diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-12-22 01:36:33 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-12-22 01:36:42 +0100 |
commit | aede9f6e450d25a0a9cbeeea604e08ba76246869 (patch) | |
tree | bdbb3619adbf0daa6db1d7f31dee5820a4259ac5 /WireGuard/Shared/Model | |
parent | Fixes mock tunnels (diff) | |
download | wireguard-apple-aede9f6e450d25a0a9cbeeea604e08ba76246869.tar.xz wireguard-apple-aede9f6e450d25a0a9cbeeea604e08ba76246869.zip |
Move model helpers to model directory
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'WireGuard/Shared/Model')
4 files changed, 463 insertions, 0 deletions
diff --git a/WireGuard/Shared/Model/LegacyConfigMigration.swift b/WireGuard/Shared/Model/LegacyConfigMigration.swift new file mode 100644 index 0000000..b67301f --- /dev/null +++ b/WireGuard/Shared/Model/LegacyConfigMigration.swift @@ -0,0 +1,193 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import Foundation +import Network +import NetworkExtension + +protocol LegacyModel: Decodable { + associatedtype Model + + var migrated: Model { get } +} + +struct LegacyDNSServer: LegacyModel { + let address: IPAddress + + var migrated: DNSServer { + return DNSServer(address: address) + } + + init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + var data = try container.decode(Data.self) + let ipAddressFromData: IPAddress? = { + switch data.count { + case 4: return IPv4Address(data) + case 16: return IPv6Address(data) + default: return nil + } + }() + guard let ipAddress = ipAddressFromData else { + throw DecodingError.invalidData + } + address = ipAddress + } + + enum DecodingError: Error { + case invalidData + } +} + +extension Array where Element == LegacyDNSServer { + var migrated: [DNSServer] { + return map { $0.migrated } + } +} + +struct LegacyEndpoint: LegacyModel { + let host: Network.NWEndpoint.Host + let port: Network.NWEndpoint.Port + + var migrated: Endpoint { + return Endpoint(host: host, port: port) + } + + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + let endpointString = try container.decode(String.self) + guard !endpointString.isEmpty else { throw DecodingError.invalidData } + let startOfPort: String.Index + let hostString: String + if endpointString.first! == "[" { + // Look for IPv6-style endpoint, like [::1]:80 + let startOfHost = endpointString.index(after: endpointString.startIndex) + guard let endOfHost = endpointString.dropFirst().firstIndex(of: "]") else { throw DecodingError.invalidData } + let afterEndOfHost = endpointString.index(after: endOfHost) + guard endpointString[afterEndOfHost] == ":" else { throw DecodingError.invalidData } + startOfPort = endpointString.index(after: afterEndOfHost) + hostString = String(endpointString[startOfHost ..< endOfHost]) + } else { + // Look for an IPv4-style endpoint, like 127.0.0.1:80 + guard let endOfHost = endpointString.firstIndex(of: ":") else { throw DecodingError.invalidData } + startOfPort = endpointString.index(after: endOfHost) + hostString = String(endpointString[endpointString.startIndex ..< endOfHost]) + } + guard let endpointPort = NWEndpoint.Port(String(endpointString[startOfPort ..< endpointString.endIndex])) else { throw DecodingError.invalidData } + let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in + return !CharacterSet.urlHostAllowed.contains(char) + } + guard invalidCharacterIndex == nil else { throw DecodingError.invalidData } + host = NWEndpoint.Host(hostString) + port = endpointPort + } + + enum DecodingError: Error { + case invalidData + } +} + +struct LegacyInterfaceConfiguration: LegacyModel { + let name: String + let privateKey: Data + let addresses: [LegacyIPAddressRange] + let listenPort: UInt16? + let mtu: UInt16? + let dns: [LegacyDNSServer] + + var migrated: InterfaceConfiguration { + var interface = InterfaceConfiguration(privateKey: privateKey) + interface.addresses = addresses.migrated + interface.listenPort = listenPort + interface.mtu = mtu + interface.dns = dns.migrated + return interface + } +} + +struct LegacyIPAddressRange: LegacyModel { + let address: IPAddress + let networkPrefixLength: UInt8 + + var migrated: IPAddressRange { + return IPAddressRange(address: address, networkPrefixLength: networkPrefixLength) + } + + public init(from decoder: Decoder) throws { + let container = try decoder.singleValueContainer() + var data = try container.decode(Data.self) + networkPrefixLength = data.removeLast() + let ipAddressFromData: IPAddress? = { + switch data.count { + case 4: return IPv4Address(data) + case 16: return IPv6Address(data) + default: return nil + } + }() + guard let ipAddress = ipAddressFromData else { throw DecodingError.invalidData } + address = ipAddress + } + + enum DecodingError: Error { + case invalidData + } +} + +extension Array where Element == LegacyIPAddressRange { + var migrated: [IPAddressRange] { + return map { $0.migrated } + } +} + +struct LegacyPeerConfiguration: LegacyModel { + let publicKey: Data + let preSharedKey: Data? + let allowedIPs: [LegacyIPAddressRange] + let endpoint: LegacyEndpoint? + let persistentKeepAlive: UInt16? + + var migrated: PeerConfiguration { + var configuration = PeerConfiguration(publicKey: publicKey) + configuration.preSharedKey = preSharedKey + configuration.allowedIPs = allowedIPs.migrated + configuration.endpoint = endpoint?.migrated + configuration.persistentKeepAlive = persistentKeepAlive + return configuration + } +} + +extension Array where Element == LegacyPeerConfiguration { + var migrated: [PeerConfiguration] { + return map { $0.migrated } + } +} + +final class LegacyTunnelConfiguration: LegacyModel { + let interface: LegacyInterfaceConfiguration + let peers: [LegacyPeerConfiguration] + + var migrated: TunnelConfiguration { + return TunnelConfiguration(name: interface.name, interface: interface.migrated, peers: peers.migrated) + } +} + +extension NETunnelProviderProtocol { + + @discardableResult + func migrateConfigurationIfNeeded() -> Bool { + guard let configurationVersion = providerConfiguration?["tunnelConfigurationVersion"] as? Int else { return false } + if configurationVersion == 1 { + migrateFromConfigurationV1() + } else { + fatalError("No migration from configuration version \(configurationVersion) exists.") + } + return true + } + + private func migrateFromConfigurationV1() { + guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return } + guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return } + providerConfiguration = [Keys.wgQuickConfig.rawValue: configuration.migrated.asWgQuickConfig()] + } + +} diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift new file mode 100644 index 0000000..98634fd --- /dev/null +++ b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import NetworkExtension + +extension NETunnelProviderProtocol { + + enum Keys: String { + case wgQuickConfig = "WgQuickConfig" + } + + convenience init?(tunnelConfiguration: TunnelConfiguration) { + self.init() + + let appId = Bundle.main.bundleIdentifier! + providerBundleIdentifier = "\(appId).network-extension" + providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfiguration.asWgQuickConfig()] + + let endpoints = tunnelConfiguration.peers.compactMap { $0.endpoint } + if endpoints.count == 1 { + serverAddress = endpoints[0].stringRepresentation + } else if endpoints.isEmpty { + serverAddress = "Unspecified" + } else { + serverAddress = "Multiple endpoints" + } + + //TODO(roopc): Why are we doing this? Just for kicks? Is it useful? Seems needless. + username = tunnelConfiguration.name + } + + func asTunnelConfiguration(called name: String? = nil) -> TunnelConfiguration? { + migrateConfigurationIfNeeded() + guard let serializedConfig = providerConfiguration?