passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Drop support for PIA HARD_RESET patch

This commit is contained in:
Davide De Rosa 2018-08-23 11:11:15 +02:00
parent 1fbf71b4d7
commit dfac465c1d
10 changed files with 14 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
TunnelKit.xcodeproj/project.pbxproj
View File

@ -38,10 +38,6 @@
0EA8E20D2024D5D500A92DB6 /* PIA-RSA-2048.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4822006D3D000F81029 /* PIA-RSA-2048.pem */; };
0EA8E20E2024D5D500A92DB6 /* PIA-RSA-3072.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4802006D3D000F81029 /* PIA-RSA-3072.pem */; };
0EA8E20F2024D5D500A92DB6 /* PIA-RSA-4096.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0EFEB4812006D3D000F81029 /* PIA-RSA-4096.pem */; };
0EAAD70920E4F2BC0088754A /* CommunicationType.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70820E4F2BC0088754A /* CommunicationType.swift */; };
0EAAD70A20E4F2BC0088754A /* CommunicationType.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70820E4F2BC0088754A /* CommunicationType.swift */; };
0EAAD70C20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */; };
0EAAD70D20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */; };
0EB2B45320F0BB44004233D7 /* EncryptionTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45220F0BB44004233D7 /* EncryptionTests.swift */; };
0EB2B45520F0BB53004233D7 /* DataManipulationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45420F0BB53004233D7 /* DataManipulationTests.swift */; };
0EB2B45720F0BD16004233D7 /* RandomTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EB2B45620F0BD16004233D7 /* RandomTests.swift */; };
@ -105,7 +101,6 @@
0EFEB46E2006D3C800F81029 /* TLSBox.h in Headers */ = {isa = PBXBuildFile; fileRef = 0EFEB4442006D3C800F81029 /* TLSBox.h */; };
0EFEB46F2006D3C800F81029 /* IOInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4452006D3C800F81029 /* IOInterface.swift */; };
0EFEB4702006D3C800F81029 /* Allocation.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4462006D3C800F81029 /* Allocation.m */; };
0EFEB4712006D3C800F81029 /* TunnelSettings.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4472006D3C800F81029 /* TunnelSettings.swift */; };
0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4482006D3C800F81029 /* ReplayProtector.m */; };
0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4492006D3C800F81029 /* LinkInterface.swift */; };
0EFEB4742006D3C800F81029 /* CoreConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */; };
@ -136,7 +131,6 @@
0EFEB49C2006D7F300F81029 /* Data+Manipulation.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4432006D3C800F81029 /* Data+Manipulation.swift */; };
0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4452006D3C800F81029 /* IOInterface.swift */; };
0EFEB49E2006D7F300F81029 /* Allocation.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4462006D3C800F81029 /* Allocation.m */; };
0EFEB49F2006D7F300F81029 /* TunnelSettings.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4472006D3C800F81029 /* TunnelSettings.swift */; };
0EFEB4A02006D7F300F81029 /* ReplayProtector.m in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4482006D3C800F81029 /* ReplayProtector.m */; };
0EFEB4A12006D7F300F81029 /* LinkInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB4492006D3C800F81029 /* LinkInterface.swift */; };
0EFEB4A22006D7F300F81029 /* CoreConfiguration.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */; };
@ -203,8 +197,6 @@
0EA8E2042024D4B100A92DB6 /* PIA-ECC-256k1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-256k1.pem"; sourceTree = "<group>"; };
0EA8E2052024D4B100A92DB6 /* PIA-ECC-256r1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-256r1.pem"; sourceTree = "<group>"; };
0EA8E2062024D4B200A92DB6 /* PIA-ECC-521r1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "PIA-ECC-521r1.pem"; sourceTree = "<group>"; };
0EAAD70820E4F2BC0088754A /* CommunicationType.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CommunicationType.swift; sourceTree = "<group>"; };
0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "LinkInterface+Strategy.swift"; sourceTree = "<group>"; };
0EB2B45220F0BB44004233D7 /* EncryptionTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EncryptionTests.swift; sourceTree = "<group>"; };
0EB2B45420F0BB53004233D7 /* DataManipulationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DataManipulationTests.swift; sourceTree = "<group>"; };
