passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve naming in crypto classes 

- Consistency in encryption/decryption flow
- Consistency in packet/payload
- DataPathChannel method names
This commit is contained in:
Davide De Rosa 2018-08-30 15:59:07 +02:00
parent 5166ac3813
commit 3dabc254bc
4 changed files with 74 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
TunnelKit/Sources/Core/CryptoAEAD.m
View File

@ -290,25 +290,25 @@ const NSInteger CryptoAEADTagLength = 16;
#pragma mark DataPathEncrypter #pragma mark DataPathEncrypter
- (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length - (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)packetBytes length:(NSInteger *)packetLength
{ {
*length = payload.length; *packetLength = payload.length;
if (!block) { if (!block) {
memcpy(dest, payload.bytes, payload.length); memcpy(packetBytes, payload.bytes, payload.length);
return; return;
} }
NSInteger packetLengthOffset; NSInteger packetLengthOffset;
block(dest, &packetLengthOffset, payload); block(packetBytes, &packetLengthOffset, payload);
*length += packetLengthOffset; *packetLength += packetLengthOffset;
} }
- (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError *__autoreleasing *)error - (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId packetBytes:(const uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError *__autoreleasing *)error
{ {
const int capacity = self.headerLength + PacketIdLength + (int)safe_crypto_capacity(payloadLength, self.crypto.overheadLength); const int capacity = self.headerLength + PacketIdLength + (int)safe_crypto_capacity(packetLength, self.crypto.overheadLength);
NSMutableData *encryptedPacket = [[NSMutableData alloc] initWithLength:capacity]; NSMutableData *encryptedPacket = [[NSMutableData alloc] initWithLength:capacity];
uint8_t *ptr = encryptedPacket.mutableBytes; uint8_t *ptr = encryptedPacket.mutableBytes;
NSInteger encryptedPayloadLength = INT_MAX; NSInteger encryptedPacketLength = INT_MAX;
self.setDataHeader(ptr, key); self.setDataHeader(ptr, key);
*(uint32_t *)(ptr + self.headerLength) = htonl(packetId); *(uint32_t *)(ptr + self.headerLength) = htonl(packetId);
@ -318,26 +318,26 @@ const NSInteger CryptoAEADTagLength = 16;
extra += self.headerLength; // AD = packet id only extra += self.headerLength; // AD = packet id only
} }
const BOOL success = [self.crypto encryptBytes:payload const BOOL success = [self.crypto encryptBytes:packetBytes
length:payloadLength length:packetLength
dest:(ptr + self.headerLength + PacketIdLength) // skip header and packet id dest:(ptr + self.headerLength + PacketIdLength) // skip header and packet id
destLength:&encryptedPayloadLength destLength:&encryptedPacketLength
extra:extra extra:extra
error:error]; error:error];
NSAssert(encryptedPayloadLength <= capacity, @"Did not allocate enough bytes for payload"); NSAssert(encryptedPacketLength <= capacity, @"Did not allocate enough bytes for payload");
if (!success) { if (!success) {
return nil; return nil;
} }
encryptedPacket.length = self.headerLength + PacketIdLength + encryptedPayloadLength; encryptedPacket.length = self.headerLength + PacketIdLength + encryptedPacketLength;
return encryptedPacket; return encryptedPacket;
} }
#pragma mark DataPathDecrypter #pragma mark DataPathDecrypter
- (BOOL)decryptDataPacket:(NSData *)packet into:(uint8_t *)dest length:(NSInteger *)length packetId:(uint32_t *)packetId error:(NSError *__autoreleasing *)error - (BOOL)decryptDataPacket:(NSData *)packet into:(uint8_t *)packetBytes length:(NSInteger *)packetLength packetId:(uint32_t *)packetId error:(NSError *__autoreleasing *)error
{ {
const uint8_t *extra = packet.bytes; // AD = header + peer id + packet id const uint8_t *extra = packet.bytes; // AD = header + peer id + packet id
if (!self.checkPeerId) { if (!self.checkPeerId) {
@ -347,8 +347,8 @@ const NSInteger CryptoAEADTagLength = 16;
// skip header + packet id // skip header + packet id
const BOOL success = [self.crypto decryptBytes:(packet.bytes + self.headerLength + PacketIdLength) const BOOL success = [self.crypto decryptBytes:(packet.bytes + self.headerLength + PacketIdLength)
length:(int)(packet.length - (self.headerLength + PacketIdLength)) length:(int)(packet.length - (self.headerLength + PacketIdLength))
dest:dest dest:packetBytes
destLength:length destLength:packetLength
extra:extra extra:extra
error:error]; error:error];
if (!success) { if (!success) {
@ -364,17 +364,17 @@ const NSInteger CryptoAEADTagLength = 16;
return YES; return YES;
} }
- (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block dataPacket:(uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length - (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block length:(NSInteger *)length packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength
{ {
uint8_t *payload = packet; uint8_t *payload = packetBytes;
*length = packetLength - (int)(payload - packet); *length = packetLength - (int)(payload - packetBytes);
if (!block) { if (!block) {
return payload; return payload;
} }
NSInteger payloadOffset; NSInteger payloadOffset;
NSInteger payloadHeaderLength; NSInteger payloadHeaderLength;
block(payload, &payloadOffset, &payloadHeaderLength, packet, packetLength); block(payload, &payloadOffset, &payloadHeaderLength, packetBytes, packetLength);
*length -= payloadHeaderLength; *length -= payloadHeaderLength;
return payload + payloadOffset; return payload + payloadOffset;
} }

