7aec0637b2
Move endpoints inside SessionProxy.Configuration
...
Make optional.
TunnelKitProvider still gets hostname from .serverAddress rather
than SessionProxy.Configuration
Also drop useless Equatable implementations.
2019-04-04 13:09:50 +02:00
e8396ec2cd
Parse search domain from configuration
...
Fixes #77
2019-04-03 14:29:09 +02:00
370e68aa3f
Parse search domain from dhcp-option DOMAIN
2019-04-03 14:29:09 +02:00
fe2ad52df0
Document OptionsBundle
...
Move most from SessionProxy.Configuration.
2019-04-03 13:34:08 +02:00
f9ae3412a5
Move malformed error out of unrelated SessionError
...
Also give more detail about the reason.
2019-04-03 13:20:49 +02:00
42232804ca
Rename file to public entity
2019-04-03 13:19:47 +02:00
49c805af52
Fix a few isHandled
...
Skip to exclude from strippedLines.
2019-04-03 13:19:47 +02:00
9876c81de5
Parse PUSH_REPLY options in OptionsBundle
...
- auth-token
- peer-id
- Routing
Reorganize options by semantic.
Reuse OptionsBundle in PushReply.
2019-04-03 13:19:21 +02:00
b9b9c4db60
Parse basic options in OptionsBundle
...
- Handle isEncrypted inside CryptoContainer
- Rename ParsingError to OptionsError
Reuse OptionsBundle in ConfigurationParser.
2019-04-03 13:19:16 +02:00
e7dadefabb
Generalize cipher regex
2019-04-03 12:20:53 +02:00
d72b583900
Improve parsing of PUSH_REPLY prefix
2019-04-03 12:20:53 +02:00
27901c991b
Skip deinit documentation
2019-04-02 19:18:23 +02:00
ccb6329f05
Don't parse a block begin while inside a block
...
If a PEM contained anything like <foobar>, the parser was doomed.
Fixes #78
2019-04-02 19:07:48 +02:00
11fd418f82
Extend encrypted private key quick test
...
Test .ovpn didn't use an PKCS#8 key due to a slip-up. Fixing it
unveiled that isEncrypted returned false for PKCS#8 keys.
Fixes #80
2019-04-02 11:41:18 +02:00
22f80735ca
Strip certificate preamble
...
Fixes #78
2019-04-02 00:55:58 +02:00
def622506b
Check PKCS#1 via "Proc-Type" presence instead
2019-04-02 00:37:52 +02:00
47b80d5361
Refactor to decrypt generic key
2019-04-02 00:31:54 +02:00
a6387679f1
Update data count as soon as tunnel is up
...
Zero is better than nil.
2019-03-30 23:35:50 +01:00
0bfc1e08eb
Fix retarded Swift pointer API somehow
2019-03-30 23:18:45 +01:00
207a4f063a
Replace deprecated Data(bytes:)
2019-03-30 23:18:45 +01:00
8dfd5f23c1
Handle unknown enum defaults
2019-03-30 23:18:45 +01:00
5120bcae0a
Migrate to Swift 5
2019-03-30 23:18:45 +01:00
f686a0aee4
Fix Xcode warnings
2019-03-30 20:16:04 +01:00
44fb5a5b48
Track data count in shared UserDefaults
...
Default disabled (dataCountInterval = 0).
2019-03-30 19:56:26 +01:00
d03f1bd9af
Fix checksEKU not propagated to TunnelKitProvider
2019-03-26 00:37:35 +01:00
00c76f707f
Throw specific error if unable to decrypt
...
Normally a bad passphrase.
2019-03-25 19:24:35 +01:00
ffcccb5420
Throw specific error on missing passphrase
...
So that client can retry with a passphrase.
2019-03-25 18:49:53 +01:00
b07ec88ff2
Add passphrase parameter to ConfigurationParser
...
Use it to decrypt encrypted PEMs.
2019-03-25 18:48:59 +01:00
f37bfb3579
Implement RSA privkey decryption via OpenSSL
2019-03-25 18:45:00 +01:00
53f3048674
Add missing documentation
2019-03-25 15:46:15 +01:00
9c4d491a3b
Make floating XXX a FIXME
2019-03-25 10:37:15 +01:00
54a477ce67
Randomize endpoints in ConnectionStrategy
...
