Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 296ec5b63e | |||
| 94fa120c73 | |||
| 23618f994f | |||
| ba644415c7 | |||
| 10da5cfdef | |||
| 75b6925deb | |||
| 03a59ff38e | |||
| abf506c1fe | |||
| dfb685f258 |
@@ -72,7 +72,7 @@ extension NETunnelProviderProtocol {
|
|||||||
#error("Unimplemented")
|
#error("Unimplemented")
|
||||||
#endif
|
#endif
|
||||||
guard passwordReference == nil else { return true }
|
guard passwordReference == nil else { return true }
|
||||||
wg_log(.debug, message: "Migrating tunnel configuration '\(name)'")
|
wg_log(.info, message: "Migrating tunnel configuration '\(name)'")
|
||||||
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
|
passwordReference = Keychain.makeReference(containing: oldConfig, called: name)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
@@ -81,6 +81,27 @@ extension NETunnelProviderProtocol {
|
|||||||
providerConfiguration = ["UID": getuid()]
|
providerConfiguration = ["UID": getuid()]
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
#elseif os(iOS)
|
||||||
|
if #available(iOS 15, *) {
|
||||||
|
/* Update the stored reference from the old iOS 14 one to the canonical iOS 15 one.
|
||||||
|
* The iOS 14 ones are 96 bits, while the iOS 15 ones are 160 bits. We do this so
|
||||||
|
* that we can have fast set exclusion in deleteReferences safely. */
|
||||||
|
if passwordReference != nil && passwordReference!.count == 12 {
|
||||||
|
var result: CFTypeRef?
|
||||||
|
let ret = SecItemCopyMatching([kSecValuePersistentRef: passwordReference!,
|
||||||
|
kSecReturnPersistentRef: true] as CFDictionary,
|
||||||
|
&result)
|
||||||
|
if ret != errSecSuccess || result == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
guard let newReference = result as? Data else { return false }
|
||||||
|
if !newReference.elementsEqual(passwordReference!) {
|
||||||
|
wg_log(.info, message: "Migrating iOS 14-style keychain reference to iOS 15-style keychain reference for '\(name)'")
|
||||||
|
passwordReference = newReference
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,2 +1,2 @@
|
|||||||
VERSION_NAME = 1.0.14
|
VERSION_NAME = 1.0.15
|
||||||
VERSION_ID = 25
|
VERSION_ID = 26
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ extension ActivateOnDemandOption {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
tunnelProviderManager.onDemandRules = rules
|
tunnelProviderManager.onDemandRules = rules
|
||||||
tunnelProviderManager.isOnDemandEnabled = false
|
tunnelProviderManager.isOnDemandEnabled = (rules != nil) && tunnelProviderManager.isOnDemandEnabled
|
||||||
}
|
}
|
||||||
|
|
||||||
init(from tunnelProviderManager: NETunnelProviderManager) {
|
init(from tunnelProviderManager: NETunnelProviderManager) {
|
||||||
|
|||||||
@@ -56,19 +56,21 @@ class TunnelsManager {
|
|||||||
tunnelManager.saveToPreferences { _ in }
|
tunnelManager.saveToPreferences { _ in }
|
||||||
}
|
}
|
||||||
#if os(iOS)
|
#if os(iOS)
|
||||||
let verify = true
|
let passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||||
#elseif os(macOS)
|
#elseif os(macOS)
|
||||||
let verify = proto.providerConfiguration?["UID"] as? uid_t == getuid()
|
let passwordRef: Data?