0EB2B45620F0BD16004233D7 /* RandomTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RandomTests.swift; sourceTree = "<group>"; };
@ -251,7 +243,6 @@
0EFEB4442006D3C800F81029 /* TLSBox.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TLSBox.h; sourceTree = "<group>"; };
0EFEB4452006D3C800F81029 /* IOInterface.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = IOInterface.swift; sourceTree = "<group>"; };
0EFEB4462006D3C800F81029 /* Allocation.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Allocation.m; sourceTree = "<group>"; };
0EFEB4472006D3C800F81029 /* TunnelSettings.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TunnelSettings.swift; sourceTree = "<group>"; };
0EFEB4482006D3C800F81029 /* ReplayProtector.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = ReplayProtector.m; sourceTree = "<group>"; };
0EFEB4492006D3C800F81029 /* LinkInterface.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = LinkInterface.swift; sourceTree = "<group>"; };
0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CoreConfiguration.swift; sourceTree = "<group>"; };
@ -408,7 +399,6 @@
0EBBF2E32084FDF400E36B40 /* Transport */ = {
isa = PBXGroup;
children = (
0EAAD70B20E4F85A0088754A /* LinkInterface+Strategy.swift */,
0EBBF2F92085061600E36B40 /* NETCPInterface.swift */,
0EBBF2EB2085055100E36B40 /* NETunnelInterface.swift */,
0EBBF2EC2085055100E36B40 /* NEUDPInterface.swift */,
@ -424,7 +414,6 @@
0EFEB42E2006D3C800F81029 /* Allocation.h */,
0EFEB4462006D3C800F81029 /* Allocation.m */,
0EFEB43A2006D3C800F81029 /* Authenticator.swift */,
0EAAD70820E4F2BC0088754A /* CommunicationType.swift */,
0EFEB44A2006D3C800F81029 /* CoreConfiguration.swift */,
0E07597C20F0060E00F38FD8 /* CryptoAEAD.h */,
0E07597D20F0060E00F38FD8 /* CryptoAEAD.m */,
@ -459,7 +448,6 @@
0EFEB4442006D3C800F81029 /* TLSBox.h */,
0EFEB4302006D3C800F81029 /* TLSBox.m */,
0EFEB42F2006D3C800F81029 /* TunnelInterface.swift */,
0EFEB4472006D3C800F81029 /* TunnelSettings.swift */,
0EFEB4412006D3C800F81029 /* ZeroingData.h */,
0EFEB4312006D3C800F81029 /* ZeroingData.m */,
0EFEB43B2006D3C800F81029 /* ZeroingData.swift */,
@ -879,13 +867,11 @@
buildActionMask = 2147483647;
files = (
0EBBF2F5208505D700E36B40 /* NETunnelInterface.swift in Sources */,
0EAAD70920E4F2BC0088754A /* CommunicationType.swift in Sources */,
0EFEB4732006D3C800F81029 /* LinkInterface.swift in Sources */,
0EBBF2F8208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
0EFEB4652006D3C800F81029 /* Authenticator.swift in Sources */,
0EE7A79820F6296F00B42E6A /* PacketMacros.m in Sources */,
0EEC49DC20B5E732008FEB91 /* Utils.swift in Sources */,
0EAAD70C20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */,
0EFEB4562006D3C800F81029 /* SessionKey.swift in Sources */,
0EC1BBA520D71190007C4C7B /* DNSResolver.swift in Sources */,
0EFEB4AB200760EC00F81029 /* MemoryDestination.swift in Sources */,
@ -914,7 +900,6 @@
0EFEB4702006D3C800F81029 /* Allocation.m in Sources */,
0EFEB4672006D3C800F81029 /* SessionProxy.swift in Sources */,
0EFEB4722006D3C800F81029 /* ReplayProtector.m in Sources */,
0EFEB4712006D3C800F81029 /* TunnelSettings.swift in Sources */,
0EFEB4782006D3C800F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
0E3E0F212108A8CC00B371C1 /* PushReply.swift in Sources */,
0EFEB4752006D3C800F81029 /* Errors.m in Sources */,
@ -930,14 +915,12 @@
buildActionMask = 2147483647;
files = (
0EBBF2F6208505D700E36B40 /* NETunnelInterface.swift in Sources */,
0EAAD70A20E4F2BC0088754A /* CommunicationType.swift in Sources */,
0EFEB4A12006D7F300F81029 /* LinkInterface.swift in Sources */,
0EFEB4872006D7C400F81029 /* TunnelKitProvider+Configuration.swift in Sources */,
0EBBF2F7208505DD00E36B40 /* NWUDPSessionState+Description.swift in Sources */,
0EFEB4882006D7C400F81029 /* TunnelKitProvider+Interaction.swift in Sources */,
0EE7A79920F6296F00B42E6A /* PacketMacros.m in Sources */,
0EEC49DD20B5E732008FEB91 /* Utils.swift in Sources */,
0EAAD70D20E4F85A0088754A /* LinkInterface+Strategy.swift in Sources */,
0EFEB4B12007627700F81029 /* MemoryDestination.swift in Sources */,
0EC1BBA620D712DE007C4C7B /* DNSResolver.swift in Sources */,
0EFEB4A02006D7F300F81029 /* ReplayProtector.m in Sources */,
@ -971,7 +954,6 @@
0EFEB4912006D7F300F81029 /* TLSBox.m in Sources */,
0EFEB49D2006D7F300F81029 /* IOInterface.swift in Sources */,
0EFEB4972006D7F300F81029 /* Authenticator.swift in Sources */,
0EFEB49F2006D7F300F81029 /* TunnelSettings.swift in Sources */,
0EFEB49B2006D7F300F81029 /* Packet.swift in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;