Fixes #76
2019-03-25 10:32:23 +01:00
7ce31c3184
Parse randomize endpoints from --remote-random
2019-03-25 10:32:08 +01:00
42227fcc00
Add SessionProxy.Configuration.randomizeEndpoint
2019-03-25 10:32:08 +01:00
9c0205614b
Disable rebind-on-float until a solid fix
...
Mitigates #75
2019-03-25 10:10:08 +01:00
71d54e2dc3
Send IV_LZO only if supported
2019-03-25 10:07:57 +01:00
04fbbb1fe1
XXX: Fix log glitch
2019-03-21 19:40:42 +01:00
ac418f414a
Make masksPrivateData optional
...
Do not break Codable compatibility.
2019-03-21 19:32:06 +01:00
fad20668b0
Override masksPrivateData via AppExtension
...
Unmask in demo.
Fixes #62
2019-03-21 19:19:22 +01:00
f32c231b90
Remove deprecated API
...
Should have done so in 1.5.0
2019-03-21 18:30:40 +01:00
79509a1ea1
Fix execution queue in network handler
2019-03-20 18:01:57 +01:00
a5b8907918
Postpone shutdown until notification is written
...
Otherwise socket might be force-closed while sending the packet.
2019-03-20 17:57:56 +01:00
c93461b153
Send explicit exit notification if UDP
...
Implement --explicit-exit-notify by default.
Fixes #29
2019-03-20 17:57:56 +01:00
c6ab3b57db
Fix a few return in wrong scope
2019-03-20 17:57:56 +01:00
9d479a9aba
Handle LZO compression in --compress framing
...
Share parse block between comp-lzo and compress.
It seems that --compress sends NO_COMPRESS w/o swapping.
Also suppress redundant LZOIsSupported(), implied by non-nil value
of self.lzo.
2019-03-20 09:04:27 +01:00
4b9ffcfb4e
Accept LZO regardless of framing
2019-03-20 09:04:27 +01:00
9a6f3d638c
Recognize "--compress lzo" option as legal
2019-03-20 09:04:27 +01:00
7a449f90ee
Advertise LZO support
2019-03-19 15:14:29 +01:00
0eb0e3e478
Parse compression from several places
...
- PUSH_REPLY
- .ovpn configuration
- TunnelKitProvider
2019-03-19 15:14:29 +01:00
4d6d51818d
Compress/decompress LZO data packets
...
Return compressionHeader from parse blocks.
2019-03-19 15:14:27 +01:00
197679057d
Return NSData from parsePayloadWithBlock
...
More friendly to (de)compression stage.
2019-03-19 15:12:56 +01:00
5cc32b1060
Wrap minilzo into dynamic Obj-C plugin
...
Handle library errors to some extent.
2019-03-19 15:12:46 +01:00
08b04c8e02
Fix not propagated checksEKU flag
2019-03-18 17:27:48 +01:00
7d69e09c53
Update copyright
2019-03-09 11:44:18 +01:00
6b29c9e06c
Double check reasserting during reconnection
...
A forced shutdown might happen during the recovery interval (1s).
2019-03-08 13:19:52 +01:00
70ed2a4d83
Reset reasserting flag on plain shutdown
2019-03-08 13:16:03 +01:00
e3b8a6b16b
Shut down on link error
...
Because it doesn't seem to recover until the tunnel dies.
2019-03-08 13:08:54 +01:00
e849e6c0da
Reject <connection> blocks in .ovpn
...
- Use enumerateComponents for boolean test.
- Fix a test compile error on the way.
2019-03-04 17:39:37 +01:00
1c1547fc8f
Fix DNS servers not serialized to AppExtension
2019-03-03 10:51:36 +01:00
86420ba8ea
Shut down on compressed data packet
...
Re-inforce #65 at the data path level. Should now cover all
compression scenarios.
2019-02-28 17:16:14 +01:00
0f2a5e1e14
Check NULL when verifying EKU
2019-02-25 23:33:31 +01:00
8fe43269ab
Catch errors on CA MD5 calculation (PIA only)
2019-02-25 23:33:26 +01:00
d1b5c94be9
Fix potential overflow in AEAD IV length
2019-02-25 23:23:43 +01:00
06a872c448
Add ProviderError.serverCompression mapping
2019-02-25 23:09:06 +01:00
3aadaf0186
Shut down when server pushes compression enabled
2019-02-25 23:01:21 +01:00
367e8b7e08
Track whether server pushed a compression option
2019-02-25 23:01:21 +01:00
8c1b95eaa7
Group PushReply regexes
2019-02-25 23:01:21 +01:00
d6076b045a
Make checksEKU optional to fall back on decoding
2019-02-25 11:16:26 +01:00
010da904fa
Parse EKU choice in .ovpn from remote-cert-tls
...
