diff --git a/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift b/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift new file mode 100644 index 0000000..9bb4ee5 --- /dev/null +++ b/OpenVPN Adapter Tests/OpenVPNCertificateTests.swift @@ -0,0 +1,81 @@ +// +// OpenVPNCertificateTests.swift +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 06.09.17. +// +// + +import XCTest +@testable import OpenVPNAdapter + +class OpenVPNCertificateTests: XCTestCase { + + override func setUp() { + super.setUp() + // Put setup code here. This method is called before the invocation of each test method in the class. + } + + override func tearDown() { + // Put teardown code here. This method is called after the invocation of each test method in the class. + super.tearDown() + } + + func testCertificatePEMandDER() { + guard + let caURL = Bundle.current.url(forResource: "test-ca", withExtension: "crt"), + let caOriginalPEMData = try? Data(contentsOf: caURL) + else { + XCTFail() + return + } + + let certificateFromPEM: OpenVPNCertificate + do { + certificateFromPEM = try OpenVPNCertificate(pem: caOriginalPEMData) + } catch { + XCTFail(error.localizedDescription) + return + } + + let caDERData: Data + do { + caDERData = try certificateFromPEM.derData() + } catch { + XCTFail(error.localizedDescription) + return + } + + let certificateFromDER: OpenVPNCertificate + do { + certificateFromDER = try OpenVPNCertificate(der: caDERData) + } catch { + XCTFail(error.localizedDescription) + return + } + + let caGeneratedPEMData: Data + do { + caGeneratedPEMData = try certificateFromDER.pemData() + } catch { + XCTFail(error.localizedDescription) + return + } + + XCTAssert(caGeneratedPEMData.elementsEqual(caOriginalPEMData)) + } + + func testCertificateFromEmptyPEM() { + let caData = Data(count: 1024) + + let certificate: OpenVPNCertificate + do { + certificate = try OpenVPNCertificate(pem: caData) + } catch { + return + } + + XCTFail("Initialization with empty PEM data should fail") + } + +} diff --git a/OpenVPN Adapter Tests/OpenVPNPrivateKeyTests.swift b/OpenVPN Adapter Tests/OpenVPNPrivateKeyTests.swift new file mode 100644 index 0000000..ab45614 --- /dev/null +++ b/OpenVPN Adapter Tests/OpenVPNPrivateKeyTests.swift @@ -0,0 +1,124 @@ +// +// OpenVPNPrivateKeyTests.swift +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 07.09.17. +// +// + +import XCTest +@testable import OpenVPNAdapter + +class OpenVPNPrivateKeyTests: XCTestCase { + + override func setUp() { + super.setUp() + // Put setup code here. This method is called before the invocation of each test method in the class. + } + + override func tearDown() { + // Put teardown code here. This method is called after the invocation of each test method in the class. + super.tearDown() + } + + func testKeyPEMandDERWithoutPassword() { + guard + let caURL = Bundle.current.url(forResource: "keyfile-decrypted", withExtension: "3des"), + let caOriginalPEMData = try? Data(contentsOf: caURL) + else { + XCTFail() + return + } + + let keyFromPEM: OpenVPNPrivateKey + do { + keyFromPEM = try OpenVPNPrivateKey(pem: caOriginalPEMData, password: nil) + } catch { + XCTFail("\(error)") + return + } + + XCTAssert(keyFromPEM.type == .RSA) + + let keyDERData: Data + do { + keyDERData = try keyFromPEM.derData() + } catch { + XCTFail("\(error)") + return + } + + let keyFromDER: OpenVPNPrivateKey + do { + keyFromDER = try OpenVPNPrivateKey(der: keyDERData, password: nil) + } catch { + XCTFail("\(error)") + return + } + + XCTAssert(keyFromDER.type == .RSA) + + let keyGeneratedPEMData: Data + do { + keyGeneratedPEMData = try keyFromDER.pemData() + } catch { + XCTFail("\(error)") + return + } + + XCTAssert(keyGeneratedPEMData.elementsEqual(caOriginalPEMData)) + } + + func testKeyPEMandDERWithPassword() { + guard + let keyURL = Bundle.current.url(forResource: "keyfile-encrypted", withExtension: "3des"), + let keyOriginalPEMData = try? Data(contentsOf: keyURL) + else { + XCTFail() + return + } + + let keyFromPEM: OpenVPNPrivateKey + do { + keyFromPEM = try OpenVPNPrivateKey(pem: keyOriginalPEMData, password: "testkey") + } catch { + XCTFail("\(error)") + return + } + + let keyDERData: Data + do { + keyDERData = try keyFromPEM.derData() + } catch { + XCTFail("\(error)") + return + } + + let keyFromDER: OpenVPNPrivateKey + do { + keyFromDER = try OpenVPNPrivateKey(der: keyDERData, password: nil) + } catch { + XCTFail("\(error)") + return + } + + let keyGeneratedPEMData: Data + do { + keyGeneratedPEMData = try