Commit Graph

38 Commits

Author SHA1 Message Date
Davide De Rosa a430beb35f Improve Swift bridging of CryptoFlags 2018-10-19 16:56:20 +02:00
Davide De Rosa 31babe56f0 Fix tests formerly broken by flags.iv 2018-10-19 16:21:13 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa bff9352c6e Handle encryption/peer-id in a stateless manner
Fixes #30
2018-10-19 15:54:55 +02:00
Davide De Rosa 872e20a95a Add function to compute MD5 from certificate 2018-10-18 12:32:22 +02:00
Davide De Rosa 11e9160acb Bump version again 2018-10-10 22:23:26 +02:00
Davide De Rosa 20d6d6747e Bump version
Take from command line, not file (unused after `1d3071b`).
2018-10-10 18:59:50 +02:00
Davide De Rosa 98c5a015f3 Split endpoint and credentials
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
Davide De Rosa 093774535d Make CA non-optional
Fix up nullability qualifiers in TLSBox.

Fixes #26
2018-10-06 15:53:22 +02:00
Davide De Rosa 657cb566cd Automate version/build numbers 2018-09-24 10:26:43 +02:00
Davide De Rosa cd923ea8c9 Test client/server asymmetrical crypto 2018-09-20 23:20:08 +02:00
Davide De Rosa fe92fcd91c Remove NSData versions from Encrypter/Decrypter
Move to test target. Conversely, bring ZeroingData.data extension
into main targets.
2018-09-20 09:01:44 +02:00
Davide De Rosa 2bd9484a43 Move ControlPacket serialization to Obj-C
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.

Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
Davide De Rosa 856fa9e12e Take PacketStream out and make public
Useful for reuse in TCP streams.
2018-09-19 22:04:52 +02:00
Davide De Rosa 6ffdcec47b Return optional from String/IPv4 conversion 2018-09-19 22:03:46 +02:00
Davide De Rosa d53e7add10 Allow HMAC verify with nil cipher in CryptoCBC 2018-09-12 15:21:25 +02:00
Davide De Rosa 4bf02198d1 Parse ping from PUSH_REPLY 2018-09-09 00:52:16 +02:00
Davide De Rosa 7fe4e2f942 Fix typo in NCP unit test 2018-09-07 15:25:03 +02:00
Davide De Rosa 828d32beb8 Add unit test 2018-09-07 15:14:13 +02:00
Davide De Rosa 14f5a68c12 Move appGroup out of Configuration
Decouple VPN parameters.
2018-09-07 00:25:21 +02:00
Davide De Rosa 43a5972737 Fix cipher regex in PUSH_REPLY
Breaks with NCP enabled when cipher is not last. Trailing comma
was erroneously included in parsed cipher name.

Fixes #11
2018-09-05 03:54:40 +02:00
Davide De Rosa 57b7457ad1 Fix DataPath unit tests 2018-09-02 02:09:20 +02:00
Davide De Rosa cff359fceb Parse pushed cipher if any 2018-09-02 02:09:20 +02:00
Davide De Rosa 373a36b9c1 Parse and apply IPv6 settings when available
IPv4 currently mandatory in PushReply (exception otherwise).
2018-08-31 01:59:08 +02:00
Davide De Rosa ac0e7713d6 Parse IPv6 DNS servers
dhcp-option can be DN6 (older) or DNS (newer).
2018-08-31 01:59:08 +02:00
Davide De Rosa de6b22349e Test IPv4 <-> String conversions 2018-08-31 01:06:38 +02:00
Davide De Rosa b0758412a0 Add PUSH_REPLY unit tests 2018-08-30 18:04:12 +02:00
Davide De Rosa 99068c0a2f Fix unit tests after refactoring 2018-08-30 17:52:54 +02:00
Davide De Rosa dee2956406 Rename Certificate to CryptoContainer
Makes more sense as it holds certs and keys. Can be other formats
than PEM in the future.
2018-08-28 12:55:27 +02:00
Davide De Rosa b172f79719 Re-license with proper per-file notices
Clarify explicitly the author/extent of the fork, with proper
credit to the original project's license and copyright holder.
2018-08-28 12:53:14 +02:00
Davide De Rosa 54cc811e47 Use MTU configuration for the link instead
Raise default link MTU from 1000 to 1250. Keep default for
tunnel MTU.
2018-08-24 12:37:09 +02:00
Davide De Rosa 9f54e624ee Expose LZO framing option 2018-08-24 00:27:45 +02:00
Davide De Rosa 8836d2b175 Deprecate LZO compression framing
Prepend NO_COMPRESS if enabled, omit if not (default).
2018-08-24 00:18:42 +02:00
Davide De Rosa 2459fe1bfd Move a few classes inside SessionProxy
- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey

They only make sense there. Content unchanged.
2018-08-23 18:51:36 +02:00
Davide De Rosa 6d5e9f68a9 Move cipher/digest enums to Core
Restrict choice to supported OpenSSL algorithms.
2018-08-23 18:51:36 +02:00
Davide De Rosa 897e824340 Enforce use of non-preset CA certificates 2018-08-23 12:11:55 +02:00
Davide De Rosa 4d03df7066 Finish up renaming in headers and prefixes 2018-08-23 12:10:56 +02:00
Davide De Rosa fe665e8ad5 Rename library to TunnelKit 2018-08-23 12:10:41 +02:00