|
||||||
|
if proto.providerConfiguration?["UID"] as? uid_t == getuid() {
|
||||||
|
passwordRef = proto.verifyConfigurationReference() ? proto.passwordReference : nil
|
||||||
|
} else {
|
||||||
|
passwordRef = proto.passwordReference // To handle multiple users in macOS, we skip verifying
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
#error("Unimplemented")
|
#error("Unimplemented")
|
||||||
#endif
|
#endif
|
||||||
if verify && !proto.verifyConfigurationReference() {
|
if let ref = passwordRef {
|
||||||
wg_log(.error, message: "Unable to verify keychain entry of tunnel: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
|
||||||
}
|
|
||||||
if let ref = proto.passwordReference {
|
|
||||||
refs.insert(ref)
|
refs.insert(ref)
|
||||||
} else {
|
} else {
|
||||||
wg_log(.error, message: "Removing orphaned tunnel with missing keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
|
||||||
tunnelManager.removeFromPreferences { _ in }
|
tunnelManager.removeFromPreferences { _ in }
|
||||||
tunnelManagers.remove(at: index)
|
tunnelManagers.remove(at: index)
|
||||||
}
|
}
|
||||||
@@ -204,7 +206,10 @@ class TunnelsManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration, onDemandOption: ActivateOnDemandOption, completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
func modify(tunnel: TunnelContainer, tunnelConfiguration: TunnelConfiguration,
|
||||||
|
onDemandOption: ActivateOnDemandOption,
|
||||||
|
shouldEnsureOnDemandEnabled: Bool = false,
|
||||||
|
completionHandler: @escaping (TunnelsManagerError?) -> Void) {
|
||||||
let tunnelName = tunnelConfiguration.name ?? ""
|
let tunnelName = tunnelConfiguration.name ?? ""
|
||||||
if tunnelName.isEmpty {
|
if tunnelName.isEmpty {
|
||||||
completionHandler(TunnelsManagerError.tunnelNameEmpty)
|
completionHandler(TunnelsManagerError.tunnelNameEmpty)
|
||||||
@@ -212,6 +217,20 @@ class TunnelsManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
let tunnelProviderManager = tunnel.tunnelProvider
|
let tunnelProviderManager = tunnel.tunnelProvider
|
||||||
|
|
||||||
|
let isIntroducingOnDemandRules = (tunnelProviderManager.onDemandRules ?? []).isEmpty && onDemandOption != .off
|
||||||
|
if isIntroducingOnDemandRules && tunnel.status != .inactive && tunnel.status != .deactivating {
|
||||||
|
tunnel.onDeactivated = { [weak self] in
|
||||||
|
self?.modify(tunnel: tunnel, tunnelConfiguration: tunnelConfiguration,
|
||||||
|
onDemandOption: onDemandOption, shouldEnsureOnDemandEnabled: true,
|
||||||
|
completionHandler: completionHandler)
|
||||||
|
}
|
||||||
|
self.startDeactivation(of: tunnel)
|
||||||
|
return
|
||||||
|
} else {
|
||||||
|
tunnel.onDeactivated = nil
|
||||||
|
}
|
||||||
|
|
||||||
let oldName = tunnelProviderManager.localizedDescription ?? ""
|
let oldName = tunnelProviderManager.localizedDescription ?? ""
|
||||||
let isNameChanged = tunnelName != oldName
|
let isNameChanged = tunnelName != oldName
|
||||||
if isNameChanged {
|
if isNameChanged {
|
||||||
@@ -229,8 +248,11 @@ class TunnelsManager {
|
|||||||
}
|
}
|
||||||
tunnelProviderManager.isEnabled = true
|
tunnelProviderManager.isEnabled = true
|
||||||
|
|
||||||
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && onDemandOption != .off
|
let isActivatingOnDemand = !tunnelProviderManager.isOnDemandEnabled && shouldEnsureOnDemandEnabled
|
||||||
onDemandOption.apply(on: tunnelProviderManager)
|
onDemandOption.apply(on: tunnelProviderManager)
|
||||||
|
if shouldEnsureOnDemandEnabled {
|
||||||
|
tunnelProviderManager.isOnDemandEnabled = true
|
||||||
|
}
|
||||||
|
|
||||||
tunnelProviderManager.saveToPreferences { [weak self] error in
|
tunnelProviderManager.saveToPreferences { [weak self] error in
|
||||||
if let error = error {
|
if let error = error {
|
||||||
@@ -497,6 +519,11 @@ class TunnelsManager {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if session.status == .disconnected {
|
||||||
|
tunnel.onDeactivated?()
|
||||||
|
tunnel.onDeactivated = nil
|
||||||
|
}
|
||||||
|
|
||||||
if tunnel.status == .restarting && session.status == .disconnected {
|
if tunnel.status == .restarting && session.status == .disconnected {
|
||||||
tunnel.startActivation(activationDelegate: self.activationDelegate)
|
tunnel.startActivation(activationDelegate: self.activationDelegate)
|
||||||
return
|
return
|
||||||
@@ -567,6 +594,7 @@ class TunnelContainer: NSObject {
|
|||||||
var activationAttemptId: String?
|
var activationAttemptId: String?
|
||||||
var activationTimer: Timer?
|
var activationTimer: Timer?
|
||||||
var deactivationTimer: Timer?
|
var deactivationTimer: Timer?
|
||||||
|
var onDeactivated: (() -> Void)?
