passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make SessionProxy* top level 

Drop redundant SessionReply.
This commit is contained in:
Davide De Rosa 2019-05-19 14:17:18 +02:00
parent 465e08e42f
commit 9c7ae47679
5 changed files with 1204 additions and 1210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.jazzy.yaml
View File

@ -28,8 +28,8 @@ custom_categories:
children:
- OpenVPN
- SessionError
- SessionProxy
- SessionProxyDelegate
- SessionReply
- name: AppExtension
children:
- TunnelKitProvider

12
TunnelKit.xcodeproj/project.pbxproj
View File

@ -64,8 +64,8 @@
0E3B65752249253B00EFF4DA /* tunnelbear.enc.1.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = 0E3B656E224923EC00EFF4DA /* tunnelbear.enc.1.ovpn */; };
0E3B65762249253F00EFF4DA /* tunnelbear.key in Resources */ = {isa = PBXBuildFile; fileRef = 0E3B65712249247E00EFF4DA /* tunnelbear.key */; };
0E3B65772249254000EFF4DA /* tunnelbear.key in Resources */ = {isa = PBXBuildFile; fileRef = 0E3B65712249247E00EFF4DA /* tunnelbear.key */; };
0E3E0F212108A8CC00B371C1 /* SessionReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionReply.swift */; };
0E3E0F222108A8CC00B371C1 /* SessionReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* SessionReply.swift */; };
0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* PushReply.swift */; };
0E3E0F222108A8CC00B371C1 /* PushReply.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E3E0F202108A8CC00B371C1 /* PushReply.swift */; };
0E411B9B2271F90700E0852C /* DNS.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E411B992271F90700E0852C /* DNS.h */; };
0E411B9C2271F90700E0852C /* DNS.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E411B992271F90700E0852C /* DNS.h */; };
0E411B9D2271F90700E0852C /* DNS.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E411B9A2271F90700E0852C /* DNS.m */; };
@ -268,7 +268,7 @@
0E3B15C62152B05E00984B17 /* CryptoCTR.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = CryptoCTR.m; sourceTree = "<group>"; };
0E3B656E224923EC00EFF4DA /* tunnelbear.enc.1.ovpn */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.enc.1.ovpn; sourceTree = "<group>"; };
0E3B65712249247E00EFF4DA /* tunnelbear.key */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.key; sourceTree = "<group>"; };
0E3E0F202108A8CC00B371C1 /* SessionReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SessionReply.swift; sourceTree = "<group>"; };
0E3E0F202108A8CC00B371C1 /* PushReply.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PushReply.swift; sourceTree = "<group>"; };
0E411B992271F90700E0852C /* DNS.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DNS.h; sourceTree = "<group>"; };
0E411B9A2271F90700E0852C /* DNS.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = DNS.m; sourceTree = "<group>"; };
0E411B9F2271FA3300E0852C /* libresolv.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = libresolv.tbd; path = Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.14.sdk/usr/lib/libresolv.tbd; sourceTree = DEVELOPER_DIR; };
@ -570,13 +570,13 @@
0E48AC622271ADA8009B1A98 /* PacketStream.h */,
0E48AC632271ADA9009B1A98 /* PacketStream.m */,
0EFEB4382006D3C800F81029 /* ProtocolMacros.swift */,
0E3E0F202108A8CC00B371C1 /* PushReply.swift */,
0EFEB4392006D3C800F81029 /* ReplayProtector.h */,
0EFEB4482006D3C800F81029 /* ReplayProtector.m */,
0E0C2123212ED29D008AB282 /* SessionError.swift */,
0EFEB42B2006D3C800F81029 /* SessionKey.swift */,
0EFEB43C2006D3C800F81029 /* SessionProxy.swift */,
0E749F5E2178885500BB2701 /* SessionProxy+PIA.swift */,
0E3E0F202108A8CC00B371C1 /* SessionReply.swift */,
0EE3B3E321471C3A0027AB17 /* StaticKey.swift */,
0EFEB4442006D3C800F81029 /* TLSBox.h */,
0EFEB4302006D3C800F81029 /* TLSBox.m */,
@ -1139,7 +1139,7 @@
0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */,
0ED9C8642138139000621BA3 /* CompressionFraming.swift in Sources */,
0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */,
0E3E0F212108A8CC00B371C1 /* SessionReply.swift in Sources */,
0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */,
0ECC60D82254981A0020BEAC /* ConfigurationError.swift in Sources */,
0EFEB4752006D3C800F81029 /* Errors.m in Sources */,
0E58BF532240FAA6006FB157 /* CompressionAlgorithm.swift in Sources */,
@ -1202,7 +1202,7 @@
0ED9C8652138139000621BA3 /* CompressionFraming.swift in Sources */,
0EFEB4A42006D7F300F81029 /* DataPath.m in Sources */,
0ECC60D92254981A0020BEAC /* ConfigurationError.swift in Sources */,
0E3E0F222108A8CC00B371C1 /* SessionReply.swift in Sources */,
0E3E0F222108A8CC00B371C1 /* PushReply.swift in Sources */,
0E58BF542240FAA6006FB157 /* CompressionAlgorithm.swift in Sources */,
0E12B2A621454F7F00B4BAE9 /* BidirectionalState.swift in Sources */,
0EB03E402290D310006D03A0 /* CoreConfiguration+OpenVPN.swift in Sources */,