40
TunnelKit/Sources/Core/CryptoCBC.m
View File

@ -288,12 +288,12 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
#pragma mark DataPathEncrypter #pragma mark DataPathEncrypter
- (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length - (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)packetBytes length:(NSInteger *)packetLength
{ {
uint8_t *ptr = dest; uint8_t *ptr = packetBytes;
*(uint32_t *)ptr = htonl(packetId); *(uint32_t *)ptr = htonl(packetId);
ptr += sizeof(uint32_t); ptr += sizeof(uint32_t);
*length = (int)(ptr - dest + payload.length); *packetLength = (int)(ptr - packetBytes + payload.length);
if (!block) { if (!block) {
memcpy(ptr, payload.bytes, payload.length); memcpy(ptr, payload.bytes, payload.length);
return; return;
@ -301,42 +301,42 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
NSInteger packetLengthOffset; NSInteger packetLengthOffset;
block(ptr, &packetLengthOffset, payload); block(ptr, &packetLengthOffset, payload);
*length += packetLengthOffset; *packetLength += packetLengthOffset;
} }
- (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError *__autoreleasing *)error - (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId packetBytes:(const uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError *__autoreleasing *)error
{ {
const int capacity = self.headerLength + (int)safe_crypto_capacity(payloadLength, self.crypto.overheadLength); const int capacity = self.headerLength + (int)safe_crypto_capacity(packetLength, self.crypto.overheadLength);
NSMutableData *encryptedPacket = [[NSMutableData alloc] initWithLength:capacity]; NSMutableData *encryptedPacket = [[NSMutableData alloc] initWithLength:capacity];
uint8_t *ptr = encryptedPacket.mutableBytes; uint8_t *ptr = encryptedPacket.mutableBytes;
NSInteger encryptedPayloadLength = INT_MAX; NSInteger encryptedPacketLength = INT_MAX;
const BOOL success = [self.crypto encryptBytes:payload const BOOL success = [self.crypto encryptBytes:packetBytes
length:payloadLength length:packetLength
dest:(ptr + self.headerLength) // skip header byte dest:(ptr + self.headerLength) // skip header byte
destLength:&encryptedPayloadLength destLength:&encryptedPacketLength
extra:NULL extra:NULL
error:error]; error:error];
NSAssert(encryptedPayloadLength <= capacity, @"Did not allocate enough bytes for payload"); NSAssert(encryptedPacketLength <= capacity, @"Did not allocate enough bytes for payload");
if (!success) { if (!success) {
return nil; return nil;
} }
self.setDataHeader(ptr, key); self.setDataHeader(ptr, key);
encryptedPacket.length = self.headerLength + encryptedPayloadLength; encryptedPacket.length = self.headerLength + encryptedPacketLength;
return encryptedPacket; return encryptedPacket;
} }
#pragma mark DataPathDecrypter #pragma mark DataPathDecrypter
- (BOOL)decryptDataPacket:(NSData *)packet into:(uint8_t *)dest length:(NSInteger *)length packetId:(nonnull uint32_t *)packetId error:(NSError *__autoreleasing *)error - (BOOL)decryptDataPacket:(NSData *)packet into:(uint8_t *)packetBytes length:(NSInteger *)packetLength packetId:(uint32_t *)packetId error:(NSError *__autoreleasing *)error
{ {
// skip header = (code, key) // skip header = (code, key)
const BOOL success = [self.crypto decryptBytes:(packet.bytes + self.headerLength) const BOOL success = [self.crypto decryptBytes:(packet.bytes + self.headerLength)
length:(int)(packet.length - self.headerLength) length:(int)(packet.length - self.headerLength)
dest:dest dest:packetBytes
destLength:length destLength:packetLength
extra:NULL extra:NULL
error:error]; error:error];
if (!success) { if (!success) {
@ -348,22 +348,22 @@ const NSInteger CryptoCBCMaxHMACLength = 100;
} }
return NO; return NO;
} }
*packetId = ntohl(*(uint32_t *)dest); *packetId = ntohl(*(uint32_t *)packetBytes);
return YES; return YES;
} }
- (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block dataPacket:(uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length - (const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block length:(NSInteger *)length packetBytes:(uint8_t *)packetBytes packetLength:(NSInteger)packetLength
{ {
uint8_t *payload = packet; uint8_t *payload = packetBytes;
payload += sizeof(uint32_t); // packet id payload += sizeof(uint32_t); // packet id
*length = packetLength - (int)(payload - packet); *length = packetLength - (int)(payload - packetBytes);
if (!block) { if (!block) {
return payload; return payload;
} }
NSInteger payloadOffset; NSInteger payloadOffset;
NSInteger payloadHeaderLength; NSInteger payloadHeaderLength;
block(payload, &payloadOffset, &payloadHeaderLength, packet, packetLength); block(payload, &payloadOffset, &payloadHeaderLength, packetBytes, packetLength);
*length -= payloadHeaderLength; *length -= payloadHeaderLength;
return payload + payloadOffset; return payload + payloadOffset;
} }

