Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 296ec5b63e | |||
| 94fa120c73 | |||
| 23618f994f | |||
| ba644415c7 | |||
| 10da5cfdef | |||
| 75b6925deb | |||
| 03a59ff38e | |||
| abf506c1fe | |||
| dfb685f258 |
@@ -72,7 +72,7 @@ extension NETunnelProviderProtocol {
|
||||
#error("Unimplemented")
|
||||
#endif
|
||||
guard passwordReference == nil else { return true }
|
||||
wg_log(.debug, message: "Migrating tunnel configuration '\(name)'")
|
||||
wg_log(.info, message: "Migrating tunnel configuration '\(name)'")
|
||||
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
|
||||
return true
|
||||
}
|
||||
@@ -81,6 +81,27 @@ extension NETunnelProviderProtocol {
|
||||
providerConfiguration = ["UID": getuid()]
|
||||
return true
|
||||
}
|
||||
#elseif os(iOS)
|
||||
if #available(iOS 15, *) {
|
||||
/* Update the stored reference from the old iOS 14 one to the canonical iOS 15 one.
|
||||
* The iOS 14 ones are 96 bits, while the iOS 15 ones are 160 bits. We do this so
|
||||
* that we can have fast set exclusion in deleteReferences safely. */
|
||||
if passwordReference != nil && passwordReference!.count == 12 {
|
||||
var result: CFTypeRef?
|
||||
let ret = SecItemCopyMatching([kSecValuePersistentRef: passwordReference!,
|
||||
kSecReturnPersistentRef: true] as CFDictionary,
|
||||
&result)
|
||||
if ret != errSecSuccess || result == nil {
|
||||
return false
|
||||
}
|
||||
guard let newReference = result as? Data else { return false }
|
||||
if !newReference.elementsEqual(passwordReference!) {
|
||||
wg_log(.info, message: "Migrating iOS 14-style keychain reference to iOS 15-style keychain reference for '\(name)'")
|
||||
passwordReference = newReference
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
VERSION_NAME = 1.0.14
|
||||
VERSION_ID = 25
|
||||
VERSION_NAME = 1.0.15
|
||||
VERSION_ID = 26
|
||||
|
||||
@@ -42,7 +42,7 @@ extension ActivateOnDemandOption {
|
||||
}
|
||||
}
|
||||
tunnelProviderManager.onDemandRules = rules
|
||||
tunnelProviderManager.isOnDemandEnabled = false
|
||||
tunnelProviderManager.isOnDemandEnabled = (rules != nil) && tunnelProviderManager.isOnDemandEnabled
|
||||
}
|
||||
|
||||
init(from tunnelProviderManager: NETunnelProviderManager) {
|
||||
|
||||
@@ -56,19 +56,21 @@ class TunnelsManager {
|
||||
tunnelManager.saveToPreferences { _ in }
|
||||
}
|
||||
#if os(iOS)
|
||||
let verify = true
|
||||
let passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||
#elseif os(macOS)
|
||||
let verify = proto.providerConfiguration?["UID"] as? uid_t == getuid()
|
||||
let passwordRef: Data?
|
||||
if proto.providerConfiguration?["UID"] as? uid_t == getuid() {
|
||||
passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||
} else {
|
||||
passwordRef = proto.passwordReference // To handle multiple users in macOS, we skip verifying
|
||||
}
|
||||
#else
|
||||
#error("Unimplemented")
|
||||
#endif
|
||||
if verify && !proto.verifyConfigurationReference() {
|
||||
wg_log(.error, message: "Unable to verify keychain entry of tunnel: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
}
|
||||
if let ref = proto.passwordReference {
|
||||
if let ref = passwordRef {
|
||||
refs.insert(ref)
|
||||
} else {
|
||||
wg_log(.error, message: "Removing orphaned tunnel with missing keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||
tunnelManager.removeFromPreferences { _ in }
|
||||
tunnelManagers.remove(at: index)
|
||||
}
|
||||
@@ -204,7 +206,10 @@ class TunnelsManager {
|
||||
}
|
||||
}
|
||||
|
||||
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration, onDemandOption: ActivateOnDemandOption, completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
||||
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration,
|
||||
onDemandOption: ActivateOnDemandOption,
|
||||
shouldEnsureOnDemandEnabled: Bool = false,
|
||||
completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
||||
let tunnelName = tunnelConfiguration.name ?? ""
|
||||
if tunnelName.isEmpty {
|
||||
completionHandler(TunnelsManagerError.tunnelNameEmpty)
|
||||
@@ -212,6 +217,20 @@ class TunnelsManager {
|
||||
}
|
||||
|
||||
let tunnelProviderManager = tunnel.tunnelProvider
|
||||
|
||||
let isIntroducingOnDemandRules = (tunnelProviderManager.onDemandRules ?? []).isEmpty && onDemandOption != .off
|
||||
