aboutsummaryrefslogtreecommitdiffstats
path: root/WireGuard/Shared
diff options
context:
space:
mode:
authorEric Kuck <eric@bluelinelabs.com>2018-12-21 15:16:09 -0600
committerEric Kuck <eric@bluelinelabs.com>2018-12-21 16:32:08 -0600
commit1fecd8eb6c5c2327d4bfd5044876be12876fc7e5 (patch)
tree45c7f4c552eb01bd15c54e58615c9122acc99e83 /WireGuard/Shared
parentDo not require NetworkExtension to know its own name (diff)
downloadwireguard-apple-1fecd8eb6c5c2327d4bfd5044876be12876fc7e5.tar.xz
wireguard-apple-1fecd8eb6c5c2327d4bfd5044876be12876fc7e5.zip
providerConfiguration is now a WgQuickConfig
Signed-off-by: Eric Kuck <eric@bluelinelabs.com>
Diffstat (limited to 'WireGuard/Shared')
-rw-r--r--WireGuard/Shared/LegacyConfigMigration.swift7
-rw-r--r--WireGuard/Shared/Model/DNSServer.swift24
-rw-r--r--WireGuard/Shared/Model/Endpoint.swift20
-rw-r--r--WireGuard/Shared/Model/IPAddressRange.swift19
-rw-r--r--WireGuard/Shared/Model/InterfaceConfiguration.swift42
-rw-r--r--WireGuard/Shared/Model/PeerConfiguration.swift39
-rw-r--r--WireGuard/Shared/Model/TunnelConfiguration.swift20
-rw-r--r--WireGuard/Shared/NETunnelProviderProtocol+Extension.swift40
-rw-r--r--WireGuard/Shared/String+ArrayConversion.swift32
-rw-r--r--WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift200
10 files changed, 248 insertions, 195 deletions
diff --git a/WireGuard/Shared/LegacyConfigMigration.swift b/WireGuard/Shared/LegacyConfigMigration.swift
index bd22ca48..e7588a28 100644
--- a/WireGuard/Shared/LegacyConfigMigration.swift
+++ b/WireGuard/Shared/LegacyConfigMigration.swift
@@ -186,11 +186,8 @@ extension NETunnelProviderProtocol {
private func migrateFromConfigurationV1() {
guard let serializedTunnelConfiguration = providerConfiguration?["tunnelConfiguration"] as? Data else { return }
- guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return }
- guard let tunnelConfigData = try? JSONEncoder().encode(configuration.migrated) else { return }
- guard let tunnelConfigDictionary = try? JSONSerialization.jsonObject(with: tunnelConfigData, options: .allowFragments) else { return }
-
- providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfigDictionary]
+ guard let configuration = try? JSONDecoder().decode(LegacyTunnelConfiguration.self, from: serializedTunnelConfiguration) else { return }
+ providerConfiguration = [Keys.wgQuickConfig.rawValue: configuration.migrated.asWgQuickConfig()]
}
}
diff --git a/WireGuard/Shared/Model/DNSServer.swift b/WireGuard/Shared/Model/DNSServer.swift
index 8703fbba..9078b598 100644
--- a/WireGuard/Shared/Model/DNSServer.swift
+++ b/WireGuard/Shared/Model/DNSServer.swift
@@ -12,30 +12,6 @@ struct DNSServer {
}
}
-extension DNSServer: Codable {
- public func encode(to encoder: Encoder) throws {
- var container = encoder.singleValueContainer()
- try container.encode(stringRepresentation)
- }
-
- public init(from decoder: Decoder) throws {
- let values = try decoder.singleValueContainer()
- let addressString = try values.decode(String.self)
-
- if let address = IPv4Address(addressString) {
- self.address = address
- } else if let address = IPv6Address(addressString) {
- self.address = address
