Drop support for PIA HARD_RESET patch

2018-08-23 11:11:15 +02:00 · 2018-08-23 11:11:15 +02:00 · dfac465c1d
parent 1fbf71b4d7
commit dfac465c1d
10 changed files with 14 additions and 157 deletions
--- a/TunnelKit.xcodeproj/project.pbxproj
+++ b/TunnelKit.xcodeproj/project.pbxproj
@ -38,10 +38,6 @@
 		0EA8E20D2024D5D500A92DB6 /* PIA-RSA-2048.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4822006D3D000F81029 /* PIA-RSA-2048.pem */; };
 		0EA8E20E2024D5D500A92DB6 /* PIA-RSA-3072.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4802006D3D000F81029 /* PIA-RSA-3072.pem */; };
 		0EA8E20F2024D5D500A92DB6 /* PIA-RSA-4096.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4812006D3D000F81029 /* PIA-RSA-4096.pem */; };
 		0EAAD70920E4F2BC0088754A /* CommunicationType.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70820E4F2BC0088754A /* CommunicationType.swift */; };
 		0EAAD70A20E4F2BC0088754A /* CommunicationType.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70820E4F2BC0088754A /* CommunicationType.swift */; };
 		0EAAD70C20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */; };
 		0EAAD70D20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */; };
 		0EB2B45320F0BB44004233D7 /* EncryptionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45220F0BB44004233D7 /* EncryptionTests.swift */; };
 		0EB2B45520F0BB53004233D7 /* DataManipulationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45420F0BB53004233D7 /* DataManipulationTests.swift */; };
 		0EB2B45720F0BD16004233D7 /* RandomTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45620F0BD16004233D7 /* RandomTests.swift */; };
@ -105,7 +101,6 @@
 		0EFEB46E2006D3C800F81029 /* TLSBox.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4442006D3C800F81029 /* TLSBox.h */; };
 		0EFEB46F2006D3C800F81029 /* IOInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4452006D3C800F81029 /* IOInterface.swift */; };
 		0EFEB4702006D3C800F81029 /* Allocation.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4462006D3C800F81029 /* Allocation.m */; };
 		0EFEB4712006D3C800F81029 /* TunnelSettings.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4472006D3C800F81029 /* TunnelSettings.swift */; };
 		0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4482006D3C800F81029 /* ReplayProtector.m */; };
 		0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4492006D3C800F81029 /* LinkInterface.swift */; };
 		0EFEB4742006D3C800F81029 /* CoreConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */; };
@ -136,7 +131,6 @@
 		0EFEB49C2006D7F300F81029 /* Data+Manipulation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4432006D3C800F81029 /* Data+Manipulation.swift */; };
 		0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4452006D3C800F81029 /* IOInterface.swift */; };
 		0EFEB49E2006D7F300F81029 /* Allocation.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4462006D3C800F81029 /* Allocation.m */; };
 		0EFEB49F2006D7F300F81029 /* TunnelSettings.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4472006D3C800F81029 /* TunnelSettings.swift */; };
 		0EFEB4A02006D7F300F81029 /* ReplayProtector.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4482006D3C800F81029 /* ReplayProtector.m */; };
 		0EFEB4A12006D7F300F81029 /* LinkInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4492006D3C800F81029 /* LinkInterface.swift */; };
 		0EFEB4A22006D7F300F81029 /* CoreConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */; };
@ -203,8 +197,6 @@
 		0EA8E2042024D4B100A92DB6 /* PIA-ECC-256k1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-256k1.pem"; sourceTree = "<group>"; };
 		0EA8E2052024D4B100A92DB6 /* PIA-ECC-256r1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-256r1.pem"; sourceTree = "<group>"; };
 		0EA8E2062024D4B200A92DB6 /* PIA-ECC-521r1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-521r1.pem"; sourceTree = "<group>"; };
 		0EAAD70820E4F2BC0088754A /* CommunicationType.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CommunicationType.swift; sourceTree = "<group>"; };
 		0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "LinkInterface+Strategy.swift"; sourceTree = "<group>"; };
 		0EB2B45220F0BB44004233D7 /* EncryptionTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EncryptionTests.swift; sourceTree = "<group>"; };