keyFromDER.pemData() + } catch { + XCTFail("\(error)") + return + } + + guard + let keySampleURL = Bundle.current.url(forResource: "keyfile-decrypted", withExtension: "3des"), + let keySamplePEMData = try? Data(contentsOf: keySampleURL) + else { + XCTFail() + return + } + + XCTAssert(keyGeneratedPEMData.elementsEqual(keySamplePEMData)) + } + +} diff --git a/OpenVPN Adapter Tests/Resources/keyfile-decrypted.3des b/OpenVPN Adapter Tests/Resources/keyfile-decrypted.3des new file mode 100644 index 0000000..f54d47a --- /dev/null +++ b/OpenVPN Adapter Tests/Resources/keyfile-decrypted.3des @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF +UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y +pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB +AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo +iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z +fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v +3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6 +ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O +pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz +JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP +CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr +JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k ++AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA== +-----END RSA PRIVATE KEY----- diff --git a/OpenVPN Adapter Tests/Resources/keyfile-encrypted.3des b/OpenVPN Adapter Tests/Resources/keyfile-encrypted.3des new file mode 100644 index 0000000..638c19a --- /dev/null +++ b/OpenVPN Adapter Tests/Resources/keyfile-encrypted.3des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7 + +9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w +uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d +aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4 +Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw +JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E +P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P +zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF +3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE +cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz +0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A +mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs +JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY +jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ== +-----END RSA PRIVATE KEY----- diff --git a/OpenVPN Adapter Tests/Resources/test-ca.crt b/OpenVPN Adapter Tests/Resources/test-ca.crt new file mode 100644 index 0000000..d41a420 --- /dev/null +++ b/OpenVPN Adapter Tests/Resources/test-ca.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT +Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF +QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu +ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy +aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g +JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 +t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv +uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +-----END CERTIFICATE----- diff --git a/OpenVPN Adapter.xcodeproj/project.pbxproj b/OpenVPN Adapter.xcodeproj/project.pbxproj index 3d27645..9fceffe 100644 --- a/OpenVPN Adapter.xcodeproj/project.pbxproj +++ b/OpenVPN Adapter.xcodeproj/project.pbxproj @@ -9,6 +9,20 @@ /* Begin PBXBuildFile section */ C90BAD311E73FF6C00DEFB32 /* SystemConfiguration.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C90BAD301E73FF6C00DEFB32 /* SystemConfiguration.framework */; }; C912BB251E7C3339002B9414 /* NetworkExtension.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C912BB241E7C3339002B9414 /* NetworkExtension.framework */; }; + C915F1F41F612F3300B3DF23 /* OpenVPNPrivateKey.h in Headers */ = {isa = PBXBuildFile; fileRef = C915F1F21F612F3300B3DF23 /* OpenVPNPrivateKey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C915F1F51F612F3300B3DF23 /* OpenVPNPrivateKey.h in Headers */ = {isa = PBXBuildFile; fileRef = C915F1F21F612F3300B3DF23 /* OpenVPNPrivateKey.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C915F1F61F612F3300B3DF23 /* OpenVPNPrivateKey.m in Sources */ = {isa = PBXBuildFile; fileRef = C915F1F31F612F3300B3DF23 /* OpenVPNPrivateKey.m */; }; + C915F1F71F612F3300B3DF23 /* OpenVPNPrivateKey.m in Sources */ = {isa = PBXBuildFile; fileRef = C915F1F31F612F3300B3DF23 /* OpenVPNPrivateKey.m */; }; + C915F1F91F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C915F1F81F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift */; }; + C915F1FA1F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C915F1F81F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift */; }; + C915F1FE1F6164CF00B3DF23 /* OpenVPNKeyType.h in Headers */ = {isa = PBXBuildFile; fileRef = C915F1FD1F6164CF00B3DF23 /* OpenVPNKeyType.