- } else {
- throw DecodingError.invalidData
- }
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
-
extension DNSServer {
var stringRepresentation: String {
return "\(address)"
diff --git a/WireGuard/Shared/Model/Endpoint.swift b/WireGuard/Shared/Model/Endpoint.swift
index 891c5642..b29a5a8d 100644
--- a/WireGuard/Shared/Model/Endpoint.swift
+++ b/WireGuard/Shared/Model/Endpoint.swift
@@ -14,26 +14,6 @@ struct Endpoint {
}
}
-extension Endpoint: Codable {
- init(from decoder: Decoder) throws {
- let container = try decoder.singleValueContainer()
- let endpointString = try container.decode(String.self)
- guard let endpoint = Endpoint(from: endpointString) else {
- throw DecodingError.invalidData
- }
- self = endpoint
- }
-
- func encode(to encoder: Encoder) throws {
- var container = encoder.singleValueContainer()
- try container.encode(stringRepresentation)
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
-
extension Endpoint {
var stringRepresentation: String {
switch host {
diff --git a/WireGuard/Shared/Model/IPAddressRange.swift b/WireGuard/Shared/Model/IPAddressRange.swift
index da4cbd5e..28f3d005 100644
--- a/WireGuard/Shared/Model/IPAddressRange.swift
+++ b/WireGuard/Shared/Model/IPAddressRange.swift
@@ -52,22 +52,3 @@ extension IPAddressRange {
return (address, networkPrefixLength)
}
}
-
-extension IPAddressRange: Codable {
- public func encode(to encoder: Encoder) throws {
- var container = encoder.singleValueContainer()
- try container.encode(stringRepresentation)
- }
-
- public init(from decoder: Decoder) throws {
- let values = try decoder.singleValueContainer()
- let addressString = try values.decode(String.self)
- guard let parsed = IPAddressRange.parseAddressString(addressString) else { throw DecodingError.invalidData }
- address = parsed.0
- networkPrefixLength = parsed.1
- }
-
- enum DecodingError: Error {
- case invalidData
- }
-}
diff --git a/WireGuard/Shared/Model/InterfaceConfiguration.swift b/WireGuard/Shared/Model/InterfaceConfiguration.swift
index dfcb1fc7..9094d149 100644
--- a/WireGuard/Shared/Model/InterfaceConfiguration.swift
+++ b/WireGuard/Shared/Model/InterfaceConfiguration.swift
@@ -4,56 +4,18 @@
import Foundation
struct InterfaceConfiguration {
- var name: String
+ var name: String?
var privateKey: Data
var addresses = [IPAddressRange]()
var listenPort: UInt16?
var mtu: UInt16?
var dns = [DNSServer]()
- init(name: String, privateKey: Data) {
+ init(name: String?, privateKey: Data) {
self.name = name
self.privateKey = privateKey
- if name.isEmpty {
- fatalError("Empty name")
- }
if privateKey.count != TunnelConfiguration.keyLength {
fatalError("Invalid private key")
}
}
}
-
-extension InterfaceConfiguration: Codable {
- enum CodingKeys: String, CodingKey {
- case name = "Name"
- case privateKey = "PrivateKey"
- case addresses = "Address"
- case listenPort = "ListenPort"
- case mtu = "MTU"
- case dns = "DNS"
- }
-
- init(from decoder: Decoder) throws {
- let values = try decoder.container(keyedBy: CodingKeys.self)
- name = try values.decode(String.self, forKey: .name)
- privateKey = try Data(base64Encoded: values.decode(String.self, forKey: .privateKey))!