Fix unhandled extra spaces in dhcp-option DNS regex.
2019-02-25 11:16:26 +01:00
265aca0829
Make EKU verification optional in TLSBox
2019-02-25 11:16:26 +01:00
c244b29a8f
Parse DNS servers from configuration
2019-01-05 22:29:16 +01:00
13c41d80e7
Allow overriding DNS servers
...
Fall back to those in PUSH_REPLY.
2019-01-05 22:25:58 +01:00
03478b6fbf
Add jazzy doc to ConfigurationParser
2018-11-12 10:42:04 +01:00
40fd2c7ede
Parse configuration from .ovpn file
2018-11-10 10:58:06 +01:00
f91db4cbf1
Move EndpointProtocol/SocketType to Core
2018-11-10 10:48:17 +01:00
0800c943a8
Add shortcut extension for creating regexes
...
Also expose enumeration methods for internal reuse.
2018-11-10 10:47:58 +01:00
36e93651ba
Replace hardcoded 32 tag length in tls-crypt
2018-11-06 10:35:37 +01:00
b366925125
Hardcode digestLength to tagLength in CTR
...
Code is not using digestLength in any way.
2018-11-06 10:35:19 +01:00
7ffbf41b30
Expose internal tag length, 0 if none
2018-11-06 10:31:55 +01:00
2fde43b1fc
Keep tag length constants private
...
Also AD length in AEAD was an unresolved relic.
2018-11-06 10:25:35 +01:00
caea6624fc
Unmask IPv4 netmask and IPv6 prefix
...
Masking that is useless and paranoid. May help debugging.
2018-11-05 20:40:12 +01:00
e198e80595
Use standard inet_ntop/pton for IPv4 conversion
...
Swap endianness internally.
2018-11-05 20:21:10 +01:00
b32c1848be
Unmask harmless destination port
2018-11-05 15:48:34 +01:00
9c989dabf5
Fix IPv4/UInt32 calculations
2018-10-28 00:26:15 +02:00
9e2bdd22ac
Pick default values from static constant
2018-10-26 11:07:46 +02:00
84e216f56d
Deprecate lastErrorKey, encapsulate access
2018-10-25 22:36:31 +02:00
3cc511822d
Deprecate debugLogKey, hardcode filename
2018-10-25 22:36:31 +02:00
8f328709c8
Wrap TKP.Configuration fields in SP.Configuration
...
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
e962603098
Allow SP.Configuration customization via builder
2018-10-25 18:34:03 +02:00
d6e27938bc
Make usesPIAPatches optional
...
For compatible decoding.
2018-10-25 18:34:03 +02:00
197d29042c
Take a cache URL in SessionProxy to store PEMs
2018-10-25 18:34:03 +02:00
3fd0329736
Use CryptoContainer in SessionConfiguration
...
Instead of paths.
2018-10-25 18:34:02 +02:00
ca77858bf0
Move CryptoContainer to Core
2018-10-25 18:34:02 +02:00
f1efac073c
Export and document log shortcuts in Configuration
2018-10-24 21:06:04 +02:00
f5d12300f9
Save debug log to file in app group container
...
Don't bog UserDefaults. Reuse debugLogKey for the log filename.
2018-10-24 21:06:04 +02:00
b35fb34da5
Cap masked hash to 16 hexes
2018-10-24 18:50:36 +02:00
ae85337e91
Mask log.debug
2018-10-24 18:47:41 +02:00
033763f372
Mask log.info
2018-10-24 18:47:41 +02:00
25d84f6530
Add internal flag for masking private data
...
Hardcoded to true. Private data is mostly hostname/IP addresses
and routing information.
2018-10-24 18:23:10 +02:00
b1a79d6451
Shut down on server-initiated HARD_RESET
...
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
0b79ce4194
Handle server-initiated SOFT_RESET
2018-10-24 12:22:47 +02:00
d829247e6e
Simplify socket shutdown code
...
Drop weird (old?) linkFailures check.
2018-10-24 09:42:18 +02:00
91349fd780
Take shouldChangeProtocol out of GenericSocket
...
Behavior is not exactly similar in UDP and TCP.