19
TunnelKit/Sources/OpenVPN/SessionReply.swift → TunnelKit/Sources/OpenVPN/PushReply.swift
View File

@ -1,5 +1,5 @@
//
// SessionReply.swift
// PushReply.swift
// TunnelKit
//
// Created by Davide De Rosa on 7/25/18.
@ -36,20 +36,16 @@
import Foundation
/// Groups the parsed reply of a successfully started session.
public protocol SessionReply {
/// The returned options.
var options: OpenVPN.Configuration { get }
}
extension OpenVPN {
struct PushReply: SessionReply, CustomStringConvertible {
/// Groups the parsed reply of a successfully started session.
public struct PushReply: CustomStringConvertible {
private static let prefix = "PUSH_REPLY,"
private let original: String
let options: Configuration
/// The pushed options as a `Configuration` object.
public let options: Configuration
init?(message: String) throws {
guard message.hasPrefix(PushReply.prefix) else {
@ -66,7 +62,8 @@ extension OpenVPN {
// MARK: CustomStringConvertible
var description: String {
/// :nodoc:
public var description: String {
let stripped = NSMutableString(string: original)
ConfigurationParser.Regex.authToken.replaceMatches(
in: stripped,

2
TunnelKit/Sources/OpenVPN/SessionProxy+PIA.swift
View File

@ -36,7 +36,7 @@
import Foundation
extension OpenVPN.SessionProxy {
extension SessionProxy {
struct PIAHardReset {
private static let obfuscationKeyLength = 3