 		0EB2B45420F0BB53004233D7 /* DataManipulationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DataManipulationTests.swift; sourceTree = "<group>"; };
 		0EB2B45620F0BD16004233D7 /* RandomTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RandomTests.swift; sourceTree = "<group>"; };
@ -251,7 +243,6 @@
 		0EFEB4442006D3C800F81029 /* TLSBox.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TLSBox.h; sourceTree = "<group>"; };
 		0EFEB4452006D3C800F81029 /* IOInterface.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = IOInterface.swift; sourceTree = "<group>"; };
 		0EFEB4462006D3C800F81029 /* Allocation.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Allocation.m; sourceTree = "<group>"; };
 		0EFEB4472006D3C800F81029 /* TunnelSettings.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TunnelSettings.swift; sourceTree = "<group>"; };
 		0EFEB4482006D3C800F81029 /* ReplayProtector.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ReplayProtector.m; sourceTree = "<group>"; };
 		0EFEB4492006D3C800F81029 /* LinkInterface.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LinkInterface.swift; sourceTree = "<group>"; };
 		0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CoreConfiguration.swift; sourceTree = "<group>"; };
@ -408,7 +399,6 @@
 		0EBBF2E32084FDF400E36B40 /* Transport */ = {
 			isa = PBXGroup;
 			children = (
 				0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */,
 				0EBBF2F92085061600E36B40 /* NETCPInterface.swift */,
 				0EBBF2EB2085055100E36B40 /* NETunnelInterface.swift */,
 				0EBBF2EC2085055100E36B40 /* NEUDPInterface.swift */,
@ -424,7 +414,6 @@
 				0EFEB42E2006D3C800F81029 /* Allocation.h */,
 				0EFEB4462006D3C800F81029 /* Allocation.m */,
 				0EFEB43A2006D3C800F81029 /* Authenticator.swift */,
 				0EAAD70820E4F2BC0088754A /* CommunicationType.swift */,
 				0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */,
 				0E07597C20F0060E00F38FD8 /* CryptoAEAD.h */,
 				0E07597D20F0060E00F38FD8 /* CryptoAEAD.m */,
@ -459,7 +448,6 @@
 				0EFEB4442006D3C800F81029 /* TLSBox.h */,
 				0EFEB4302006D3C800F81029 /* TLSBox.m */,
 				0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */,
 				0EFEB4472006D3C800F81029 /* TunnelSettings.swift */,
 				0EFEB4412006D3C800F81029 /* ZeroingData.h */,
 				0EFEB4312006D3C800F81029 /* ZeroingData.m */,
 				0EFEB43B2006D3C800F81029 /* ZeroingData.swift */,
@ -879,13 +867,11 @@
 			buildActionMask = 2147483647;
 			files = (
 				0EBBF2F5208505D700E36B40 /* NETunnelInterface.swift in Sources */,
 				0EAAD70920E4F2BC0088754A /* CommunicationType.swift in Sources */,
 				0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */,
 				0EBBF2F8208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
 				0EFEB4652006D3C800F81029 /* Authenticator.swift in Sources */,
 				0EE7A79820F6296F00B42E6A /* PacketMacros.m in Sources */,
 				0EEC49DC20B5E732008FEB91 /* Utils.swift in Sources */,
 				0EAAD70C20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */,
 				0EFEB4562006D3C800F81029 /* SessionKey.swift in Sources */,
 				0EC1BBA520D71190007C4C7B /* DNSResolver.swift in Sources */,
 				0EFEB4AB200760EC00F81029 /* MemoryDestination.swift in Sources */,
@ -914,7 +900,6 @@
 				0EFEB4702006D3C800F81029 /* Allocation.m in Sources */,
 				0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */,
 				0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */,
 				0EFEB4712006D3C800F81029 /* TunnelSettings.swift in Sources */,
 				0EFEB4782006D3C800F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
 				0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */,
 				0EFEB4752006D3C800F81029 /* Errors.m in Sources */,
@ -930,14 +915,12 @@
 			buildActionMask = 2147483647;
 			files = (
 				0EBBF2F6208505D700E36B40 /* NETunnelInterface.swift in Sources */,
 				0EAAD70A20E4F2BC0088754A /* CommunicationType.swift in Sources */,
 				0EFEB4A12006D7F300F81029 /* LinkInterface.swift in Sources */,
 				0EFEB4872006D7C400F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
 				0EBBF2F7208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
 				0EFEB4882006D7C400F81029 /* TunnelKitProvider+Interaction.swift in Sources */,
