diff --git a/Sources/CTunnelKitOpenVPNCore/Dummy.m b/Sources/CTunnelKitOpenVPNCore/Dummy.m deleted file mode 100644 index 8b13789..0000000 --- a/Sources/CTunnelKitOpenVPNCore/Dummy.m +++ /dev/null @@ -1 +0,0 @@ - diff --git a/Sources/CTunnelKitCore/Errors.m b/Sources/CTunnelKitOpenVPNCore/Errors.m similarity index 94% rename from Sources/CTunnelKitCore/Errors.m rename to Sources/CTunnelKitOpenVPNCore/Errors.m index 2571e98..2b912b5 100644 --- a/Sources/CTunnelKitCore/Errors.m +++ b/Sources/CTunnelKitOpenVPNCore/Errors.m @@ -36,5 +36,5 @@ #import "Errors.h" -NSString *const TunnelKitErrorDomain = @"TunnelKitNative"; -NSString *const TunnelKitErrorKey = @"TunnelKitErrorKey"; +NSString *const OpenVPNErrorDomain = @"TunnelKitOpenVPN"; +NSString *const OpenVPNErrorKey = @"TunnelKitErrorKey"; diff --git a/Sources/CTunnelKitCore/include/Errors.h b/Sources/CTunnelKitOpenVPNCore/include/Errors.h similarity index 65% rename from Sources/CTunnelKitCore/include/Errors.h rename to Sources/CTunnelKitOpenVPNCore/include/Errors.h index f8ef351..fb5d18f 100644 --- a/Sources/CTunnelKitCore/include/Errors.h +++ b/Sources/CTunnelKitOpenVPNCore/include/Errors.h @@ -36,27 +36,26 @@ #import -extern NSString *const TunnelKitErrorDomain; -extern NSString *const TunnelKitErrorKey; +extern NSString *const OpenVPNErrorDomain; +extern NSString *const OpenVPNErrorKey; -typedef NS_ENUM(NSInteger, TunnelKitErrorCode) { - TunnelKitErrorCodeCryptoRandomGenerator = 101, - TunnelKitErrorCodeCryptoHMAC = 102, - TunnelKitErrorCodeCryptoEncryption = 103, - TunnelKitErrorCodeCryptoAlgorithm = 104, - TunnelKitErrorCodeTLSCertificateAuthority = 201, - TunnelKitErrorCodeTLSHandshake = 202, - TunnelKitErrorCodeTLSClientCertificate = 204, - TunnelKitErrorCodeTLSClientKey = 205, - TunnelKitErrorCodeTLSServerCertificate = 206, - TunnelKitErrorCodeTLSServerEKU = 207, - TunnelKitErrorCodeTLSServerHost = 208, - TunnelKitErrorCodeDataPathOverflow = 301, - TunnelKitErrorCodeDataPathPeerIdMismatch = 302, - TunnelKitErrorCodeDataPathCompression = 303, - TunnelKitErrorCodeLZO = 401, +typedef NS_ENUM(NSInteger, OpenVPNErrorCode) { + OpenVPNErrorCodeCryptoRandomGenerator = 101, + OpenVPNErrorCodeCryptoHMAC = 102, + OpenVPNErrorCodeCryptoEncryption = 103, + OpenVPNErrorCodeCryptoAlgorithm = 104, + OpenVPNErrorCodeTLSCertificateAuthority = 201, + OpenVPNErrorCodeTLSHandshake = 202, + OpenVPNErrorCodeTLSClientCertificate = 204, + OpenVPNErrorCodeTLSClientKey = 205, + OpenVPNErrorCodeTLSServerCertificate = 206, + OpenVPNErrorCodeTLSServerEKU = 207, + OpenVPNErrorCodeTLSServerHost = 208, + OpenVPNErrorCodeDataPathOverflow = 301, + OpenVPNErrorCodeDataPathPeerIdMismatch = 302, + OpenVPNErrorCodeDataPathCompression = 303 }; -static inline NSError *TunnelKitErrorWithCode(TunnelKitErrorCode code) { - return [NSError errorWithDomain:TunnelKitErrorDomain code:code userInfo:nil]; +static inline NSError *OpenVPNErrorWithCode(OpenVPNErrorCode code) { + return [NSError errorWithDomain:OpenVPNErrorDomain code:code userInfo:nil]; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/CryptoAEAD.m b/Sources/CTunnelKitOpenVPNProtocol/CryptoAEAD.m index 400d09d..86cb4a0 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/CryptoAEAD.m +++ b/Sources/CTunnelKitOpenVPNProtocol/CryptoAEAD.m @@ -320,7 +320,7 @@ static const NSInteger CryptoAEADTagLength = 16; if (hasPeerId) { if (peerId != self.peerId) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathPeerIdMismatch); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathPeerIdMismatch); } return NO; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/CryptoBox.m b/Sources/CTunnelKitOpenVPNProtocol/CryptoBox.m index 4d71197..ec54671 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/CryptoBox.m +++ b/Sources/CTunnelKitOpenVPNProtocol/CryptoBox.m @@ -109,7 +109,7 @@ if ([self.cipherAlgorithm hasSuffix:@"-cbc"]) { if (!self.digestAlgorithm) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoAlgorithm); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoAlgorithm); } return NO; } @@ -130,7 +130,7 @@ // not supported else { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoAlgorithm); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoAlgorithm); } return NO; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/CryptoCBC.m b/Sources/CTunnelKitOpenVPNProtocol/CryptoCBC.m index 7586671..c332376 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/CryptoCBC.m +++ b/Sources/CTunnelKitOpenVPNProtocol/CryptoCBC.m @@ -151,7 +151,7 @@ const NSInteger CryptoCBCMaxHMACLength = 100; if (self.cipher) { if (RAND_bytes(outIV, self.cipherIVLength) != 1) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoRandomGenerator); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoRandomGenerator); } return NO; } @@ -214,7 +214,7 @@ const NSInteger CryptoCBCMaxHMACLength = 100; if (TUNNEL_CRYPTO_SUCCESS(code) && CRYPTO_memcmp(self.bufferDecHMAC, bytes, self.digestLength) != 0) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoHMAC); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoHMAC); } return NO; } @@ -239,7 +239,7 @@ const NSInteger CryptoCBCMaxHMACLength = 100; if (TUNNEL_CRYPTO_SUCCESS(code) && CRYPTO_memcmp(self.bufferDecHMAC, bytes, self.digestLength) != 0) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoHMAC); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoHMAC); } return NO; } @@ -358,7 +358,7 @@ const NSInteger CryptoCBCMaxHMACLength = 100; if (hasPeerId) { if (peerId != self.peerId) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathPeerIdMismatch); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathPeerIdMismatch); } return NO; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/CryptoCTR.m b/Sources/CTunnelKitOpenVPNProtocol/CryptoCTR.m index e9abf70..3225c84 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/CryptoCTR.m +++ b/Sources/CTunnelKitOpenVPNProtocol/CryptoCTR.m @@ -194,7 +194,7 @@ static const NSInteger CryptoCTRTagLength = 32; if (TUNNEL_CRYPTO_SUCCESS(code) && CRYPTO_memcmp(self.bufferDecHMAC, bytes, CryptoCTRTagLength) != 0) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoHMAC); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoHMAC); } return NO; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/DataPath.m b/Sources/CTunnelKitOpenVPNProtocol/DataPath.m index 87eeafb..8860d19 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/DataPath.m +++ b/Sources/CTunnelKitOpenVPNProtocol/DataPath.m @@ -188,7 +188,7 @@ case DataPacketLZOCompress: if (!weakSelf.lzo) { // compressed packet unexpected if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathCompression); } return NO; } @@ -199,7 +199,7 @@ if (compressionFraming == CompressionFramingNativeCompressV2) { if (payload[1] != DataPacketV2Uncompressed) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathCompression); } return NO; } @@ -213,7 +213,7 @@ default: // @"Expected NO_COMPRESS (found %X != %X)", payload[0], DataPacketNoCompress); // if (error) { -// *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathCompression); +// *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathCompression); // } // return NO; *payloadOffset = 0; @@ -308,7 +308,7 @@ if (self.outPacketId > self.maxPacketId) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathOverflow); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathOverflow); } return nil; } @@ -369,7 +369,7 @@ } if (packetId > self.maxPacketId) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeDataPathOverflow); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeDataPathOverflow); } return nil; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/TLSBox.m b/Sources/CTunnelKitOpenVPNProtocol/TLSBox.m index 96810a5..3826c54 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/TLSBox.m +++ b/Sources/CTunnelKitOpenVPNProtocol/TLSBox.m @@ -48,10 +48,10 @@ static const char *const TLSBoxServerEKU = "TLS Web Server Authentication"; int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (!ok) { - NSError *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSCertificateAuthority); + NSError *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSCertificateAuthority); [[NSNotificationCenter defaultCenter] postNotificationName:TLSBoxPeerVerificationErrorNotification object:nil - userInfo:@{TunnelKitErrorKey: error}]; + userInfo:@{OpenVPNErrorKey: error}]; } return ok; } @@ -208,7 +208,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (!SSL_CTX_load_verify_locations(self.ctx, [self.caPath cStringUsingEncoding:NSASCIIStringEncoding], NULL)) { ERR_print_errors_fp(stdout); if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSCertificateAuthority); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSCertificateAuthority); } return NO; } @@ -217,7 +217,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (!SSL_CTX_use_certificate_file(self.ctx, [self.clientCertificatePath