diff options
Diffstat (limited to 'WireGuard/Shared')
18 files changed, 0 insertions, 1386 deletions
diff --git a/WireGuard/Shared/FileManager+Extension.swift b/WireGuard/Shared/FileManager+Extension.swift deleted file mode 100644 index d52ec0b..0000000 --- a/WireGuard/Shared/FileManager+Extension.swift +++ /dev/null @@ -1,46 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import os.log - -extension FileManager { - static var appGroupId: String? { - #if os(iOS) - let appGroupIdInfoDictionaryKey = "com.wireguard.ios.app_group_id" - #elseif os(macOS) - let appGroupIdInfoDictionaryKey = "com.wireguard.macos.app_group_id" - #else - #error("Unimplemented") - #endif - return Bundle.main.object(forInfoDictionaryKey: appGroupIdInfoDictionaryKey) as? String - } - private static var sharedFolderURL: URL? { - guard let appGroupId = FileManager.appGroupId else { - os_log("Cannot obtain app group ID from bundle", log: OSLog.default, type: .error) - return nil - } - guard let sharedFolderURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupId) else { - wg_log(.error, message: "Cannot obtain shared folder URL") - return nil - } - return sharedFolderURL - } - - static var logFileURL: URL? { - return sharedFolderURL?.appendingPathComponent("tunnel-log.bin") - } - - static var networkExtensionLastErrorFileURL: URL? { - return sharedFolderURL?.appendingPathComponent("last-error.txt") - } - - static func deleteFile(at url: URL) -> Bool { - do { - try FileManager.default.removeItem(at: url) - } catch { - return false - } - return true - } -} diff --git a/WireGuard/Shared/Keychain.swift b/WireGuard/Shared/Keychain.swift deleted file mode 100644 index 3059c57..0000000 --- a/WireGuard/Shared/Keychain.swift +++ /dev/null @@ -1,117 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Security - -class Keychain { - static func openReference(called ref: Data) -> String? { - var result: CFTypeRef? - let ret = SecItemCopyMatching([kSecClass as String: kSecClassGenericPassword, - kSecValuePersistentRef as String: ref, - kSecReturnData as String: true] as CFDictionary, - &result) - if ret != errSecSuccess || result == nil { - wg_log(.error, message: "Unable to open config from keychain: \(ret)") - return nil - } - guard let data = result as? Data else { return nil } - return String(data: data, encoding: String.Encoding.utf8) - } - - static func makeReference(containing value: String, called name: String, previouslyReferencedBy oldRef: Data? = nil) -> Data? { - var ret: OSStatus - guard var id = Bundle.main.bundleIdentifier else { - wg_log(.error, staticMessage: "Unable to determine bundle identifier") - return nil - } - if id.hasSuffix(".network-extension") { - id.removeLast(".network-extension".count) - } - var items: [String: Any] = [kSecClass as String: kSecClassGenericPassword, - kSecAttrLabel as String: "WireGuard Tunnel: " + name, - kSecAttrAccount as String: name + ": " + UUID().uuidString, - kSecAttrDescription as String: "wg-quick(8) config", - kSecAttrService as String: id, - kSecValueData as String: value.data(using: .utf8) as Any, - kSecReturnPersistentRef as String: true] - - #if os(iOS) - items[kSecAttrAccessGroup as String] = FileManager.appGroupId - items[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlock - #elseif os(macOS) - items[kSecAttrSynchronizable as String] = false - items[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly - - guard let extensionPath = Bundle.main.builtInPlugInsURL?.appendingPathComponent("WireGuardNetworkExtension.appex").path else { - wg_log(.error, staticMessage: "Unable to determine app extension path") - return nil - } - var extensionApp: SecTrustedApplication? - var mainApp: SecTrustedApplication? - ret = SecTrustedApplicationCreateFromPath(extensionPath, &extensionApp) - if ret != kOSReturnSuccess || extensionApp == nil { - wg_log(.error, message: "Unable to create keychain extension trusted application object: \(ret)") - return nil - } - ret = SecTrustedApplicationCreateFromPath(nil, &mainApp) - if ret != errSecSuccess || mainApp == nil { - wg_log(.error, message: "Unable to create keychain local trusted application object: \(ret)") - return nil - } - var access: SecAccess? - ret = SecAccessCreate((items[kSecAttrLabel as String] as? String)! as CFString, - [extensionApp!, mainApp!] as CFArray, - &access) - if ret != errSecSuccess || access == nil { - wg_log(.error, message: "Unable to create keychain ACL object: \(ret)") - return nil - } - items[kSecAttrAccess as String] = access! - #else - #error("Unimplemented") - #endif - - var ref: CFTypeRef? - ret = SecItemAdd(items as CFDictionary, &ref) - if ret != errSecSuccess || ref == nil { - wg_log(.error, message: "Unable to add config to keychain: \(ret)") - return nil - } - if let oldRef = oldRef { - deleteReference(called: oldRef) - } - return ref as? Data - } - - static func deleteReference(called ref: Data) { - let ret = SecItemDelete([kSecValuePersistentRef as String: ref] as CFDictionary) - if ret != errSecSuccess { - wg_log(.error, message: "Unable to delete config from keychain: \(ret)") - } - } - - static func deleteReferences(except whitelist: Set<Data>) { - var result: CFTypeRef? - let ret = SecItemCopyMatching([kSecClass as String: kSecClassGenericPassword, - kSecAttrService as String: Bundle.main.bundleIdentifier as Any, - kSecMatchLimit as String: kSecMatchLimitAll, - kSecReturnPersistentRef as String: true] as CFDictionary, - &result) - if ret != errSecSuccess || result == nil { - return - } - guard let items = result as? [Data] else { return } - for item in items { - if !whitelist.contains(item) { - deleteReference(called: item) - } - } - } - - static func verifyReference(called ref: Data) -> Bool { - return SecItemCopyMatching([kSecClass as String: kSecClassGenericPassword, - kSecValuePersistentRef as String: ref] as CFDictionary, - nil) != errSecItemNotFound - } -} diff --git a/WireGuard/Shared/Logging/Logger.swift b/WireGuard/Shared/Logging/Logger.swift deleted file mode 100644 index 345fc10..0000000 --- a/WireGuard/Shared/Logging/Logger.swift +++ /dev/null @@ -1,65 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import os.log - -public class Logger { - enum LoggerError: Error { - case openFailure - } - - static var global: Logger? - - var log: OpaquePointer - var tag: String - - init(tagged tag: String, withFilePath filePath: String) throws { - guard let log = open_log(filePath) else { throw LoggerError.openFailure } - self.log = log - self.tag = tag - } - - deinit { - close_log(self.log) - } - - func log(message: String) { - write_msg_to_log(log, tag, message.trimmingCharacters(in: .newlines)) - } - - func writeLog(to targetFile: String) -> Bool { - return write_log_to_file(targetFile, self.log) == 0 - } - - static func configureGlobal(tagged tag: String, withFilePath filePath: String?) { - if Logger.global != nil { - return - } - guard let filePath = filePath else { - os_log("Unable to determine log destination path. Log will not be saved to file.", log: OSLog.default, type: .error) - return - } - guard let logger = try? Logger(tagged: tag, withFilePath: filePath) else { - os_log("Unable to open log file for writing. Log will not be saved to file.", log: OSLog.default, type: .error) - return - } - Logger.global = logger - var appVersion = Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "Unknown version" - if let appBuild = Bundle.main.infoDictionary?["CFBundleVersion"] as? String { - appVersion += " (\(appBuild))" - } - let goBackendVersion = WIREGUARD_GO_VERSION - Logger.global?.log(message: "App version: \(appVersion); Go backend version: \(goBackendVersion)") - } -} - -func wg_log(_ type: OSLogType, staticMessage msg: StaticString) { - os_log(msg, log: OSLog.default, type: type) - Logger.global?.log(message: "\(msg)") -} - -func wg_log(_ type: OSLogType, message msg: String) { - os_log("%{public}s", log: OSLog.default, type: type, msg) - Logger.global?.log(message: msg) -} diff --git a/WireGuard/Shared/Logging/ringlogger.c b/WireGuard/Shared/Logging/ringlogger.c deleted file mode 100644 index 1edfc8d..0000000 --- a/WireGuard/Shared/Logging/ringlogger.c +++ /dev/null @@ -1,173 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - */ - -#include <string.h> -#include <stdio.h> -#include <stdint.h> -#include <stdlib.h> -#include <stdatomic.h> -#include <stdbool.h> -#include <time.h> -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/mman.h> -#include "ringlogger.h" - -enum { - MAX_LOG_LINE_LENGTH = 512, - MAX_LINES = 2048, - MAGIC = 0xabadbeefU -}; - -struct log_line { - atomic_uint_fast64_t time_ns; - char line[MAX_LOG_LINE_LENGTH]; -}; - -struct log { - atomic_uint_fast32_t next_index; - struct log_line lines[MAX_LINES]; - uint32_t magic; -}; - -void write_msg_to_log(struct log *log, const char *tag, const char *msg) -{ - uint32_t index; - struct log_line *line; - struct timespec ts; - - // Race: This isn't synchronized with the fetch_add below, so items might be slightly out of order. - clock_gettime(CLOCK_REALTIME, &ts); - - // Race: More than MAX_LINES writers and this will clash. - index = atomic_fetch_add(&log->next_index, 1); - line = &log->lines[index % MAX_LINES]; - - // Race: Before this line executes, we'll display old data after new data. - atomic_store(&line->time_ns, 0); - memset(line->line, 0, MAX_LOG_LINE_LENGTH); - - snprintf(line->line, MAX_LOG_LINE_LENGTH, "[%s] %s", tag, msg); - atomic_store(&line->time_ns, ts.tv_sec * 1000000000ULL + ts.tv_nsec); - - msync(&log->next_index, sizeof(log->next_index), MS_ASYNC); - msync(line, sizeof(*line), MS_ASYNC); -} - -int write_log_to_file(const char *file_name, const struct log *input_log) -{ - struct log *log; - uint32_t l, i; - FILE *file; - int ret; - - log = malloc(sizeof(*log)); - if (!log) - return -errno; - memcpy(log, input_log, sizeof(*log)); - - file = fopen(file_name, "w"); - if (!file) { - free(log); - return -errno; - } - - for (l = 0, i = log->next_index; l < MAX_LINES; ++l, ++i) { - const struct log_line *line = &log->lines[i % MAX_LINES]; - time_t seconds = line->time_ns / 1000000000ULL; - uint32_t useconds = (line->time_ns % 1000000000ULL) / 1000ULL; - struct tm tm; - - if (!line->time_ns) - continue; - - if (!localtime_r(&seconds, &tm)) - goto err; - - if (fprintf(file, "%04d-%02d-%02d %02d:%02d:%02d.