0-9/=+]+", options: [])
private static let peerIdRegexp = try! NSRegularExpression(pattern: "peer-id [0-9]+", options: [])
let address: String
let gatewayAddress: String
let dnsServers: [String]
let authToken: String?
let peerId: UInt32?
init?(message: String) throws {
guard message.hasPrefix("PUSH_REPLY") else {
return nil
}
var ifconfigComponents: [String]?
var dnsServers = [String]()
var authToken: String?
var peerId: UInt32?
PushReply.ifconfigRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
ifconfigComponents = match.components(separatedBy: " ")
}
guard let addresses = ifconfigComponents, addresses.count >= 2 else {
throw SessionError.malformedPushReply
}
PushReply.dnsRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let dnsEntryComponents = match.components(separatedBy: " ")
dnsServers.append(dnsEntryComponents[2])
}
PushReply.authTokenRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let tokenComponents = match.components(separatedBy: " ")
if (tokenComponents.count > 1) {
authToken = tokenComponents[1]
}
}
PushReply.peerIdRegexp.enumerateMatches(in: message, options: [], range: NSMakeRange(0, message.count)) { (result, flags, _) in
guard let range = result?.range else { return }
let match = (message as NSString).substring(with: range)
let tokenComponents = match.components(separatedBy: " ")
if (tokenComponents.count > 1) {
peerId = UInt32(tokenComponents[1])
}
}
address = addresses[1]
gatewayAddress = addresses[2]
self.dnsServers = dnsServers
self.authToken = authToken
self.peerId = peerId
}
}
}

122
TunnelKit/Sources/Core/SessionProxy+SessionKey.swift Normal file
View File

@ -0,0 +1,122 @@
//
// SessionProxy+SessionKey.swift
// TunnelKit
//
// Created by Davide De Rosa on 4/12/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
import __TunnelKitNative
import SwiftyBeaver
private let log = SwiftyBeaver.self
extension SessionProxy {
class SessionKey {
enum State {
case invalid, hardReset, softReset, tls
}
enum ControlState {
case preAuth, preIfConfig, connected
}
let id: UInt8 // 3-bit
let startTime: Date
var state = State.invalid
var controlState: ControlState?
var tlsOptional: TLSBox?
var tls: TLSBox {
guard let tls = tlsOptional else {
fatalError("TLSBox accessed when nil")
}
return tls
}
var dataPath: DataPath?
var softReset: Bool
private var isTLSConnected: Bool
private var canHandlePackets: Bool
init(id: UInt8) {
self.id = id
startTime = Date()
state = .invalid
softReset = false
isTLSConnected = false
canHandlePackets = false
}
// Ruby: Key.hard_reset_timeout
func didHardResetTimeOut(link: LinkInterface) -> Bool {
return ((state == .hardReset) && (-startTime.timeIntervalSinceNow > link.hardResetTimeout))
}
// Ruby: Key.negotiate_timeout
func didNegotiationTimeOut(link: LinkInterface) -> Bool {
let timeout = (softReset ? CoreConfiguration.softNegotiationTimeout : link.negotiationTimeout)
return ((controlState != .connected) && (-startTime.timeIntervalSinceNow > timeout))
}
// Ruby: Key.on_tls_connect
func shouldOnTLSConnect() -> Bool {
guard !isTLSConnected else {
return false
}
if tls.isConnected() {
isTLSConnected = true
}
return isTLSConnected
}
func startHandlingPackets(withPeerId peerId: UInt32? = nil) {
dataPath?.setPeerId(peerId ?? PacketPeerIdDisabled)
canHandlePackets = true
}
func encrypt(packets: [Data]) throws -> [Data]? {
guard let dataPath = dataPath else {
log.warning("Data: Set dataPath first")
return nil
}
guard canHandlePackets else {
log.warning("Data: Invoke startHandlingPackets() before encrypting")
return nil
}
return try dataPath.encryptPackets(packets, key: id)
}
func decrypt(packets: [Data]) throws -> [Data]? {
guard let dataPath = dataPath else {
log.warning("Data: Set dataPath first")
return nil
}
guard canHandlePackets else {
log.warning("Data: Invoke startHandlingPackets() before decrypting")
return nil
}
var keepAlive = false
let decrypted = try dataPath.decryptPackets(packets, keepAlive: &keepAlive)
if keepAlive {
log.debug("Data: Received ping, do nothing")
}
return decrypted
}
// func dispose() {
// tlsOptional = nil
// dataPath = nil
// }
}
}

8
TunnelKit/Sources/Core/SessionProxy.swift
View File

@ -1008,9 +1008,9 @@ public class SessionProxy {
log.debug("Setup keys")
}
let proxy: EncryptionProxy
let bridge: EncryptionBridge
do {
proxy = try EncryptionProxy(
bridge = try EncryptionBridge(
configuration.cipher,
configuration.digest,
auth,
@ -1023,8 +1023,8 @@ public class SessionProxy {
}
negotiationKey.dataPath = DataPath(
encrypter: proxy.encrypter(),
decrypter: proxy.decrypter(),
encrypter: bridge.encrypter(),
decrypter: bridge.decrypter(),
maxPackets: link?.packetBufferSize ?? 200,
usesReplayProtection: CoreConfiguration.usesReplayProtection
)

2
TunnelKitTests/DataPathPerformanceTests.swift
View File

@ -21,7 +21,7 @@ class DataPathPerformanceTests: XCTestCase {
let ck = try! SecureRandom.safeData(length: 32)
let hk = try! SecureRandom.safeData(length: 32)
let crypto = try! EncryptionProxy(.aes128cbc, .sha1, ck, ck, hk, hk)
let crypto = try! SessionProxy.EncryptionBridge(.aes128cbc, .sha1, ck, ck, hk, hk)
encrypter = crypto.encrypter()
decrypter = crypto.decrypter()