- addresses = try values.decode([IPAddressRange].self, forKey: .addresses)
- listenPort = try? values.decode(UInt16.self, forKey: .listenPort)
- mtu = try? values.decode(UInt16.self, forKey: .mtu)
- dns = try values.decode([DNSServer].self, forKey: .dns)
- }
-
- func encode(to encoder: Encoder) throws {
- var container = encoder.container(keyedBy: CodingKeys.self)
- try container.encode(name, forKey: .name)
- try container.encode(privateKey.base64EncodedString(), forKey: .privateKey)
- try container.encode(addresses, forKey: .addresses)
- if let listenPort = listenPort {
- try container.encode(listenPort, forKey: .listenPort)
- }
- if let mtu = mtu {
- try container.encode(mtu, forKey: .mtu)
- }
- try container.encode(dns, forKey: .dns)
- }
-}
diff --git a/WireGuard/Shared/Model/PeerConfiguration.swift b/WireGuard/Shared/Model/PeerConfiguration.swift
index 0fad842a..a113821d 100644
--- a/WireGuard/Shared/Model/PeerConfiguration.swift
+++ b/WireGuard/Shared/Model/PeerConfiguration.swift
@@ -25,42 +25,3 @@ struct PeerConfiguration {
}
}
}
-
-extension PeerConfiguration: Codable {
- enum CodingKeys: String, CodingKey {
- case publicKey = "PublicKey"
- case preSharedKey = "PreSharedKey"
- case allowedIPs = "AllowedIPs"
- case endpoint = "Endpoint"
- case persistentKeepAlive = "PersistentKeepAlive"
- }
-
- init(from decoder: Decoder) throws {
- let values = try decoder.container(keyedBy: CodingKeys.self)
- publicKey = try Data(base64Encoded: values.decode(String.self, forKey: .publicKey))!
- if let base64PreSharedKey = try? values.decode(Data.self, forKey: .preSharedKey) {
- preSharedKey = Data(base64Encoded: base64PreSharedKey)
- } else {
- preSharedKey = nil
- }
- allowedIPs = try values.decode([IPAddressRange].self, forKey: .allowedIPs)
- endpoint = try? values.decode(Endpoint.self, forKey: .endpoint)
- persistentKeepAlive = try? values.decode(UInt16.self, forKey: .persistentKeepAlive)
- }
-
- func encode(to encoder: Encoder) throws {
- var container = encoder.container(keyedBy: CodingKeys.self)
- try container.encode(publicKey.base64EncodedString(), forKey: .publicKey)
- if let preSharedKey = preSharedKey {
- try container.encode(preSharedKey.base64EncodedString(), forKey: .preSharedKey)
- }
-
- try container.encode(allowedIPs, forKey: .allowedIPs)
- if let endpoint = endpoint {
- try container.encode(endpoint, forKey: .endpoint)
- }
- if let persistentKeepAlive = persistentKeepAlive {
- try container.encode(persistentKeepAlive, forKey: .persistentKeepAlive)
- }
- }
-}
diff --git a/WireGuard/Shared/Model/TunnelConfiguration.swift b/WireGuard/Shared/Model/TunnelConfiguration.swift
index 87812cde..2e394eed 100644
--- a/WireGuard/Shared/Model/TunnelConfiguration.swift
+++ b/WireGuard/Shared/Model/TunnelConfiguration.swift
@@ -20,23 +20,3 @@ final class TunnelConfiguration {
}
}
}
-
-extension TunnelConfiguration: Codable {
- enum CodingKeys: String, CodingKey {
- case interface = "Interface"
- case peers = "Peer"
- }
-
- convenience init(from decoder: Decoder) throws {
- let values = try decoder.container(keyedBy: CodingKeys.self)
- let interface = try values.decode(InterfaceConfiguration.self, forKey: .interface)
- let peers = try values.decode([PeerConfiguration].self, forKey: .peers)
- self.init(interface: interface, peers: peers)
- }
-
- func encode(to encoder: Encoder) throws {
- var container = encoder.container(keyedBy: CodingKeys.self)
- try container.encode(interface, forKey: .interface)
- try container.encode(peers, forKey: .peers)
- }
-}
diff --git a/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift
index 6f4e3eb0..4f3e1224 100644
--- a/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift
+++ b/WireGuard/Shared/NETunnelProviderProtocol+Extension.swift
@@ -3,38 +3,21 @@
import NetworkExtension
+private var tunnelNameKey: Void?