 				0EE7A79920F6296F00B42E6A /* PacketMacros.m in Sources */,
 				0EEC49DD20B5E732008FEB91 /* Utils.swift in Sources */,
 				0EAAD70D20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */,
 				0EFEB4B12007627700F81029 /* MemoryDestination.swift in Sources */,
 				0EC1BBA620D712DE007C4C7B /* DNSResolver.swift in Sources */,
 				0EFEB4A02006D7F300F81029 /* ReplayProtector.m in Sources */,
@ -971,7 +954,6 @@
 				0EFEB4912006D7F300F81029 /* TLSBox.m in Sources */,
 				0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */,
 				0EFEB4972006D7F300F81029 /* Authenticator.swift in Sources */,
 				0EFEB49F2006D7F300F81029 /* TunnelSettings.swift in Sources */,
 				0EFEB49B2006D7F300F81029 /* Packet.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
--- a/TunnelKit/Sources/AppExtension/ConnectionStrategy.swift
+++ b/TunnelKit/Sources/AppExtension/ConnectionStrategy.swift
@ -116,11 +116,11 @@ private extension NEProvider {
        switch endpointProtocol.socketType {
        case .udp:
            let impl = createUDPSession(to: endpoint, from: nil)
-            return NEUDPInterface(impl: impl, communicationType: endpointProtocol.communicationType)
+            return NEUDPInterface(impl: impl)
        case .tcp:
            let impl = createTCPConnection(to: endpoint, enableTLS: false, tlsParameters: nil, delegate: nil)
-            return NETCPInterface(impl: impl, communicationType: endpointProtocol.communicationType)
+            return NETCPInterface(impl: impl)
        }
    }
 }
--- a/TunnelKit/Sources/AppExtension/Transport/LinkInterface+Strategy.swift
+++ b/TunnelKit/Sources/AppExtension/Transport/LinkInterface+Strategy.swift
@ -1,30 +0,0 @@
 //
 //  LinkInterface+Strategy.swift
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 6/28/18.
 //  Copyright © 2018 London Trust Media. All rights reserved.
 //
 import Foundation
 extension LinkInterface {
    func hardReset(with encryption: SessionProxy.EncryptionParameters) -> Data? {
        switch communicationType {
        case .pia:
            guard let caDigest = encryption.caDigest else {
                fatalError("PIA communication requires CA MD5 digest")
            }
            let settings = TunnelSettings(
                caMd5Digest: caDigest,
                cipherName: encryption.cipherName,
                digestName: encryption.digestName
            )
            return (try? settings.encodedData()) ?? Data()
        default:
            break
        }
        return nil
    }
 }
--- a/TunnelKit/Sources/AppExtension/Transport/NETCPInterface.swift
+++ b/TunnelKit/Sources/AppExtension/Transport/NETCPInterface.swift
@ -19,9 +19,8 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
    private let maxPacketSize: Int
-    init(impl: NWTCPConnection, communicationType: CommunicationType, maxPacketSize: Int? = nil) {
+    init(impl: NWTCPConnection, maxPacketSize: Int? = nil) {
        self.impl = impl
        self.communicationType = communicationType
        self.maxPacketSize = maxPacketSize ?? (512 * 1024)
        isActive = false
        isShutdown = false
@ -77,7 +76,7 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
        guard impl.hasBetterPath else {
            return nil
        }
-        return NETCPInterface(impl: NWTCPConnection(upgradeFor: impl), communicationType: communicationType)
+        return NETCPInterface(impl: NWTCPConnection(upgradeFor: impl))
    }
    func link() -> LinkInterface {
@ -160,8 +159,6 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
        return maxPacketSize
    }
    let communicationType: CommunicationType
    let negotiationTimeout: TimeInterval = 10.0
    let hardResetTimeout: TimeInterval = 5.0
--- a/TunnelKit/Sources/AppExtension/Transport/NEUDPInterface.swift
+++ b/TunnelKit/Sources/AppExtension/Transport/NEUDPInterface.swift
@ -19,9 +19,8 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
    private let maxDatagrams: Int
-    init(impl: NWUDPSession, communicationType: CommunicationType, maxDatagrams: Int? = nil) {
+    init(impl: NWUDPSession, maxDatagrams: Int? = nil) {
        self.impl = impl
        self.communicationType = communicationType
        self.maxDatagrams = maxDatagrams ?? 200
        isActive = false
@ -76,7 +75,7 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
