passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
280 Commits 1 Branch 58 Tags 3.2 MiB
Commit Graph

127 Commits

Author SHA1 Message Date
Davide De Rosa 197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa 3fd0329736 Use CryptoContainer in SessionConfiguration 
Instead of paths.
 2018-10-25 18:34:02 +02:00
Davide De Rosa ca77858bf0 Move CryptoContainer to Core 2018-10-25 18:34:02 +02:00
Davide De Rosa b35fb34da5 Cap masked hash to 16 hexes 2018-10-24 18:50:36 +02:00
Davide De Rosa ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa 033763f372 Mask log.info 2018-10-24 18:47:41 +02:00
Davide De Rosa 25d84f6530 Add internal flag for masking private data 
Hardcoded to true. Private data is mostly hostname/IP addresses
and routing information.
 2018-10-24 18:23:10 +02:00
Davide De Rosa b1a79d6451 Shut down on server-initiated HARD_RESET 
Session is stale and not recoverable (lame duck).
 2018-10-24 12:31:37 +02:00
Davide De Rosa 0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa e3a5302e06 Check NULL EKU and simplify OID comparison 2018-10-24 00:43:01 +02:00
Davide De Rosa 3a95568d0b Remove unused code 2018-10-24 00:36:18 +02:00
Davide De Rosa 440a7f7da8 Verify server cert EKU 
Fixes #27
 2018-10-23 23:46:37 +02:00
Davide De Rosa c32185b524 Review/complete mapping to ProviderError 
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
 2018-10-23 23:44:25 +02:00
Davide De Rosa f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa 4bf7f1a1fc Bridge SessionError to public ProviderError 2018-10-22 01:04:36 +02:00
Davide De Rosa 26fc12c2ef Add missing fclose() after fopen() 
Slip-up from #32
 2018-10-21 00:22:36 +02:00
Davide De Rosa fbd3f977d5 Parse static key from file 2018-10-19 17:22:26 +02:00
Davide De Rosa 28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa 55e0aa5c5a Implement and test crypt serializer 2018-10-19 17:06:26 +02:00
Davide De Rosa 3ec4a7d292 Implement AES-CTR encryption 2018-10-19 16:56:20 +02:00
Davide De Rosa a430beb35f Improve Swift bridging of CryptoFlags 2018-10-19 16:56:20 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa 0fce5abdde Implement auth serializer 2018-10-19 16:20:56 +02:00
Davide De Rosa a974646558 Add macros for replay packet id 2018-10-19 16:12:07 +02:00
Davide De Rosa 66735ec118 Prepare API to enable TLS wrapping 
Extensible TLSWrap parameter.
 2018-10-19 16:11:35 +02:00
Davide De Rosa 51720c1fbc Split ControlPacket header/content serialization 
rawSerializeTo: does not include opcode|session_id.
 2018-10-19 16:11:35 +02:00
Davide De Rosa 372fa194a5 Parse indexed keys from StaticKey 2018-10-19 16:11:35 +02:00
Davide De Rosa 5c8c361fce Add StaticKey class for static OpenVPN keys 2018-10-19 16:11:35 +02:00
Davide De Rosa a85c4ea6da Rename packetId flag to more proper IV 2018-10-19 15:55:16 +02:00
Davide De Rosa bff9352c6e Handle encryption/peer-id in a stateless manner 
Fixes #30
 2018-10-19 15:54:55 +02:00
Davide De Rosa 70b50a7a2e Parse data opcode when decrypting 
Assume it could be DATA_V1/V2 regardless of peer-id.
 2018-10-19 11:33:12 +02:00
Davide De Rosa 9b785084e2 Customize HARD_RESET payload when PIA-patched 2018-10-18 13:31:11 +02:00
Davide De Rosa eb8a8b38c2 Restore PIA HARD_RESET code 2018-10-18 12:45:32 +02:00
Davide De Rosa 872e20a95a Add function to compute MD5 from certificate 2018-10-18 12:32:22 +02:00
Davide De Rosa 98c5a015f3 Split endpoint and credentials 
Basically drop AuthenticatedEndpoint.
 2018-10-06 16:22:02 +02:00
Davide De Rosa 40b733db57 Make credentials optional 2018-10-06 16:21:59 +02:00
Davide De Rosa 093774535d Make CA non-optional 
Fix up nullability qualifiers in TLSBox.

Fixes #26
 2018-10-06 15:53:22 +02:00
Davide De Rosa 09210b727a Use compression framing description 2018-09-28 08:40:14 +02:00
Davide De Rosa 24dabe2739 Set peer-info version from bundle 
Omit build number for now, seems more complex than expected to
accomplish with CocoaPods.
 2018-09-24 10:26:43 +02:00
Davide De Rosa d6958ed28d Revert LZO deprecation, still widely used 2018-09-23 14:23:52 +02:00
Davide De Rosa 668474d75c Indent negotiated parameters in log 2018-09-21 19:53:38 +02:00
Davide De Rosa 44fc38e8ef Rename encryption headers for consistency 
The shared prefix makes it easier to associate them with
implementation files.
 2018-09-20 09:03:33 +02:00
Davide De Rosa 600c93be55 Drop overheadLength, only used in one place 2018-09-20 09:03:33 +02:00
Davide De Rosa dd02c92aa5 Expose methods for capacity prediction 
Encapsulate encrypt/decrypt buffer capacity calculation.
 2018-09-20 09:03:33 +02:00
Davide De Rosa f6ee187db7 Use symbolic data header length 2018-09-20 09:03:33 +02:00
Davide De Rosa aa39414a77 Rename packet header to opcode (first byte) 2018-09-20 09:03:31 +02:00
Davide De Rosa fe92fcd91c Remove NSData versions from Encrypter/Decrypter 
Move to test target. Conversely, bring ZeroingData.data extension
into main targets.
 2018-09-20 09:01:44 +02:00
Davide De Rosa 1099d9adbf Improve control channel log readability 
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
 2018-09-20 09:00:11 +02:00
Davide De Rosa ce94a594f9 Bring code/key deserialization into serializer 
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
 2018-09-20 08:59:50 +02:00