+
extension NETunnelProviderProtocol {
enum Keys: String {
- case wgQuickConfig = "WgQuickConfigV1"
- }
-
- var tunnelConfiguration: TunnelConfiguration? {
- migrateConfigurationIfNeeded()
-
- let tunnelConfigurationData: Data?
- if let configurationDictionary = providerConfiguration?[Keys.wgQuickConfig.rawValue] {
- tunnelConfigurationData = try? JSONSerialization.data(withJSONObject: configurationDictionary, options: [])
- } else {
- tunnelConfigurationData = nil
- }
-
- guard tunnelConfigurationData != nil else { return nil }
- return try? JSONDecoder().decode(TunnelConfiguration.self, from: tunnelConfigurationData!)
+ case wgQuickConfig = "WgQuickConfig"
}
convenience init?(tunnelConfiguration: TunnelConfiguration) {
- assert(!tunnelConfiguration.interface.name.isEmpty)
-
- guard let tunnelConfigData = try? JSONEncoder().encode(tunnelConfiguration) else { return nil }
- guard let tunnelConfigDictionary = try? JSONSerialization.jsonObject(with: tunnelConfigData, options: .allowFragments) else { return nil }
-
self.init()
-
+
let appId = Bundle.main.bundleIdentifier!
providerBundleIdentifier = "\(appId).network-extension"
- providerConfiguration = [ Keys.wgQuickConfig.rawValue: tunnelConfigDictionary ]
-
+ providerConfiguration = [Keys.wgQuickConfig.rawValue: tunnelConfiguration.asWgQuickConfig()]
+
let endpoints = tunnelConfiguration.peers.compactMap { $0.endpoint }
if endpoints.count == 1 {
serverAddress = endpoints[0].stringRepresentation
@@ -43,13 +26,14 @@ extension NETunnelProviderProtocol {
} else {
serverAddress = "Multiple endpoints"
}
+
username = tunnelConfiguration.interface.name
}
-
- func hasTunnelConfiguration(tunnelConfiguration otherTunnelConfiguration: TunnelConfiguration) -> Bool {
- guard let serializedThisTunnelConfiguration = try? JSONEncoder().encode(tunnelConfiguration) else { return false }
- guard let serializedOtherTunnelConfiguration = try? JSONEncoder().encode(otherTunnelConfiguration) else { return false }
- return serializedThisTunnelConfiguration == serializedOtherTunnelConfiguration
+
+ func tunnelConfiguration(name: String?) -> TunnelConfiguration? {
+ migrateConfigurationIfNeeded()
+ guard let serializedConfig = providerConfiguration?[Keys.wgQuickConfig.rawValue] as? String else { return nil }
+ return try? TunnelConfiguration(serializedConfig, name: name)
}
}
diff --git a/WireGuard/Shared/String+ArrayConversion.swift b/WireGuard/Shared/String+ArrayConversion.swift
new file mode 100644
index 00000000..9b69cf41
--- /dev/null
+++ b/WireGuard/Shared/String+ArrayConversion.swift
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+
+extension String {
+
+ func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] {
+ return split(separator: separator)
+ .map {
+ if let charSet = trimmingCharacters {
+ return $0.trimmingCharacters(in: charSet)
+ } else {
+ return String($0)
+ }
+ }
+ }
+
+}
+
+extension Optional where Wrapped == String {
+
+ func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] {
+ switch self {
+ case .none:
+ return []
+ case .some(let wrapped):
+ return wrapped.splitToArray(separator: separator, trimmingCharacters: trimmingCharacters)
+ }
+ }
+
+}
diff --git a/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift b/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift
new file mode 100644
index 00000000..91214261
--- /dev/null
+++ b/WireGuard/Shared/TunnelConfiguration+WgQuickConfig.swift
@@ -0,0 +1,200 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+
+extension TunnelConfiguration {
+
+ enum ParserState {
+ case inInterfaceSection
+ case inPeerSection
+ case notInASection
+ }
+
+ enum ParseError: Error {
+ case invalidLine(_ line: String.SubSequence)
+ case noInterface
+ case invalidInterface
+ case multipleInterfaces
+ case multiplePeersWithSamePublicKey
+ case invalidPeer
+ }
+
+ //swiftlint:disable:next cyclomatic_complexity function_body_length
+ convenience init(_ wgQuickConfig: String, name: String?) throws {
+ var interfaceConfiguration: InterfaceConfiguration?
