Commit Graph

219 Commits

Author SHA1 Message Date
Davide De Rosa 7ffbf41b30 Expose internal tag length, 0 if none 2018-11-06 10:31:55 +01:00
Davide De Rosa 2fde43b1fc Keep tag length constants private
Also AD length in AEAD was an unresolved relic.
2018-11-06 10:25:35 +01:00
Davide De Rosa caea6624fc Unmask IPv4 netmask and IPv6 prefix
Masking that is useless and paranoid. May help debugging.
2018-11-05 20:40:12 +01:00
Davide De Rosa e198e80595 Use standard inet_ntop/pton for IPv4 conversion
Swap endianness internally.
2018-11-05 20:21:10 +01:00
Davide De Rosa b32c1848be Unmask harmless destination port 2018-11-05 15:48:34 +01:00
Davide De Rosa 9c989dabf5 Fix IPv4/UInt32 calculations 2018-10-28 00:26:15 +02:00
Davide De Rosa 9e2bdd22ac Pick default values from static constant 2018-10-26 11:07:46 +02:00
Davide De Rosa 84e216f56d Deprecate lastErrorKey, encapsulate access 2018-10-25 22:36:31 +02:00
Davide De Rosa 3cc511822d Deprecate debugLogKey, hardcode filename 2018-10-25 22:36:31 +02:00
Davide De Rosa 8f328709c8 Wrap TKP.Configuration fields in SP.Configuration
Take credentials out of SP.Configuration. Makes sense as they
never appear in e.g. an .ovpn file.
2018-10-25 18:34:03 +02:00
Davide De Rosa e962603098 Allow SP.Configuration customization via builder 2018-10-25 18:34:03 +02:00
Davide De Rosa d6e27938bc Make usesPIAPatches optional
For compatible decoding.
2018-10-25 18:34:03 +02:00
Davide De Rosa 197d29042c Take a cache URL in SessionProxy to store PEMs 2018-10-25 18:34:03 +02:00
Davide De Rosa 3fd0329736 Use CryptoContainer in SessionConfiguration
Instead of paths.
2018-10-25 18:34:02 +02:00
Davide De Rosa ca77858bf0 Move CryptoContainer to Core 2018-10-25 18:34:02 +02:00
Davide De Rosa f1efac073c Export and document log shortcuts in Configuration 2018-10-24 21:06:04 +02:00
Davide De Rosa f5d12300f9 Save debug log to file in app group container
Don't bog UserDefaults. Reuse debugLogKey for the log filename.
2018-10-24 21:06:04 +02:00
Davide De Rosa b35fb34da5 Cap masked hash to 16 hexes 2018-10-24 18:50:36 +02:00
Davide De Rosa ae85337e91 Mask log.debug 2018-10-24 18:47:41 +02:00
Davide De Rosa 033763f372 Mask log.info 2018-10-24 18:47:41 +02:00
Davide De Rosa 25d84f6530 Add internal flag for masking private data
Hardcoded to true. Private data is mostly hostname/IP addresses
and routing information.
2018-10-24 18:23:10 +02:00
Davide De Rosa b1a79d6451 Shut down on server-initiated HARD_RESET
Session is stale and not recoverable (lame duck).
2018-10-24 12:31:37 +02:00
Davide De Rosa 0b79ce4194 Handle server-initiated SOFT_RESET 2018-10-24 12:22:47 +02:00
Davide De Rosa d829247e6e Simplify socket shutdown code
Drop weird (old?) linkFailures check.
2018-10-24 09:42:18 +02:00
Davide De Rosa 91349fd780 Take shouldChangeProtocol out of GenericSocket
Behavior is not exactly similar in UDP and TCP.
2018-10-24 09:42:03 +02:00
Davide De Rosa 8b59fe6f4c Use RawRepresentable where adequate 2018-10-24 09:19:50 +02:00
Davide De Rosa e3a5302e06 Check NULL EKU and simplify OID comparison 2018-10-24 00:43:01 +02:00
Davide De Rosa 3a95568d0b Remove unused code 2018-10-24 00:36:18 +02:00