4
TunnelKit/Sources/AppExtension/ConnectionStrategy.swift
View File

@ -116,11 +116,11 @@ private extension NEProvider {
switch endpointProtocol.socketType {
case .udp:
let impl = createUDPSession(to: endpoint, from: nil)
return NEUDPInterface(impl: impl, communicationType: endpointProtocol.communicationType)
return NEUDPInterface(impl: impl)
case .tcp:
let impl = createTCPConnection(to: endpoint, enableTLS: false, tlsParameters: nil, delegate: nil)
return NETCPInterface(impl: impl, communicationType: endpointProtocol.communicationType)
return NETCPInterface(impl: impl)
}
}
}

30
TunnelKit/Sources/AppExtension/Transport/LinkInterface+Strategy.swift
View File

@ -1,30 +0,0 @@
//
// LinkInterface+Strategy.swift
// TunnelKit
//
// Created by Davide De Rosa on 6/28/18.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
extension LinkInterface {
func hardReset(with encryption: SessionProxy.EncryptionParameters) -> Data? {
switch communicationType {
case .pia:
guard let caDigest = encryption.caDigest else {
fatalError("PIA communication requires CA MD5 digest")
}
let settings = TunnelSettings(
caMd5Digest: caDigest,
cipherName: encryption.cipherName,
digestName: encryption.digestName
)
return (try? settings.encodedData()) ?? Data()
default:
break
}
return nil
}
}