+ var peerConfigurations = [PeerConfiguration]()
+
+ let lines = wgQuickConfig.split(separator: "\n")
+
+ var parserState = ParserState.notInASection
+ var attributes = [String: String]()
+
+ for (lineIndex, line) in lines.enumerated() {
+ var trimmedLine: String
+ if let commentRange = line.range(of: "#") {
+ trimmedLine = String(line[..<commentRange.lowerBound])
+ } else {
+ trimmedLine = String(line)
+ }
+
+ trimmedLine = trimmedLine.trimmingCharacters(in: .whitespaces)
+
+ guard !trimmedLine.isEmpty else { continue }
+ let lowercasedLine = line.lowercased()
+
+ if let equalsIndex = line.firstIndex(of: "=") {
+ // Line contains an attribute
+ let key = line[..<equalsIndex].trimmingCharacters(in: .whitespaces).lowercased()
+ let value = line[line.index(equalsIndex, offsetBy: 1)...].trimmingCharacters(in: .whitespaces)
+ let keysWithMultipleEntriesAllowed: Set<String> = ["address", "allowedips", "dns"]
+ if let presentValue = attributes[key], keysWithMultipleEntriesAllowed.contains(key) {
+ attributes[key] = presentValue + "," + value
+ } else {
+ attributes[key] = value
+ }
+ } else if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" {
+ throw ParseError.invalidLine(line)
+ }
+
+ let isLastLine = lineIndex == lines.count - 1
+
+ if isLastLine || lowercasedLine == "[interface]" || lowercasedLine == "[peer]" {
+ // Previous section has ended; process the attributes collected so far
+ if parserState == .inInterfaceSection {
+ guard let interface = TunnelConfiguration.collate(interfaceAttributes: attributes, name: name) else { throw ParseError.invalidInterface }
+ guard interfaceConfiguration == nil else { throw ParseError.multipleInterfaces }
+ interfaceConfiguration = interface
+ } else if parserState == .inPeerSection {
+ guard let peer = TunnelConfiguration.collate(peerAttributes: attributes) else { throw ParseError.invalidPeer }
+ peerConfigurations.append(peer)
+ }
+ }
+
+ if lowercasedLine == "[interface]" {
+ parserState = .inInterfaceSection
+ attributes.removeAll()
+ } else if lowercasedLine == "[peer]" {
+ parserState = .inPeerSection
+ attributes.removeAll()
+ }
+ }
+
+ let peerPublicKeysArray = peerConfigurations.map { $0.publicKey }
+ let peerPublicKeysSet = Set<Data>(peerPublicKeysArray)
+ if peerPublicKeysArray.count != peerPublicKeysSet.count {
+ throw ParseError.multiplePeersWithSamePublicKey
+ }
+
+ if let interfaceConfiguration = interfaceConfiguration {
+ self.init(interface: interfaceConfiguration, peers: peerConfigurations)
+ } else {
+ throw ParseError.noInterface
+ }
+ }
+
+ func asWgQuickConfig() -> String {
+ var output = "[Interface]\n"
+ output.append("PrivateKey = \(interface.privateKey.base64EncodedString())\n")
+ if let listenPort = interface.listenPort {
+ output.append("ListenPort = \(listenPort)\n")
+ }
+ if !interface.addresses.isEmpty {
+ let addressString = interface.addresses.map { $0.stringRepresentation }.joined(separator: ", ")
+ output.append("Address = \(addressString)\n")
+ }
+ if !interface.dns.isEmpty {
+ let dnsString = interface.dns.map { $0.stringRepresentation }.joined(separator: ", ")
+ output.append("DNS = \(dnsString)\n")
+ }
+ if let mtu = interface.mtu {
+ output.append("MTU = \(mtu)\n")
+ }
+
+ for peer in peers {
+ output.append("\n[Peer]\n")