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C915F1FF1F6164CF00B3DF23 /* OpenVPNKeyType.h in Headers */ = {isa = PBXBuildFile; fileRef = C915F1FD1F6164CF00B3DF23 /* OpenVPNKeyType.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C915F21F1F6199E300B3DF23 /* keyfile-encrypted.3des in Resources */ = {isa = PBXBuildFile; fileRef = C915F21E1F6199E300B3DF23 /* keyfile-encrypted.3des */; }; + C915F2201F6199E300B3DF23 /* keyfile-encrypted.3des in Resources */ = {isa = PBXBuildFile; fileRef = C915F21E1F6199E300B3DF23 /* keyfile-encrypted.3des */; }; + C915F2221F61B0E700B3DF23 /* keyfile-decrypted.3des in Resources */ = {isa = PBXBuildFile; fileRef = C915F2211F61B0E700B3DF23 /* keyfile-decrypted.3des */; }; + C915F2231F61B0E700B3DF23 /* keyfile-decrypted.3des in Resources */ = {isa = PBXBuildFile; fileRef = C915F2211F61B0E700B3DF23 /* keyfile-decrypted.3des */; }; + C915F2251F61B22300B3DF23 /* test-ca.crt in Resources */ = {isa = PBXBuildFile; fileRef = C915F2241F61B22300B3DF23 /* test-ca.crt */; }; + C915F2261F61B22300B3DF23 /* test-ca.crt in Resources */ = {isa = PBXBuildFile; fileRef = C915F2241F61B22300B3DF23 /* test-ca.crt */; }; C9354F451F1E4A4500F4C935 /* OpenVPNReachabilityStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = C9B795681F1D219C00CF35FE /* OpenVPNReachabilityStatus.h */; settings = {ATTRIBUTES = (Public, ); }; }; C9354F461F1E4A4600F4C935 /* OpenVPNReachabilityStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = C9B795681F1D219C00CF35FE /* OpenVPNReachabilityStatus.h */; settings = {ATTRIBUTES = (Public, ); }; }; C9354F471F1E4AE200F4C935 /* OpenVPNReachabilityTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C9354F431F1E49A500F4C935 /* OpenVPNReachabilityTests.swift */; }; @@ -104,6 +118,12 @@ C9BDB1361EBCC3B900C204FF /* OpenVPNTunnelSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = C9BDB1331EBCC3B900C204FF /* OpenVPNTunnelSettings.h */; }; C9BDB1371EBCC3B900C204FF /* OpenVPNTunnelSettings.m in Sources */ = {isa = PBXBuildFile; fileRef = C9BDB1341EBCC3B900C204FF /* OpenVPNTunnelSettings.m */; }; C9BDB1381EBCC3B900C204FF /* OpenVPNTunnelSettings.m in Sources */ = {isa = PBXBuildFile; fileRef = C9BDB1341EBCC3B900C204FF /* OpenVPNTunnelSettings.m */; }; + C9CA4DD31F602F7B00C4F184 /* OpenVPNCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = C9CA4DD11F602F7B00C4F184 /* OpenVPNCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C9CA4DD41F602F7B00C4F184 /* OpenVPNCertificate.h in Headers */ = {isa = PBXBuildFile; fileRef = C9CA4DD11F602F7B00C4F184 /* OpenVPNCertificate.h */; settings = {ATTRIBUTES = (Public, ); }; }; + C9CA4DD51F602F7B00C4F184 /* OpenVPNCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = C9CA4DD21F602F7B00C4F184 /* OpenVPNCertificate.m */; }; + C9CA4DD61F602F7B00C4F184 /* OpenVPNCertificate.m in Sources */ = {isa = PBXBuildFile; fileRef = C9CA4DD21F602F7B00C4F184 /* OpenVPNCertificate.m */; }; + C9CA4DE11F603A5300C4F184 /* OpenVPNCertificateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C9CA4DE01F603A5300C4F184 /* OpenVPNCertificateTests.swift */; }; + C9CA4DE21F603A5300C4F184 /* OpenVPNCertificateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C9CA4DE01F603A5300C4F184 /* OpenVPNCertificateTests.swift */; }; C9D2ABDB1EA20F99007EDF9D /* OpenVPNAdapter.mm in Sources */ = {isa = PBXBuildFile; fileRef = C9BB477E1E7173C700F3F98C /* OpenVPNAdapter.mm */; }; C9D2ABDC1EA20F99007EDF9D /* OpenVPNClient.mm in Sources */ = {isa = PBXBuildFile; fileRef = C9BB47781E7171ED00F3F98C /* OpenVPNClient.mm */; }; C9D2ABDE1EA20F99007EDF9D /* ovpncli.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C9FD92191E9A667600374FC4 /* ovpncli.cpp */; }; @@ -120,6 +140,10 @@ C9D2ABF61EA212A3007EDF9D /* OpenVPNAdapterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = C9BB47901E71821A00F3F98C /* OpenVPNAdapterTests.swift */; }; C9D2ABF71EA212A3007EDF9D /* Bundle.swift in Sources */ = {isa = PBXBuildFile; fileRef = C9BB47A11E7183DB00F3F98C /* Bundle.swift */; }; C9D2AC051EA214EA007EDF9D /* OpenVPNAdapter.