cStringUsingEncoding:NSASCIIStringEncoding], SSL_FILETYPE_PEM)) { ERR_print_errors_fp(stdout); if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSClientCertificate); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSClientCertificate); } return NO; } @@ -226,7 +226,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (!SSL_CTX_use_PrivateKey_file(self.ctx, [self.clientKeyPath cStringUsingEncoding:NSASCIIStringEncoding], SSL_FILETYPE_PEM)) { ERR_print_errors_fp(stdout); if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSClientKey); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSClientKey); } return NO; } @@ -246,7 +246,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (!SSL_do_handshake(self.ssl)) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSHandshake); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSHandshake); } return NO; } @@ -266,14 +266,14 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { if (self.checksEKU && ![self verifyEKUWithSSL:self.ssl]) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSServerEKU); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSServerEKU); } return nil; } if (self.checksSANHost && ![self verifySANHostWithSSL:self.ssl]) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSServerHost); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSServerHost); } return nil; } @@ -283,7 +283,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { } if ((ret < 0) && !BIO_should_retry(self.bioCipherTextOut)) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSHandshake); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSHandshake); } } return nil; @@ -301,7 +301,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { } if ((ret < 0) && !BIO_should_retry(self.bioPlainText)) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSHandshake); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSHandshake); } } return NO; @@ -323,7 +323,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { const int ret = BIO_write(self.bioCipherTextIn, text, (int)length); if (ret != length) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSHandshake); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSHandshake); } return NO; } @@ -344,7 +344,7 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) { const int ret = BIO_write(self.bioPlainText, text, (int)length); if (ret != length) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeTLSHandshake); + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeTLSHandshake); } return NO; } diff --git a/Sources/CTunnelKitOpenVPNProtocol/include/CryptoMacros.h b/Sources/CTunnelKitOpenVPNProtocol/include/CryptoMacros.h index 4858d5d..9bc90e5 100644 --- a/Sources/CTunnelKitOpenVPNProtocol/include/CryptoMacros.h +++ b/Sources/CTunnelKitOpenVPNProtocol/include/CryptoMacros.h @@ -41,7 +41,7 @@ #define TUNNEL_CRYPTO_RETURN_STATUS(ret)\ if (ret <= 0) {\ if (error) {\ - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeCryptoEncryption);\ + *error = OpenVPNErrorWithCode(OpenVPNErrorCodeCryptoEncryption);\ }\ return NO;\ }\ diff --git a/Sources/TunnelKitLZO/StandardLZO.m b/Sources/TunnelKitLZO/StandardLZO.m index 2480d5c..302ca4c 100644 --- a/Sources/TunnelKitLZO/StandardLZO.m +++ b/Sources/TunnelKitLZO/StandardLZO.m @@ -23,9 +23,10 @@ // along with TunnelKit. If not, see . // +#import "StandardLZO.h" #import "lib/minilzo.h" -#import "Errors.h" +NSString *const TunnelKitLZOErrorDomain = @"TunnelKitLZO"; #define HEAP_ALLOC(var,size) \ lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ] @@ -68,7 +69,7 @@ static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); const int status = lzo1x_1_compress(data.bytes, data.length, dst.mutableBytes, &dstLength, wrkmem); if (status != LZO_E_OK) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeLZO); + *error = [NSError errorWithDomain:TunnelKitLZOErrorDomain code:0 userInfo:nil]; } return nil; } @@ -90,7 +91,7 @@ static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); const int status = lzo1x_decompress_safe(bytes, length, self.decompressedBuffer.mutableBytes, &dstLength, NULL); if (status != LZO_E_OK) { if (error) { - *error = TunnelKitErrorWithCode(TunnelKitErrorCodeLZO); + *error = [NSError errorWithDomain:TunnelKitLZOErrorDomain code:0 userInfo:nil]; } return nil; } diff --git a/Sources/TunnelKitLZO/include/Errors.h b/Sources/TunnelKitLZO/include/Errors.h deleted file mode 120000 index 8afcae1..0000000 --- a/Sources/TunnelKitLZO/include/Errors.h +++ /dev/null @@ -1 +0,0 @@ -../../CTunnelKitCore/include/Errors.h \ No newline at end of file diff --git