+ output.append("PublicKey = \(peer.publicKey.base64EncodedString())\n")
+ if let preSharedKey = peer.preSharedKey {
+ output.append("PresharedKey = \(preSharedKey.base64EncodedString())\n")
+ }
+ if !peer.allowedIPs.isEmpty {
+ let allowedIPsString = peer.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ")
+ output.append("AllowedIPs = \(allowedIPsString)\n")
+ }
+ if let endpoint = peer.endpoint {
+ output.append("Endpoint = \(endpoint.stringRepresentation)\n")
+ }
+ if let persistentKeepAlive = peer.persistentKeepAlive {
+ output.append("PersistentKeepalive = \(persistentKeepAlive)\n")
+ }
+ }
+
+ return output
+ }
+
+ //swiftlint:disable:next cyclomatic_complexity
+ private static func collate(interfaceAttributes attributes: [String: String], name: String?) -> InterfaceConfiguration? {
+ // required wg fields
+ guard let privateKeyString = attributes["privatekey"] else { return nil }
+ guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { return nil }
+ var interface = InterfaceConfiguration(name: name, privateKey: privateKey)
+ // other wg fields
+ if let listenPortString = attributes["listenport"] {
+ guard let listenPort = UInt16(listenPortString) else { return nil }
+ interface.listenPort = listenPort
+ }
+ // wg-quick fields
+ if let addressesString = attributes["address"] {
+ var addresses = [IPAddressRange]()
+ for addressString in addressesString.splitToArray(trimmingCharacters: .whitespaces) {
+ guard let address = IPAddressRange(from: addressString) else { return nil }
+ addresses.append(address)
+ }
+ interface.addresses = addresses
+ }
+ if let dnsString = attributes["dns"] {
+ var dnsServers = [DNSServer]()
+ for dnsServerString in dnsString.splitToArray(trimmingCharacters: .whitespaces) {
+ guard let dnsServer = DNSServer(from: dnsServerString) else { return nil }
+ dnsServers.append(dnsServer)
+ }
+ interface.dns = dnsServers
+ }
+ if let mtuString = attributes["mtu"] {
+ guard let mtu = UInt16(mtuString) else { return nil }
+ interface.mtu = mtu
+ }
+ return interface
+ }
+
+ //swiftlint:disable:next cyclomatic_complexity
+ private static func collate(peerAttributes attributes: [String: String]) -> PeerConfiguration? {
+ // required wg fields
+ guard let publicKeyString = attributes["publickey"] else { return nil }
+ guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { return nil }
+ var peer = PeerConfiguration(publicKey: publicKey)
+ // wg fields
+ if let preSharedKeyString = attributes["presharedkey"] {
+ guard let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else { return nil }
+ peer.preSharedKey = preSharedKey
+ }
+ if let allowedIPsString = attributes["allowedips"] {
+ var allowedIPs = [IPAddressRange]()
+ for allowedIPString in allowedIPsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) {
+ guard let allowedIP = IPAddressRange(from: allowedIPString) else { return nil }
+ allowedIPs.append(allowedIP)
+ }
+ peer.allowedIPs = allowedIPs
+ }
+ if let endpointString = attributes["endpoint"] {
+ guard let endpoint = Endpoint(from: endpointString) else { return nil }
+ peer.endpoint = endpoint
+ }
+ if let persistentKeepAliveString = attributes["persistentkeepalive"] {
+ guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else { return nil }
+ peer.persistentKeepAlive = persistentKeepAlive
+ }
+ return peer
+ }
+
+}