Davide De Rosa 440a7f7da8 Verify server cert EKU
Fixes #27
2018-10-23 23:46:37 +02:00
Davide De Rosa c32185b524 Review/complete mapping to ProviderError
Errors from TunnelKitNative were not mapped. Also, move TLS CA
verification error to TLSBox domain.
2018-10-23 23:44:25 +02:00
Davide De Rosa f5d9720b01 Halt TLS on internal failure 2018-10-23 23:44:25 +02:00
Davide De Rosa f725779e0e Convert ct pulling to try/catch 2018-10-23 22:47:04 +02:00
Davide De Rosa 1ad4a62593 Report error status to shared defaults
Retain after disposal, unless manually stopped.
2018-10-22 01:04:36 +02:00
Davide De Rosa 7ffb997904 Add defaults key for last error 2018-10-22 01:04:36 +02:00
Davide De Rosa 4bf7f1a1fc Bridge SessionError to public ProviderError 2018-10-22 01:04:36 +02:00
Davide De Rosa 6200a0bc1c Split configuration and session errors 2018-10-22 01:04:36 +02:00
Davide De Rosa f93634bd7a Respect link MTU in TCP
Mitigates #39
2018-10-22 00:56:08 +02:00
Davide De Rosa 26fc12c2ef Add missing fclose() after fopen()
Slip-up from #32
2018-10-21 00:22:36 +02:00
Davide De Rosa fbd3f977d5 Parse static key from file 2018-10-19 17:22:26 +02:00
Davide De Rosa 28d9f3ee68 Add crypt strategy 2018-10-19 17:06:29 +02:00
Davide De Rosa 55e0aa5c5a Implement and test crypt serializer 2018-10-19 17:06:26 +02:00
Davide De Rosa 3ec4a7d292 Implement AES-CTR encryption 2018-10-19 16:56:20 +02:00
Davide De Rosa a430beb35f Improve Swift bridging of CryptoFlags 2018-10-19 16:56:20 +02:00
Davide De Rosa 8ccc4c08a5 Add auth strategy 2018-10-19 16:20:56 +02:00
Davide De Rosa 0fce5abdde Implement auth serializer 2018-10-19 16:20:56 +02:00
Davide De Rosa a974646558 Add macros for replay packet id 2018-10-19 16:12:07 +02:00
Davide De Rosa 66735ec118 Prepare API to enable TLS wrapping
Extensible TLSWrap parameter.
2018-10-19 16:11:35 +02:00
Davide De Rosa 51720c1fbc Split ControlPacket header/content serialization
rawSerializeTo: does not include opcode|session_id.
2018-10-19 16:11:35 +02:00
Davide De Rosa 372fa194a5 Parse indexed keys from StaticKey 2018-10-19 16:11:35 +02:00
Davide De Rosa 5c8c361fce Add StaticKey class for static OpenVPN keys 2018-10-19 16:11:35 +02:00
Davide De Rosa a85c4ea6da Rename packetId flag to more proper IV 2018-10-19 15:55:16 +02:00
Davide De Rosa bff9352c6e Handle encryption/peer-id in a stateless manner
Fixes #30
2018-10-19 15:54:55 +02:00
Davide De Rosa 70b50a7a2e Parse data opcode when decrypting
Assume it could be DATA_V1/V2 regardless of peer-id.
2018-10-19 11:33:12 +02:00
Davide De Rosa 9b785084e2 Customize HARD_RESET payload when PIA-patched 2018-10-18 13:31:11 +02:00
Davide De Rosa eb8a8b38c2 Restore PIA HARD_RESET code 2018-10-18 12:45:32 +02:00
Davide De Rosa 872e20a95a Add function to compute MD5 from certificate 2018-10-18 12:32:22 +02:00
Davide De Rosa 98c5a015f3 Split endpoint and credentials
Basically drop AuthenticatedEndpoint.
2018-10-06 16:22:02 +02:00
Davide De Rosa 40b733db57 Make credentials optional 2018-10-06 16:21:59 +02:00
Davide De Rosa 093774535d Make CA non-optional
Fix up nullability qualifiers in TLSBox.

