Send local options with authentication

Fixes some obsolete servers requiring cipher keysize.
2019-04-15 17:37:57 +02:00 · 2019-04-15 17:37:57 +02:00 · ad964e2041
commit ad964e2041
parent 322242de5c
3 changed files with 47 additions and 4 deletions
--- a/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift
@ -86,7 +86,7 @@ extension SessionProxy {
        // MARK: Authentication request

        // Ruby: on_tls_connect
-        func putAuth(into: TLSBox) throws {
+        func putAuth(into: TLSBox, options: SessionProxy.Configuration) throws {
            let raw = Z(ProtocolMacros.tlsPrefix)
            
            // local keys
@ -94,8 +94,37 @@ extension SessionProxy {
            raw.append(random1)
            raw.append(random2)
            
-            // opts (empty string)
-            raw.appendSized(Z(UInt8(0)))
+            // options string
+            var opts = [
+                "V4",
+                "cipher \(options.fallbackCipher.rawValue)",
+                "auth \(options.fallbackDigest.rawValue)",
+                "keysize \(options.fallbackCipher.keySize)"
+            ]
+            if let comp = options.compressionFraming {
+                switch comp {
+                case .compLZO:
+                    opts.append("comp-lzo")
+                    
+                case .compress:
+                    opts.append("compress")
+                    
+                default:
+                    break
+                }
+            }
+            if let strategy = options.tlsWrap?.strategy {
+                switch strategy {
+                case .auth:
+                    opts.append("tls-auth")
+                    
+                case .crypt:
+                    opts.append("tls-crypt")
+                }
+            }
+            let optsString = opts.joined(separator: ",")
+            log.debug("TLS.auth: Local options: \(optsString)")
+            raw.appendSized(Z(optsString, nullTerminated: true))
            
            // credentials
            if let username = username, let password = password {
--- a/TunnelKit/Sources/Core/SessionProxy+Configuration.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+Configuration.swift
@ -85,6 +85,20 @@ extension SessionProxy {
        /// AES encryption with 256-bit key size and GCM.
        case aes256gcm = "AES-256-GCM"
        
+        /// Returns the key size for this cipher.
+        public var keySize: Int {
+            switch self {
+            case .aes128cbc, .aes128gcm:
+                return 128
+                
+            case .aes192cbc, .aes192gcm:
+                return 192
+                
+            case .aes256cbc, .aes256gcm:
+                return 256
+            }
+        }
+        
        /// Digest should be ignored when this is `true`.
        public var embedsDigest: Bool {
            return rawValue.hasSuffix("-GCM")
--- a/TunnelKit/Sources/Core/SessionProxy.swift
+++ b/TunnelKit/Sources/Core/SessionProxy.swift
@ -671,7 +671,7 @@ public class SessionProxy {
        
        do {
            authenticator = try Authenticator(credentials?.username, pushReply?.options.authToken ?? credentials?.password)
-            try authenticator?.putAuth(into: negotiationKey.tls)
+            try authenticator?.putAuth(into: negotiationKey.tls, options: configuration)
        } catch let e {
            deferStop(.shutdown, e)
            return