|
||||||
|
|
||||||
fileprivate var tunnelProvider: NETunnelProviderManager {
|
fileprivate var tunnelProvider: NETunnelProviderManager {
|
||||||
didSet {
|
didSet {
|
||||||
|
|||||||
@@ -159,10 +159,6 @@ class TunnelListCell: UITableViewCell {
|
|||||||
statusSwitch.isUserInteractionEnabled = (status == .inactive || status == .active)
|
statusSwitch.isUserInteractionEnabled = (status == .inactive || status == .active)
|
||||||
}
|
}
|
||||||
|
|
||||||
if tunnel.tunnelConfiguration == nil {
|
|
||||||
statusSwitch.isUserInteractionEnabled = false
|
|
||||||
backgroundColor = .systemPink
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private func reset(animated: Bool) {
|
private func reset(animated: Bool) {
|
||||||
|
|||||||
@@ -344,7 +344,6 @@ extension TunnelsListTableViewController: UITableViewDelegate {
|
|||||||
}
|
}
|
||||||
guard let tunnelsManager = tunnelsManager else { return }
|
guard let tunnelsManager = tunnelsManager else { return }
|
||||||
let tunnel = tunnelsManager.tunnel(at: indexPath.row)
|
let tunnel = tunnelsManager.tunnel(at: indexPath.row)
|
||||||
guard tunnel.tunnelConfiguration != nil else { return }
|
|
||||||
showTunnelDetail(for: tunnel, animated: true)
|
showTunnelDetail(for: tunnel, animated: true)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -14,6 +14,6 @@ class LaunchedAtLoginDetector {
|
|||||||
let then = data.withUnsafeBytes { ptr in
|
let then = data.withUnsafeBytes { ptr in
|
||||||
ptr.load(as: UInt64.self)
|
ptr.load(as: UInt64.self)
|
||||||
}
|
}
|
||||||
return now - then <= 5000000000
|
return now - then <= 20000000000
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -7,8 +7,32 @@ import Foundation
|
|||||||
import WireGuardKitC
|
import WireGuardKitC
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/// The class describing a private key used by WireGuard.
|
/// Umbrella protocol for all kinds of keys.
|
||||||
public class PrivateKey: BaseKey {
|
public protocol WireGuardKey: RawRepresentable, Hashable, Codable where RawValue == Data {}
|
||||||
|
|
||||||
|
/// Class describing a private key used by WireGuard.
|
||||||
|
public final class PrivateKey: WireGuardKey {
|
||||||
|
public let rawValue: Data
|
||||||
|
|
||||||
|
/// Initialize the key with existing raw representation
|
||||||
|
public init?(rawValue: Data) {
|
||||||
|
if rawValue.count == WG_KEY_LEN {
|
||||||
|
self.rawValue = rawValue
|
||||||
|
} else {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Initialize new private key
|
||||||
|
convenience public init() {
|
||||||
|
var privateKeyData = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||||
|
privateKeyData.withUnsafeMutableBytes { (rawBufferPointer: UnsafeMutableRawBufferPointer) in
|
||||||
|
let privateKeyBytes = rawBufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self)
|
||||||
|
curve25519_generate_private_key(privateKeyBytes)
|
||||||
|
}
|
||||||
|
self.init(rawValue: privateKeyData)!
|
||||||
|
}
|
||||||
|
|
||||||
/// Derived public key
|
/// Derived public key
|
||||||
public var publicKey: PublicKey {
|
public var publicKey: PublicKey {
|
||||||
return rawValue.withUnsafeBytes { (privateKeyBufferPointer: UnsafeRawBufferPointer) -> PublicKey in
|
return rawValue.withUnsafeBytes { (privateKeyBufferPointer: UnsafeRawBufferPointer) -> PublicKey in
|
||||||
@@ -23,29 +47,38 @@ public class PrivateKey: BaseKey {
|
|||||||
return PublicKey(rawValue: publicKeyData)!
|
return PublicKey(rawValue: publicKeyData)!
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// Initialize new private key
|
/// Class describing a public key used by WireGuard.
|
||||||
convenience public init() {
|
public final class PublicKey: WireGuardKey {
|
||||||
var privateKeyData = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
public let rawValue: Data
|
||||||
privateKeyData.withUnsafeMutableBytes { (rawBufferPointer: UnsafeMutableRawBufferPointer) in
|
|
||||||
let privateKeyBytes = rawBufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self)
|
/// Initialize the key with existing raw representation
|
||||||
curve25519_generate_private_key(privateKeyBytes)
|
public init?(rawValue: Data) {
|
||||||
|
if rawValue.count == WG_KEY_LEN {
|
||||||
|
self.rawValue = rawValue
|
||||||
|
} else {
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
self.init(rawValue: privateKeyData)!
