Commit Graph

53 Commits

Author SHA1 Message Date
Davide De Rosa 8f328709c8 Wrap TKP.Configuration fields in SP.Configuration
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
Davide De Rosa d6e27938bc Make usesPIAPatches optional
For compatible decoding.
2018-10-25 18:34:03 +02:00
Davide De Rosa 197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa b1a79d6451 Shut down on server-initiated HARD_RESET
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
Davide De Rosa 0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa c32185b524 Review/complete mapping to ProviderError
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
Davide De Rosa f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa 28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa 66735ec118 Prepare API to enable TLS wrapping
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
Davide De Rosa 9b785084e2 Customize HARD_RESET payload when PIA-patched 2018-10-18 13:31:11 +02:00
Davide De Rosa 98c5a015f3 Split endpoint and credentials
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
Davide De Rosa 09210b727a Use compression framing description 2018-09-28 08:40:14 +02:00
Davide De Rosa 668474d75c Indent negotiated parameters in log 2018-09-21 19:53:38 +02:00
Davide De Rosa 1099d9adbf Improve control channel log readability
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
Davide De Rosa ce94a594f9 Bring code/key deserialization into serializer
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
Davide De Rosa 11cb312c02 Move control channel logic to PlainSerializer 2018-09-19 22:04:52 +02:00
Davide De Rosa 3608860b9d Move sessionId and remoteSessionId 2018-09-19 22:04:52 +02:00
Davide De Rosa 1573b2070a Move control queue management
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
Davide De Rosa e6dd4de472 Move control data parsing 2018-09-19 22:04:52 +02:00
Davide De Rosa 19ce7de819 Encapsulate control state into ControlChannel
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
Davide De Rosa d80c0b5460 Move in/out states to a generic struct 2018-09-19 22:04:52 +02:00
Davide De Rosa 2bd9484a43 Move ControlPacket serialization to Obj-C
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.

Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
Davide De Rosa 92dbb57666 Revert CommonPacket name to ControlPacket 2018-09-19 22:04:52 +02:00
Davide De Rosa 915638b163 Log negotiated parms at info level
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
Davide De Rosa 4af0ce8739 Refactor duplicate keep-alive code 2018-09-09 00:52:16 +02:00
Davide De Rosa 3a02557b5e Override keep-alive with pushed interval 2018-09-09 00:52:16 +02:00
Davide De Rosa 01f65b2a7e Always shut down on known tunnel error
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00
Davide De Rosa ecbad85b4a Discard 0 keep-alive interval 2018-09-08 00:06:19 +02:00
Davide De Rosa e5918d1b05 Override framing with pushed if available 2018-09-07 15:11:44 +02:00
Davide De Rosa 55cdd6227c Interpret 0 reneg seconds as never 2018-09-07 14:58:56 +02:00
Davide De Rosa 3543f7aab3 Omit sensitive data from PUSH_REPLY log
Namely auth-token.
2018-09-02 12:48:45 +02:00
Davide De Rosa 81eb18619d Pick cipher from PUSH_REPLY if present 2018-09-02 02:09:20 +02:00
Davide De Rosa 31e694859f Cache aggregated PushReply object
- authToken
- peerId
- cipher

Retain across soft resets.
2018-09-02 02:09:20 +02:00
Davide De Rosa e900454504 Share connection completion code
Across hard and soft reset.
2018-09-02 02:09:20 +02:00
Davide De Rosa c930cda065 Consolidate DataPath with new flow 2018-09-02 02:09:20 +02:00
Davide De Rosa c01ac7e1e3 Postpone keys setup until after PUSH_REPLY
And rename to setupEncryption() for ambiguity with SessionKey.
2018-09-02 02:09:20 +02:00
Davide De Rosa 5bf7813d56 Forward compound SessionReply to delegate
Improves extensibility.
2018-08-30 18:02:12 +02:00
Davide De Rosa 209889b9d2 Make compression framing an enum option
- Disabled: no framing (default)
- CompLZO: NO_COMPRESS
- Compress: NO_COMPRESS_SWAP
2018-08-30 12:43:36 +02:00
Davide De Rosa a4c109a916 Bridge client cert from SessionProxy to TLSBox 2018-08-28 12:55:27 +02:00
Davide De Rosa b7a48d4f4f Support client certificate in TLSBox 2018-08-28 12:55:27 +02:00
Davide De Rosa b172f79719 Re-license with proper per-file notices
Clarify explicitly the author/extent of the fork, with proper
credit to the original project's license and copyright holder.
2018-08-28 12:53:14 +02:00
Davide De Rosa 9f54e624ee Expose LZO framing option 2018-08-24 00:27:45 +02:00
Davide De Rosa fe7a2c6941 Drop a few old commented lines 2018-08-23 18:51:36 +02:00
Davide De Rosa 2459fe1bfd Move a few classes inside SessionProxy
- Authenticator
- EncryptionBridge (formerly EncryptionProxy)
- PushReply
- SessionKey

They only make sense there. Content unchanged.
2018-08-23 18:51:36 +02:00
Davide De Rosa 6d5e9f68a9 Move cipher/digest enums to Core
Restrict choice to supported OpenSSL algorithms.
2018-08-23 18:51:36 +02:00
Davide De Rosa 8a9e99e6a9 Wrap SessionProxy configuration in a builder 2018-08-23 18:51:36 +02:00
Davide De Rosa 897e824340 Enforce use of non-preset CA certificates 2018-08-23 12:11:55 +02:00