Fixes #26
2018-10-06 15:53:22 +02:00
Davide De Rosa 09210b727a Use compression framing description 2018-09-28 08:40:14 +02:00
Davide De Rosa 7b96247c72 Fix interpretation of 0 seconds
0 keep-alive = never
0 reneg seconds = never
2018-09-28 08:39:57 +02:00
Davide De Rosa 24dabe2739 Set peer-info version from bundle
Omit build number for now, seems more complex than expected to
accomplish with CocoaPods.
2018-09-24 10:26:43 +02:00
Davide De Rosa d6958ed28d Revert LZO deprecation, still widely used 2018-09-23 14:23:52 +02:00
Davide De Rosa 58726a67d7 Update SwiftyBeaver for MemoryDestination
See for reference:

- https://github.com/pia-foss/tunnel-apple/pull/15
- https://github.com/SwiftyBeaver/SwiftyBeaver/pull/299
2018-09-23 14:14:25 +02:00
Davide De Rosa 668474d75c Indent negotiated parameters in log 2018-09-21 19:53:38 +02:00
Davide De Rosa 44fc38e8ef Rename encryption headers for consistency
The shared prefix makes it easier to associate them with
implementation files.
2018-09-20 09:03:33 +02:00
Davide De Rosa 600c93be55 Drop overheadLength, only used in one place 2018-09-20 09:03:33 +02:00
Davide De Rosa dd02c92aa5 Expose methods for capacity prediction
Encapsulate encrypt/decrypt buffer capacity calculation.
2018-09-20 09:03:33 +02:00
Davide De Rosa f6ee187db7 Use symbolic data header length 2018-09-20 09:03:33 +02:00
Davide De Rosa aa39414a77 Rename packet header to opcode (first byte) 2018-09-20 09:03:31 +02:00
Davide De Rosa fe92fcd91c Remove NSData versions from Encrypter/Decrypter
Move to test target. Conversely, bring ZeroingData.data extension
into main targets.
2018-09-20 09:01:44 +02:00
Davide De Rosa 1099d9adbf Improve control channel log readability
- Use consistent convention in id logging.
- Describe packet codes.
- Encapsulate packet logging.
2018-09-20 09:00:11 +02:00
Davide De Rosa ce94a594f9 Bring code/key deserialization into serializer
Duplicates first byte parsing but makes testing more meaningful,
because there's no need to provide a bogus code/key pair.
2018-09-20 08:59:50 +02:00
Davide De Rosa 11cb312c02 Move control channel logic to PlainSerializer 2018-09-19 22:04:52 +02:00
Davide De Rosa 595cae3563 Add strategy for control channel serialization 2018-09-19 22:04:52 +02:00
Davide De Rosa 3608860b9d Move sessionId and remoteSessionId 2018-09-19 22:04:52 +02:00
Davide De Rosa 1573b2070a Move control queue management
- Out packets
- In packets
- Acks
2018-09-19 22:04:52 +02:00
Davide De Rosa e6dd4de472 Move control data parsing 2018-09-19 22:04:52 +02:00
Davide De Rosa 19ce7de819 Encapsulate control state into ControlChannel
First step: variables + mutating funcs.
2018-09-19 22:04:52 +02:00
Davide De Rosa d80c0b5460 Move in/out states to a generic struct 2018-09-19 22:04:52 +02:00
Davide De Rosa 2bd9484a43 Move ControlPacket serialization to Obj-C
Additionally, make sessionId non-optional in control packets. They
must have it, therefore treat a missing sessionId as a programming
error instead.

Reuse routines for acks to make PacketMacros the only point of
packets serialization.
2018-09-19 22:04:52 +02:00
Davide De Rosa 92dbb57666 Revert CommonPacket name to ControlPacket 2018-09-19 22:04:52 +02:00
Davide De Rosa 856fa9e12e Take PacketStream out and make public
Useful for reuse in TCP streams.
2018-09-19 22:04:52 +02:00
Davide De Rosa cba6f6f959 Clean up some documentation metadata
- Reorder fields in SessionProxy.Configuration*
- Add new classes to .yml
2018-09-19 22:04:52 +02:00
Davide De Rosa 6ffdcec47b Return optional from String/IPv4 conversion 2018-09-19 22:03:46 +02:00
Davide De Rosa da2727b003 Apply both IPv4 and IPv6 settings
Best choice to cope with "hybrid" environments.
2018-09-15 19:42:43 +02:00
Davide De Rosa ac3582c0fa Fix ignored OpenSSL code 2018-09-14 02:04:36 +02:00
Davide De Rosa b9243c9f0b Add some more peer-info
- IV_PLAT
- IV_UI_VER
- IV_SSL
2018-09-12 15:50:36 +02:00
Davide De Rosa 02a20b5308 Indent TunnelKitProvider.Configuration log
Gives more context.
2018-09-12 15:49:41 +02:00
Davide De Rosa 915638b163 Log negotiated parms at info level
Useful when debug disabled.
2018-09-12 15:48:47 +02:00
Davide De Rosa aef7daec51 Fix and clean up redundant nullability specifiers 2018-09-12 15:38:52 +02:00
Davide De Rosa a3fe740ad9 Assert ambiguity about HMAC key length 2018-09-12 15:21:25 +02:00
Davide De Rosa d53e7add10 Allow HMAC verify with nil cipher in CryptoCBC 2018-09-12 15:21:25 +02:00
Davide De Rosa 401d999b3d Expose HMAC digestLength where available 2018-09-12 15:21:25 +02:00
Davide De Rosa 4af0ce8739 Refactor duplicate keep-alive code 2018-09-09 00:52:16 +02:00
Davide De Rosa 3a02557b5e Override keep-alive with pushed interval 2018-09-09 00:52:16 +02:00
Davide De Rosa 4bf02198d1 Parse ping from PUSH_REPLY 2018-09-09 00:52:16 +02:00
Davide De Rosa 66864da51b Default to no keep-alive if unset
For consistency with other optional flags.

Updates #20
2018-09-08 12:56:40 +02:00
Davide De Rosa 01f65b2a7e Always shut down on known tunnel error
Not recoverable by default (e.g algorithm mismatch).
2018-09-08 00:10:35 +02:00
Davide De Rosa 891c72caa1 Rearrange shutdown code rationally 2018-09-08 00:10:35 +02:00