Customize HARD_RESET payload when PIA-patched
This commit is contained in:
Davide De Rosa
parent
eb8a8b38c2
commit
9b785084e2
|
|
@ -146,6 +146,9 @@ extension TunnelKitProvider {
|
|||
/// The number of seconds after which a renegotiation is started. Set to `nil` to disable renegotiation (default).
|
||||
public var renegotiatesAfterSeconds: Int?
|
||||
|
||||
/// Server is patched for the PIA VPN provider.
|
||||
public var usesPIAPatches: Bool?
|
||||
|
||||
// MARK: Debugging
|
||||
|
||||
/// Enables debugging. If `true`, then `debugLogKey` is a mandatory field.
|
||||
|
|
@ -177,6 +180,7 @@ extension TunnelKitProvider {
|
|||
compressionFraming = .disabled
|
||||
keepAliveSeconds = nil
|
||||
renegotiatesAfterSeconds = nil
|
||||
usesPIAPatches = false
|
||||
shouldDebug = false
|
||||
debugLogKey = nil
|
||||
debugLogFormat = nil
|
||||
|
|
@ -232,6 +236,7 @@ extension TunnelKitProvider {
|
|||
}
|
||||
keepAliveSeconds = providerConfiguration[S.keepAlive] as? Int
|
||||
renegotiatesAfterSeconds = providerConfiguration[S.renegotiatesAfter] as? Int
|
||||
usesPIAPatches = providerConfiguration[S.usesPIAPatches] as? Bool ?? false
|
||||
|
||||
shouldDebug = providerConfiguration[S.debug] as? Bool ?? false
|
||||
if shouldDebug {
|
||||
|
|
@ -268,6 +273,7 @@ extension TunnelKitProvider {
|
|||
compressionFraming: compressionFraming,
|
||||
keepAliveSeconds: keepAliveSeconds,
|
||||
renegotiatesAfterSeconds: renegotiatesAfterSeconds,
|
||||
usesPIAPatches: usesPIAPatches,
|
||||
shouldDebug: shouldDebug,
|
||||
debugLogKey: shouldDebug ? debugLogKey : nil,
|
||||
debugLogFormat: shouldDebug ? debugLogFormat : nil
|
||||
|
|
@ -304,6 +310,8 @@ extension TunnelKitProvider {
|
|||
|
||||
static let renegotiatesAfter = "RenegotiatesAfter"
|
||||
|
||||
static let usesPIAPatches = "UsesPIAPatches"
|
||||
|
||||
static let debug = "Debug"
|
||||
|
||||
static let debugLogKey = "DebugLogKey"
|
||||
|
|
@ -347,6 +355,9 @@ extension TunnelKitProvider {
|
|||
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.renegotiatesAfterSeconds`
|
||||
public let renegotiatesAfterSeconds: Int?
|
||||
|
||||
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.usesPIAPatches`
|
||||
public let usesPIAPatches: Bool?
|
||||
|
||||
/// - Seealso: `TunnelKitProvider.ConfigurationBuilder.shouldDebug`
|
||||
public let shouldDebug: Bool
|
||||
|
||||
|
|
@ -428,6 +439,9 @@ extension TunnelKitProvider {
|
|||
if let renegotiatesAfterSeconds = renegotiatesAfterSeconds {
|
||||
dict[S.renegotiatesAfter] = renegotiatesAfterSeconds
|
||||
}
|
||||
if let usesPIAPatches = usesPIAPatches {
|
||||
dict[S.usesPIAPatches] = usesPIAPatches
|
||||
}
|
||||
if let debugLogKey = debugLogKey {
|
||||
dict[S.debugLogKey] = debugLogKey
|
||||
}
|
||||
|
|
@ -518,6 +532,7 @@ extension TunnelKitProvider.Configuration: Equatable {
|
|||
builder.compressionFraming = compressionFraming
|
||||
builder.keepAliveSeconds = keepAliveSeconds
|
||||
builder.renegotiatesAfterSeconds = renegotiatesAfterSeconds
|
||||
builder.usesPIAPatches = usesPIAPatches
|
||||
builder.shouldDebug = shouldDebug
|
||||
builder.debugLogKey = debugLogKey
|
||||
builder.debugLogFormat = debugLogFormat
|
||||
|
|
|
|||
|
|
@ -234,6 +234,7 @@ open class TunnelKitProvider: NEPacketTunnelProvider {
|
|||
if let renegotiatesAfterSeconds = cfg.renegotiatesAfterSeconds {
|
||||
sessionConfiguration.renegotiatesAfter = TimeInterval(renegotiatesAfterSeconds)
|
||||
}
|
||||
sessionConfiguration.usesPIAPatches = cfg.usesPIAPatches ?? false
|
||||
|
||||
let proxy: SessionProxy
|
||||
do {
|
||||
|
|
|
|||
|
|
@ -162,6 +162,9 @@ extension SessionProxy {
|
|||
/// The number of seconds after which a renegotiation should be initiated. If `nil`, the client will never initiate a renegotiation.
|
||||
public var renegotiatesAfter: TimeInterval?
|
||||
|
||||
/// Server is patched for the PIA VPN provider.
|
||||
public var usesPIAPatches: Bool
|
||||
|
||||
/// :nodoc:
|
||||
public init(caPath: String) {
|
||||
credentials = nil
|
||||
|
|
@ -173,6 +176,7 @@ extension SessionProxy {
|
|||
compressionFraming = .disabled
|
||||
keepAliveInterval = nil
|
||||
renegotiatesAfter = nil
|
||||
usesPIAPatches = false
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -190,7 +194,8 @@ extension SessionProxy {
|
|||
clientKeyPath: clientKeyPath,
|
||||
compressionFraming: compressionFraming,
|
||||
keepAliveInterval: keepAliveInterval,
|
||||
renegotiatesAfter: renegotiatesAfter
|
||||
renegotiatesAfter: renegotiatesAfter,
|
||||
usesPIAPatches: usesPIAPatches
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
@ -224,5 +229,8 @@ extension SessionProxy {
|
|||
|
||||
/// - Seealso: `SessionProxy.ConfigurationBuilder.renegotiatesAfter`
|
||||
public let renegotiatesAfter: TimeInterval?
|
||||
|
||||
/// - Seealso: `SessionProxy.ConfigurationBuilder.usesPIAPatches`
|
||||
public let usesPIAPatches: Bool
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -556,8 +556,22 @@ public class SessionProxy {
|
|||
keys[negotiationKeyIdx] = newKey
|
||||
log.debug("Negotiation key index is \(negotiationKeyIdx)")
|
||||
|
||||
let payload = hardResetPayload() ?? Data()
|
||||
negotiationKey.state = .hardReset
|
||||
enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: Data())
|
||||
enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: payload)
|
||||
}
|
||||
|
||||
private func hardResetPayload() -> Data? {
|
||||
guard !configuration.usesPIAPatches else {
|
||||
let caMD5 = TLSBox.md5(forCertificatePath: configuration.caPath)
|
||||
log.debug("CA MD5 is: \(caMD5)")
|
||||
return try? PIAHardReset(
|
||||
caMd5Digest: caMD5,
|
||||
cipher: configuration.cipher,
|
||||
digest: configuration.digest
|
||||
).encodedData()
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Ruby: soft_reset
|
||||
|
|
|
|||
Loading…
Reference in New Issue