60
TunnelKit/Sources/Core/DataPath.m
View File

@ -225,31 +225,31 @@
[self.outPackets removeAllObjects]; [self.outPackets removeAllObjects];
for (NSData *raw in packets) { for (NSData *payload in packets) {
self.outPacketId += 1; self.outPacketId += 1;
// may resize encBuffer to hold encrypted payload // may resize encBuffer to hold encrypted payload
[self adjustEncBufferToPacketSize:(int)raw.length]; [self adjustEncBufferToPacketSize:(int)payload.length];
uint8_t *payload = self.encBufferAligned; uint8_t *dataPacketBytes = self.encBufferAligned;
NSInteger payloadLength; NSInteger dataPacketLength;
[self.encrypter assembleDataPacketWithBlock:self.assemblePayloadBlock [self.encrypter assembleDataPacketWithBlock:self.assemblePayloadBlock
packetId:self.outPacketId packetId:self.outPacketId
payload:raw payload:payload
into:payload into:dataPacketBytes
length:&payloadLength]; length:&dataPacketLength];
MSSFix(payload, payloadLength); MSSFix(dataPacketBytes, dataPacketLength);
NSData *encryptedPacket = [self.encrypter encryptedDataPacketWithKey:key NSData *encryptedDataPacket = [self.encrypter encryptedDataPacketWithKey:key
packetId:self.outPacketId packetId:self.outPacketId
payload:payload packetBytes:dataPacketBytes
payloadLength:payloadLength packetLength:dataPacketLength
error:error]; error:error];
if (!encryptedPacket) { if (!encryptedDataPacket) {
return nil; return nil;
} }
[self.outPackets addObject:encryptedPacket]; [self.outPackets addObject:encryptedDataPacket];
} }
return self.outPackets; return self.outPackets;
@ -261,17 +261,17 @@
[self.inPackets removeAllObjects]; [self.inPackets removeAllObjects];
for (NSData *encryptedPacket in packets) { for (NSData *encryptedDataPacket in packets) {
// may resize decBuffer to encryptedPacket.length // may resize decBuffer to encryptedPacket.length
[self adjustDecBufferToPacketSize:(int)encryptedPacket.length]; [self adjustDecBufferToPacketSize:(int)encryptedDataPacket.length];
uint8_t *packet = self.decBufferAligned; uint8_t *dataPacketBytes = self.decBufferAligned;
NSInteger packetLength = INT_MAX; NSInteger dataPacketLength = INT_MAX;
uint32_t packetId; uint32_t packetId;
const BOOL success = [self.decrypter decryptDataPacket:encryptedPacket const BOOL success = [self.decrypter decryptDataPacket:encryptedDataPacket
into:packet into:dataPacketBytes
length:&packetLength length:&dataPacketLength
packetId:&packetId packetId:&packetId
error:error]; error:error];
if (!success) { if (!success) {
@ -288,22 +288,22 @@
} }
NSInteger payloadLength; NSInteger payloadLength;