2018-10-24 09:42:03 +02:00
8b59fe6f4c
Use RawRepresentable where adequate
2018-10-24 09:19:50 +02:00
e3a5302e06
Check NULL EKU and simplify OID comparison
2018-10-24 00:43:01 +02:00
3a95568d0b
Remove unused code
2018-10-24 00:36:18 +02:00
440a7f7da8
Verify server cert EKU
...
Fixes #27
2018-10-23 23:46:37 +02:00
c32185b524
Review/complete mapping to ProviderError
...
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
f5d9720b01
Halt TLS on internal failure
2018-10-23 23:44:25 +02:00
f725779e0e
Convert ct pulling to try/catch
2018-10-23 22:47:04 +02:00
1ad4a62593
Report error status to shared defaults
...
Retain after disposal, unless manually stopped.
2018-10-22 01:04:36 +02:00
7ffb997904
Add defaults key for last error
2018-10-22 01:04:36 +02:00
4bf7f1a1fc
Bridge SessionError to public ProviderError
2018-10-22 01:04:36 +02:00
6200a0bc1c
Split configuration and session errors
2018-10-22 01:04:36 +02:00
f93634bd7a
Respect link MTU in TCP
...
Mitigates #39
2018-10-22 00:56:08 +02:00
26fc12c2ef
Add missing fclose() after fopen()
...
Slip-up from #32
2018-10-21 00:22:36 +02:00
fbd3f977d5
Parse static key from file
2018-10-19 17:22:26 +02:00
28d9f3ee68
Add crypt strategy
2018-10-19 17:06:29 +02:00
55e0aa5c5a
Implement and test crypt serializer
2018-10-19 17:06:26 +02:00
3ec4a7d292
Implement AES-CTR encryption
2018-10-19 16:56:20 +02:00
a430beb35f
Improve Swift bridging of CryptoFlags
2018-10-19 16:56:20 +02:00
8ccc4c08a5
Add auth strategy
2018-10-19 16:20:56 +02:00
0fce5abdde
Implement auth serializer
2018-10-19 16:20:56 +02:00
a974646558
Add macros for replay packet id
2018-10-19 16:12:07 +02:00
66735ec118
Prepare API to enable TLS wrapping
...
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
51720c1fbc
Split ControlPacket header/content serialization
...
rawSerializeTo: does not include opcode|session_id.
2018-10-19 16:11:35 +02:00
372fa194a5
Parse indexed keys from StaticKey
2018-10-19 16:11:35 +02:00
5c8c361fce
Add StaticKey class for static OpenVPN keys
2018-10-19 16:11:35 +02:00
a85c4ea6da
Rename packetId flag to more proper IV
2018-10-19 15:55:16 +02:00
bff9352c6e
Handle encryption/peer-id in a stateless manner
...
Fixes #30
2018-10-19 15:54:55 +02:00
70b50a7a2e
Parse data opcode when decrypting
...
Assume it could be DATA_V1/V2 regardless of peer-id.
2018-10-19 11:33:12 +02:00
9b785084e2
Customize HARD_RESET payload when PIA-patched
2018-10-18 13:31:11 +02:00
eb8a8b38c2
Restore PIA HARD_RESET code
2018-10-18 12:45:32 +02:00
872e20a95a
Add function to compute MD5 from certificate
2018-10-18 12:32:22 +02:00
98c5a015f3
Split endpoint and credentials
...
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
40b733db57
Make credentials optional
2018-10-06 16:21:59 +02:00
093774535d
Make CA non-optional
...
Fix up nullability qualifiers in TLSBox.
Fixes #26
2018-10-06 15:53:22 +02:00
09210b727a
Use compression framing description
2018-09-28 08:40:14 +02:00
7b96247c72
Fix interpretation of 0 seconds
...
0 keep-alive = never
0 reneg seconds = never
2018-09-28 08:39:57 +02:00
24dabe2739
Set peer-info version from bundle
...
Omit build number for now, seems more complex than expected to
accomplish with CocoaPods.
2018-09-24 10:26:43 +02:00
d6958ed28d
Revert LZO deprecation, still widely used
2018-09-23 14:23:52 +02:00
58726a67d7
Update SwiftyBeaver for MemoryDestination
...
See for reference:
- https://github.com/pia-foss/tunnel-apple/pull/15
- https://github.com/SwiftyBeaver/SwiftyBeaver/pull/299
2018-09-23 14:14:25 +02:00
668474d75c
Indent negotiated parameters in log
2018-09-21 19:53:38 +02:00
44fc38e8ef
Rename encryption headers for consistency
...