if isIntroducingOnDemandRules && tunnel.status != .inactive && tunnel.status != .deactivating {
|
||||
tunnel.onDeactivated = { [weak self] in
|
||||
self?.modify(tunnel: tunnel, tunnelConfiguration: tunnelConfiguration,
|
||||
onDemandOption: onDemandOption, shouldEnsureOnDemandEnabled: true,
|
||||
completionHandler: completionHandler)
|
||||
}
|
||||
self.startDeactivation(of: tunnel)
|
||||
return
|
||||
} else {
|
||||
tunnel.onDeactivated = nil
|
||||
}
|
||||
|
||||
let oldName = tunnelProviderManager.localizedDescription ?? ""
|
||||
let isNameChanged = tunnelName != oldName
|
||||
if isNameChanged {
|
||||
@@ -229,8 +248,11 @@ class TunnelsManager {
|
||||
}
|
||||
tunnelProviderManager.isEnabled = true
|
||||
|
||||
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && onDemandOption != .off
|
||||
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && shouldEnsureOnDemandEnabled
|
||||
onDemandOption.apply(on: tunnelProviderManager)
|
||||
if shouldEnsureOnDemandEnabled {
|
||||
tunnelProviderManager.isOnDemandEnabled = true
|
||||
}
|
||||
|
||||
tunnelProviderManager.saveToPreferences { [weak self] error in
|
||||
if let error = error {
|
||||
@@ -497,6 +519,11 @@ class TunnelsManager {
|
||||
}
|
||||
}
|
||||
|
||||
if session.status == .disconnected {
|
||||
tunnel.onDeactivated?()
|
||||
tunnel.onDeactivated = nil
|
||||
}
|
||||
|
||||
if tunnel.status == .restarting && session.status == .disconnected {
|
||||
tunnel.startActivation(activationDelegate: self.activationDelegate)
|
||||
return
|
||||
@@ -567,6 +594,7 @@ class TunnelContainer: NSObject {
|
||||
var activationAttemptId: String?
|
||||
var activationTimer: Timer?
|
||||
var deactivationTimer: Timer?
|
||||
var onDeactivated: (() -> Void)?
|
||||
|
||||
fileprivate var tunnelProvider: NETunnelProviderManager {
|
||||
didSet {
|
||||
|
||||
@@ -159,10 +159,6 @@ class TunnelListCell: UITableViewCell {
|
||||
statusSwitch.isUserInteractionEnabled = (status == .inactive || status == .active)
|
||||
}
|
||||
|
||||
if tunnel.tunnelConfiguration == nil {
|
||||
statusSwitch.isUserInteractionEnabled = false
|
||||
backgroundColor = .systemPink
|
||||
}
|
||||
}
|
||||
|
||||
private func reset(animated: Bool) {
|
||||
|
||||
@@ -344,7 +344,6 @@ extension TunnelsListTableViewController: UITableViewDelegate {
|
||||
}
|
||||
guard let tunnelsManager = tunnelsManager else { return }
|
||||
let tunnel = tunnelsManager.tunnel(at: indexPath.row)
|
||||
guard tunnel.tunnelConfiguration != nil else { return }
|
||||
showTunnelDetail(for: tunnel, animated: true)
|
||||
}
|
||||
|
||||
|
||||
@@ -14,6 +14,6 @@ class LaunchedAtLoginDetector {
|
||||
let then = data.withUnsafeBytes { ptr in
|
||||
ptr.load(as: UInt64.self)
|
||||
}
|
||||
return now - then <= 5000000000
|
||||
return now - then <= 20000000000
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,8 +7,32 @@ import Foundation
|
||||
import WireGuardKitC
|
||||
#endif
|
||||
|
||||
/// The class describing a private key used by WireGuard.
|
||||
public class PrivateKey: BaseKey {
|
||||
/// Umbrella protocol for all kinds of keys.
|
||||
public protocol WireGuardKey: RawRepresentable, Hashable, Codable where RawValue == Data {}
|
||||
|
||||
/// Class describing a private key used by WireGuard.
|
||||
public final class PrivateKey: WireGuardKey {
|
||||
public let rawValue: Data
|
||||
|
||||
/// Initialize the key with existing raw representation
|
||||
public init?(rawValue: Data) {
|
||||
if rawValue.count == WG_KEY_LEN {
|
||||
self.rawValue = rawValue
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
/// Initialize new private key
|
||||
convenience public init() {
|
||||
var privateKeyData = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||
privateKeyData.withUnsafeMutableBytes { (rawBufferPointer: UnsafeMutableRawBufferPointer) in
|
||||
let privateKeyBytes = rawBufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self)
|
||||
curve25519_generate_private_key(privateKeyBytes)
|
||||
}
|
||||
self.init(rawValue: privateKeyData)!
|
||||
}
|
||||
|
||||
/// Derived public key
|
||||
public var publicKey: PublicKey {
|
||||
return rawValue.withUnsafeBytes { (privateKeyBufferPointer: UnsafeRawBufferPointer) -> PublicKey in
|
||||
@@ -23,29 +47,38 @@ public class PrivateKey: BaseKey {
|
||||
return PublicKey(rawValue: publicKeyData)!
