aboutsummaryrefslogtreecommitdiffstats
path: root/WireGuard/WireGuard
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2019-02-08 00:44:14 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2019-02-08 03:23:15 +0100
commit05547861b65100279027a64f58793caea1143a30 (patch)
treec69303b55e68e93efc71d2b199119019f1199ff6 /WireGuard/WireGuard
parentTunnelsManager: Ignore status changes on tunnel providers we don't have (diff)
downloadwireguard-apple-05547861b65100279027a64f58793caea1143a30.tar.xz
wireguard-apple-05547861b65100279027a64f58793caea1143a30.zip
Key: Constant time encoding
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'WireGuard/WireGuard')
-rw-r--r--WireGuard/WireGuard/Tunnel/TunnelConfiguration+UapiConfig.swift27
-rw-r--r--WireGuard/WireGuard/UI/TunnelViewModel.swift26
-rw-r--r--WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift2
-rw-r--r--WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift12
4 files changed, 24 insertions, 43 deletions
diff --git a/WireGuard/WireGuard/Tunnel/TunnelConfiguration+UapiConfig.swift b/WireGuard/WireGuard/Tunnel/TunnelConfiguration+UapiConfig.swift
index 63a8570f..b72223d5 100644
--- a/WireGuard/WireGuard/Tunnel/TunnelConfiguration+UapiConfig.swift
+++ b/WireGuard/WireGuard/Tunnel/TunnelConfiguration+UapiConfig.swift
@@ -88,7 +88,7 @@ extension TunnelConfiguration {
guard let privateKeyString = attributes["private_key"] else {
throw ParseError.interfaceHasNoPrivateKey
}
- guard let privateKey = Data(hexEncoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else {
+ guard let privateKey = Data(hexKey: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else {
throw ParseError.interfaceHasInvalidPrivateKey(privateKeyString)
}
var interface = InterfaceConfiguration(privateKey: privateKey)
@@ -108,12 +108,12 @@ extension TunnelConfiguration {
guard let publicKeyString = attributes["public_key"] else {
throw ParseError.peerHasNoPublicKey
}
- guard let publicKey = Data(hexEncoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else {
+ guard let publicKey = Data(hexKey: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else {
throw ParseError.peerHasInvalidPublicKey(publicKeyString)
}
var peer = PeerConfiguration(publicKey: publicKey)
if let preSharedKeyString = attributes["preshared_key"] {
- guard let preSharedKey = Data(hexEncoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else {
+ guard let preSharedKey = Data(hexKey: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else {
throw ParseError.peerHasInvalidPreSharedKey(preSharedKeyString)
}
// TODO(zx2c4): does the compiler optimize this away?
@@ -184,24 +184,3 @@ extension TunnelConfiguration {
return peer
}
}
-
-extension Data {
- //swiftlint:disable identifier_name
- init?(hexEncoded hexString: String) {
- if hexString.count % 2 != 0 {
- return nil
- }
- let len = hexString.count / 2
- self.init(capacity: len)
- for i in 0..<len {
- let j = hexString.index(hexString.startIndex, offsetBy: i * 2)
- let k = hexString.index(j, offsetBy: 2)
- let bytes = hexString[j..<k]
- if var num = UInt8(bytes, radix: 16) {
- append(&num, count: 1)
- } else {
- return nil
- }
- }
- }
-}
diff --git a/WireGuard/WireGuard/UI/TunnelViewModel.swift b/WireGuard/WireGuard/UI/TunnelViewModel.swift
index 5de6cabe..35dd98ba 100644
--- a/WireGuard/WireGuard/UI/TunnelViewModel.swift
+++ b/WireGuard/WireGuard/UI/TunnelViewModel.swift
@@ -105,9 +105,9 @@ class TunnelViewModel {
scratchpad[field] = stringValue
}
if field == .privateKey {
- if stringValue.count == TunnelViewModel.keyLengthInBase64, let privateKey = Data(base64Encoded: stringValue), privateKey.count == TunnelConfiguration.keyLength {
- let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey)
- scratchpad[.publicKey] = publicKey.base64EncodedString()
+ if stringValue.count == TunnelViewModel.keyLengthInBase64, let privateKey = Data(base64Key: stringValue), privateKey.count == TunnelConfiguration.keyLength {
+ let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey).base64Key() ?? ""
+ scratchpad[.publicKey] = publicKey
} else {
scratchpad.removeValue(forKey: .publicKey)
}
@@ -124,8 +124,8 @@ class TunnelViewModel {
private static func createScratchPad(from config: InterfaceConfiguration, name: String) -> [InterfaceField: String] {
var scratchpad = [InterfaceField: String]()
scratchpad[.name] = name
- scratchpad[.privateKey] = config.privateKey.base64EncodedString()
- scratchpad[.publicKey] = config.publicKey.base64EncodedString()
+ scratchpad[.privateKey] = config.privateKey.base64Key() ?? ""
+ scratchpad[.publicKey] = config.publicKey.base64Key() ?? ""
if !config.addresses.isEmpty {
scratchpad[.addresses] = config.addresses.map { $0.stringRepresentation }.joined(separator: ", ")
}
@@ -155,7 +155,7 @@ class TunnelViewModel {
fieldsWithError.insert(.privateKey)
return .error(tr("alertInvalidInterfaceMessagePrivateKeyRequired"))
}
- guard let privateKey = Data(base64Encoded: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else {