The shared prefix makes it easier to associate them with
implementation files.
2018-09-20 09:03:33 +02:00
600c93be55
Drop overheadLength, only used in one place
2018-09-20 09:03:33 +02:00
dd02c92aa5
Expose methods for capacity prediction
...
Encapsulate encrypt/decrypt buffer capacity calculation.
2018-09-20 09:03:33 +02:00
f6ee187db7
Use symbolic data header length
2018-09-20 09:03:33 +02:00
aa39414a77
Rename packet header to opcode (first byte)
2018-09-20 09:03:31 +02:00
fe92fcd91c
Remove NSData versions from Encrypter/Decrypter
...
Move to test target. Conversely, bring ZeroingData.data extension
into main targets.
2018-09-20 09:01:44 +02:00
1099d9adbf
Improve control channel log readability
...
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
ce94a594f9
Bring code/key deserialization into serializer
...
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
11cb312c02
Move control channel logic to PlainSerializer
2018-09-19 22:04:52 +02:00
595cae3563
Add strategy for control channel serialization
2018-09-19 22:04:52 +02:00
3608860b9d
Move sessionId and remoteSessionId
2018-09-19 22:04:52 +02:00
1573b2070a
Move control queue management
...
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
e6dd4de472
Move control data parsing
2018-09-19 22:04:52 +02:00
19ce7de819
Encapsulate control state into ControlChannel
...
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
d80c0b5460
Move in/out states to a generic struct
2018-09-19 22:04:52 +02:00
2bd9484a43
Move ControlPacket serialization to Obj-C
...
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.
Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
92dbb57666
Revert CommonPacket name to ControlPacket
2018-09-19 22:04:52 +02:00
856fa9e12e
Take PacketStream out and make public
...
Useful for reuse in TCP streams.
2018-09-19 22:04:52 +02:00
cba6f6f959
Clean up some documentation metadata
...
- Reorder fields in SessionProxy.Configuration*
- Add new classes to .yml
2018-09-19 22:04:52 +02:00
6ffdcec47b
Return optional from String/IPv4 conversion
2018-09-19 22:03:46 +02:00
da2727b003
Apply both IPv4 and IPv6 settings
...
Best choice to cope with "hybrid" environments.
2018-09-15 19:42:43 +02:00
ac3582c0fa
Fix ignored OpenSSL code
2018-09-14 02:04:36 +02:00
b9243c9f0b
Add some more peer-info
...
- IV_PLAT
- IV_UI_VER
- IV_SSL
2018-09-12 15:50:36 +02:00
02a20b5308
Indent TunnelKitProvider.Configuration log
...
Gives more context.
2018-09-12 15:49:41 +02:00
915638b163
Log negotiated parms at info level
...
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
aef7daec51
Fix and clean up redundant nullability specifiers
2018-09-12 15:38:52 +02:00
a3fe740ad9
Assert ambiguity about HMAC key length
2018-09-12 15:21:25 +02:00
d53e7add10
Allow HMAC verify with nil cipher in CryptoCBC
2018-09-12 15:21:25 +02:00
401d999b3d
Expose HMAC digestLength where available
2018-09-12 15:21:25 +02:00
4af0ce8739
Refactor duplicate keep-alive code
2018-09-09 00:52:16 +02:00
3a02557b5e
Override keep-alive with pushed interval
2018-09-09 00:52:16 +02:00
4bf02198d1
Parse ping from PUSH_REPLY
2018-09-09 00:52:16 +02:00
66864da51b
Default to no keep-alive if unset
...
For consistency with other optional flags.
Updates #20
2018-09-08 12:56:40 +02:00
01f65b2a7e
Always shut down on known tunnel error
...
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00
891c72caa1
Rearrange shutdown code rationally
2018-09-08 00:10:35 +02:00
8adb9871c3
Dispose tunnel if can't try next protocol
...
Return boolean in socketShouldChangeProtocol indicating whether
another protocol is available.
2018-09-08 00:10:35 +02:00
de09d0b5da
Only try upgrade socket on network error
2018-09-08 00:10:35 +02:00
ecbad85b4a
Discard 0 keep-alive interval
2018-09-08 00:06:19 +02:00
582ef4875d
Move default pingInterval to constructor
...
