From cff359fcebf2997d4efdc99f37b67a7fd69b59c6 Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Sun, 2 Sep 2018 01:25:27 +0200
Subject: [PATCH] Parse pushed cipher if any

---
 .../Sources/Core/SessionProxy+PushReply.swift  | 18 ++++++++++++++++++
 TunnelKitTests/PushTests.swift                 |  8 ++++++++
 2 files changed, 26 insertions(+)

diff --git a/TunnelKit/Sources/Core/SessionProxy+PushReply.swift b/TunnelKit/Sources/Core/SessionProxy+PushReply.swift
index c7b28c8..76a67ce 100644
--- a/TunnelKit/Sources/Core/SessionProxy+PushReply.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+PushReply.swift
@@ -146,6 +146,12 @@ public protocol SessionReply {
     
     /// The DNS servers set up for this session.
     var dnsServers: [String] { get }
+    
+    /// The optional 24-bit peer-id.
+    var peerId: UInt32? { get }
+
+    /// The negotiated cipher if any (NCP).
+    var cipher: SessionProxy.Cipher? { get }
 }
 
 extension SessionProxy {
@@ -179,6 +185,8 @@ extension SessionProxy {
 
         private static let peerIdRegexp = try! NSRegularExpression(pattern: "peer-id [0-9]+", options: [])
 
+        private static let cipherRegexp = try! NSRegularExpression(pattern: "cipher [^\\s]+", options: [])
+
         let ipv4: IPv4Settings?
         
         let ipv6: IPv6Settings?
@@ -189,6 +197,8 @@ extension SessionProxy {
         
         let peerId: UInt32?
         
+        let cipher: SessionProxy.Cipher?
+        
         init?(message: String) throws {
             guard message.hasPrefix("PUSH_REPLY") else {
                 return nil
@@ -207,6 +217,7 @@ extension SessionProxy {
             var dnsServers: [String] = []
             var authToken: String?
             var peerId: UInt32?
+            var cipher: SessionProxy.Cipher?
             
             // MARK: Routing (IPv4)
 
@@ -354,10 +365,17 @@ extension SessionProxy {
             PushReply.peerIdRegexp.enumerateArguments(in: message) {
                 peerId = UInt32($0[0])
             }
+            
+            // MARK: NCP
+            
+            PushReply.cipherRegexp.enumerateArguments(in: message) {
+                cipher = SessionProxy.Cipher(rawValue: $0[0].uppercased())
+            }
 
             self.dnsServers = dnsServers
             self.authToken = authToken
             self.peerId = peerId
+            self.cipher = cipher
         }
     }
 }
diff --git a/TunnelKitTests/PushTests.swift b/TunnelKitTests/PushTests.swift
index b30d1ad..1b7820e 100644
--- a/TunnelKitTests/PushTests.swift
+++ b/TunnelKitTests/PushTests.swift
@@ -91,4 +91,12 @@ class PushTests: XCTestCase {
         XCTAssertEqual(reply.ipv6?.defaultGateway, "fe80::601:30ff:feb7:dc02")
         XCTAssertEqual(reply.dnsServers, ["2001:4860:4860::8888", "2001:4860:4860::8844"])
     }
+    
+    func testNCP() {
+        let msg = "PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.4.4.4,comp-lzo no,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-CBC"
+        let reply = try! SessionProxy.PushReply(message: msg)!
+        reply.debug()
+
+        XCTAssertEqual(reply.cipher, .aes256cbc)
+    }
 }