Commit Graph

56 Commits

Author SHA1 Message Date
Davide De Rosa 8fe43269ab Catch errors on CA MD5 calculation (PIA only) 2019-02-25 23:33:26 +01:00
Davide De Rosa 3aadaf0186 Shut down when server pushes compression enabled 2019-02-25 23:01:21 +01:00
Davide De Rosa 265aca0829 Make EKU verification optional in TLSBox 2019-02-25 11:16:26 +01:00
Davide De Rosa 8f328709c8 Wrap TKP.Configuration fields in SP.Configuration
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
Davide De Rosa d6e27938bc Make usesPIAPatches optional
For compatible decoding.
2018-10-25 18:34:03 +02:00
Davide De Rosa 197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa b1a79d6451 Shut down on server-initiated HARD_RESET
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
Davide De Rosa 0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa c32185b524 Review/complete mapping to ProviderError
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
Davide De Rosa f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa 28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa 66735ec118 Prepare API to enable TLS wrapping
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
Davide De Rosa 9b785084e2 Customize HARD_RESET payload when PIA-patched 2018-10-18 13:31:11 +02:00
Davide De Rosa 98c5a015f3 Split endpoint and credentials
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
Davide De Rosa 09210b727a Use compression framing description 2018-09-28 08:40:14 +02:00
Davide De Rosa 668474d75c Indent negotiated parameters in log 2018-09-21 19:53:38 +02:00
Davide De Rosa 1099d9adbf Improve control channel log readability
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
Davide De Rosa ce94a594f9 Bring code/key deserialization into serializer
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
Davide De Rosa 11cb312c02 Move control channel logic to PlainSerializer 2018-09-19 22:04:52 +02:00
Davide De Rosa 3608860b9d Move sessionId and remoteSessionId 2018-09-19 22:04:52 +02:00
Davide De Rosa 1573b2070a Move control queue management
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
Davide De Rosa e6dd4de472 Move control data parsing 2018-09-19 22:04:52 +02:00
Davide De Rosa 19ce7de819 Encapsulate control state into ControlChannel
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
Davide De Rosa d80c0b5460 Move in/out states to a generic struct 2018-09-19 22:04:52 +02:00
Davide De Rosa 2bd9484a43 Move ControlPacket serialization to Obj-C
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.

Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
Davide De Rosa 92dbb57666 Revert CommonPacket name to ControlPacket 2018-09-19 22:04:52 +02:00
Davide De Rosa 915638b163 Log negotiated parms at info level
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
Davide De Rosa 4af0ce8739 Refactor duplicate keep-alive code 2018-09-09 00:52:16 +02:00
Davide De Rosa 3a02557b5e Override keep-alive with pushed interval 2018-09-09 00:52:16 +02:00
Davide De Rosa 01f65b2a7e Always shut down on known tunnel error
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00
Davide De Rosa ecbad85b4a Discard 0 keep-alive interval 2018-09-08 00:06:19 +02:00
Davide De Rosa e5918d1b05 Override framing with pushed if available 2018-09-07 15:11:44 +02:00
Davide De Rosa 55cdd6227c Interpret 0 reneg seconds as never 2018-09-07 14:58:56 +02:00
Davide De Rosa 3543f7aab3 Omit sensitive data from PUSH_REPLY log
Namely auth-token.
2018-09-02 12:48:45 +02:00
Davide De Rosa 81eb18619d Pick cipher from PUSH_REPLY if present 2018-09-02 02:09:20 +02:00
Davide De Rosa 31e694859f Cache aggregated PushReply object
- authToken
- peerId
- cipher

Retain across soft resets.
2018-09-02 02:09:20 +02:00
Davide De Rosa e900454504 Share connection completion code
Across hard and soft reset.
2018-09-02 02:09:20 +02:00
Davide De Rosa c930cda065 Consolidate DataPath with new flow 2018-09-02 02:09:20 +02:00
Davide De Rosa c01ac7e1e3 Postpone keys setup until after PUSH_REPLY
And rename to setupEncryption() for ambiguity with SessionKey.
2018-09-02 02:09:20 +02:00
Davide De Rosa 5bf7813d56 Forward compound SessionReply to delegate
Improves extensibility.
2018-08-30 18:02:12 +02:00
Davide De Rosa 209889b9d2 Make compression framing an enum option
- Disabled: no framing (default)
- CompLZO: NO_COMPRESS
- Compress: NO_COMPRESS_SWAP
2018-08-30 12:43:36 +02:00
Davide De Rosa a4c109a916 Bridge client cert from SessionProxy to TLSBox 2018-08-28 12:55:27 +02:00
Davide De Rosa b7a48d4f4f Support client certificate in TLSBox 2018-08-28 12:55:27 +02:00
Davide De Rosa b172f79719 Re-license with proper per-file notices
Clarify explicitly the author/extent of the fork, with proper
credit to the original project's license and copyright holder.
2018-08-28 12:53:14 +02:00
Davide De Rosa 9f54e624ee Expose LZO framing option 2018-08-24 00:27:45 +02:00
Davide De Rosa fe7a2c6941 Drop a few old commented lines 2018-08-23 18:51:36 +02:00
Davide De Rosa 2459fe1bfd Move a few classes inside SessionProxy
- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey

They only make sense there. Content unchanged.
2018-08-23 18:51:36 +02:00