Use CoreConfiguration only within Core.
2018-09-08 00:00:07 +02:00
65468207cb
Transfer keep-alive to SessionProxy
2018-09-07 22:14:57 +02:00
fcfe1f3f68
Add keepAliveSeconds field in AppExtension
2018-09-07 22:13:40 +02:00
e9032e5490
Leave nil if push option parsed but unrecognized
...
For whatever reason. Do not override with .disabled when not
necessarily intended.
2018-09-07 15:22:03 +02:00
e5918d1b05
Override framing with pushed if available
2018-09-07 15:11:44 +02:00
0304c4a5eb
Parse compression framing from PUSH_REPLY
2018-09-07 15:10:19 +02:00
55cdd6227c
Interpret 0 reneg seconds as never
2018-09-07 14:58:56 +02:00
14f5a68c12
Move appGroup out of Configuration
...
Decouple VPN parameters.
2018-09-07 00:25:21 +02:00
1fbfe5b844
Document genericName method
2018-09-06 11:16:48 +02:00
5b638ea5f6
Use different genericName for CBC/GCM
2018-09-06 11:16:14 +02:00
0b28eacf0d
Add more metadata to Cipher/Digest
...
- Ciphers are AES.
- Digests are HMAC.
2018-09-06 10:55:56 +02:00
ce6a41a218
Add more ciphers/digests
...
No-brainer, OpenSSL EVP supports them.
2018-09-06 10:38:18 +02:00
802f7dc0f8
Fix debugLogFormat not copied to builder
2018-09-06 10:34:10 +02:00
d6b80ea449
Implement Codable in public entities
...
Also rename CompressionFraming for being an extension of
SessionProxy.
2018-09-06 10:34:10 +02:00
43a5972737
Fix cipher regex in PUSH_REPLY
...
Breaks with NCP enabled when cipher is not last. Trailing comma
was erroneously included in parsed cipher name.
Fixes #11
2018-09-05 03:54:40 +02:00
3aebedf5b8
Encapsulate complex serialization
2018-09-04 15:59:22 +02:00
e121555f82
Add Cipher.embedsDigest to signal digest embedding
...
Currently GCM ciphers do.
2018-09-04 15:57:07 +02:00
3543f7aab3
Omit sensitive data from PUSH_REPLY log
...
Namely auth-token.
2018-09-02 12:48:45 +02:00
201da9b69b
Bump IV_VER to 2.4
...
Enough to claim.
2018-09-02 02:09:20 +02:00
bcc95ad510
Send NCP in peer-info
2018-09-02 02:09:20 +02:00
81eb18619d
Pick cipher from PUSH_REPLY if present
2018-09-02 02:09:20 +02:00
31e694859f
Cache aggregated PushReply object
...
- authToken
- peerId
- cipher
Retain across soft resets.
2018-09-02 02:09:20 +02:00
cff359fceb
Parse pushed cipher if any
2018-09-02 02:09:20 +02:00
e900454504
Share connection completion code
...
Across hard and soft reset.
2018-09-02 02:09:20 +02:00
c930cda065
Consolidate DataPath with new flow
2018-09-02 02:09:20 +02:00
c01ac7e1e3
Postpone keys setup until after PUSH_REPLY
...
And rename to setupEncryption() for ambiguity with SessionKey.
2018-09-02 02:09:20 +02:00
474e633e48
Parse arguments from regexp extension
...
Further code simplification.
2018-09-02 01:14:37 +02:00
208fc48dd7
Drop unused DataPath protocols array
2018-08-31 01:59:08 +02:00
ec2950171b
Use AF_INET6 according to IPv6 availability
2018-08-31 01:59:08 +02:00
235c485cae
Simplify regex matching with private extension
2018-08-31 01:59:08 +02:00
e6036095c9
Describe routes in IPv*Settings
2018-08-31 01:59:08 +02:00
373a36b9c1
Parse and apply IPv6 settings when available
...
IPv4 currently mandatory in PushReply (exception otherwise).
2018-08-31 01:59:08 +02:00
ac0e7713d6
Parse IPv6 DNS servers
...
dhcp-option can be DN6 (older) or DNS (newer).
2018-08-31 01:59:08 +02:00
97866e6f23
Set compression framing enum value by appearance
...
0 = none (oldest)
1 = comp-lzo
2 = compress (newest)
2018-08-31 01:58:18 +02:00
b050110e60
Bridge CompressionFraming to Swift
...