[Keys.wgQuickConfig.rawValue] as? String else { return nil } + return try? TunnelConfiguration(fromWgQuickConfig: serializedConfig, called: name) + } + +} diff --git a/WireGuard/Shared/Model/String+ArrayConversion.swift b/WireGuard/Shared/Model/String+ArrayConversion.swift new file mode 100644 index 0000000..6a3e794 --- /dev/null +++ b/WireGuard/Shared/Model/String+ArrayConversion.swift @@ -0,0 +1,32 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import Foundation + +extension String { + + func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { + return split(separator: separator) + .map { + if let charSet = trimmingCharacters { + return $0.trimmingCharacters(in: charSet) + } else { + return String($0) + } + } + } + +} + +extension Optional where Wrapped == String { + + func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { + switch self { + case .none: + return [] + case .some(let wrapped): + return wrapped.splitToArray(separator: separator, trimmingCharacters: trimmingCharacters) + } + } + +} diff --git a/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift b/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift new file mode 100644 index 0000000..94e1079 --- /dev/null +++ b/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift @@ -0,0 +1,200 @@ +// SPDX-License-Identifier: MIT +// Copyright © 2018 WireGuard LLC. All Rights Reserved. + +import Foundation + +extension TunnelConfiguration { + + enum ParserState { + case inInterfaceSection + case inPeerSection + case notInASection + } + + enum ParseError: Error { + case invalidLine(_ line: String.SubSequence) + case noInterface + case invalidInterface + case multipleInterfaces + case multiplePeersWithSamePublicKey + case invalidPeer + } + + //swiftlint:disable:next function_body_length cyclomatic_complexity + convenience init(fromWgQuickConfig wgQuickConfig: String, called name: String? = nil) throws { + var interfaceConfiguration: InterfaceConfiguration? + var peerConfigurations = [PeerConfiguration]() + + let lines = wgQuickConfig.split(separator: "\n") + + var parserState = ParserState.notInASection + var attributes = [String: String]() + + for (lineIndex, line) in lines.enumerated() { + var trimmedLine: String + if let commentRange = line.range(of: "#") { + trimmedLine = String(line[..<commentRange.lowerBound]) + } else { + trimmedLine = String(line) + } + + trimmedLine = trimmedLine.trimmingCharacters(in: .whitespaces) + + guard !trimmedLine.isEmpty else { continue } + let lowercasedLine = line.lowercased() + + if let equalsIndex = line.firstIndex(of: "=") { + // Line contains an attribute + let key = line[..<equalsIndex].trimmingCharacters(in: .whitespaces).lowercased() + let value = line[line.index(equalsIndex, offsetBy: 1)...].trimmingCharacters(in: .whitespaces) + let keysWithMultipleEntriesAllowed: Set<String> = ["address", "allowedips", "dns"] + if let presentValue = attributes[key], keysWithMultipleEntriesAllowed.contains(key) { + attributes[key] = presentValue + "," + value + } else { + attributes[key] = value + } + } else if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" { + throw ParseError.invalidLine(line) + } + + let isLastLine = lineIndex == lines.count - 1 + + if isLastLine || lowercasedLine == "[interface]" || lowercasedLine == "[peer]" { + // Previous section has ended; process the attributes collected so far + if parserState == .inInterfaceSection { + guard let interface = TunnelConfiguration.collate(interfaceAttributes: attributes) else { throw ParseError.invalidInterface } + guard interfaceConfiguration == nil else { throw ParseError.multipleInterfaces } + interfaceConfiguration = interface + } else if parserState == .inPeerSection { + guard let peer = TunnelConfiguration.collate(peerAttributes: attributes) else { throw ParseError.invalidPeer } + peerConfigurations.append(peer) + } + } + + if lowercasedLine == "[interface]" { + parserState = .inInterfaceSection + attributes.removeAll() + } else if lowercasedLine == "[peer]" { + parserState = .inPeerSection + attributes.removeAll() + } + } + + let peerPublicKeysArray = peerConfigurations.map { $0.publicKey } + let peerPublicKeysSet = Set<Data>(peerPublicKeysArray) + if peerPublicKeysArray.count != peerPublicKeysSet.count { + throw ParseError.multiplePeersWithSamePublicKey + } + + if let interfaceConfiguration = interfaceConfiguration { + self.init(name: name, interface: interfaceConfiguration, peers: peerConfigurations) + } else { + throw ParseError.noInterface + } + } + + func asWgQuickConfig() -> String { + var output = "[Interface]\n" + output.append("PrivateKey = \(interface.privateKey.base64EncodedString())\n") + if let listenPort = interface.listenPort { + output.append("ListenPort = \(listenPort)\n") + } + if !interface.addresses.isEmpty { + let addressString = interface.addresses.