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C9D2ABF01EA20F99007EDF9D /* OpenVPNAdapter.framework */; }; + C9E4401D1F6086A1001D7C41 /* NSError+Message.h in Headers */ = {isa = PBXBuildFile; fileRef = C9E4401B1F6086A1001D7C41 /* NSError+Message.h */; }; + C9E4401E1F6086A1001D7C41 /* NSError+Message.h in Headers */ = {isa = PBXBuildFile; fileRef = C9E4401B1F6086A1001D7C41 /* NSError+Message.h */; }; + C9E4401F1F6086A1001D7C41 /* NSError+Message.m in Sources */ = {isa = PBXBuildFile; fileRef = C9E4401C1F6086A1001D7C41 /* NSError+Message.m */; }; + C9E440201F6086A1001D7C41 /* NSError+Message.m in Sources */ = {isa = PBXBuildFile; fileRef = C9E4401C1F6086A1001D7C41 /* NSError+Message.m */; }; C9FD921A1E9A667600374FC4 /* ovpncli.hpp in Headers */ = {isa = PBXBuildFile; fileRef = C9FD92181E9A667600374FC4 /* ovpncli.hpp */; }; C9FD921B1E9A667600374FC4 /* ovpncli.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C9FD92191E9A667600374FC4 /* ovpncli.cpp */; }; /* End PBXBuildFile section */ @@ -151,6 +175,13 @@ C90BAD2F1E73FA7400DEFB32 /* Tests.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Tests.xcconfig; sourceTree = ""; }; C90BAD301E73FF6C00DEFB32 /* SystemConfiguration.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = SystemConfiguration.framework; path = System/Library/Frameworks/SystemConfiguration.framework; sourceTree = SDKROOT; }; C912BB241E7C3339002B9414 /* NetworkExtension.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = NetworkExtension.framework; path = System/Library/Frameworks/NetworkExtension.framework; sourceTree = SDKROOT; }; + C915F1F21F612F3300B3DF23 /* OpenVPNPrivateKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNPrivateKey.h; sourceTree = ""; }; + C915F1F31F612F3300B3DF23 /* OpenVPNPrivateKey.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OpenVPNPrivateKey.m; sourceTree = ""; }; + C915F1F81F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNPrivateKeyTests.swift; sourceTree = ""; }; + C915F1FD1F6164CF00B3DF23 /* OpenVPNKeyType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNKeyType.h; sourceTree = ""; }; + C915F21E1F6199E300B3DF23 /* keyfile-encrypted.3des */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "keyfile-encrypted.3des"; sourceTree = ""; }; + C915F2211F61B0E700B3DF23 /* keyfile-decrypted.3des */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "keyfile-decrypted.3des"; sourceTree = ""; }; + C915F2241F61B22300B3DF23 /* test-ca.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "test-ca.crt"; sourceTree = ""; }; C9354F431F1E49A500F4C935 /* OpenVPNReachabilityTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNReachabilityTests.swift; sourceTree = ""; }; C93779D31EAE32670030A362 /* OpenVPNCredentials.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNCredentials.h; sourceTree = ""; }; C93779D41EAE32670030A362 /* OpenVPNCredentials.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = OpenVPNCredentials.mm; sourceTree = ""; }; @@ -206,8 +237,13 @@ C9BCE25C1EB3C201009D6AC1 /* OpenVPNSessionToken+Internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "OpenVPNSessionToken+Internal.h"; sourceTree = ""; }; C9BDB1331EBCC3B900C204FF /* OpenVPNTunnelSettings.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNTunnelSettings.h; sourceTree = ""; }; C9BDB1341EBCC3B900C204FF /* OpenVPNTunnelSettings.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OpenVPNTunnelSettings.m; sourceTree = ""; }; + C9CA4DD11F602F7B00C4F184 /* OpenVPNCertificate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OpenVPNCertificate.h; sourceTree = ""; }; + C9CA4DD21F602F7B00C4F184 /* OpenVPNCertificate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = OpenVPNCertificate.m; sourceTree = ""; }; + C9CA4DE01F603A5300C4F184 /* OpenVPNCertificateTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OpenVPNCertificateTests.swift; sourceTree = ""; }; C9D2ABF01EA20F99007EDF9D /* OpenVPNAdapter.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = OpenVPNAdapter.framework; sourceTree = BUILT_PRODUCTS_DIR; }; C9D2ABFF1EA212A3007EDF9D /* OpenVPNAdapterTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = OpenVPNAdapterTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; }; + C9E4401B1F6086A1001D7C41 /* NSError+Message.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSError+Message.h"; sourceTree = ""; }; + C9E4401C1F6086A1001D7C41 /* NSError+Message.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSError+Message.m"; sourceTree = ""; }; C9FD92181E9A667600374FC4 /* ovpncli.hpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.h; name = ovpncli.hpp; path = Vendors/openvpn/client/ovpncli.hpp; sourceTree = ""; }; C9FD92191E9A667600374FC4 /* ovpncli.