From fbd3f977d5447f1736133fcfa804b5d189697126 Mon Sep 17 00:00:00 2001
From: Davide De Rosa <keeshux@gmail.com>
Date: Tue, 11 Sep 2018 13:56:17 +0200
Subject: [PATCH] Parse static key from file

---
 TunnelKit.xcodeproj/project.pbxproj    |  4 ++
 TunnelKit/Sources/Core/StaticKey.swift | 57 ++++++++++++++++++
 TunnelKitTests/StaticKeyTests.swift    | 82 ++++++++++++++++++++++++++
 3 files changed, 143 insertions(+)
 create mode 100644 TunnelKitTests/StaticKeyTests.swift

diff --git a/TunnelKit.xcodeproj/project.pbxproj b/TunnelKit.xcodeproj/project.pbxproj
index 2464ef3..f4d3233 100644
--- a/TunnelKit.xcodeproj/project.pbxproj
+++ b/TunnelKit.xcodeproj/project.pbxproj
@@ -9,6 +9,7 @@
 /* Begin PBXBuildFile section */
 		0E041D092152E6FE0025FE3C /* SessionProxy+TLSWrap.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E041D082152E6FE0025FE3C /* SessionProxy+TLSWrap.swift */; };
 		0E041D0A2152E6FE0025FE3C /* SessionProxy+TLSWrap.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E041D082152E6FE0025FE3C /* SessionProxy+TLSWrap.swift */; };
+		0E041D0C2152E80A0025FE3C /* StaticKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0E041D0B2152E80A0025FE3C /* StaticKeyTests.swift */; };
 		0E07595F20EF6D1400F38FD8 /* CryptoCBC.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E07595C20EF6D1400F38FD8 /* CryptoCBC.m */; };
 		0E07596020EF6D1400F38FD8 /* CryptoCBC.m in Sources */ = {isa = PBXBuildFile; fileRef = 0E07595C20EF6D1400F38FD8 /* CryptoCBC.m */; };
 		0E07596320EF733F00F38FD8 /* CryptoMacros.h in Headers */ = {isa = PBXBuildFile; fileRef = 0E07596120EF733F00F38FD8 /* CryptoMacros.h */; };
@@ -196,6 +197,7 @@
 
 /* Begin PBXFileReference section */
 		0E041D082152E6FE0025FE3C /* SessionProxy+TLSWrap.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "SessionProxy+TLSWrap.swift"; sourceTree = "<group>"; };
+		0E041D0B2152E80A0025FE3C /* StaticKeyTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = StaticKeyTests.swift; sourceTree = "<group>"; };
 		0E07595C20EF6D1400F38FD8 /* CryptoCBC.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = CryptoCBC.m; sourceTree = "<group>"; };
 		0E07596120EF733F00F38FD8 /* CryptoMacros.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CryptoMacros.h; sourceTree = "<group>"; };
 		0E07596A20EF79AB00F38FD8 /* Crypto.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Crypto.h; sourceTree = "<group>"; };
@@ -359,6 +361,7 @@
 				0E245D682135972800B012A2 /* PushTests.swift */,
 				0EB2B45620F0BD16004233D7 /* RandomTests.swift */,
 				0EB2B45C20F0BF41004233D7 /* RawPerformanceTests.swift */,
+				0E041D0B2152E80A0025FE3C /* StaticKeyTests.swift */,
 				0EB2B45A20F0BE4C004233D7 /* TestUtils.swift */,
 				0E749F612178911C00BB2701 /* pia-2048.pem */,
 			);
@@ -867,6 +870,7 @@
 				0EB2B45B20F0BE4C004233D7 /* TestUtils.swift in Sources */,
 				0E58F1302138AC2F00A49F27 /* DNSTests.swift in Sources */,
 				0E12B2A32145341B00B4BAE9 /* PacketTests.swift in Sources */,
+				0E041D0C2152E80A0025FE3C /* StaticKeyTests.swift in Sources */,
 				0E245D692135972800B012A2 /* PushTests.swift in Sources */,
 				0EB2B46120F0C0A4004233D7 /* DataPathPerformanceTests.swift in Sources */,
 				0EB2B45F20F0C098004233D7 /* EncryptionPerformanceTests.swift in Sources */,
diff --git a/TunnelKit/Sources/Core/StaticKey.swift b/TunnelKit/Sources/Core/StaticKey.swift
index 5abacd6..3e438cd 100644
--- a/TunnelKit/Sources/Core/StaticKey.swift
+++ b/TunnelKit/Sources/Core/StaticKey.swift
@@ -50,6 +50,12 @@ public class StaticKey: Codable {
     
     private static let keyLength = StaticKey.contentLength / StaticKey.keyCount
 
+    private static let fileHead = "-----BEGIN OpenVPN Static key V1-----"
+    
+    private static let fileFoot = "-----END OpenVPN Static key V1-----"
+    
+    private static let nonHexCharset = CharacterSet(charactersIn: "0123456789abcdefABCDEF").inverted
+    
     private let secureData: ZeroingData
 
     private let direction: Direction?
@@ -132,6 +138,57 @@ public class StaticKey: Codable {
         self.direction = direction
     }
     