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// Initialize new private key
|
||||
convenience public init() {
|
||||
var privateKeyData = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||
privateKeyData.withUnsafeMutableBytes { (rawBufferPointer: UnsafeMutableRawBufferPointer) in
|
||||
let privateKeyBytes = rawBufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self)
|
||||
curve25519_generate_private_key(privateKeyBytes)
|
||||
/// Class describing a public key used by WireGuard.
|
||||
public final class PublicKey: WireGuardKey {
|
||||
public let rawValue: Data
|
||||
|
||||
/// Initialize the key with existing raw representation
|
||||
public init?(rawValue: Data) {
|
||||
if rawValue.count == WG_KEY_LEN {
|
||||
self.rawValue = rawValue
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
self.init(rawValue: privateKeyData)!
|
||||
}
|
||||
}
|
||||
|
||||
/// The class describing a public key used by WireGuard.
|
||||
public class PublicKey: BaseKey {}
|
||||
|
||||
/// The class describing a pre-shared key used by WireGuard.
|
||||
public class PreSharedKey: BaseKey {}
|
||||
|
||||
/// The base key implementation. Should not be used directly.
|
||||
public class BaseKey: RawRepresentable, Equatable, Hashable {
|
||||
/// Raw key representation
|
||||
/// Class describing a pre-shared key used by WireGuard.
|
||||
public final class PreSharedKey: WireGuardKey {
|
||||
public let rawValue: Data
|
||||
|
||||
/// Initialize the key with existing raw representation
|
||||
public init?(rawValue: Data) {
|
||||
if rawValue.count == WG_KEY_LEN {
|
||||
self.rawValue = rawValue
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Default implementation
|
||||
extension WireGuardKey {
|
||||
/// Hex encoded representation
|
||||
public var hexKey: String {
|
||||
return rawValue.withUnsafeBytes { (rawBufferPointer: UnsafeRawBufferPointer) -> String in
|
||||
@@ -66,17 +99,8 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
||||
}
|
||||
}
|
||||
|
||||
/// Initialize the key with existing raw representation
|
||||
required public init?(rawValue: Data) {
|
||||
if rawValue.count == WG_KEY_LEN {
|
||||
self.rawValue = rawValue
|
||||
} else {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
/// Initialize the key with hex representation
|
||||
public convenience init?(hexKey: String) {
|
||||
public init?(hexKey: String) {
|
||||
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
||||
return key_from_hex(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), hexKey)
|
||||
@@ -89,7 +113,7 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
||||
}
|
||||
|
||||
/// Initialize the key with base64 representation
|
||||
public convenience init?(base64Key: String) {
|
||||
public init?(base64Key: String) {
|
||||
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
||||
return key_from_base64(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), base64Key)
|
||||
@@ -101,7 +125,31 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
||||
}
|
||||
}
|
||||
|
||||
public static func == (lhs: BaseKey, rhs: BaseKey) -> Bool {
|
||||
// MARK: - Codable
|
||||
|
||||
public init(from decoder: Decoder) throws {
|
||||
let container = try decoder.singleValueContainer()
|
||||
let data = try container.decode(Data.self)
|
||||
|
||||
if let instance = Self.init(rawValue: data) {
|
||||
self = instance
|
||||
} else {
|
||||
throw DecodingError.dataCorruptedError(
|
||||
in: container,
|
||||
debugDescription: "Corrupt key data."
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
public func encode(to encoder: Encoder) throws {
|
||||
var container = encoder.singleValueContainer()
|
||||
|
||||
try container.encode(rawValue)
|
||||
}
|
||||
|
||||
// MARK: - Equatable
|
||||
|
||||
public static func == (lhs: Self, rhs: Self) -> Bool {
|
||||
return lhs.rawValue.withUnsafeBytes { (lhsBytes: UnsafeRawBufferPointer) -> Bool in
|
||||
return rhs.rawValue.withUnsafeBytes { (rhsBytes: UnsafeRawBufferPointer) -> Bool in
|
||||
return key_eq(
|
||||
|
||||
Reference in New Issue
Block a user