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ovpncli.cpp; path = Vendors/openvpn/client/ovpncli.cpp; sourceTree = ""; }; /* End PBXFileReference section */ @@ -346,6 +382,7 @@ C9657A631EB0D6AD00EFF210 /* OpenVPNCompressionMode.h */, C9657A661EB0D73200EFF210 /* OpenVPNMinTLSVersion.h */, C9657A691EB0D75700EFF210 /* OpenVPNTLSCertProfile.h */, + C915F1FD1F6164CF00B3DF23 /* OpenVPNKeyType.h */, C9B795681F1D219C00CF35FE /* OpenVPNReachabilityStatus.h */, ); name = "Types and Constants"; @@ -366,6 +403,7 @@ C9BB475D1E71663A00F3F98C /* OpenVPN Adapter */ = { isa = PBXGroup; children = ( + C9CA4DD01F602D8300C4F184 /* Certificates and Keys */, C9B7955B1F1D165700CF35FE /* Reachability */, C9235AC41EB24F0100C7D303 /* Configuration */, C9235AC51EB24F1100C7D303 /* Stats and Info */, @@ -436,6 +474,9 @@ C9BB479A1E71836100F3F98C /* Resources */ = { isa = PBXGroup; children = ( + C915F2241F61B22300B3DF23 /* test-ca.crt */, + C915F21E1F6199E300B3DF23 /* keyfile-encrypted.3des */, + C915F2211F61B0E700B3DF23 /* keyfile-decrypted.3des */, C98467A11EAA559B00272A9A /* local_vpn_server.ovpn */, ); path = Resources; @@ -444,6 +485,8 @@ C9BB479D1E71837200F3F98C /* Adapter Tests */ = { isa = PBXGroup; children = ( + C9CA4DE01F603A5300C4F184 /* OpenVPNCertificateTests.swift */, + C915F1F81F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift */, C9354F431F1E49A500F4C935 /* OpenVPNReachabilityTests.swift */, C94605E81EAA656B00971516 /* OpenVPNConfigurationTests.swift */, C9BB47901E71821A00F3F98C /* OpenVPNAdapterTests.swift */, @@ -476,10 +519,31 @@ name = Utils; sourceTree = ""; }; + C9CA4DD01F602D8300C4F184 /* Certificates and Keys */ = { + isa = PBXGroup; + children = ( + C9CA4DD11F602F7B00C4F184 /* OpenVPNCertificate.h */, + C9CA4DD21F602F7B00C4F184 /* OpenVPNCertificate.m */, + C915F1F21F612F3300B3DF23 /* OpenVPNPrivateKey.h */, + C915F1F31F612F3300B3DF23 /* OpenVPNPrivateKey.m */, + ); + name = "Certificates and Keys"; + sourceTree = ""; + }; + C9E4401A1F6081FF001D7C41 /* Utils */ = { + isa = PBXGroup; + children = ( + C9E4401B1F6086A1001D7C41 /* NSError+Message.h */, + C9E4401C1F6086A1001D7C41 /* NSError+Message.m */, + ); + name = Utils; + sourceTree = ""; + }; C9FF73B71EB7421600E995AC /* Helpers */ = { isa = PBXGroup; children = ( C9235AC61EB24F2A00C7D303 /* Types and Constants */, + C9E4401A1F6081FF001D7C41 /* Utils */, ); name = Helpers; sourceTree = ""; @@ -491,12 +555,14 @@ isa = PBXHeadersBuildPhase; buildActionMask = 2147483647; files = ( + C9CA4DD31F602F7B00C4F184 /* OpenVPNCertificate.h in Headers */, C9BB47791E7171ED00F3F98C /* OpenVPNClient.h in Headers */, C9657A3A1EB0BAAB00EFF210 /* OpenVPNInterfaceStats+Internal.h in Headers */, C9354F451F1E4A4500F4C935 /* OpenVPNReachabilityStatus.h in Headers */, C9BCE25E1EB3C201009D6AC1 /* OpenVPNSessionToken+Internal.h in Headers */, C9BB47721E7171A100F3F98C /* OpenVPNAdapterEvent.h in Headers */, C9BB477F1E7173C700F3F98C /* OpenVPNAdapter.h in Headers */, + C915F1FE1F6164CF00B3DF23 /* OpenVPNKeyType.h in Headers */, C9657A4C1EB0CD6C00EFF210 /* OpenVPNProperties.h in Headers */, C9657A571EB0CDFB00EFF210 /* OpenVPNProperties+Internal.h in Headers */, C9BCE2581EB3C0D9009D6AC1 /* OpenVPNSessionToken.h in Headers */, @@ -511,11 +577,13 @@ C9657A5E1EB0D60700EFF210 /* OpenVPNTransportProtocol.h in Headers */, C9657A1D1EB0A8D800EFF210 /* OpenVPNConnectionInfo+Internal.h in Headers */, C9B7955E1F1D16AA00CF35FE /* OpenVPNReachability.h in Headers */, + C915F1F41F612F3300B3DF23 /* OpenVPNPrivateKey.h in Headers */, C9657A171EB0A7F800EFF210 /* OpenVPNConnectionInfo.h in Headers */, C9BB47811E7173C700F3F98C /* OpenVPNAdapter+Public.h in Headers */, C9BB47711E7171A100F3F98C /* OpenVPNError.h in Headers */, C9B795641F1D182500CF35FE /* OpenVPNReachabilityTracker.h in Headers */, C9BB47801E7173C700F3F98C /* OpenVPNAdapter+Internal.h in Headers */, + C9E4401D1F6086A1001D7C41 /* NSError+Message.h in Headers */, C9657A611EB0D64E00EFF210 /* OpenVPNIPv6Preference.h in Headers */, C9657A671EB0D73200EFF210 /* OpenVPNMinTLSVersion.h in Headers */, C93779D51EAE32670030A362 /* OpenVPNCredentials.h in Headers */, @@ -532,12 +600,14 @@ isa = PBXHeadersBuildPhase; buildActionMask = 2147483647; files = ( + C9CA4DD41F602F7B00C4F184 /* OpenVPNCertificate.h in Headers */, C9D2ABE31EA20F99007EDF9D /* OpenVPNClient.h in Headers */, C9657A3B1EB0BAAB00EFF210 /* OpenVPNInterfaceStats+Internal.h in Headers */, C9354F461F1E4A4600F4C935 /* OpenVPNReachabilityStatus.h in Headers */, C9BCE25F1EB3C201009D6AC1 /* OpenVPNSessionToken+Internal.h in Headers */, C9D2ABE41EA20F99007EDF9D /* OpenVPNAdapterEvent.h in Headers */, C9D2ABE51EA20F99007EDF9D /* OpenVPNAdapter.h in Headers */, + C915F1FF1F6164CF00B3DF23 /* OpenVPNKeyType.h in Headers */, C9657A4D1EB0CD6C00EFF210 /* OpenVPNProperties.h in Headers */, C9657A561EB0CDFA00EFF210 /* OpenVPNProperties+Internal.h in Headers */, C9BCE2591EB3C0D9009D6AC1 /* OpenVPNSessionToken.h in Headers */, @@ -552,11 +622,13 @@ C9657A5F1EB0D60700EFF210 /* OpenVPNTransportProtocol.h in Headers */, C9657A1E1EB0A8D800EFF210 /* OpenVPNConnectionInfo+Internal.h in Headers */, C9B7955F1F1D16AA00CF35FE /* OpenVPNReachability.h in Headers */, + C915F1F51F612F3300B3DF23 /* OpenVPNPrivateKey.h in Headers */, C9657A181EB0A7F800EFF210 /* OpenVPNConnectionInfo.h in Headers */, C9D2ABE71EA20F99007EDF9D /* OpenVPNAdapter+Public.h in Headers */, C9D2ABE81EA20F99007EDF9D /* OpenVPNError.h in Headers */, C9B795651F1D182500CF35FE /* OpenVPNReachabilityTracker.h in Headers */, C9D2ABE91EA20F99007EDF9D /* OpenVPNAdapter+Internal.h in Headers */, + C9E4401E1F6086A1001D7C41 /* NSError+Message.h in Headers */, C9657A621EB0D64E00EFF210 /* OpenVPNIPv6Preference.h in Headers */, C9657A681EB0D73200EFF210 /* OpenVPNMinTLSVersion.h in Headers */, C93779D61EAE32670030A362 /* OpenVPNCredentials.h in Headers */, @@ -707,6 +779,9 @@ buildActionMask = 2147483647; files = ( C98467A21EAA559B00272A9A /* local_vpn_server.ovpn in Resources */, + C915F2221F61B0E700B3DF23 /* keyfile-decrypted.3des in Resources */, + C915F2251F61B22300B3DF23 /* test-ca.crt in Resources */, + C915F21F1F6199E300B3DF23 /* keyfile-encrypted.3des in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -722,6 +797,9 @@ buildActionMask = 2147483647; files = ( C98467A31EAA559B00272A9A /* local_vpn_server.ovpn in Resources */, + C915F2231F61B0E700B3DF23 /* keyfile-decrypted.3des in Resources */, + C915F2261F61B22300B3DF23 /* test-ca.crt in Resources */, + C915F2201F6199E300B3DF23 /* keyfile-encrypted.3des in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -767,10 +845,13 @@ C9BCE25A1EB3C0D9009D6AC1 /* OpenVPNSessionToken.mm in Sources */, C9BB47821E7173C700F3F98C /* OpenVPNAdapter.mm in Sources */, C98467A81EAA5B7700272A9A /* OpenVPNConfiguration.mm in Sources */, + C9E4401F1F6086A1001D7C41 /* NSError+Message.m in Sources */, C9BDB1371EBCC3B900C204FF /* OpenVPNTunnelSettings.m in Sources */, C9657A311EB0B7A900EFF210 /* OpenVPNTransportStats.mm in Sources */, C9B795661F1D182500CF35FE /* OpenVPNReachabilityTracker.mm in Sources */, C9657A581EB0CE1300EFF210 /* OpenVPNProperties.mm in Sources */, + C9CA4DD51F602F7B00C4F184 /* OpenVPNCertificate.m in Sources */, + C915F1F61F612F3300B3DF23 /* OpenVPNPrivateKey.m in Sources */, C9BB477A1E7171ED00F3F98C /* OpenVPNClient.mm in Sources */, C9FD921B1E9A667600374FC4 /* ovpncli.cpp in Sources */, C9657A361EB0BA3900EFF210 /* OpenVPNInterfaceStats.mm in Sources */, @@ -787,7 +868,9 @@ files = ( C94605E91EAA656B00971516 /* OpenVPNConfigurationTests.swift in Sources */, C9BB47911E71821A00F3F98C /* OpenVPNAdapterTests.swift in Sources */, + C915F1F91F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift in Sources */, C9B03A7C1EABA82200268B85 /* ProfileLoader.swift in Sources */, + C9CA4DE11F603A5300C4F184 /* OpenVPNCertificateTests.swift in Sources */, C9BB47A21E7183DB00F3F98C /* Bundle.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; @@ -800,10 +883,13 @@ C9BCE25B1EB3C0D9009D6AC1 /* OpenVPNSessionToken.mm in Sources */, C9D2ABDB1EA20F99007EDF9D /* OpenVPNAdapter.mm in Sources */, C98467A91EAA5B7700272A9A /* OpenVPNConfiguration.mm in Sources */, + C9E440201F6086A1001D7C41 /* NSError+Message.m in Sources */, C9BDB1381EBCC3B900C204FF /* OpenVPNTunnelSettings.m in Sources */, C9657A301EB0B7A600EFF210 /* OpenVPNTransportStats.mm in Sources */, C9B795671F1D182500CF35FE /* OpenVPNReachabilityTracker.mm in Sources */, C9657A591EB0CE1400EFF210 /* OpenVPNProperties.mm in Sources */, + C9CA4DD61F602F7B00C4F184 /* OpenVPNCertificate.m in Sources */, + C915F1F71F612F3300B3DF23 /* OpenVPNPrivateKey.m in Sources */, C9D2ABDC1EA20F99007EDF9D /* OpenVPNClient.mm in Sources */, C9D2ABDE1EA20F99007EDF9D /* ovpncli.cpp in Sources */, C9657A371EB0BA3900EFF210 /* OpenVPNInterfaceStats.mm in Sources */, @@ -820,7 +906,9 @@ files = ( C94605EA1EAA65F200971516 /* OpenVPNConfigurationTests.swift in Sources */, C9D2ABF61EA212A3007EDF9D /* OpenVPNAdapterTests.swift in