From 8836d2b1752effac31b69a787a305d808618ba74 Mon Sep 17 00:00:00 2001 From: Davide De Rosa Date: Fri, 17 Aug 2018 11:02:45 +0200 Subject: [PATCH] Deprecate LZO compression framing Prepend NO_COMPRESS if enabled, omit if not (default). --- TunnelKit/Sources/Core/CryptoAEAD.h | 1 + TunnelKit/Sources/Core/CryptoAEAD.m | 19 +++++++++++++------ TunnelKit/Sources/Core/CryptoCBC.h | 1 + TunnelKit/Sources/Core/CryptoCBC.m | 19 +++++++++++++------ TunnelKit/Sources/Core/DataPath.h | 1 + TunnelKit/Sources/Core/DataPath.m | 18 ++++++++++++------ TunnelKit/Sources/Core/DataPathEncryption.h | 18 +++++++++++------- TunnelKit/Sources/Core/PacketMacros.h | 2 +- TunnelKit/Sources/Core/PacketMacros.m | 2 +- TunnelKitTests/DataPathEncryptionTests.swift | 9 ++++----- 10 files changed, 58 insertions(+), 32 deletions(-) diff --git a/TunnelKit/Sources/Core/CryptoAEAD.h b/TunnelKit/Sources/Core/CryptoAEAD.h index 4dce20a..1869c99 100644 --- a/TunnelKit/Sources/Core/CryptoAEAD.h +++ b/TunnelKit/Sources/Core/CryptoAEAD.h @@ -24,6 +24,7 @@ NS_ASSUME_NONNULL_BEGIN @interface DataPathCryptoAEAD : NSObject @property (nonatomic, assign) uint32_t peerId; +@property (nonatomic, assign) BOOL LZOFraming DEPRECATED_ATTRIBUTE; - (instancetype)initWithCrypto:(nonnull CryptoAEAD *)crypto; diff --git a/TunnelKit/Sources/Core/CryptoAEAD.m b/TunnelKit/Sources/Core/CryptoAEAD.m index 5fa1d16..b7709e3 100644 --- a/TunnelKit/Sources/Core/CryptoAEAD.m +++ b/TunnelKit/Sources/Core/CryptoAEAD.m @@ -227,6 +227,8 @@ const NSInteger CryptoAEADTagLength = 16; return self; } +#pragma mark DataPathChannel + - (int)overheadLength { return self.crypto.overheadLength; @@ -259,11 +261,13 @@ const NSInteger CryptoAEADTagLength = 16; #pragma mark DataPathEncrypter -- (void)assembleDataPacketWithPacketId:(uint32_t)packetId compression:(uint8_t)compression payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length +- (void)assembleDataPacketWithPacketId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length { uint8_t *ptr = dest; - *ptr = compression; - ptr += sizeof(uint8_t); + if (self.LZOFraming) { + *ptr = DataPacketLZONoCompress; + ptr += sizeof(uint8_t); + } memcpy(ptr, payload.bytes, payload.length); *length = (int)(ptr - dest + payload.length); } @@ -329,11 +333,14 @@ const NSInteger CryptoAEADTagLength = 16; return YES; } -- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length compression:(uint8_t *)compression +- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length { const uint8_t *ptr = packet; - *compression = *ptr; - ptr += sizeof(uint8_t); // compression byte + if (self.LZOFraming) { + NSAssert(*ptr == DataPacketLZONoCompress, @"Expected LZO NO_COMPRESS"); +// *compression = *ptr; + ptr += sizeof(uint8_t); // compression byte + } *length = packetLength - (int)(ptr - packet); return ptr; } diff --git a/TunnelKit/Sources/Core/CryptoCBC.h b/TunnelKit/Sources/Core/CryptoCBC.h index f865221..0c9e553 100644 --- a/TunnelKit/Sources/Core/CryptoCBC.h +++ b/TunnelKit/Sources/Core/CryptoCBC.h @@ -23,6 +23,7 @@ NS_ASSUME_NONNULL_BEGIN @interface DataPathCryptoCBC : NSObject @property (nonatomic, assign) uint32_t peerId; +@property (nonatomic, assign) BOOL LZOFraming DEPRECATED_ATTRIBUTE; - (instancetype)initWithCrypto:(nonnull CryptoCBC *)crypto; diff --git a/TunnelKit/Sources/Core/CryptoCBC.m b/TunnelKit/Sources/Core/CryptoCBC.m index d0cd92b..e586f3e 100644 --- a/TunnelKit/Sources/Core/CryptoCBC.m +++ b/TunnelKit/Sources/Core/CryptoCBC.m @@ -229,6 +229,8 @@ const NSInteger CryptoCBCMaxHMACLength = 100; return self; } +#pragma mark DataPathChannel + - (int)overheadLength { return self.crypto.overheadLength; @@ -257,13 +259,15 @@ const NSInteger CryptoCBCMaxHMACLength = 100; #pragma mark DataPathEncrypter -- (void)assembleDataPacketWithPacketId:(uint32_t)packetId compression:(uint8_t)compression payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length +- (void)assembleDataPacketWithPacketId:(uint32_t)packetId payload:(NSData *)payload into:(uint8_t *)dest length:(NSInteger *)length { uint8_t *ptr = dest; *(uint32_t *)ptr = htonl(packetId); ptr += sizeof(uint32_t); - *ptr = compression; - ptr += sizeof(uint8_t); + if (self.LZOFraming) { + *ptr = DataPacketLZONoCompress; + ptr += sizeof(uint8_t); + } memcpy(ptr, payload.bytes, payload.length); *length = (int)(ptr - dest + payload.length); } @@ -316,12 +320,15 @@ const NSInteger CryptoCBCMaxHMACLength = 100; return YES; } -- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length compression:(uint8_t *)compression +- (const uint8_t *)parsePayloadWithDataPacket:(const uint8_t *)packet packetLength:(NSInteger)packetLength length:(NSInteger *)length { const uint8_t *ptr = packet; ptr += sizeof(uint32_t); // packet id - *compression = *ptr; - ptr += sizeof(uint8_t); // compression byte + if (self.LZOFraming) { + NSAssert(*ptr == DataPacketLZONoCompress, @"Expected LZO NO_COMPRESS"); +// *compression = *ptr; + ptr += sizeof(uint8_t); // compression byte + } *length = packetLength - (int)(ptr - packet); return ptr; } diff --git a/TunnelKit/Sources/Core/DataPath.h b/TunnelKit/Sources/Core/DataPath.h index 18f852d..53e82fc 100644 --- a/TunnelKit/Sources/Core/DataPath.h +++ b/TunnelKit/Sources/Core/DataPath.h @@ -23,6 +23,7 @@ usesReplayProtection:(BOOL)usesReplayProtection; - (void)setPeerId:(uint32_t)peerId; // 24-bit, discard most significant byte +- (void)setLZOFraming:(BOOL)LZOFraming DEPRECATED_ATTRIBUTE; - (NSArray *)encryptPackets:(nonnull NSArray *)packets key:(uint8_t)key error:(NSError **)error; - (NSArray *)decryptPackets:(nonnull NSArray *)packets keepAlive:(nullable bool *)keepAlive error:(NSError **)error; diff --git a/TunnelKit/Sources/Core/DataPath.m b/TunnelKit/Sources/Core/DataPath.m index 52523ee..270b46b 100644 --- a/TunnelKit/Sources/Core/DataPath.m +++ b/TunnelKit/Sources/Core/DataPath.m @@ -128,8 +128,17 @@ NSAssert(self.encrypter, @"Setting peer-id to nil encrypter"); NSAssert(self.decrypter, @"Setting peer-id to nil decrypter"); - [self.encrypter setPeerId:peerId]; - [self.decrypter setPeerId:peerId]; + self.encrypter.peerId = peerId; + self.decrypter.peerId = peerId; +} + +- (void)setLZOFraming:(BOOL)LZOFraming +{ + NSAssert(self.encrypter, @"Setting LZOFraming to nil encrypter"); + NSAssert(self.decrypter, @"Setting LZOFraming to nil decrypter"); + + self.encrypter.LZOFraming = LZOFraming; + self.decrypter.LZOFraming = LZOFraming; } #pragma mark DataPath @@ -156,7 +165,6 @@ uint8_t *payload = self.encBufferAligned; NSInteger payloadLength; [self.encrypter assembleDataPacketWithPacketId:self.outPacketId - compression:DataPacketCompressNone payload:raw into:payload length:&payloadLength]; @@ -211,11 +219,9 @@ } NSInteger payloadLength; - uint8_t compression; const uint8_t *payload = [self.decrypter parsePayloadWithDataPacket:packet packetLength:packetLength - length:&payloadLength - compression:&compression]; + length:&payloadLength]; if ((payloadLength == sizeof(DataPacketPingData)) && !memcmp(payload, DataPacketPingData, payloadLength)) { if (keepAlive) { diff --git a/TunnelKit/Sources/Core/DataPathEncryption.h b/TunnelKit/Sources/Core/DataPathEncryption.h index e6a1840..4c18723 100644 --- a/TunnelKit/Sources/Core/DataPathEncryption.h +++ b/TunnelKit/Sources/Core/DataPathEncryption.h @@ -8,22 +8,26 @@ #import -@protocol DataPathEncrypter +@protocol DataPathChannel - (int)overheadLength; - (uint32_t)peerId; - (void)setPeerId:(uint32_t)peerId; -- (void)assembleDataPacketWithPacketId:(uint32_t)packetId compression:(uint8_t)compression payload:(NSData *)payload into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length; +- (BOOL)LZOFraming DEPRECATED_ATTRIBUTE; +- (void)setLZOFraming:(BOOL)LZOFraming DEPRECATED_ATTRIBUTE; + +@end + +@protocol DataPathEncrypter + +- (void)assembleDataPacketWithPacketId:(uint32_t)packetId payload:(NSData *)payload into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length; - (NSData *)encryptedDataPacketWithKey:(uint8_t)key packetId:(uint32_t)packetId payload:(const uint8_t *)payload payloadLength:(NSInteger)payloadLength error:(NSError **)error; @end -@protocol DataPathDecrypter +@protocol DataPathDecrypter -- (int)overheadLength; -- (uint32_t)peerId; -- (void)setPeerId:(uint32_t)peerId; - (BOOL)decryptDataPacket:(nonnull NSData *)packet into:(nonnull uint8_t *)dest length:(nonnull NSInteger *)length packetId:(nonnull uint32_t *)packetId error:(NSError **)error; -- (nonnull const uint8_t *)parsePayloadWithDataPacket:(nonnull const uint8_t *)packet packetLength:(NSInteger)packetLength length:(nonnull NSInteger *)length compression:(nonnull uint8_t *)compression; +- (nonnull const uint8_t *)parsePayloadWithDataPacket:(nonnull const uint8_t *)packet packetLength:(NSInteger)packetLength length:(nonnull NSInteger *)length; @end diff --git a/TunnelKit/Sources/Core/PacketMacros.h b/TunnelKit/Sources/Core/PacketMacros.h index 2a74b71..d9f3197 100644 --- a/TunnelKit/Sources/Core/PacketMacros.h +++ b/TunnelKit/Sources/Core/PacketMacros.h @@ -22,7 +22,7 @@ typedef NS_ENUM(uint8_t, PacketCode) { PacketCodeUnknown = 0xff }; -extern const uint8_t DataPacketCompressNone; +extern const uint8_t DataPacketLZONoCompress; extern const uint8_t DataPacketPingData[16]; static inline int PacketHeaderSet(uint8_t *_Nonnull to, PacketCode code, uint8_t key) diff --git a/TunnelKit/Sources/Core/PacketMacros.m b/TunnelKit/Sources/Core/PacketMacros.m index 285aaf3..90dceaa 100644 --- a/TunnelKit/Sources/Core/PacketMacros.m +++ b/TunnelKit/Sources/Core/PacketMacros.m @@ -8,5 +8,5 @@ #import "PacketMacros.h" -const uint8_t DataPacketCompressNone = 0xfa; +const uint8_t DataPacketLZONoCompress = 0xfa; const uint8_t DataPacketPingData[] = { 0x2a, 0x18, 0x7b, 0xf3, 0x64, 0x1e, 0xb4, 0xcb, 0x07, 0xed, 0x2d, 0x0a, 0x98, 0x1f, 0xc7, 0x48 }; diff --git a/TunnelKitTests/DataPathEncryptionTests.swift b/TunnelKitTests/DataPathEncryptionTests.swift index c4d9dea..4800f19 100644 --- a/TunnelKitTests/DataPathEncryptionTests.swift +++ b/TunnelKitTests/DataPathEncryptionTests.swift @@ -52,27 +52,26 @@ class DataPathEncryptionTests: XCTestCase { XCTAssertEqual(enc.peerId(), peerId & 0xffffff) XCTAssertEqual(dec.peerId(), peerId & 0xffffff) } +// enc.setDeprecatedLZOFraming(true) +// dec.setDeprecatedLZOFraming(true) let payload = Data(hex: "00112233445566778899") let packetId: UInt32 = 0x56341200 let key: UInt8 = 4 - let compression: UInt8 = DataPacketCompressNone var encryptedPayload: [UInt8] = [UInt8](repeating: 0, count: 1000) var encryptedPayloadLength: Int = 0 - enc.assembleDataPacket(withPacketId: packetId, compression: compression, payload: payload, into: &encryptedPayload, length: &encryptedPayloadLength) + enc.assembleDataPacket(withPacketId: packetId, payload: payload, into: &encryptedPayload, length: &encryptedPayloadLength) let encrypted = try! enc.encryptedDataPacket(withKey: key, packetId: packetId, payload: encryptedPayload, payloadLength: encryptedPayloadLength) var decrypted: [UInt8] = [UInt8](repeating: 0, count: 1000) var decryptedLength: Int = 0 var decryptedPacketId: UInt32 = 0 var decryptedPayloadLength: Int = 0 - var decryptedCompression: UInt8 = 0 try! dec.decryptDataPacket(encrypted, into: &decrypted, length: &decryptedLength, packetId: &decryptedPacketId) - let decryptedPtr = dec.parsePayload(withDataPacket: &decrypted, packetLength: decryptedLength, length: &decryptedPayloadLength, compression: &decryptedCompression) + let decryptedPtr = dec.parsePayload(withDataPacket: &decrypted, packetLength: decryptedLength, length: &decryptedPayloadLength) let decryptedPayload = Data(bytes: decryptedPtr, count: decryptedPayloadLength) XCTAssertEqual(payload, decryptedPayload) XCTAssertEqual(packetId, decryptedPacketId) - XCTAssertEqual(compression, decryptedCompression) } }