81
TunnelKit/Sources/OpenVPN/SessionProxy.swift
View File

@ -48,9 +48,9 @@ public protocol SessionProxyDelegate: class {
Called after starting a session.
- Parameter remoteAddress: The address of the VPN server.
- Parameter reply: The compound `SessionReply` containing tunnel settings.
- Parameter options: The pulled tunnel settings.
*/
func sessionDidStart(_: OpenVPN.SessionProxy, remoteAddress: String, reply: SessionReply)
func sessionDidStart(_: SessionProxy, remoteAddress: String, options: OpenVPN.PushReply)
/**
Called after stopping a session.
@ -58,13 +58,11 @@ public protocol SessionProxyDelegate: class {
- Parameter shouldReconnect: When `true`, the session can/should be restarted. Usually because the stop reason was recoverable.
- Seealso: `SessionProxy.reconnect(...)`
*/
func sessionDidStop(_: OpenVPN.SessionProxy, shouldReconnect: Bool)
func sessionDidStop(_: SessionProxy, shouldReconnect: Bool)
}
extension OpenVPN {
/// Provides methods to set up and maintain an OpenVPN session.
public class SessionProxy {
/// Provides methods to set up and maintain an OpenVPN session.
public class SessionProxy {
private enum StopMethod {
case shutdown
@ -82,10 +80,10 @@ extension OpenVPN {
// MARK: Configuration
/// The session base configuration.
public let configuration: Configuration
public let configuration: OpenVPN.Configuration
/// The optional credentials.
public var credentials: Credentials?
public var credentials: OpenVPN.Credentials?
private var keepAliveInterval: TimeInterval? {
let interval: TimeInterval?
@ -110,22 +108,22 @@ extension OpenVPN {
private var withLocalOptions: Bool
private var keys: [UInt8: SessionKey]
private var keys: [UInt8: OpenVPN.SessionKey]
private var oldKeys: [SessionKey]
private var oldKeys: [OpenVPN.SessionKey]
private var negotiationKeyIdx: UInt8
private var currentKeyIdx: UInt8?
private var negotiationKey: SessionKey {
private var negotiationKey: OpenVPN.SessionKey {
guard let key = keys[negotiationKeyIdx] else {
fatalError("Keys are empty or index \(negotiationKeyIdx) not found in \(keys.keys)")
}
return key
}
private var currentKey: SessionKey? {
private var currentKey: OpenVPN.SessionKey? {
guard let i = currentKeyIdx else {
return nil
}
@ -142,7 +140,7 @@ extension OpenVPN {
private var continuatedPushReplyMessage: String?
private var pushReply: SessionReply?
private var pushReply: OpenVPN.PushReply?
private var nextPushRequestDate: Date?
@ -157,9 +155,9 @@ extension OpenVPN {
// MARK: Control
private var controlChannel: ControlChannel
private var controlChannel: OpenVPN.ControlChannel
private var authenticator: Authenticator?
private var authenticator: OpenVPN.Authenticator?
// MARK: Caching
@ -185,7 +183,7 @@ extension OpenVPN {
- Parameter queue: The `DispatchQueue` where to run the session loop.
- Parameter configuration: The `Configuration` to use for this session.
*/
public init(queue: DispatchQueue, configuration: Configuration, cachesURL: URL) throws {
public init(queue: DispatchQueue, configuration: OpenVPN.Configuration, cachesURL: URL) throws {
guard let ca = configuration.ca else {
throw ConfigurationError.missingConfiguration(option: "ca")
}
@ -204,13 +202,13 @@ extension OpenVPN {
if let tlsWrap = configuration.tlsWrap {
switch tlsWrap.strategy {
case .auth:
controlChannel = try ControlChannel(withAuthKey: tlsWrap.key, digest: configuration.fallbackDigest)
controlChannel = try OpenVPN.ControlChannel(withAuthKey: tlsWrap.key, digest: configuration.fallbackDigest)
case .crypt:
controlChannel = try ControlChannel(withCryptKey: tlsWrap.key)
controlChannel = try OpenVPN.ControlChannel(withCryptKey: tlsWrap.key)
}
} else {
controlChannel = ControlChannel()
controlChannel = OpenVPN.ControlChannel()
}
// cache PEMs locally (mandatory for OpenSSL)
@ -273,7 +271,7 @@ extension OpenVPN {
- Returns: `true` if supports link rebinding.
*/
public func canRebindLink() -> Bool {
// return (pushReply?.peerId != nil)
// return (pushReply?.peerId != nil)
// FIXME: floating is currently unreliable
return false
@ -443,7 +441,7 @@ extension OpenVPN {
if let packets = newPackets, !packets.isEmpty {
self?.maybeRenegotiate()
// log.verbose("Received \(packets.count) packets from LINK")
// log.verbose("Received \(packets.count) packets from LINK")
self?.receiveLink(packets: packets)
}
}
@ -458,7 +456,7 @@ extension OpenVPN {
}
if let packets = newPackets, !packets.isEmpty {
// log.verbose("Received \(packets.count) packets from \(self.tunnelName)")
// log.verbose("Received \(packets.count) packets from \(self.tunnelName)")
self?.receiveTunnel(packets: packets)
}
}
@ -475,7 +473,7 @@ extension OpenVPN {
var dataPacketsByKey = [UInt8: [Data]]()
for packet in packets {