a/Sources/TunnelKitLZO/include/StandardLZO.h b/Sources/TunnelKitLZO/include/StandardLZO.h new file mode 100644 index 0000000..bbab181 --- /dev/null +++ b/Sources/TunnelKitLZO/include/StandardLZO.h @@ -0,0 +1,3 @@ +#import + +extern NSString *const TunnelKitLZOErrorDomain; diff --git a/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift b/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift index 4928c02..ec7f395 100644 --- a/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift +++ b/Sources/TunnelKitOpenVPNAppExtension/OpenVPNTunnelProvider.swift @@ -895,7 +895,7 @@ extension OpenVPNTunnelProvider { } private func unifiedError(from error: Error) -> OpenVPNProviderError { - if let te = error.tunnelKitErrorCode() { + if let te = error.openVPNErrorCode() { switch te { case .cryptoRandomGenerator, .cryptoAlgorithm: return .encryptionInitialization @@ -918,9 +918,6 @@ extension OpenVPNTunnelProvider { case .dataPathCompression: return .serverCompression - case .LZO: - return .lzo - default: break } diff --git a/Sources/TunnelKitCore/Errors.swift b/Sources/TunnelKitOpenVPNCore/Errors.swift similarity index 78% rename from Sources/TunnelKitCore/Errors.swift rename to Sources/TunnelKitOpenVPNCore/Errors.swift index cf5e52d..ae97c9e 100644 --- a/Sources/TunnelKitCore/Errors.swift +++ b/Sources/TunnelKitOpenVPNCore/Errors.swift @@ -24,19 +24,19 @@ // import Foundation -import CTunnelKitCore +import CTunnelKitOpenVPNCore extension Error { - public func isTunnelKitError() -> Bool { + public func isOpenVPNError() -> Bool { let te = self as NSError - return te.domain == TunnelKitErrorDomain + return te.domain == OpenVPNErrorDomain } - public func tunnelKitErrorCode() -> TunnelKitErrorCode? { + public func openVPNErrorCode() -> OpenVPNErrorCode? { let te = self as NSError - guard te.domain == TunnelKitErrorDomain else { + guard te.domain == OpenVPNErrorDomain else { return nil } - return TunnelKitErrorCode(rawValue: te.code) + return OpenVPNErrorCode(rawValue: te.code) } } diff --git a/Sources/TunnelKitOpenVPNProtocol/OpenVPNSession.swift b/Sources/TunnelKitOpenVPNProtocol/OpenVPNSession.swift index 2bc4791..ea26b5d 100644 --- a/Sources/TunnelKitOpenVPNProtocol/OpenVPNSession.swift +++ b/Sources/TunnelKitOpenVPNProtocol/OpenVPNSession.swift @@ -259,7 +259,7 @@ public class OpenVPNSession: Session { // WARNING: runs in notification source queue (we know it's "queue", but better be safe than sorry) tlsObserver = NotificationCenter.default.addObserver(forName: .TLSBoxPeerVerificationError, object: nil, queue: nil) { (notification) in - let error = notification.userInfo?[TunnelKitErrorKey] as? Error + let error = notification.userInfo?[OpenVPNErrorKey] as? Error self.queue.async { self.deferStop(.shutdown, error) } @@ -685,7 +685,7 @@ public class OpenVPNSession: Session { do { cipherTextOut = try negotiationKey.tls.pullCipherText() } catch let e { - if let _ = e.tunnelKitErrorCode() { + if let _ = e.openVPNErrorCode() { log.error("TLS.auth: Failed pulling ciphertext (error: \(e))") shutdown(error: e) return @@ -714,7 +714,7 @@ public class OpenVPNSession: Session { do { cipherTextOut = try negotiationKey.tls.pullCipherText() } catch let e { - if let _ = e.tunnelKitErrorCode() { + if let _ = e.openVPNErrorCode() { log.error("TLS.auth: Failed pulling ciphertext (error: \(e))") shutdown(error: e) return @@ -808,7 +808,7 @@ public class OpenVPNSession: Session { do { cipherTextOut = try negotiationKey.tls.pullCipherText() } catch let e { - if let _ = e.tunnelKitErrorCode() { + if let _ = e.openVPNErrorCode() { log.error("TLS.connect: Failed pulling ciphertext (error: \(e))") shutdown(error: e) return @@ -847,7 +847,7 @@ public class OpenVPNSession: Session { log.debug("TLS.connect: Send pulled ciphertext (\(cipherTextOut.count) bytes)") enqueueControlPackets(code: .controlV1, key: negotiationKey.id, payload: cipherTextOut) } catch let e { - if let _ = e.tunnelKitErrorCode() { + if let _ = e.openVPNErrorCode() { log.error("TLS.connect: Failed pulling ciphertext (error: \(e))") shutdown(error: e) return @@ -1147,7 +1147,7 @@ public class OpenVPNSession: Session { tunnel?.writePackets(decryptedPackets, completionHandler: nil) } catch let e { - guard !e.isTunnelKitError() else { + guard !e.isOpenVPNError() else { deferStop(.shutdown, e) return } @@ -1187,7 +1187,7 @@ public class OpenVPNSession: Session { } } } catch let e { - guard !e.isTunnelKitError() else { + guard !e.isOpenVPNError() else { deferStop(.shutdown, e) return }