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("Address = \(addressString)\n") + } + if !interface.dns.isEmpty { + let dnsString = interface.dns.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("DNS = \(dnsString)\n") + } + if let mtu = interface.mtu { + output.append("MTU = \(mtu)\n") + } + + for peer in peers { + output.append("\n[Peer]\n") + output.append("PublicKey = \(peer.publicKey.base64EncodedString())\n") + if let preSharedKey = peer.preSharedKey { + output.append("PresharedKey = \(preSharedKey.base64EncodedString())\n") + } + if !peer.allowedIPs.isEmpty { + let allowedIPsString = peer.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") + output.append("AllowedIPs = \(allowedIPsString)\n") + } + if let endpoint = peer.endpoint { + output.append("Endpoint = \(endpoint.stringRepresentation)\n") + } + if let persistentKeepAlive = peer.persistentKeepAlive { + output.append("PersistentKeepalive = \(persistentKeepAlive)\n") + } + } + + return output + } + + //swiftlint:disable:next cyclomatic_complexity + private static func collate(interfaceAttributes attributes: [String: String]) -> InterfaceConfiguration? { + // required wg fields + guard let privateKeyString = attributes["privatekey"] else { return nil } + guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { return nil } + var interface = InterfaceConfiguration(privateKey: privateKey) + // other wg fields + if let listenPortString = attributes["listenport"] { + guard let listenPort = UInt16(listenPortString) else { return nil } + interface.listenPort = listenPort + } + // wg-quick fields + if let addressesString = attributes["address"] { + var addresses = [IPAddressRange]() + for addressString in addressesString.splitToArray(trimmingCharacters: .whitespaces) { + guard let address = IPAddressRange(from: addressString) else { return nil } + addresses.append(address) + } + interface.addresses = addresses + } + if let dnsString = attributes["dns"] { + var dnsServers = [DNSServer]() + for dnsServerString in dnsString.splitToArray(trimmingCharacters: .whitespaces) { + guard let dnsServer = DNSServer(from: dnsServerString) else { return nil } + dnsServers.append(dnsServer) + } + interface.dns = dnsServers + } + if let mtuString = attributes["mtu"] { + guard let mtu = UInt16(mtuString) else { return nil } + interface.mtu = mtu + } + return interface + } + + //swiftlint:disable:next cyclomatic_complexity + private static func collate(peerAttributes attributes: [String: String]) -> PeerConfiguration? { + // required wg fields + guard let publicKeyString = attributes["publickey"] else { return nil } + guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { return nil } + var peer = PeerConfiguration(publicKey: publicKey) + // wg fields + if let preSharedKeyString = attributes["presharedkey"] { + guard let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else { return nil } + peer.preSharedKey = preSharedKey + } + if let allowedIPsString = attributes["allowedips"] { + var allowedIPs = [IPAddressRange]() + for allowedIPString in allowedIPsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) { + guard let allowedIP = IPAddressRange(from: allowedIPString) else { return nil } + allowedIPs.append(allowedIP) + } + peer.allowedIPs = allowedIPs + } + if let endpointString = attributes["endpoint"] { + guard let endpoint = Endpoint(from: endpointString) else { return nil } + peer.endpoint = endpoint + } + if let persistentKeepAliveString = attributes["persistentkeepalive"] { + guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else { return nil } + peer.persistentKeepAlive = persistentKeepAlive + } + return peer + } + +} |