Avoid exposing __TunnelKitNative module for using it.
2018-08-31 01:40:58 +02:00
b81294f6e4
Parse IPv4 from String
2018-08-31 01:06:38 +02:00
7723a7fe7d
Move compression magic bytes back to PacketMacros
2018-08-30 19:33:23 +02:00
b0d264889c
Extend PUSH_REPLY parsing
...
- Topology
- Routes
Use the less confusing defaultGateway vs gatewayAddress.
2018-08-30 18:02:12 +02:00
5bf7813d56
Forward compound SessionReply to delegate
...
Improves extensibility.
2018-08-30 18:02:12 +02:00
3dabc254bc
Improve naming in crypto classes
...
- Consistency in encryption/decryption flow
- Consistency in packet/payload
- DataPathChannel method names
2018-08-30 17:52:50 +02:00
5166ac3813
Move compression framing to stateless blocks
...
Prepare payload blocks in DataPath.
2018-08-30 17:11:22 +02:00
31924c6038
Make peerId stateless, imply from blocks
...
Will do the same with compressionFraming.
2018-08-30 14:56:03 +02:00
e57ef9fb86
Fix duplicate memcpy in AEAD crypto
...
Regression in #5
2018-08-30 14:55:26 +02:00
68810d9497
Add description to framing enum
2018-08-30 13:59:47 +02:00
209889b9d2
Make compression framing an enum option
...
- Disabled: no framing (default)
- CompLZO: NO_COMPRESS
- Compress: NO_COMPRESS_SWAP
2018-08-30 12:43:36 +02:00
dee2956406
Rename Certificate to CryptoContainer
...
Makes more sense as it holds certs and keys. Can be other formats
than PEM in the future.
2018-08-28 12:55:27 +02:00
e6f509a26c
Add client certificate to TunnelKitProvider
...
Refactor composition of temporary file URL.
Also fix missing LZOFraming from Configuration.builder().
2018-08-28 12:55:27 +02:00
a4c109a916
Bridge client cert from SessionProxy to TLSBox
2018-08-28 12:55:27 +02:00
b7a48d4f4f
Support client certificate in TLSBox
2018-08-28 12:55:27 +02:00
6a71ada1c8
Drop support for redundant EC curves
2018-08-28 12:55:27 +02:00
b172f79719
Re-license with proper per-file notices
...
Clarify explicitly the author/extent of the fork, with proper
credit to the original project's license and copyright holder.
2018-08-28 12:53:14 +02:00
c4b0964c3c
Improve split naming
...
*Socket + *Link
2018-08-24 12:44:17 +02:00
54cc811e47
Use MTU configuration for the link instead
...
Raise default link MTU from 1000 to 1250. Keep default for
tunnel MTU.
2018-08-24 12:37:09 +02:00
6208fe8e21
Split GenericSocket and LinkInterface
...
Keep socket and link logic separated. Allows for setting MTU
specifically for the link.
- UDP: hardcoded 1000
- TCP: ignored (.max)
2018-08-24 12:36:35 +02:00
94890c08cf
Do not deprecate until replacement
...
Implement new compression framing later.
2018-08-24 00:48:17 +02:00
9f54e624ee
Expose LZO framing option
2018-08-24 00:27:45 +02:00
8836d2b175
Deprecate LZO compression framing
...
Prepend NO_COMPRESS if enabled, omit if not (default).
2018-08-24 00:18:42 +02:00
fe7a2c6941
Drop a few old commented lines
2018-08-23 18:51:36 +02:00
2459fe1bfd
Move a few classes inside SessionProxy
...
- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey
They only make sense there. Content unchanged.
2018-08-23 18:51:36 +02:00
6d5e9f68a9
Move cipher/digest enums to Core
...
Restrict choice to supported OpenSSL algorithms.
2018-08-23 18:51:36 +02:00
8a9e99e6a9
Wrap SessionProxy configuration in a builder
2018-08-23 18:51:36 +02:00
897e824340
Enforce use of non-preset CA certificates
2018-08-23 12:11:55 +02:00
dfac465c1d
Drop support for PIA HARD_RESET patch
2018-08-23 12:11:55 +02:00
4d03df7066
Finish up renaming in headers and prefixes
2018-08-23 12:10:56 +02:00
fe665e8ad5
Rename library to TunnelKit
2018-08-23 12:10:41 +02:00
Davide De Rosa