        guard impl.hasBetterPath else {
            return nil
        }
-        return NEUDPInterface(impl: NWUDPSession(upgradeFor: impl), communicationType: communicationType)
+        return NEUDPInterface(impl: NWUDPSession(upgradeFor: impl))
    }
    func link() -> LinkInterface {
@ -162,8 +161,6 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
        return maxDatagrams
    }
    let communicationType: CommunicationType
    let negotiationTimeout: TimeInterval = 10.0
    let hardResetTimeout: TimeInterval = 5.0
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
@ -128,21 +128,17 @@ extension TunnelKitProvider {
        /// The remote port.
        public let port: UInt16
        /// The communication type.
        public let communicationType: CommunicationType
        /// :nodoc:
-        public init(_ socketType: SocketType, _ port: UInt16, _ communicationType: CommunicationType) {
+        public init(_ socketType: SocketType, _ port: UInt16) {
            self.socketType = socketType
            self.port = port
            self.communicationType = communicationType
        }
        // MARK: Equatable
        /// :nodoc:
        public static func ==(lhs: EndpointProtocol, rhs: EndpointProtocol) -> Bool {
-            return (lhs.socketType == rhs.socketType) && (lhs.port == rhs.port) && (lhs.communicationType == rhs.communicationType)
+            return (lhs.socketType == rhs.socketType) && (lhs.port == rhs.port)
        }
        // MARK: CustomStringConvertible
@ -253,7 +249,7 @@ extension TunnelKitProvider {
            self.appGroup = appGroup
            prefersResolvedAddresses = false
            resolvedAddresses = nil
-            endpointProtocols = [EndpointProtocol(.udp, 1194, .pia)]
+            endpointProtocols = [EndpointProtocol(.udp, 1194)]
            cipher = .aes128cbc
            digest = .sha1
            handshake = .rsa2048
@ -300,22 +296,18 @@ extension TunnelKitProvider {
            }
            endpointProtocols = try endpointProtocolsStrings.map {
                let components = $0.components(separatedBy: ":")
-                guard components.count == 3 else {
+                guard components.count == 2 else {
-                    throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] entries must be in the form 'socketType:port:communicationType'")
+                    throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] entries must be in the form 'socketType:port'")
                }
                let socketTypeString = components[0]
                let portString = components[1]
                let communicationTypeString = components[2]
                guard let socketType = SocketType(rawValue: socketTypeString) else {
                    throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] unrecognized socketType '\(socketTypeString)'")
                }
                guard let port = UInt16(portString) else {
                    throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] non-numeric port '\(portString)'")
                }
-                guard let communicationType = CommunicationType(rawValue: communicationTypeString) else {
+                return EndpointProtocol(socketType, port)
                    throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] unrecognized communicationType '\(communicationTypeString)'")
                }
                return EndpointProtocol(socketType, port, communicationType)
            }
            self.cipher = cipher
@ -472,7 +464,7 @@ extension TunnelKitProvider {
                S.appGroup: appGroup,
                S.prefersResolvedAddresses: prefersResolvedAddresses,
                S.endpointProtocols: endpointProtocols.map {
-                    "\($0.socketType.rawValue):\($0.port):\($0.communicationType.rawValue)"
+                    "\($0.socketType.rawValue):\($0.port)"
                },
                S.cipherAlgorithm: cipher.rawValue,
                S.digestAlgorithm: digest.rawValue,
--- a/TunnelKit/Sources/Core/CommunicationType.swift
+++ b/TunnelKit/Sources/Core/CommunicationType.swift
@ -1,19 +0,0 @@
 //
 //  CommunicationType.swift
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 6/28/18.