Sources */, + C9CA4DE21F603A5300C4F184 /* OpenVPNCertificateTests.swift in Sources */, C9354F471F1E4AE200F4C935 /* OpenVPNReachabilityTests.swift in Sources */, + C915F1FA1F615BB400B3DF23 /* OpenVPNPrivateKeyTests.swift in Sources */, C9B03A7D1EABA82300268B85 /* ProfileLoader.swift in Sources */, C9D2ABF71EA212A3007EDF9D /* Bundle.swift in Sources */, ); diff --git a/OpenVPN Adapter/NSError+Message.h b/OpenVPN Adapter/NSError+Message.h new file mode 100644 index 0000000..6497c74 --- /dev/null +++ b/OpenVPN Adapter/NSError+Message.h @@ -0,0 +1,15 @@ +// +// NSError+Message.h +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 06.09.17. +// +// + +#import + +@interface NSError (Message) + ++ (NSString *)reasonFromResult:(NSInteger)result; + +@end diff --git a/OpenVPN Adapter/NSError+Message.m b/OpenVPN Adapter/NSError+Message.m new file mode 100644 index 0000000..47e3a66 --- /dev/null +++ b/OpenVPN Adapter/NSError+Message.m @@ -0,0 +1,28 @@ +// +// NSError+Message.m +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 06.09.17. +// +// + +#import + +#import "NSError+Message.h" + +@implementation NSError (Message) + ++ (NSString *)reasonFromResult:(NSInteger)result { + size_t length = 1024; + char *buffer = malloc(length); + + mbedtls_strerror(result, buffer, length); + + NSString *reason = [NSString stringWithUTF8String:buffer]; + + free(buffer); + + return reason; +} + +@end diff --git a/OpenVPN Adapter/OpenVPNAdapter.mm b/OpenVPN Adapter/OpenVPNAdapter.mm index 855edbd..b1b0fc7 100644 --- a/OpenVPN Adapter/OpenVPNAdapter.mm +++ b/OpenVPN Adapter/OpenVPNAdapter.mm @@ -434,7 +434,7 @@ static void socketCallback(CFSocketRef socket, CFSocketCallBackType type, CFData #pragma mark Client Configuration -- (OpenVPNProperties *)applyConfiguration:(nonnull OpenVPNConfiguration *)configuration error:(out NSError * __nullable * __nullable)error { +- (OpenVPNProperties *)applyConfiguration:(nonnull OpenVPNConfiguration *)configuration error:(out NSError **)error { ClientAPI::EvalConfig eval = self.vpnClient->eval_config(configuration.config); if (eval.error) { NSString *errorReason = [self reasonForError:OpenVPNAdapterErrorConfigurationFailure]; @@ -451,7 +451,7 @@ static void socketCallback(CFSocketRef socket, CFSocketCallBackType type, CFData return [[OpenVPNProperties alloc] initWithEvalConfig:eval]; } -- (BOOL)provideCredentials:(nonnull OpenVPNCredentials *)credentials error:(out NSError * __nullable * __nullable)error { +- (BOOL)provideCredentials:(nonnull OpenVPNCredentials *)credentials error:(out NSError **)error { ClientAPI::Status status = self.vpnClient->provide_creds(credentials.credentials); if (status.error) { if (error) { diff --git a/OpenVPN Adapter/OpenVPNCertificate.h b/OpenVPN Adapter/OpenVPNCertificate.h new file mode 100644 index 0000000..4cbb7bd --- /dev/null +++ b/OpenVPN Adapter/OpenVPNCertificate.h @@ -0,0 +1,24 @@ +// +// OpenVPNCertificate.h +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 06.09.17. +// +// + +#import + +@interface OpenVPNCertificate : NSObject + ++ (nullable OpenVPNCertificate *)certificateWithPEM:(nonnull NSData *)pemData + error:(out NSError * __nullable * __nullable)error; + ++ (nullable OpenVPNCertificate *)certificateWithDER:(nonnull NSData *)derData + error:(out NSError * __nullable * __nullable)error; + +- (nonnull instancetype) __unavailable init; + +- (nullable NSData *)pemData:(out NSError * __nullable * __nullable)error; +- (nullable NSData *)derData:(out NSError * __nullable * __nullable)error; + +@end diff --git a/OpenVPN Adapter/OpenVPNCertificate.m b/OpenVPN Adapter/OpenVPNCertificate.m new file mode 100644 index 0000000..ca23293 --- /dev/null +++ b/OpenVPN Adapter/OpenVPNCertificate.m @@ -0,0 +1,122 @@ +// +// OpenVPNCertificate.m +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 06.09.17. +// +// + +#import +#import + +#import "NSError+Message.h" +#import "OpenVPNError.h" +#import "OpenVPNCertificate.h" + +@interface OpenVPNCertificate () + +@property (nonatomic, assign) mbedtls_x509_crt *crt; + +@end + +@implementation OpenVPNCertificate + +- (instancetype)init +{ + self = [super init]; + if (self) { + self.crt = malloc(sizeof(mbedtls_x509_crt)); + mbedtls_x509_crt_init(self.crt); + } + return self; +} + ++ (OpenVPNCertificate *)certificateWithPEM:(NSData *)pemData error:(out NSError **)error { + OpenVPNCertificate *certificate = [OpenVPNCertificate new]; + + NSString *pemString = [[NSString alloc] initWithData:pemData encoding:NSUTF8StringEncoding]; + + int