%06d: %s\n", - tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday, - tm.tm_hour, tm.tm_min, tm.tm_sec, useconds, - line->line) < 0) - goto err; - - - } - errno = 0; - -err: - ret = -errno; - fclose(file); - free(log); - return ret; -} - -uint32_t view_lines_from_cursor(const struct log *input_log, uint32_t cursor, void *ctx, void(*cb)(const char *, uint64_t, void *)) -{ - struct log *log; - uint32_t l, i = cursor; - - log = malloc(sizeof(*log)); - if (!log) - return cursor; - memcpy(log, input_log, sizeof(*log)); - - if (i == -1) - i = log->next_index; - - for (l = 0; l < MAX_LINES; ++l, ++i) { - const struct log_line *line = &log->lines[i % MAX_LINES]; - - if (cursor != -1 && i % MAX_LINES == log->next_index % MAX_LINES) - break; - - if (!line->time_ns) { - if (cursor == -1) - continue; - else - break; - } - cb(line->line, line->time_ns, ctx); - cursor = (i + 1) % MAX_LINES; - } - free(log); - return cursor; -} - -struct log *open_log(const char *file_name) -{ - int fd; - struct log *log; - - fd = open(file_name, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR); - if (fd < 0) - return NULL; - if (ftruncate(fd, sizeof(*log))) - goto err; - log = mmap(NULL, sizeof(*log), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); - if (log == MAP_FAILED) - goto err; - close(fd); - - if (log->magic != MAGIC) { - memset(log, 0, sizeof(*log)); - log->magic = MAGIC; - msync(log, sizeof(*log), MS_ASYNC); - } - - return log; - -err: - close(fd); - return NULL; -} - -void close_log(struct log *log) -{ - munmap(log, sizeof(*log)); -} diff --git a/WireGuard/Shared/Logging/ringlogger.h b/WireGuard/Shared/Logging/ringlogger.h deleted file mode 100644 index c63f3e4..0000000 --- a/WireGuard/Shared/Logging/ringlogger.h +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - */ - -#ifndef RINGLOGGER_H -#define RINGLOGGER_H - -#include <stdint.h> - -struct log; -void write_msg_to_log(struct log *log, const char *tag, const char *msg); -int write_log_to_file(const char *file_name, const struct log *input_log); -uint32_t view_lines_from_cursor(const struct log *input_log, uint32_t cursor, void *ctx, void(*)(const char *, uint64_t, void *)); -struct log *open_log(const char *file_name); -void close_log(struct log *log); - -#endif diff --git a/WireGuard/Shared/Logging/test_ringlogger.c b/WireGuard/Shared/Logging/test_ringlogger.c deleted file mode 100644 index ae3f4a9..0000000 --- a/WireGuard/Shared/Logging/test_ringlogger.c +++ /dev/null @@ -1,63 +0,0 @@ -#include "ringlogger.h" -#include <stdio.h> -#include <stdbool.h> -#include <string.h> -#include <unistd.h> -#include <inttypes.h> -#include <sys/wait.h> - -static void forkwrite(void) -{ - struct log *log = open_log("/tmp/test_log"); - char c[512]; - int i, base; - bool in_fork = !fork(); - - base = 10000 * in_fork; - for (i = 0; i < 1024; ++i) { - snprintf(c, 512, "bla bla bla %d", base + i); - write_msg_to_log(log, "HMM", c); - } - - - if (in_fork) - _exit(0); - wait(NULL); - - write_log_to_file("/dev/stdout", log); - close_log(log); -} - -static void writetext(const char *text) -{ - struct log *log = open_log("/tmp/test_log"); - write_msg_to_log(log, "TXT", text); - close_log(log); -} - -static void show_line(const char *line, uint64_t time_ns) -{ - printf("%" PRIu64 ": %s\n", time_ns, line); -} - -static void follow(void) -{ - uint32_t cursor = -1; - struct log *log = open_log("/tmp/test_log"); - - for (;;) { - cursor = view_lines_from_cursor(log, cursor, show_line); - usleep(1000 * 300); - } -} - -int main(int argc, char *argv[]) -{ - if (!strcmp(argv[1], "fork")) - forkwrite(); - else if (!strcmp(argv[1], "write")) - writetext(argv[2]); - else if (!strcmp(argv[1], "follow")) - follow(); - return 0; -} diff --git a/WireGuard/Shared/Model/DNSServer.swift b/WireGuard/Shared/Model/DNSServer.swift deleted file mode 100644 index 0d03577..0000000 --- a/WireGuard/Shared/Model/DNSServer.swift +++ /dev/null @@ -1,35 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network - -struct DNSServer { - let address: IPAddress - - init(address: IPAddress) { - self.address = address - } -} - -extension DNSServer: Equatable { - static func == (lhs: DNSServer, rhs: DNSServer) -> Bool { - return lhs.address.rawValue == rhs.address.rawValue - } -} - -extension DNSServer { - var stringRepresentation: String { - return "\(address)" - } - - init?(from addressString: String) { - if let addr = IPv4Address(addressString) { - address = addr - } else if let addr = IPv6Address(addressString) { - address = addr - } else { - return nil - } - } -} diff --git a/WireGuard/Shared/Model/Data+KeyEncoding.swift b/WireGuard/Shared/Model/Data+KeyEncoding.swift deleted file mode 100644 index 5c7aee9..0000000 --- a/WireGuard/Shared/Model/Data+KeyEncoding.swift +++ /dev/null @@ -1,80 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation - -extension Data { - func isKey() -> Bool { - return self.count == WG_KEY_LEN - } - - func hexKey() -> String? { - if self.count != WG_KEY_LEN { - return nil - } - var out = Data(repeating: 0, count: Int(WG_KEY_LEN_HEX)) - out.withUnsafeMutableInt8Bytes { outBytes in - self.withUnsafeUInt8Bytes { inBytes in - key_to_hex(outBytes, inBytes) - } - } - out.removeLast() - return String(data: out, encoding: .ascii) - } - - init?(hexKey hexString: String) { - self.init(repeating: 0, count: Int(WG_KEY_LEN)) - - if !self.withUnsafeMutableUInt8Bytes { key_from_hex($0, hexString) } { - return nil - } - } - - func base64Key() -> String? { - if self.count != WG_KEY_LEN { - return nil - } - var out = Data(repeating: 0, count: Int(WG_KEY_LEN_BASE64)) - out.withUnsafeMutableInt8Bytes { outBytes in - self.withUnsafeUInt8Bytes { inBytes in - key_to_base64(outBytes, inBytes) - } - } - out.removeLast() - return String(data: out, encoding: .ascii) - } - - init?