 //  Copyright © 2018 London Trust Media. All rights reserved.
 //
 import Foundation
 /// The language spoken over a link.
 public enum CommunicationType: String {
    /// PIA-patched OpenVPN server.
    case pia
    /// Stock OpenVPN server.
    case vanilla
 }
--- a/TunnelKit/Sources/Core/LinkInterface.swift
+++ b/TunnelKit/Sources/Core/LinkInterface.swift
@ -23,20 +23,9 @@ public protocol LinkInterface: IOInterface {
    /// The number of packets that this interface is able to bufferize.
    var packetBufferSize: Int { get }
    /// The language spoken over this link.
    var communicationType: CommunicationType { get }
    /// Timeout in seconds for negotiation start.
    var negotiationTimeout: TimeInterval { get }
    /// Timeout in seconds for HARD_RESET response.
    var hardResetTimeout: TimeInterval { get }
    /**
     Returns an optional payload to attach to the HARD_RESET packet.
     - Parameter encryption: The `SessionProxy.EncryptionParameters` to establish for this session.
     - Returns: The optional HARD_RESET payload.
     */
    func hardReset(with encryption: SessionProxy.EncryptionParameters) -> Data?
 }
--- a/TunnelKit/Sources/Core/SessionProxy.swift
+++ b/TunnelKit/Sources/Core/SessionProxy.swift
@ -702,9 +702,8 @@ public class SessionProxy {
        keys[negotiationKeyIdx] = newKey
        log.debug("Negotiation key index is \(negotiationKeyIdx)")
        let payload = link?.hardReset(with: encryption) ?? Data()
        negotiationKey.state = .hardReset
-        enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: payload)
+        enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: Data())
    }
    // Ruby: soft_reset
--- a/TunnelKit/Sources/Core/TunnelSettings.swift
+++ b/TunnelKit/Sources/Core/TunnelSettings.swift
@ -1,50 +0,0 @@
 //
 //  TunnelSettings.swift
 //  TunnelKit
 //
 //  Created by Davide De Rosa on 2/7/17.
 //  Copyright © 2018 London Trust Media. All rights reserved.
 //
 import Foundation
 enum TunnelSettingsError: Error {
    case encoding
 }
 struct TunnelSettings {
    private static let obfuscationKeyLength = 3
    private static let magic = "53eo0rk92gxic98p1asgl5auh59r1vp4lmry1e3chzi100qntd"
    private static let encodedFormat = "\(magic)crypto\t%@|%@\tca\t%@"
    private let caMd5Digest: String
    private let cipherName: String
    private let digestName: String
    init(caMd5Digest: String, cipherName: String, digestName: String) {
        self.caMd5Digest = caMd5Digest
        self.cipherName = cipherName
        self.digestName = digestName
    }
    // Ruby: pia_settings
    func encodedData() throws -> Data {
        guard let plainData = String(format: TunnelSettings.encodedFormat, cipherName, digestName, caMd5Digest).data(using: .ascii) else {
            throw TunnelSettingsError.encoding
        }
        let keyBytes = try SecureRandom.data(length: TunnelSettings.obfuscationKeyLength)
        var encodedData = Data(keyBytes)
        for (i, b) in plainData.enumerated() {
            let keyChar = keyBytes[i % keyBytes.count]
            let xorredB = b ^ keyChar
            encodedData.append(xorredB)
        }
        return encodedData
    }
 }