passepartoutvpn
/
tunnelkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
334 Commits 1 Branch 58 Tags 3.2 MiB
Commit Graph

145 Commits

Author SHA1 Message Date
Davide De Rosa 8c1b95eaa7 Group PushReply regexes 2019-02-25 23:01:21 +01:00
Davide De Rosa d6076b045a Make checksEKU optional to fall back on decoding 2019-02-25 11:16:26 +01:00
Davide De Rosa 010da904fa Parse EKU choice in .ovpn from remote-cert-tls 
Fix unhandled extra spaces in dhcp-option DNS regex.
 2019-02-25 11:16:26 +01:00
Davide De Rosa 265aca0829 Make EKU verification optional in TLSBox 2019-02-25 11:16:26 +01:00
Davide De Rosa c244b29a8f Parse DNS servers from configuration 2019-01-05 22:29:16 +01:00
Davide De Rosa 13c41d80e7 Allow overriding DNS servers 
Fall back to those in PUSH_REPLY.
 2019-01-05 22:25:58 +01:00
Davide De Rosa 03478b6fbf Add jazzy doc to ConfigurationParser 2018-11-12 10:42:04 +01:00
Davide De Rosa 40fd2c7ede Parse configuration from .ovpn file 2018-11-10 10:58:06 +01:00
Davide De Rosa f91db4cbf1 Move EndpointProtocol/SocketType to Core 2018-11-10 10:48:17 +01:00
Davide De Rosa 0800c943a8 Add shortcut extension for creating regexes 
Also expose enumeration methods for internal reuse.
 2018-11-10 10:47:58 +01:00
Davide De Rosa 36e93651ba Replace hardcoded 32 tag length in tls-crypt 2018-11-06 10:35:37 +01:00
Davide De Rosa b366925125 Hardcode digestLength to tagLength in CTR 
Code is not using digestLength in any way.
 2018-11-06 10:35:19 +01:00
Davide De Rosa 7ffbf41b30 Expose internal tag length, 0 if none 2018-11-06 10:31:55 +01:00
Davide De Rosa 2fde43b1fc Keep tag length constants private 
Also AD length in AEAD was an unresolved relic.
 2018-11-06 10:25:35 +01:00
Davide De Rosa caea6624fc Unmask IPv4 netmask and IPv6 prefix 
Masking that is useless and paranoid. May help debugging.
 2018-11-05 20:40:12 +01:00
Davide De Rosa 8f328709c8 Wrap TKP.Configuration fields in SP.Configuration 
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
 2018-10-25 18:34:03 +02:00
Davide De Rosa e962603098 Allow SP.Configuration customization via builder 2018-10-25 18:34:03 +02:00
Davide De Rosa d6e27938bc Make usesPIAPatches optional 
For compatible decoding.
 2018-10-25 18:34:03 +02:00
Davide De Rosa 197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa 3fd0329736 Use CryptoContainer in SessionConfiguration 
Instead of paths.
 2018-10-25 18:34:02 +02:00
Davide De Rosa ca77858bf0 Move CryptoContainer to Core 2018-10-25 18:34:02 +02:00
Davide De Rosa b35fb34da5 Cap masked hash to 16 hexes 2018-10-24 18:50:36 +02:00
Davide De Rosa ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa 033763f372 Mask log.info 2018-10-24 18:47:41 +02:00
Davide De Rosa 25d84f6530 Add internal flag for masking private data 
Hardcoded to true. Private data is mostly hostname/IP addresses
and routing information.
 2018-10-24 18:23:10 +02:00
Davide De Rosa b1a79d6451 Shut down on server-initiated HARD_RESET 
Session is stale and not recoverable (lame duck).
 2018-10-24 12:31:37 +02:00
Davide De Rosa 0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa e3a5302e06 Check NULL EKU and simplify OID comparison 2018-10-24 00:43:01 +02:00
Davide De Rosa 3a95568d0b Remove unused code 2018-10-24 00:36:18 +02:00
Davide De Rosa 440a7f7da8 Verify server cert EKU 
Fixes #27
 2018-10-23 23:46:37 +02:00
Davide De Rosa c32185b524 Review/complete mapping to ProviderError 
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
 2018-10-23 23:44:25 +02:00
Davide De Rosa f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa 4bf7f1a1fc Bridge SessionError to public ProviderError 2018-10-22 01:04:36 +02:00
Davide De Rosa 26fc12c2ef Add missing fclose() after fopen() 
Slip-up from #32
 2018-10-21 00:22:36 +02:00
Davide De Rosa fbd3f977d5 Parse static key from file 2018-10-19 17:22:26 +02:00
Davide De Rosa 28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa 55e0aa5c5a Implement and test crypt serializer 2018-10-19 17:06:26 +02:00
Davide De Rosa 3ec4a7d292 Implement AES-CTR encryption 2018-10-19 16:56:20 +02:00
Davide De Rosa a430beb35f Improve Swift bridging of CryptoFlags 2018-10-19 16:56:20 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa 0fce5abdde Implement auth serializer 2018-10-19 16:20:56 +02:00
Davide De Rosa a974646558 Add macros for replay packet id 2018-10-19 16:12:07 +02:00
Davide De Rosa 66735ec118 Prepare API to enable TLS wrapping 
Extensible TLSWrap parameter.
 2018-10-19 16:11:35 +02:00
Davide De Rosa 51720c1fbc Split ControlPacket header/content serialization 
rawSerializeTo: does not include opcode|session_id.
 2018-10-19 16:11:35 +02:00
Davide De Rosa 372fa194a5 Parse indexed keys from StaticKey 2018-10-19 16:11:35 +02:00
Davide De Rosa 5c8c361fce Add StaticKey class for static OpenVPN keys 2018-10-19 16:11:35 +02:00
Davide De Rosa a85c4ea6da Rename packetId flag to more proper IV 2018-10-19 15:55:16 +02:00
Davide De Rosa bff9352c6e Handle encryption/peer-id in a stateless manner 
Fixes #30
 2018-10-19 15:54:55 +02:00
Davide De Rosa 70b50a7a2e Parse data opcode when decrypting 
Assume it could be DATA_V1/V2 regardless of peer-id.
 2018-10-19 11:33:12 +02:00