(base64Key base64String: String) { - self.init(repeating: 0, count: Int(WG_KEY_LEN)) - - if !self.withUnsafeMutableUInt8Bytes { key_from_base64($0, base64String) } { - return nil - } - } -} - -extension Data { - func withUnsafeUInt8Bytes<R>(_ body: (UnsafePointer<UInt8>) -> R) -> R { - assert(!isEmpty) - return self.withUnsafeBytes { (ptr: UnsafeRawBufferPointer) -> R in - let bytes = ptr.bindMemory(to: UInt8.self) - return body(bytes.baseAddress!) // might crash if self.count == 0 - } - } - - mutating func withUnsafeMutableUInt8Bytes<R>(_ body: (UnsafeMutablePointer<UInt8>) -> R) -> R { - assert(!isEmpty) - return self.withUnsafeMutableBytes { (ptr: UnsafeMutableRawBufferPointer) -> R in - let bytes = ptr.bindMemory(to: UInt8.self) - return body(bytes.baseAddress!) // might crash if self.count == 0 - } - } - - mutating func withUnsafeMutableInt8Bytes<R>(_ body: (UnsafeMutablePointer<Int8>) -> R) -> R { - assert(!isEmpty) - return self.withUnsafeMutableBytes { (ptr: UnsafeMutableRawBufferPointer) -> R in - let bytes = ptr.bindMemory(to: Int8.self) - return body(bytes.baseAddress!) // might crash if self.count == 0 - } - } -} diff --git a/WireGuard/Shared/Model/Endpoint.swift b/WireGuard/Shared/Model/Endpoint.swift deleted file mode 100644 index dad5961..0000000 --- a/WireGuard/Shared/Model/Endpoint.swift +++ /dev/null @@ -1,100 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network - -struct Endpoint { - let host: NWEndpoint.Host - let port: NWEndpoint.Port - - init(host: NWEndpoint.Host, port: NWEndpoint.Port) { - self.host = host - self.port = port - } -} - -extension Endpoint: Equatable { - static func == (lhs: Endpoint, rhs: Endpoint) -> Bool { - return lhs.host == rhs.host && lhs.port == rhs.port - } -} - -extension Endpoint: Hashable { - func hash(into hasher: inout Hasher) { - hasher.combine(host) - hasher.combine(port) - } -} - -extension Endpoint { - var stringRepresentation: String { - switch host { - case .name(let hostname, _): - return "\(hostname):\(port)" - case .ipv4(let address): - return "\(address):\(port)" - case .ipv6(let address): - return "[\(address)]:\(port)" - @unknown default: - fatalError() - } - } - - init?(from string: String) { - // Separation of host and port is based on 'parse_endpoint' function in - // https://git.zx2c4.com/wireguard-tools/tree/src/config.c - guard !string.isEmpty else { return nil } - let startOfPort: String.Index - let hostString: String - if string.first! == "[" { - // Look for IPv6-style endpoint, like [::1]:80 - let startOfHost = string.index(after: string.startIndex) - guard let endOfHost = string.dropFirst().firstIndex(of: "]") else { return nil } - let afterEndOfHost = string.index(after: endOfHost) - guard string[afterEndOfHost] == ":" else { return nil } - startOfPort = string.index(after: afterEndOfHost) - hostString = String(string[startOfHost ..< endOfHost]) - } else { - // Look for an IPv4-style endpoint, like 127.0.0.1:80 - guard let endOfHost = string.firstIndex(of: ":") else { return nil } - startOfPort = string.index(after: endOfHost) - hostString = String(string[string.startIndex ..< endOfHost]) - } - guard let endpointPort = NWEndpoint.Port(String(string[startOfPort ..< string.endIndex])) else { return nil } - let invalidCharacterIndex = hostString.unicodeScalars.firstIndex { char in - return !CharacterSet.urlHostAllowed.contains(char) - } - guard invalidCharacterIndex == nil else { return nil } - host = NWEndpoint.Host(hostString) - port = endpointPort - } -} - -extension Endpoint { - func hasHostAsIPAddress() -> Bool { - switch host { - case .name: - return false - case .ipv4: - return true - case .ipv6: - return true - @unknown default: - fatalError() - } - } - - func hostname() -> String? { - switch host { - case .name(let hostname, _): - return hostname - case .ipv4: - return nil - case .ipv6: - return nil - @unknown default: - fatalError() - } - } -} diff --git a/WireGuard/Shared/Model/IPAddressRange.swift b/WireGuard/Shared/Model/IPAddressRange.swift deleted file mode 100644 index d38686c..0000000 --- a/WireGuard/Shared/Model/IPAddressRange.swift +++ /dev/null @@ -1,67 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network - -struct IPAddressRange { - let address: IPAddress - var networkPrefixLength: UInt8 - - init(address: IPAddress, networkPrefixLength: UInt8) { - self.address = address - self.networkPrefixLength = networkPrefixLength - } -} - -extension IPAddressRange: Equatable { - static func == (lhs: IPAddressRange, rhs: IPAddressRange) -> Bool { - return lhs.address.rawValue == rhs.address.rawValue && lhs.networkPrefixLength == rhs.networkPrefixLength - } -} - -extension IPAddressRange: Hashable { - func hash(into hasher: inout Hasher) { - hasher.combine(address.rawValue) - hasher.combine(networkPrefixLength) - } -} - -extension IPAddressRange { - var stringRepresentation: String { - return "\(address)/\(networkPrefixLength)" - } - - init?(from string: String) { - guard let parsed = IPAddressRange.parseAddressString(string) else { return nil } - address = parsed.0 - networkPrefixLength = parsed.1 - } - - private static func parseAddressString(_ string: String) -> (IPAddress, UInt8)? { - let endOfIPAddress = string.lastIndex(of: "/") ?? string.endIndex - let addressString = String(string[string.startIndex ..< endOfIPAddress]) - let address: IPAddress - if let addr = IPv4Address(addressString) { - address = addr - } else if let addr = IPv6Address(addressString) { - address = addr - } else { - return nil - } - - let maxNetworkPrefixLength: UInt8 = address is IPv4Address ? 32 : 128 - var networkPrefixLength: UInt8 - if endOfIPAddress < string.endIndex { // "/" was located - let indexOfNetworkPrefixLength = string.index(after: endOfIPAddress) - guard indexOfNetworkPrefixLength < string.endIndex else { return nil } - let networkPrefixLengthSubstring = string[indexOfNetworkPrefixLength ..