+    /**
+     Initializes with file content and direction.
+     
+     - Parameter file: The text file containing the key.
+     - Parameter direction: The key direction, or bidirectional if nil.
+     */
+    public convenience init?(file: String, direction: Direction?) {
+        let lines = file.split(separator: "\n")
+        self.init(lines: lines, direction: direction)
+    }
+    
+    /// :nodoc:
+    public convenience init?(lines: [Substring], direction: Direction?) {
+        var isHead = true
+        var hexLines: [Substring] = []
+
+        for l in lines {
+            if isHead {
+                guard !l.hasPrefix("#") else {
+                    continue
+                }
+                guard l == StaticKey.fileHead else {
+                    return nil
+                }
+                isHead = false
+                continue
+            }
+            guard let first = l.first else {
+                return nil
+            }
+            if first == "-" {
+                guard l == StaticKey.fileFoot else {
+                    return nil
+                }
+                break
+            }
+            hexLines.append(l)
+        }
+
+        let hex = String(hexLines.joined())
+        guard hex.count == 2 * StaticKey.contentLength else {
+            return nil
+        }
+        if let _ = hex.rangeOfCharacter(from: StaticKey.nonHexCharset) {
+            return nil
+        }
+        let data = Data(hex: hex)
+        
+        self.init(data: data, direction: direction)
+    }
+    
     /**
      Initializes as bidirectional.
      
diff --git a/TunnelKitTests/StaticKeyTests.swift b/TunnelKitTests/StaticKeyTests.swift
new file mode 100644
index 0000000..da35043
--- /dev/null
+++ b/TunnelKitTests/StaticKeyTests.swift
@@ -0,0 +1,82 @@
+//
+//  StaticKeyTests.swift
+//  TunnelKitTests
+//
+//  Created by Davide De Rosa on 9/11/18.
+//  Copyright (c) 2018 Davide De Rosa. All rights reserved.
+//
+//  https://github.com/keeshux
+//
+//  This file is part of TunnelKit.
+//
+//  TunnelKit is free software: you can redistribute it and/or modify
+//  it under the terms of the GNU General Public License as published by
+//  the Free Software Foundation, either version 3 of the License, or
+//  (at your option) any later version.
+//
+//  TunnelKit is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//  GNU General Public License for more details.
+//
+//  You should have received a copy of the GNU General Public License
+//  along with TunnelKit.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+import XCTest
+@testable import TunnelKit
+
+class StaticKeyTests: XCTestCase {
+    private let content = """
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+48d9999bd71095b10649c7cb471c1051
+b1afdece597cea06909b99303a18c674
+01597b12c04a787e98cdb619ee960d90
+a0165529dc650f3a5c6fbe77c91c137d
+cf55d863fcbe314df5f0b45dbe974d9b
+de33ef5b4803c3985531c6c23ca6906d
+6cd028efc8585d1b9e71003566bd7891
+b9cc9212bcba510109922eed87f5c8e6
+6d8e59cbd82575261f02777372b2cd4c
+a5214c4a6513ff26dd568f574fd40d6c
+d450fc788160ff68434ce2bf6afb00e7
+10a3198538f14c4d45d84ab42637872e
+778a6b35a124e700920879f1d003ba93
+dccdb953cdf32bea03f365760b0ed800
+2098d4ce20d045b45a83a8432cc73767
+7aed27125592a7148d25c87fdbe0a3f6
+-----END OpenVPN Static key V1-----
+"""
+    
+    override func setUp() {
+        super.setUp()
+        // Put setup code here. This method is called before the invocation of each test method in the class.
+    }
+    
+    override func tearDown() {
+        // Put teardown code here. This method is called after the invocation of each test method in the class.
+        super.tearDown()
+    }
+    
+    func testFileBidirectional() {
+        let expected = Data(hex: "cf55d863fcbe314df5f0b45dbe974d9bde33ef5b4803c3985531c6c23ca6906d6cd028efc8585d1b9e71003566bd7891b9cc9212bcba510109922eed87f5c8e6")
+        let key = StaticKey(file: content, direction: nil)
+        XCTAssertNotNil(key)
+        
+        XCTAssertEqual(key?.hmacSendKey.toData(), expected)
+        XCTAssertEqual(key?.hmacReceiveKey.toData(), expected)
+    }
+
+    func testFileDirection() {
+        let send = Data(hex: "778a6b35a124e700920879f1d003ba93dccdb953cdf32bea03f365760b0ed8002098d4ce20d045b45a83a8432cc737677aed27125592a7148d25c87fdbe0a3f6")
+        let receive = Data(hex: "cf55d863fcbe314df5f0b45dbe974d9bde33ef5b4803c3985531c6c23ca6906d6cd028efc8585d1b9e71003566bd7891b9cc9212bcba510109922eed87f5c8e6")
+        let key = StaticKey(file: content, direction: .client)
+        XCTAssertNotNil(key)
+        
+        XCTAssertEqual(key?.hmacSendKey.toData(), send)
+        XCTAssertEqual(key?.hmacReceiveKey.toData(), receive)
+    }
+}