// log.verbose("Received data from LINK (\(packet.count) bytes): \(packet.toHex())")
// log.verbose("Received data from LINK (\(packet.count) bytes): \(packet.toHex())")
guard let firstByte = packet.first else {
log.warning("Dropped malformed packet (missing opcode)")
@ -486,7 +484,7 @@ extension OpenVPN {
log.warning("Dropped malformed packet (unknown code: \(codeValue))")
continue
}
// log.verbose("Parsed packet with code \(code)")
// log.verbose("Parsed packet with code \(code)")
var offset = 1
if (code == .dataV2) {
@ -524,8 +522,8 @@ extension OpenVPN {
} catch let e {
log.warning("Dropped malformed packet: \(e)")
continue
// deferStop(.shutdown, e)
// return
// deferStop(.shutdown, e)
// return
}
if (code == .hardResetServerV2) && (negotiationKey.controlState == .connected) {
deferStop(.shutdown, SessionError.staleSession)
@ -583,7 +581,7 @@ extension OpenVPN {
}
log.debug("Send ping")
sendDataPackets([DataPacket.pingString])
sendDataPackets([OpenVPN.DataPacket.pingString])
lastPing.outbound = Date()
scheduleNextPing()
@ -619,7 +617,7 @@ extension OpenVPN {
continuatedPushReplyMessage = nil
pushReply = nil
negotiationKeyIdx = 0
let newKey = SessionKey(id: UInt8(negotiationKeyIdx))
let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx))
keys[negotiationKeyIdx] = newKey
log.debug("Negotiation key index is \(negotiationKeyIdx)")
@ -660,8 +658,8 @@ extension OpenVPN {
}
resetControlChannel(forNewSession: false)
negotiationKeyIdx = max(1, (negotiationKeyIdx + 1) % ProtocolMacros.numberOfKeys)
let newKey = SessionKey(id: UInt8(negotiationKeyIdx))
negotiationKeyIdx = max(1, (negotiationKeyIdx + 1) % OpenVPN.ProtocolMacros.numberOfKeys)
let newKey = OpenVPN.SessionKey(id: UInt8(negotiationKeyIdx))
keys[negotiationKeyIdx] = newKey
log.debug("Negotiation key index is \(negotiationKeyIdx)")
@ -680,7 +678,7 @@ extension OpenVPN {
negotiationKey.controlState = .preAuth
do {
authenticator = try Authenticator(credentials?.username, pushReply?.options.authToken ?? credentials?.password)
authenticator = try OpenVPN.Authenticator(credentials?.username, pushReply?.options.authToken ?? credentials?.password)
authenticator?.withLocalOptions = withLocalOptions
try authenticator?.putAuth(into: negotiationKey.tls, options: configuration)
} catch let e {
@ -768,7 +766,7 @@ extension OpenVPN {
private func handleControlPacket(_ packet: ControlPacket) {
guard packet.key == negotiationKey.id else {
log.error("Bad key in control packet (\(packet.key) != \(negotiationKey.id))")
// deferStop(.shutdown, SessionError.badKey)
// deferStop(.shutdown, SessionError.badKey)
return
}
@ -945,9 +943,9 @@ extension OpenVPN {
} else {
completeMessage = message
}
let reply: PushReply
let reply: OpenVPN.PushReply
do {
guard let optionalReply = try PushReply(message: completeMessage) else {
guard let optionalReply = try OpenVPN.PushReply(message: completeMessage) else {
return
}
reply = optionalReply
@ -989,7 +987,7 @@ extension OpenVPN {
guard let remoteAddress = link?.remoteAddress else {
fatalError("Could not resolve link remote address")
}
delegate?.sessionDidStart(self, remoteAddress: remoteAddress, reply: reply)
delegate?.sessionDidStart(self, remoteAddress: remoteAddress, options: reply)
scheduleNextPing()
}
@ -1095,9 +1093,9 @@ extension OpenVPN {
log.info("\tNegotiated keep-alive: \(negPing) seconds")
}
let bridge: EncryptionBridge
let bridge: OpenVPN.EncryptionBridge
do {
bridge = try EncryptionBridge(
bridge = try OpenVPN.EncryptionBridge(
pushedCipher ?? configuration.fallbackCipher,
configuration.fallbackDigest,
auth,
@ -1123,7 +1121,7 @@ extension OpenVPN {
// MARK: Data
// Ruby: handle_data_pkt
private func handleDataPackets(_ packets: [Data], key: SessionKey) {
private func handleDataPackets(_ packets: [Data], key: OpenVPN.SessionKey) {
controlChannel.addReceivedDataCount(packets.flatCount)
do {
guard let decryptedPackets = try key.decrypt(packets: packets) else {
@ -1175,7 +1173,7 @@ extension OpenVPN {
}
return
}
// log.verbose("Data: \(encryptedPackets.count) packets successfully written to LINK")
// log.verbose("Data: \(encryptedPackets.count) packets successfully written to LINK")
}
} catch let e {
guard !e.isTunnelKitError() else {
@ -1242,7 +1240,7 @@ extension OpenVPN {
// shut down after sending exit notification if socket is unreliable (normally UDP)
if let link = link, !link.isReliable {
do {
guard let packets = try currentKey?.encrypt(packets: [OCCPacket.exit.serialized()]) else {
guard let packets = try currentKey?.encrypt(packets: [OpenVPN.OCCPacket.exit.serialized()]) else {
completion()
return
}
@ -1278,5 +1276,4 @@ extension OpenVPN {
stopError = error
delegate?.sessionDidStop(self, shouldReconnect: true)
}
}
}