< string.endIndex] - guard let npl = UInt8(networkPrefixLengthSubstring) else { return nil } - networkPrefixLength = min(npl, maxNetworkPrefixLength) - } else { - networkPrefixLength = maxNetworkPrefixLength - } - - return (address, networkPrefixLength) - } -} diff --git a/WireGuard/Shared/Model/InterfaceConfiguration.swift b/WireGuard/Shared/Model/InterfaceConfiguration.swift deleted file mode 100644 index d80ed89..0000000 --- a/WireGuard/Shared/Model/InterfaceConfiguration.swift +++ /dev/null @@ -1,33 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation -import Network - -struct InterfaceConfiguration { - var privateKey: Data - var addresses = [IPAddressRange]() - var listenPort: UInt16? - var mtu: UInt16? - var dns = [DNSServer]() - - init(privateKey: Data) { - if privateKey.count != TunnelConfiguration.keyLength { - fatalError("Invalid private key") - } - self.privateKey = privateKey - } -} - -extension InterfaceConfiguration: Equatable { - static func == (lhs: InterfaceConfiguration, rhs: InterfaceConfiguration) -> Bool { - let lhsAddresses = lhs.addresses.filter { $0.address is IPv4Address } + lhs.addresses.filter { $0.address is IPv6Address } - let rhsAddresses = rhs.addresses.filter { $0.address is IPv4Address } + rhs.addresses.filter { $0.address is IPv6Address } - - return lhs.privateKey == rhs.privateKey && - lhsAddresses == rhsAddresses && - lhs.listenPort == rhs.listenPort && - lhs.mtu == rhs.mtu && - lhs.dns == rhs.dns - } -} diff --git a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift b/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift deleted file mode 100644 index 7828d81..0000000 --- a/WireGuard/Shared/Model/NETunnelProviderProtocol+Extension.swift +++ /dev/null @@ -1,87 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import NetworkExtension - -enum PacketTunnelProviderError: String, Error { - case savedProtocolConfigurationIsInvalid - case dnsResolutionFailure - case couldNotStartBackend - case couldNotDetermineFileDescriptor - case couldNotSetNetworkSettings -} - -extension NETunnelProviderProtocol { - convenience init?(tunnelConfiguration: TunnelConfiguration, previouslyFrom old: NEVPNProtocol? = nil) { - self.init() - - guard let name = tunnelConfiguration.name else { return nil } - guard let appId = Bundle.main.bundleIdentifier else { return nil } - providerBundleIdentifier = "\(appId).network-extension" - passwordReference = Keychain.makeReference(containing: tunnelConfiguration.asWgQuickConfig(), called: name, previouslyReferencedBy: old?.passwordReference) - if passwordReference == nil { - return nil - } - #if os(macOS) - providerConfiguration = ["UID": getuid()] - #endif - - let endpoints = tunnelConfiguration.peers.compactMap { $0.endpoint } - if endpoints.count == 1 { - serverAddress = endpoints[0].stringRepresentation - } else if endpoints.isEmpty { - serverAddress = "Unspecified" - } else { - serverAddress = "Multiple endpoints" - } - } - - func asTunnelConfiguration(called name: String? = nil) -> TunnelConfiguration? { - if let passwordReference = passwordReference, - let config = Keychain.openReference(called: passwordReference) { - return try? TunnelConfiguration(fromWgQuickConfig: config, called: name) - } - if let oldConfig = providerConfiguration?["WgQuickConfig"] as? String { - return try? TunnelConfiguration(fromWgQuickConfig: oldConfig, called: name) - } - return nil - } - - func destroyConfigurationReference() { - guard let ref = passwordReference else { return } - Keychain.deleteReference(called: ref) - } - - func verifyConfigurationReference() -> Bool { - guard let ref = passwordReference else { return false } - return Keychain.verifyReference(called: ref) - } - - @discardableResult - func migrateConfigurationIfNeeded(called name: String) -> Bool { - /* This is how we did things before we switched to putting items - * in the keychain. But it's still useful to keep the migration - * around so that .mobileconfig files are easier. - */ - if let oldConfig = providerConfiguration?["WgQuickConfig"] as? String { - #if os(macOS) - providerConfiguration = ["UID": getuid()] - #elseif os(iOS) - providerConfiguration = nil - #else - #error("Unimplemented") - #endif - guard passwordReference == nil else { return true } - wg_log(.debug, message: "Migrating tunnel configuration '\(name)'") - passwordReference = Keychain.makeReference(containing: oldConfig, called: name) - return true - } - #if os(macOS) - if passwordReference != nil && providerConfiguration?["UID"] == nil && verifyConfigurationReference() { - providerConfiguration = ["UID": getuid()] - return true - } - #endif - return false - } -} diff --git a/WireGuard/Shared/Model/PeerConfiguration.swift b/WireGuard/Shared/Model/PeerConfiguration.swift deleted file mode 100644 index 7fd3f87..0000000 --- a/WireGuard/Shared/Model/PeerConfiguration.swift +++ /dev/null @@ -1,51 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation - -struct PeerConfiguration { - var publicKey: Data - var preSharedKey: Data? { - didSet(value) { - if let value = value { - if value.count != TunnelConfiguration.keyLength { - fatalError("Invalid preshared key") - } - } - } - } - var allowedIPs = [IPAddressRange]() - var endpoint: Endpoint? - var persistentKeepAlive: UInt16? - var rxBytes: UInt64? - var txBytes: UInt64? - var lastHandshakeTime: Date? - - init(publicKey: Data) { - self.publicKey = publicKey - if publicKey.count != TunnelConfiguration.keyLength { - fatalError("Invalid