7
TunnelKit/Sources/AppExtension/Transport/NETCPInterface.swift
View File

@ -19,9 +19,8 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
private let maxPacketSize: Int
init(impl: NWTCPConnection, communicationType: CommunicationType, maxPacketSize: Int? = nil) {
init(impl: NWTCPConnection, maxPacketSize: Int? = nil) {
self.impl = impl
self.communicationType = communicationType
self.maxPacketSize = maxPacketSize ?? (512 * 1024)
isActive = false
isShutdown = false
@ -77,7 +76,7 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
guard impl.hasBetterPath else {
return nil
}
return NETCPInterface(impl: NWTCPConnection(upgradeFor: impl), communicationType: communicationType)
return NETCPInterface(impl: NWTCPConnection(upgradeFor: impl))
}
func link() -> LinkInterface {
@ -160,8 +159,6 @@ class NETCPInterface: NSObject, GenericSocket, LinkInterface {
return maxPacketSize
}
let communicationType: CommunicationType
let negotiationTimeout: TimeInterval = 10.0
let hardResetTimeout: TimeInterval = 5.0

7
TunnelKit/Sources/AppExtension/Transport/NEUDPInterface.swift
View File

@ -19,9 +19,8 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
private let maxDatagrams: Int
init(impl: NWUDPSession, communicationType: CommunicationType, maxDatagrams: Int? = nil) {
init(impl: NWUDPSession, maxDatagrams: Int? = nil) {
self.impl = impl
self.communicationType = communicationType
self.maxDatagrams = maxDatagrams ?? 200
isActive = false
@ -76,7 +75,7 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
guard impl.hasBetterPath else {
return nil
}
return NEUDPInterface(impl: NWUDPSession(upgradeFor: impl), communicationType: communicationType)
return NEUDPInterface(impl: NWUDPSession(upgradeFor: impl))
}
func link() -> LinkInterface {
@ -162,8 +161,6 @@ class NEUDPInterface: NSObject, GenericSocket, LinkInterface {
return maxDatagrams
}
let communicationType: CommunicationType
let negotiationTimeout: TimeInterval = 10.0
let hardResetTimeout: TimeInterval = 5.0

22
TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
View File

@ -128,21 +128,17 @@ extension TunnelKitProvider {
/// The remote port.
public let port: UInt16
/// The communication type.
public let communicationType: CommunicationType
/// :nodoc:
public init(_ socketType: SocketType, _ port: UInt16, _ communicationType: CommunicationType) {
public init(_ socketType: SocketType, _ port: UInt16) {
self.socketType = socketType
self.port = port
self.communicationType = communicationType
}
// MARK: Equatable
/// :nodoc:
public static func ==(lhs: EndpointProtocol, rhs: EndpointProtocol) -> Bool {
return (lhs.socketType == rhs.socketType) && (lhs.port == rhs.port) && (lhs.communicationType == rhs.communicationType)
return (lhs.socketType == rhs.socketType) && (lhs.port == rhs.port)
}
// MARK: CustomStringConvertible
@ -253,7 +249,7 @@ extension TunnelKitProvider {
self.appGroup = appGroup
prefersResolvedAddresses = false
resolvedAddresses = nil
endpointProtocols = [EndpointProtocol(.udp, 1194, .pia)]
endpointProtocols = [EndpointProtocol(.udp, 1194)]
cipher = .aes128cbc
digest = .sha1
handshake = .rsa2048
@ -300,22 +296,18 @@ extension TunnelKitProvider {
}
endpointProtocols = try endpointProtocolsStrings.map {
let components = $0.components(separatedBy: ":")
guard components.count == 3 else {
throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] entries must be in the form 'socketType:port:communicationType'")
guard components.count == 2 else {
throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] entries must be in the form 'socketType:port'")
}
let socketTypeString = components[0]
let portString = components[1]
let communicationTypeString = components[2]
guard let socketType = SocketType(rawValue: socketTypeString) else {
throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] unrecognized socketType '\(socketTypeString)'")
}
guard let port = UInt16(portString) else {
throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] non-numeric port '\(portString)'")
}
guard let communicationType = CommunicationType(rawValue: communicationTypeString) else {
throw ProviderError.configuration(field: "protocolConfiguration.providerConfiguration[\(S.endpointProtocols)] unrecognized communicationType '\(communicationTypeString)'")
}
return EndpointProtocol(socketType, port, communicationType)
return EndpointProtocol(socketType, port)
}
self.cipher = cipher
@ -472,7 +464,7 @@ extension TunnelKitProvider {
S.appGroup: appGroup,
S.prefersResolvedAddresses: prefersResolvedAddresses,
S.endpointProtocols: endpointProtocols.map {
"\($0.socketType.rawValue):\($0.port):\($0.communicationType.rawValue)"
"\($0.socketType.rawValue):\($0.port)"
},
S.cipherAlgorithm: cipher.rawValue,
S.digestAlgorithm: digest.rawValue,

