Commit Graph

170 Commits

Author SHA1 Message Date
Davide De Rosa
36e93651ba Replace hardcoded 32 tag length in tls-crypt 2018-11-06 10:35:37 +01:00
Davide De Rosa
b366925125 Hardcode digestLength to tagLength in CTR
Code is not using digestLength in any way.
2018-11-06 10:35:19 +01:00
Davide De Rosa
7ffbf41b30 Expose internal tag length, 0 if none 2018-11-06 10:31:55 +01:00
Davide De Rosa
2fde43b1fc Keep tag length constants private
Also AD length in AEAD was an unresolved relic.
2018-11-06 10:25:35 +01:00
Davide De Rosa
caea6624fc Unmask IPv4 netmask and IPv6 prefix
Masking that is useless and paranoid. May help debugging.
2018-11-05 20:40:12 +01:00
Davide De Rosa
e198e80595 Use standard inet_ntop/pton for IPv4 conversion
Swap endianness internally.
2018-11-05 20:21:10 +01:00
Davide De Rosa
b32c1848be Unmask harmless destination port 2018-11-05 15:48:34 +01:00
Davide De Rosa
9c989dabf5 Fix IPv4/UInt32 calculations 2018-10-28 00:26:15 +02:00
Davide De Rosa
9e2bdd22ac Pick default values from static constant 2018-10-26 11:07:46 +02:00
Davide De Rosa
84e216f56d Deprecate lastErrorKey, encapsulate access 2018-10-25 22:36:31 +02:00
Davide De Rosa
3cc511822d Deprecate debugLogKey, hardcode filename 2018-10-25 22:36:31 +02:00
Davide De Rosa
8f328709c8 Wrap TKP.Configuration fields in SP.Configuration
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
Davide De Rosa
e962603098 Allow SP.Configuration customization via builder 2018-10-25 18:34:03 +02:00
Davide De Rosa
d6e27938bc Make usesPIAPatches optional
For compatible decoding.
2018-10-25 18:34:03 +02:00
Davide De Rosa
197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa
3fd0329736 Use CryptoContainer in SessionConfiguration
Instead of paths.
2018-10-25 18:34:02 +02:00
Davide De Rosa
ca77858bf0 Move CryptoContainer to Core 2018-10-25 18:34:02 +02:00
Davide De Rosa
f1efac073c Export and document log shortcuts in Configuration 2018-10-24 21:06:04 +02:00
Davide De Rosa
f5d12300f9 Save debug log to file in app group container
Don't bog UserDefaults. Reuse debugLogKey for the log filename.
2018-10-24 21:06:04 +02:00
Davide De Rosa
b35fb34da5 Cap masked hash to 16 hexes 2018-10-24 18:50:36 +02:00
Davide De Rosa
ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa
033763f372 Mask log.info 2018-10-24 18:47:41 +02:00
Davide De Rosa
25d84f6530 Add internal flag for masking private data
Hardcoded to true. Private data is mostly hostname/IP addresses
and routing information.
2018-10-24 18:23:10 +02:00
Davide De Rosa
b1a79d6451 Shut down on server-initiated HARD_RESET
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
Davide De Rosa
0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa
d829247e6e Simplify socket shutdown code
Drop weird (old?) linkFailures check.
2018-10-24 09:42:18 +02:00
Davide De Rosa
91349fd780 Take shouldChangeProtocol out of GenericSocket
Behavior is not exactly similar in UDP and TCP.
2018-10-24 09:42:03 +02:00
Davide De Rosa
8b59fe6f4c Use RawRepresentable where adequate 2018-10-24 09:19:50 +02:00
Davide De Rosa
e3a5302e06 Check NULL EKU and simplify OID comparison 2018-10-24 00:43:01 +02:00
Davide De Rosa
3a95568d0b Remove unused code 2018-10-24 00:36:18 +02:00
Davide De Rosa
440a7f7da8 Verify server cert EKU
Fixes #27
2018-10-23 23:46:37 +02:00
Davide De Rosa
c32185b524 Review/complete mapping to ProviderError
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
Davide De Rosa
f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa
f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa
1ad4a62593 Report error status to shared defaults
Retain after disposal, unless manually stopped.
2018-10-22 01:04:36 +02:00
Davide De Rosa
7ffb997904 Add defaults key for last error 2018-10-22 01:04:36 +02:00
Davide De Rosa
4bf7f1a1fc Bridge SessionError to public ProviderError 2018-10-22 01:04:36 +02:00
Davide De Rosa
6200a0bc1c Split configuration and session errors 2018-10-22 01:04:36 +02:00
Davide De Rosa
f93634bd7a Respect link MTU in TCP
Mitigates #39
2018-10-22 00:56:08 +02:00
Davide De Rosa
26fc12c2ef Add missing fclose() after fopen()
Slip-up from #32
2018-10-21 00:22:36 +02:00
Davide De Rosa
fbd3f977d5 Parse static key from file 2018-10-19 17:22:26 +02:00
Davide De Rosa
28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa
55e0aa5c5a Implement and test crypt serializer 2018-10-19 17:06:26 +02:00
Davide De Rosa
3ec4a7d292 Implement AES-CTR encryption 2018-10-19 16:56:20 +02:00
Davide De Rosa
a430beb35f Improve Swift bridging of CryptoFlags 2018-10-19 16:56:20 +02:00
Davide De Rosa
8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa
0fce5abdde Implement auth serializer 2018-10-19 16:20:56 +02:00
Davide De Rosa
a974646558 Add macros for replay packet id 2018-10-19 16:12:07 +02:00
Davide De Rosa
66735ec118 Prepare API to enable TLS wrapping
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
Davide De Rosa
51720c1fbc Split ControlPacket header/content serialization
rawSerializeTo: does not include opcode|session_id.
2018-10-19 16:11:35 +02:00