Pick cipher from PUSH_REPLY if present

2018-09-02 01:39:02 +02:00 · 2018-09-02 01:39:02 +02:00 · 81eb18619d
parent 31e694859f
commit 81eb18619d
1 changed files with 17 additions and 9 deletions
--- a/TunnelKit/Sources/Core/SessionProxy.swift
+++ b/TunnelKit/Sources/Core/SessionProxy.swift
@ -1000,20 +1000,23 @@ public class SessionProxy {
    // Ruby: setup_keys
    private func setupEncryption() {
        guard let auth = authenticator else {
-            fatalError("Setting up keys without having authenticated")
+            fatalError("Setting up encryption without having authenticated")
        }
        guard let sessionId = sessionId else {
-            fatalError("Setting up keys without a local sessionId")
+            fatalError("Setting up encryption without a local sessionId")
        }
        guard let remoteSessionId = remoteSessionId else {
-            fatalError("Setting up keys without a remote sessionId")
+            fatalError("Setting up encryption without a remote sessionId")
        }
        guard let serverRandom1 = auth.serverRandom1, let serverRandom2 = auth.serverRandom2 else {
-            fatalError("Setting up keys without server randoms")
+            fatalError("Setting up encryption without server randoms")
        }
-        
+        guard let pushReply = pushReply else {
+            fatalError("Setting up encryption without a former PUSH_REPLY")
+        }
+
        if CoreConfiguration.logsSensitiveData {
-            log.debug("Setup keys from the following components:")
+            log.debug("Set up encryption from the following components:")
            log.debug("\tpreMaster: \(auth.preMaster.toHex())")
            log.debug("\trandom1: \(auth.random1.toHex())")
            log.debug("\trandom2: \(auth.random2.toHex())")
@ -1022,13 +1025,18 @@ public class SessionProxy {
            log.debug("\tsessionId: \(sessionId.toHex())")
            log.debug("\tremoteSessionId: \(remoteSessionId.toHex())")
        } else {
-            log.debug("Setup keys")
+            log.debug("Set up encryption")
+        }
+        
+        let pushedCipher = pushReply.cipher
+        if let negCipher = pushedCipher {
+            log.debug("Negotiated cipher: \(negCipher.rawValue)")
        }

        let bridge: EncryptionBridge
        do {
            bridge = try EncryptionBridge(
-                configuration.cipher,
+                pushedCipher ?? configuration.cipher,
                configuration.digest,
                auth,
                sessionId,
@ -1042,7 +1050,7 @@ public class SessionProxy {
        negotiationKey.dataPath = DataPath(
            encrypter: bridge.encrypter(),
            decrypter: bridge.decrypter(),
-            peerId: pushReply?.peerId ?? PacketPeerIdDisabled,
+            peerId: pushReply.peerId ?? PacketPeerIdDisabled,
            compressionFraming: configuration.compressionFraming.native,
            maxPackets: link?.packetBufferSize ?? 200,
            usesReplayProtection: CoreConfiguration.usesReplayProtection