19
TunnelKit/Sources/Core/CommunicationType.swift
View File

@ -1,19 +0,0 @@
//
// CommunicationType.swift
// TunnelKit
//
// Created by Davide De Rosa on 6/28/18.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
/// The language spoken over a link.
public enum CommunicationType: String {
/// PIA-patched OpenVPN server.
case pia
/// Stock OpenVPN server.
case vanilla
}

11
TunnelKit/Sources/Core/LinkInterface.swift
View File

@ -23,20 +23,9 @@ public protocol LinkInterface: IOInterface {
/// The number of packets that this interface is able to bufferize.
var packetBufferSize: Int { get }
/// The language spoken over this link.
var communicationType: CommunicationType { get }
/// Timeout in seconds for negotiation start.
var negotiationTimeout: TimeInterval { get }
/// Timeout in seconds for HARD_RESET response.
var hardResetTimeout: TimeInterval { get }
/**
Returns an optional payload to attach to the HARD_RESET packet.
- Parameter encryption: The `SessionProxy.EncryptionParameters` to establish for this session.
- Returns: The optional HARD_RESET payload.
*/
func hardReset(with encryption: SessionProxy.EncryptionParameters) -> Data?
}

3
TunnelKit/Sources/Core/SessionProxy.swift
View File

@ -702,9 +702,8 @@ public class SessionProxy {
keys[negotiationKeyIdx] = newKey
log.debug("Negotiation key index is \(negotiationKeyIdx)")
let payload = link?.hardReset(with: encryption) ?? Data()
negotiationKey.state = .hardReset
enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: payload)
enqueueControlPackets(code: .hardResetClientV2, key: UInt8(negotiationKeyIdx), payload: Data())
}
// Ruby: soft_reset

50
TunnelKit/Sources/Core/TunnelSettings.swift
View File

@ -1,50 +0,0 @@
//
// TunnelSettings.swift
// TunnelKit
//
// Created by Davide De Rosa on 2/7/17.
// Copyright © 2018 London Trust Media. All rights reserved.
//
import Foundation
enum TunnelSettingsError: Error {
case encoding
}
struct TunnelSettings {
private static let obfuscationKeyLength = 3
private static let magic = "53eo0rk92gxic98p1asgl5auh59r1vp4lmry1e3chzi100qntd"
private static let encodedFormat = "\(magic)crypto\t%@|%@\tca\t%@"
private let caMd5Digest: String
private let cipherName: String
private let digestName: String
init(caMd5Digest: String, cipherName: String, digestName: String) {
self.caMd5Digest = caMd5Digest
self.cipherName = cipherName
self.digestName = digestName
}
// Ruby: pia_settings
func encodedData() throws -> Data {
guard let plainData = String(format: TunnelSettings.encodedFormat, cipherName, digestName, caMd5Digest).data(using: .ascii) else {
throw TunnelSettingsError.encoding
}
let keyBytes = try SecureRandom.data(length: TunnelSettings.obfuscationKeyLength)
var encodedData = Data(keyBytes)
for (i, b) in plainData.enumerated() {
let keyChar = keyBytes[i % keyBytes.count]
let xorredB = b ^ keyChar
encodedData.append(xorredB)
}
return encodedData
}
}