+ guard let privateKey = Data(base64Key: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else {
fieldsWithError.insert(.privateKey)
return .error(tr("alertInvalidInterfaceMessagePrivateKeyInvalid"))
}
@@ -255,7 +255,7 @@ class TunnelViewModel {
return validatedConfiguration.publicKey
}
if let scratchPadPublicKey = scratchpad[.publicKey] {
- return Data(base64Encoded: scratchPadPublicKey)
+ return Data(base64Key: scratchPadPublicKey)
}
return nil
}
@@ -300,9 +300,11 @@ class TunnelViewModel {
private static func createScratchPad(from config: PeerConfiguration) -> [PeerField: String] {
var scratchpad = [PeerField: String]()
- scratchpad[.publicKey] = config.publicKey.base64EncodedString()
- if let preSharedKey = config.preSharedKey {
- scratchpad[.preSharedKey] = preSharedKey.base64EncodedString()
+ if let publicKey = config.publicKey.base64Key() {
+ scratchpad[.publicKey] = publicKey
+ }
+ if let preSharedKey = config.preSharedKey?.base64Key() {
+ scratchpad[.preSharedKey] = preSharedKey
}
if !config.allowedIPs.isEmpty {
scratchpad[.allowedIPs] = config.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ")
@@ -335,14 +337,14 @@ class TunnelViewModel {
fieldsWithError.insert(.publicKey)
return .error(tr("alertInvalidPeerMessagePublicKeyRequired"))
}
- guard let publicKey = Data(base64Encoded: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else {
+ guard let publicKey = Data(base64Key: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else {
fieldsWithError.insert(.publicKey)
return .error(tr("alertInvalidPeerMessagePublicKeyInvalid"))
}
var config = PeerConfiguration(publicKey: publicKey)
var errorMessages = [String]()
if let preSharedKeyString = scratchpad[.preSharedKey] {
- if let preSharedKey = Data(base64Encoded: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength {
+ if let preSharedKey = Data(base64Key: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength {
config.preSharedKey = preSharedKey
} else {
fieldsWithError.insert(.preSharedKey)
diff --git a/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift b/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift
index f4bf1579..01fed493 100644
--- a/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift
+++ b/WireGuard/WireGuard/UI/iOS/ViewController/TunnelEditTableViewController.swift
@@ -213,7 +213,7 @@ extension TunnelEditTableViewController {
cell.onTapped = { [weak self] in
guard let self = self else { return }
- self.tunnelViewModel.interfaceData[.privateKey] = Curve25519.generatePrivateKey().base64EncodedString()
+ self.tunnelViewModel.interfaceData[.privateKey] = Curve25519.generatePrivateKey().base64Key() ?? ""
if let privateKeyRow = self.interfaceFieldsBySection[indexPath.section].firstIndex(of: .privateKey),
let publicKeyRow = self.interfaceFieldsBySection[indexPath.section].firstIndex(of: .publicKey) {
let privateKeyIndex = IndexPath(row: privateKeyRow, section: indexPath.section)
diff --git a/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift b/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift
index 27d60c7c..395eeb4f 100644
--- a/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift
+++ b/WireGuard/WireGuard/UI/macOS/ViewController/TunnelEditViewController.swift
@@ -104,8 +104,8 @@ class TunnelEditViewController: NSViewController {
let tunnelConfiguration = tunnel.tunnelConfiguration!
nameRow.value = tunnel.name
textView.string = tunnelConfiguration.asWgQuickConfig()
- publicKeyRow.value = tunnelConfiguration.interface.publicKey.base64EncodedString()
- textView.privateKeyString = tunnelConfiguration.interface.privateKey.base64EncodedString()
+ publicKeyRow.value = tunnelConfiguration.interface.publicKey.base64Key() ?? ""
+ textView.privateKeyString = tunnelConfiguration.interface.privateKey.base64Key() ?? ""
if tunnel.activateOnDemandSetting.isActivateOnDemandEnabled {
selectedActivateOnDemandOption = tunnel.activateOnDemandSetting.activateOnDemandOption
} else {
@@ -115,17 +115,17 @@ class TunnelEditViewController: NSViewController {
// Creating a new tunnel
let privateKey = Curve25519.generatePrivateKey()
let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey)
- let bootstrappingText = "[Interface]\nPrivateKey = \(privateKey.base64EncodedString())\n"
- publicKeyRow.value = publicKey.base64EncodedString()
+ let bootstrappingText = "[Interface]\nPrivateKey = \(privateKey.base64Key() ?? "")\n"
+ publicKeyRow.value = publicKey.base64Key() ?? ""
textView.string = bootstrappingText
selectedActivateOnDemandOption = .none
}
privateKeyObservationToken = textView.observe(\.privateKeyString) { [weak publicKeyRow] textView, _ in
if let privateKeyString = textView.privateKeyString,
- let privateKey = Data(base64Encoded: privateKeyString),
+ let privateKey = Data(base64Key: privateKeyString),
privateKey.count == TunnelConfiguration.keyLength {
let publicKey = Curve25519.generatePublicKey(fromPrivateKey: privateKey)
- publicKeyRow?.value = publicKey.base64EncodedString()
+ publicKeyRow?.value = publicKey.base64Key() ?? ""
} else {
publicKeyRow?.value = ""
}