Set tls-auth/crypt timestamp once

Packets rejected due to replay protection. Fixes #88 Fixes #61
2019-04-23 16:44:00 +02:00 · 2019-04-23 16:44:00 +02:00 · ef5180a4ed
parent 65af163aeb
commit ef5180a4ed
2 changed files with 9 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed

 - SoftEther sends an incomplete PUSH_REPLY. [#86](https://github.com/keeshux/tunnelkit/issues/86)
+- Authentication/Decrypt errors with TLS wrapping. [#88](https://github.com/keeshux/tunnelkit/issues/88), [#61](https://github.com/keeshux/tunnelkit/issues/61)

 ## 1.6.2 (2019-04-17)

--- a/TunnelKit/Sources/Core/ControlChannelSerializer.swift
+++ b/TunnelKit/Sources/Core/ControlChannelSerializer.swift
@ -144,6 +144,8 @@ extension ControlChannel {
        
        private var currentReplayId: BidirectionalState<UInt32>
        
+        private let timestamp: UInt32
+        
        private let plain: PlainSerializer
        
        init(withKey key: StaticKey, digest: SessionProxy.Digest) throws {
@ -163,6 +165,7 @@ extension ControlChannel {
            preambleLength = prefixLength + authLength
            
            currentReplayId = BidirectionalState(withResetValue: 1)
+            timestamp = UInt32(Date().timeIntervalSince1970)
            plain = PlainSerializer()
        }
        
@ -171,7 +174,7 @@ extension ControlChannel {
        }
        
        func serialize(packet: ControlPacket) throws -> Data {
-            return try serialize(packet: packet, timestamp: UInt32(Date().timeIntervalSince1970))
+            return try serialize(packet: packet, timestamp: timestamp)
        }
        
        func serialize(packet: ControlPacket, timestamp: UInt32) throws -> Data {
@ -219,6 +222,8 @@ extension ControlChannel {
        
        private var currentReplayId: BidirectionalState<UInt32>
        
+        private let timestamp: UInt32
+        
        private let plain: PlainSerializer

        init(withKey key: StaticKey) throws {
@ -237,6 +242,7 @@ extension ControlChannel {
            tagLength = crypto.tagLength()

            currentReplayId = BidirectionalState(withResetValue: 1)
+            timestamp = UInt32(Date().timeIntervalSince1970)
            plain = PlainSerializer()
        }
        
@ -245,7 +251,7 @@ extension ControlChannel {
        }
        
        func serialize(packet: ControlPacket) throws -> Data {
-            return try serialize(packet: packet, timestamp: UInt32(Date().timeIntervalSince1970))
+            return try serialize(packet: packet, timestamp: timestamp)
        }
        
        func serialize(packet: ControlPacket, timestamp: UInt32) throws -> Data {