public key") - } - } -} - -extension PeerConfiguration: Equatable { - static func == (lhs: PeerConfiguration, rhs: PeerConfiguration) -> Bool { - return lhs.publicKey == rhs.publicKey && - lhs.preSharedKey == rhs.preSharedKey && - Set(lhs.allowedIPs) == Set(rhs.allowedIPs) && - lhs.endpoint == rhs.endpoint && - lhs.persistentKeepAlive == rhs.persistentKeepAlive - } -} - -extension PeerConfiguration: Hashable { - func hash(into hasher: inout Hasher) { - hasher.combine(publicKey) - hasher.combine(preSharedKey) - hasher.combine(Set(allowedIPs)) - hasher.combine(endpoint) - hasher.combine(persistentKeepAlive) - - } -} diff --git a/WireGuard/Shared/Model/String+ArrayConversion.swift b/WireGuard/Shared/Model/String+ArrayConversion.swift deleted file mode 100644 index 7d00be9..0000000 --- a/WireGuard/Shared/Model/String+ArrayConversion.swift +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation - -extension String { - - func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { - return split(separator: separator) - .map { - if let charSet = trimmingCharacters { - return $0.trimmingCharacters(in: charSet) - } else { - return String($0) - } - } - } - -} - -extension Optional where Wrapped == String { - - func splitToArray(separator: Character = ",", trimmingCharacters: CharacterSet? = nil) -> [String] { - switch self { - case .none: - return [] - case .some(let wrapped): - return wrapped.splitToArray(separator: separator, trimmingCharacters: trimmingCharacters) - } - } - -} diff --git a/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift b/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift deleted file mode 100644 index 5e8f969..0000000 --- a/WireGuard/Shared/Model/TunnelConfiguration+WgQuickConfig.swift +++ /dev/null @@ -1,251 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation - -extension TunnelConfiguration { - - enum ParserState { - case inInterfaceSection - case inPeerSection - case notInASection - } - - enum ParseError: Error { - case invalidLine(String.SubSequence) - case noInterface - case multipleInterfaces - case interfaceHasNoPrivateKey - case interfaceHasInvalidPrivateKey(String) - case interfaceHasInvalidListenPort(String) - case interfaceHasInvalidAddress(String) - case interfaceHasInvalidDNS(String) - case interfaceHasInvalidMTU(String) - case interfaceHasUnrecognizedKey(String) - case peerHasNoPublicKey - case peerHasInvalidPublicKey(String) - case peerHasInvalidPreSharedKey(String) - case peerHasInvalidAllowedIP(String) - case peerHasInvalidEndpoint(String) - case peerHasInvalidPersistentKeepAlive(String) - case peerHasInvalidTransferBytes(String) - case peerHasInvalidLastHandshakeTime(String) - case peerHasUnrecognizedKey(String) - case multiplePeersWithSamePublicKey - case multipleEntriesForKey(String) - } - - convenience init(fromWgQuickConfig wgQuickConfig: String, called name: String? = nil) throws { - var interfaceConfiguration: InterfaceConfiguration? - var peerConfigurations = [PeerConfiguration]() - - let lines = wgQuickConfig.split { $0.isNewline } - - var parserState = ParserState.notInASection - var attributes = [String: String]() - - for (lineIndex, line) in lines.enumerated() { - var trimmedLine: String - if let commentRange = line.range(of: "#") { - trimmedLine = String(line[..<commentRange.lowerBound]) - } else { - trimmedLine = String(line) - } - - trimmedLine = trimmedLine.trimmingCharacters(in: .whitespacesAndNewlines) - let lowercasedLine = trimmedLine.lowercased() - - if !trimmedLine.isEmpty { - if let equalsIndex = trimmedLine.firstIndex(of: "=") { - // Line contains an attribute - let keyWithCase = trimmedLine[..<equalsIndex].trimmingCharacters(in: .whitespacesAndNewlines) - let key = keyWithCase.lowercased() - let value = trimmedLine[trimmedLine.index(equalsIndex, offsetBy: 1)...].trimmingCharacters(in: .whitespacesAndNewlines) - let keysWithMultipleEntriesAllowed: Set<String> = ["address", "allowedips", "dns"] - if let presentValue = attributes[key] { - if keysWithMultipleEntriesAllowed.contains(key) { - attributes[key] = presentValue + "," + value - } else { - throw ParseError.multipleEntriesForKey(keyWithCase) - } - } else { - attributes[key] = value - } - let interfaceSectionKeys: Set<String> = ["privatekey", "listenport", "address", "dns", "mtu"] - let peerSectionKeys: Set<String> = ["publickey", "presharedkey", "allowedips", "endpoint", "persistentkeepalive"] - if parserState == .inInterfaceSection { - guard interfaceSectionKeys.contains(key) else { - throw ParseError.interfaceHasUnrecognizedKey(keyWithCase) - } - } else if parserState == .inPeerSection { - guard peerSectionKeys.contains(key) else { - throw ParseError.peerHasUnrecognizedKey(keyWithCase) - } - } - } else if lowercasedLine != "[interface]" && lowercasedLine != "[peer]" { - throw ParseError.invalidLine(line) - } - } - - let isLastLine = lineIndex == lines.count - 1 - - if isLastLine || lowercasedLine == "[interface]" || lowercasedLine == "[peer]" { - // Previous section has ended; process the attributes collected so far - if parserState == .inInterfaceSection { - let interface = try TunnelConfiguration.collate(interfaceAttributes: attributes) - guard interfaceConfiguration == nil else { throw ParseError.multipleInterfaces } - interfaceConfiguration = interface - } else if parserState == .inPeerSection { - let peer = try TunnelConfiguration.collate(peerAttributes: attributes) - peerConfigurations.append(peer) - } - } - - if lowercasedLine == "[interface]" { - parserState = .inInterfaceSection - attributes.removeAll() - } else if lowercasedLine == "[peer]" { - parserState = .inPeerSection - attributes.removeAll() - } - } - - let peerPublicKeysArray = peerConfigurations.map { $0.publicKey } - let peerPublicKeysSet = Set<Data>(peerPublicKeysArray) - if peerPublicKeysArray.count != peerPublicKeysSet.count { - throw ParseError.multiplePeersWithSamePublicKey - } - - if let interfaceConfiguration = interfaceConfiguration { - self.init(name: name, interface: interfaceConfiguration, peers: peerConfigurations) - } else { - throw ParseError.noInterface - } - } - - func asWgQuickConfig() -> String { - var output = "[Interface]\n" - if let privateKey = interface.privateKey.base64Key() { - output.append("PrivateKey = \(privateKey)\n") - } - if let listenPort = interface.listenPort { - output.append("ListenPort = \(listenPort)\n") - } - if !interface.addresses.isEmpty { - let addressString = interface.addresses.map { $0.stringRepresentation }.joined(separator: ", ") - output.append("Address = \(addressString)\n") - } - if !interface.dns.isEmpty { - let dnsString = interface.dns.map { $0.stringRepresentation }.joined(separator: ", ") - output.append("DNS = \(dnsString)\n") - } - if let mtu = interface.mtu { - output.append("MTU = \(mtu)\n") - } - - for peer in peers { - output.append("\n[Peer]\n") - if let publicKey = peer.publicKey.base64Key() { - output.append("PublicKey = \(publicKey)\n") - } - if let preSharedKey = peer.preSharedKey?.base64Key() { - output.append("PresharedKey = \(preSharedKey)\n") - } - if !peer.allowedIPs.isEmpty { - let allowedIPsString = peer.allowedIPs.map { $0.stringRepresentation }.joined(separator: ", ") - output.append("AllowedIPs = \(allowedIPsString)\n") - } - if let endpoint = peer.endpoint { - output.append("Endpoint = \(endpoint.stringRepresentation)\n") - } - if let persistentKeepAlive = peer.persistentKeepAlive { - output.append("PersistentKeepalive = \(persistentKeepAlive)\n") - } - } - - return output - } - - private static func collate(interfaceAttributes attributes: [String: String]) throws -> InterfaceConfiguration { - guard let privateKeyString = attributes["privatekey"] else { - throw ParseError.interfaceHasNoPrivateKey - } - guard let privateKey = Data(base64Key: privateKeyString), privateKey.count == TunnelConfiguration.keyLength else { - throw ParseError.interfaceHasInvalidPrivateKey(privateKeyString) - } - var interface = InterfaceConfiguration(privateKey: privateKey) - if let listenPortString = attributes["listenport"] { - guard let listenPort = UInt16(listenPortString) else { - throw ParseError.interfaceHasInvalidListenPort(listenPortString) - } - interface.listenPort = listenPort - } - if let addressesString = attributes["address"] { - var addresses = [IPAddressRange]() - for addressString in addressesString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) { - guard let address = IPAddressRange(from: addressString) else { - throw ParseError.interfaceHasInvalidAddress(addressString) - } - addresses.append(address) - } - interface.addresses = addresses - } - if let dnsString = attributes["dns"] { - var dnsServers = [DNSServer]() - for dnsServerString in dnsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) { - guard let dnsServer = DNSServer(from: dnsServerString) else { - throw ParseError.interfaceHasInvalidDNS(dnsServerString) - } - dnsServers.append(dnsServer) - } - interface.dns = dnsServers - } - if let mtuString = attributes["mtu"] { - guard let mtu = UInt16(mtuString) else { - throw ParseError.interfaceHasInvalidMTU(mtuString) - } - interface.mtu = mtu - } - return interface - } - - private static func collate(peerAttributes attributes: [String: String]) throws -> PeerConfiguration { - guard let publicKeyString = attributes["publickey"] else { - throw ParseError.peerHasNoPublicKey - } - guard let publicKey = Data(base64Key: publicKeyString), publicKey.count == TunnelConfiguration.keyLength else { - throw ParseError.peerHasInvalidPublicKey(publicKeyString) - } - var peer = PeerConfiguration(publicKey: publicKey) - if let preSharedKeyString = attributes["presharedkey"] { - guard let preSharedKey = Data(base64Key: preSharedKeyString), preSharedKey.count == TunnelConfiguration.keyLength else { - throw ParseError.peerHasInvalidPreSharedKey(preSharedKeyString) - } - peer.preSharedKey = preSharedKey - } - if let allowedIPsString = attributes["allowedips"] { - var allowedIPs = [IPAddressRange]() - for allowedIPString in allowedIPsString.splitToArray(trimmingCharacters: .whitespacesAndNewlines) { - guard let allowedIP = IPAddressRange(from: allowedIPString) else { - throw ParseError.peerHasInvalidAllowedIP(allowedIPString) - } - allowedIPs.append(allowedIP) - } - peer.allowedIPs = allowedIPs - } - if let endpointString = attributes["endpoint"] { - guard let endpoint = Endpoint(from: endpointString) else { - throw ParseError.peerHasInvalidEndpoint(endpointString) - } - peer.endpoint = endpoint - } - if let persistentKeepAliveString = attributes["persistentkeepalive"] { - guard let persistentKeepAlive = UInt16(persistentKeepAliveString) else { - throw ParseError.peerHasInvalidPersistentKeepAlive(persistentKeepAliveString) - } - peer.persistentKeepAlive = persistentKeepAlive - } - return peer - } - -} diff --git a/WireGuard/Shared/Model/TunnelConfiguration.swift b/WireGuard/Shared/Model/TunnelConfiguration.swift deleted file mode 100644 index 5a8f7df..0000000 --- a/WireGuard/Shared/Model/TunnelConfiguration.swift +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: MIT -// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved. - -import Foundation - -final class TunnelConfiguration { - var name: String? - var interface: InterfaceConfiguration - let peers: [PeerConfiguration] - - static let keyLength = 32 - - init(name: String?, interface: InterfaceConfiguration, peers: [PeerConfiguration]) { - self.interface = interface - self.peers = peers - self.name = name - - let peerPublicKeysArray = peers.map { $0.publicKey } - let peerPublicKeysSet = Set<Data>(peerPublicKeysArray) - if peerPublicKeysArray.count != peerPublicKeysSet.count { - fatalError("Two or more peers cannot have the same public key") - } - } -} - -extension TunnelConfiguration: Equatable { - static func == (lhs: TunnelConfiguration, rhs: TunnelConfiguration) -> Bool { - return lhs.name == rhs.name && - lhs.interface == rhs.interface && - Set(lhs.peers) == Set(rhs.peers) - } -} diff --git a/WireGuard/Shared/Model/key.c b/WireGuard/Shared/Model/key.c deleted file mode 100644 index 6c64443..0000000 --- a/WireGuard/Shared/Model/key.c +++ /dev/null @@ -1,114 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* - * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. - * - * This is a specialized constant-time base64/hex implementation that resists side-channel attacks. - */ - -#include <string.h> -#include "key.h" - -static inline void encode_base64(char dest[static 4], const uint8_t src[static 3]) -{ - const uint8_t input[] = { (src[0] >> 2) & 63, ((src[0] << 4) | (src[1] >> 4)) & 63, ((src[1] << 2) | (src[2] >> 6)) & 63, src[2] & 63 }; - - for (unsigned int i = 0; i < 4; ++i) - dest[i] = input[i] + 'A' - + (((25 - input[i]) >> 8) & 6) - - (((51 - input[i]) >> 8) & 75) - - (((61 - input[i]) >> 8) & 15) - + (((62 - input[i]) >> 8) & 3); - -} - -void key_to_base64(char base64[static WG_KEY_LEN_BASE64], const uint8_t key[static WG_KEY_LEN]) -{ - unsigned int i; - - for (i = 0; i < WG_KEY_LEN / 3; ++i) - encode_base64(&base64[i * 4], &key[i * 3]); - encode_base64(&base64[i * 4], (const uint8_t[]){ key[i * 3 + 0], key[i * 3 + 1], 0 }); - base64[WG_KEY_LEN_BASE64 - 2] = '='; - base64[WG_KEY_LEN_BASE64 - 1] = '\0'; -} - -static inline int decode_base64(const char src[static 4]) -{ - int val = 0; - - for (unsigned int i = 0; i < 4; ++i) - val |= (-1 - + ((((('A' - 1) - src[i]) & (src[i] - ('Z' + 1))) >> 8) & (src[i] - 64)) - + ((((('a' - 1) - src[i]) & (src[i] - ('z' + 1))) >> 8) & (src[i] - 70)) - + ((((('0' - 1) - src[i]) & (src[i] - ('9' + 1))) >> 8) & (src[i] + 5)) - + ((((('+' - 1) - src[i]) & (src[i] - ('+' + 1))) >> 8) & 63) - + ((((('/' - 1) - src[i]) & (src[i] - ('/' + 1))) >> 8) & 64) - ) << (18 - 6 * i); - return val; -} - -bool key_from_base64(uint8_t key[static WG_KEY_LEN], const char *base64) -{ - unsigned int i; - volatile uint8_t ret = 0; - int val; - - if (strlen(base64) != WG_KEY_LEN_BASE64 - 1 || base64[WG_KEY_LEN_BASE64 - 2] != '=') - return false; - - for (i = 0; i < WG_KEY_LEN / 3; ++i) { - val = decode_base64(&base64[i * 4]); - ret |= (uint32_t)val >> 31; - key[i * 3 + 0] = (val >> 16) & 0xff; - key[i * 3 + 1] = (val >> 8) & 0xff; - key[i * 3 + 2] = val & 0xff; - } - val = decode_base64((const char[]){ base64[i * 4 + 0], base64[i * 4 + 1], base64[i * 4 + 2], 'A' }); - ret |= ((uint32_t)val >> 31) | (val & 0xff); - key[i * 3 + 0] = (val >> 16) & 0xff; - key[i * 3 + 1] = (val >> 8) & 0xff; - - return 1 & ((ret - 1) >> 8); -} - -void key_to_hex(char hex[static WG_KEY_LEN_HEX], const uint8_t key[static WG_KEY_LEN]) -{ - unsigned int i; - - for (i = 0; i < WG_KEY_LEN; ++i) { - hex[i * 2] = 87U + (key[i] >> 4) + ((((key[i] >> 4) - 10U) >> 8) & ~38U); - hex[i * 2 + 1] = 87U + (key[i] & 0xf) + ((((key[i] & 0xf) - 10U) >> 8) & ~38U); - } - hex[i * 2] = '\0'; -} - -bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex) -{ - uint8_t c, c_acc, c_alpha0, c_alpha, c_num0, c_num, c_val; - volatile uint8_t ret = 0; - - if (strlen(hex) != WG_KEY_LEN_HEX - 1) - return false; - - for (unsigned int i = 0; i < WG_KEY_LEN_HEX - 1; i += 2) { - c = (uint8_t)hex[i]; - c_num = c ^ 48U; - c_num0 = (c_num - 10U) >> 8; - c_alpha = (c & ~32U) - 55U; - c_alpha0 = ((c_alpha - 10U) ^ (c_alpha - 16U)) >> 8; - ret |= ((c_num0 | c_alpha0) - 1) >> 8; - c_val = (c_num0 & c_num) | (c_alpha0 & c_alpha); - c_acc = c_val * 16U; - - c = (uint8_t)hex[i + 1]; - c_num = c ^ 48U; - c_num0 = (c_num - 10U) >> 8; - c_alpha = (c & ~32U) - 55U; - c_alpha0 = ((c_alpha - 10U) ^ (c_alpha - 16U)) >> 8; - ret |= ((c_num0 | c_alpha0) - 1) >> 8; - c_val = (c_num0 & c_num) | (c_alpha0 & c_alpha); - key[i / 2] = c_acc | c_val; - } - - return 1 & ((ret - 1) >> 8); -} diff --git a/WireGuard/Shared/Model/key.h b/WireGuard/Shared/Model/key.h deleted file mode 100644 index bd22a94..0000000 --- a/WireGuard/Shared/Model/key.h +++ /dev/null @@ -1,22 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -/* - * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. - */ - -#ifndef KEY_H -#define KEY_H - -#include <stdbool.h> -#include <stdint.h> - -#define WG_KEY_LEN (32) -#define WG_KEY_LEN_BASE64 (45) -#define WG_KEY_LEN_HEX (65) - -void key_to_base64(char base64[static WG_KEY_LEN_BASE64], const uint8_t key[static WG_KEY_LEN]); -bool key_from_base64(uint8_t key[static WG_KEY_LEN], const char *base64); - -void key_to_hex(char hex[static WG_KEY_LEN_HEX], const uint8_t key[static WG_KEY_LEN]); -bool key_from_hex(uint8_t key[static WG_KEY_LEN], const char *hex); - -#endif |