const uint8_t *payload = [self.decrypter parsePayloadWithBlock:self.parsePayloadBlock const uint8_t *payloadBytes = [self.decrypter parsePayloadWithBlock:self.parsePayloadBlock
dataPacket:packet length:&payloadLength
packetLength:packetLength packetBytes:dataPacketBytes
length:&payloadLength]; packetLength:dataPacketLength];
if ((payloadLength == sizeof(DataPacketPingData)) && !memcmp(payload, DataPacketPingData, payloadLength)) { if ((payloadLength == sizeof(DataPacketPingData)) && !memcmp(payloadBytes, DataPacketPingData, payloadLength)) {
if (keepAlive) { if (keepAlive) {
*keepAlive = true; *keepAlive = true;
} }
continue; continue;
} }
// MSSFix(payload, payloadLength); // MSSFix(payloadBytes, payloadLength);
NSData *raw = [[NSData alloc] initWithBytes:payload length:payloadLength]; NSData *payload = [[NSData alloc] initWithBytes:payloadBytes length:payloadLength];
[self.inPackets addObject:raw]; [self.inPackets addObject:payload];
} }
return self.inPackets; return self.inPackets;

8
TunnelKit/Sources/Core/DataPathEncryption.h
View File

@ -48,14 +48,14 @@ typedef void (^DataPathParseBlock)(uint8_t *_Nonnull payload, NSInteger *_Nonnul
@protocol DataPathEncrypter <DataPathChannel> @protocol DataPathEncrypter <DataPathChannel>
- (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length; - (void)assembleDataPacketWithBlock:(DataPathAssembleBlock)block packetId:(uint32_t)packetId payload:(NSData *)payload into:(nonnull uint8_t *)packetBytes length:(nonnull NSInteger *)packetLength;
- (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError **)error; - (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId packetBytes:(const uint8_t *)packetBytes packetLength:(NSInteger)packetLength error:(NSError **)error;
@end @end
@protocol DataPathDecrypter <DataPathChannel> @protocol DataPathDecrypter <DataPathChannel>
- (BOOL)decryptDataPacket:(nonnull NSData *)packet into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length packetId:(nonnull uint32_t *)packetId error:(NSError **)error; - (BOOL)decryptDataPacket:(nonnull NSData *)packet into:(nonnull uint8_t *)packetBytes length:(nonnull NSInteger *)packetLength packetId:(nonnull uint32_t *)packetId error:(NSError **)error;
- (nonnull const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block dataPacket:(nonnull uint8_t *)packet packetLength:(NSInteger)packetLength length:(nonnull NSInteger *)length; - (nonnull const uint8_t *)parsePayloadWithBlock:(DataPathParseBlock)block length:(nonnull NSInteger *)length packetBytes:(nonnull uint8_t *)packetBytes packetLength:(NSInteger)packetLength;
@end @end