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The class describing a public key used by WireGuard.
|
/// Class describing a pre-shared key used by WireGuard.
|
||||||
public class PublicKey: BaseKey {}
|
public final class PreSharedKey: WireGuardKey {
|
||||||
|
|
||||||
/// The class describing a pre-shared key used by WireGuard.
|
|
||||||
public class PreSharedKey: BaseKey {}
|
|
||||||
|
|
||||||
/// The base key implementation. Should not be used directly.
|
|
||||||
public class BaseKey: RawRepresentable, Equatable, Hashable {
|
|
||||||
/// Raw key representation
|
|
||||||
public let rawValue: Data
|
public let rawValue: Data
|
||||||
|
|
||||||
|
/// Initialize the key with existing raw representation
|
||||||
|
public init?(rawValue: Data) {
|
||||||
|
if rawValue.count == WG_KEY_LEN {
|
||||||
|
self.rawValue = rawValue
|
||||||
|
} else {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Default implementation
|
||||||
|
extension WireGuardKey {
|
||||||
/// Hex encoded representation
|
/// Hex encoded representation
|
||||||
public var hexKey: String {
|
public var hexKey: String {
|
||||||
return rawValue.withUnsafeBytes { (rawBufferPointer: UnsafeRawBufferPointer) -> String in
|
return rawValue.withUnsafeBytes { (rawBufferPointer: UnsafeRawBufferPointer) -> String in
|
||||||
@@ -66,17 +99,8 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Initialize the key with existing raw representation
|
|
||||||
required public init?(rawValue: Data) {
|
|
||||||
if rawValue.count == WG_KEY_LEN {
|
|
||||||
self.rawValue = rawValue
|
|
||||||
} else {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Initialize the key with hex representation
|
/// Initialize the key with hex representation
|
||||||
public convenience init?(hexKey: String) {
|
public init?(hexKey: String) {
|
||||||
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||||
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
||||||
return key_from_hex(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), hexKey)
|
return key_from_hex(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), hexKey)
|
||||||
@@ -89,7 +113,7 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Initialize the key with base64 representation
|
/// Initialize the key with base64 representation
|
||||||
public convenience init?(base64Key: String) {
|
public init?(base64Key: String) {
|
||||||
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
var bytes = Data(repeating: 0, count: Int(WG_KEY_LEN))
|
||||||
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
let success = bytes.withUnsafeMutableBytes { (bufferPointer: UnsafeMutableRawBufferPointer) -> Bool in
|
||||||
return key_from_base64(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), base64Key)
|
return key_from_base64(bufferPointer.baseAddress!.assumingMemoryBound(to: UInt8.self), base64Key)
|
||||||
@@ -101,7 +125,31 @@ public class BaseKey: RawRepresentable, Equatable, Hashable {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static func == (lhs: BaseKey, rhs: BaseKey) -> Bool {
|
// MARK: - Codable
|
||||||
|
|
||||||
|
public init(from decoder: Decoder) throws {
|
||||||
|
let container = try decoder.singleValueContainer()
|
||||||
|
let data = try container.decode(Data.self)
|
||||||
|
|
||||||
|
if let instance = Self.init(rawValue: data) {
|
||||||
|
self = instance
|
||||||
|
} else {
|
||||||
|
throw DecodingError.dataCorruptedError(
|
||||||
|
in: container,
|
||||||
|
debugDescription: "Corrupt key data."
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public func encode(to encoder: Encoder) throws {
|
||||||
|
var container = encoder.singleValueContainer()
|
||||||
|
|
||||||
|
try container.encode(rawValue)
|
||||||
|
}
|
||||||
|
|
||||||
|
// MARK: - Equatable
|
||||||
|
|
||||||
|
public static func == (lhs: Self, rhs: Self) -> Bool {
|
||||||
return lhs.rawValue.withUnsafeBytes { (lhsBytes: UnsafeRawBufferPointer) -> Bool in
|
return lhs.rawValue.withUnsafeBytes { (lhsBytes: UnsafeRawBufferPointer) -> Bool in
|
||||||
return rhs.rawValue.withUnsafeBytes { (rhsBytes: UnsafeRawBufferPointer) -> Bool in
|
return rhs.rawValue.withUnsafeBytes { (rhsBytes: UnsafeRawBufferPointer) -> Bool in
|
||||||
return key_eq(
|
return key_eq(
|
||||||
|
|||||||
Reference in New Issue
Block a user