result = mbedtls_x509_crt_parse(certificate.crt, (const unsigned char *)pemString.UTF8String, pemData.length + 1); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to read PEM data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + return nil; + } + + return certificate; +} + ++ (OpenVPNCertificate *)certificateWithDER:(NSData *)derData error:(out NSError **)error { + OpenVPNCertificate *certificate = [OpenVPNCertificate new]; + + int result = mbedtls_x509_crt_parse_der(certificate.crt, derData.bytes, derData.length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to read DER data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + return nil; + } + + return certificate; +} + +- (NSData *)pemData:(out NSError **)error { + NSString *header = @"-----BEGIN CERTIFICATE-----\n"; + NSString *footer = @"-----END CERTIFICATE-----\n"; + + size_t buffer_length = self.crt->raw.len * 10; + unsigned char *pem_buffer = malloc(buffer_length); + + size_t output_length = 0; + + int result = mbedtls_pem_write_buffer(header.UTF8String, footer.UTF8String, self.crt->raw.p, self.crt->raw.len, pem_buffer, buffer_length, &output_length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to write PEM data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + free(pem_buffer); + return nil; + } + + NSData *pemData = [NSData dataWithBytes:pem_buffer length:output_length - 1]; + + free(pem_buffer); + return pemData; +} + +- (NSData *)derData:(out NSError **)error { + if (self.crt->raw.p == NULL || self.crt->raw.len == 0) { + NSString *reason = [NSError reasonFromResult:MBEDTLS_ERR_X509_BAD_INPUT_DATA]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:MBEDTLS_ERR_X509_BAD_INPUT_DATA userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to write DER data.", + NSLocalizedFailureReasonErrorKey:reason + }]; + + return nil; + } + + return [NSData dataWithBytes:self.crt->raw.p length:self.crt->raw.len]; +} + +- (void)dealloc { + mbedtls_x509_crt_free(self.crt); + free(self.crt); +} + +@end diff --git a/OpenVPN Adapter/OpenVPNError.h b/OpenVPN Adapter/OpenVPNError.h index 14ea5ca..51119f9 100644 --- a/OpenVPN Adapter/OpenVPNError.h +++ b/OpenVPN Adapter/OpenVPNError.h @@ -9,6 +9,7 @@ #import FOUNDATION_EXPORT NSString * __nonnull const OpenVPNAdapterErrorDomain; +FOUNDATION_EXPORT NSString * __nonnull const OpenVPNIdentityErrorDomain; FOUNDATION_EXPORT NSString * __nonnull const OpenVPNAdapterErrorFatalKey; FOUNDATION_EXPORT NSString * __nonnull const OpenVPNAdapterErrorMessageKey; diff --git a/OpenVPN Adapter/OpenVPNError.m b/OpenVPN Adapter/OpenVPNError.m index 9b85335..b7785b8 100644 --- a/OpenVPN Adapter/OpenVPNError.m +++ b/OpenVPN Adapter/OpenVPNError.m @@ -9,6 +9,7 @@ #import NSString * const OpenVPNAdapterErrorDomain = @"me.ss-abramchuk.openvpn-adapter.error-domain"; +NSString * const OpenVPNIdentityErrorDomain = @"me.ss-abramchuk.openvpn-identity.error-domain"; NSString * const OpenVPNAdapterErrorFatalKey = @"me.ss-abramchuk.openvpn-adapter.error-key.fatal"; NSString * const OpenVPNAdapterErrorMessageKey = @"me.ss-abramchuk.openvpn-adapter.error-key.message"; diff --git a/OpenVPN Adapter/OpenVPNKeyType.h b/OpenVPN Adapter/OpenVPNKeyType.h new file mode 100644 index 0000000..06d9243 --- /dev/null +++ b/OpenVPN Adapter/OpenVPNKeyType.h @@ -0,0 +1,19 @@ +// +// OpenVPNKeyType.h +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 07.09.17. +// +// + +#import + +typedef NS_ENUM(NSInteger, OpenVPNKeyType) { + OpenVPNKeyTypeNone = 0, + OpenVPNKeyTypeRSA, + OpenVPNKeyTypeECKEY, + OpenVPNKeyTypeECKEYDH, + OpenVPNKeyTypeECDSA, + OpenVPNKeyTypeRSAALT, + OpenVPNKeyTypeRSASSAPSS, +}; diff --git a/OpenVPN Adapter/OpenVPNPrivateKey.h b/OpenVPN Adapter/OpenVPNPrivateKey.h new file mode 100644 index 0000000..81ca5f6 --- /dev/null +++ b/OpenVPN Adapter/OpenVPNPrivateKey.h @@ -0,0 +1,31 @@ +// +// OpenVPNPrivateKey.h +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 07.09.17. +// +// + +#import + +#import "OpenVPNKeyType.h" + +@interface OpenVPNPrivateKey : NSObject + ++ (nullable OpenVPNPrivateKey *)keyWithPEM:(nonnull NSData *)pemData + password:(nullable NSString *)password + error:(out NSError * __nullable * __nullable)error; + ++ (nullable OpenVPNPrivateKey *)keyWithDER:(nonnull NSData *)derData + password:(nullable NSString *)password + error:(out NSError * __nullable * __nullable)error; + +- (nonnull instancetype) __unavailable init; + +@property (nonatomic, readonly) NSInteger size; +@property (nonatomic, readonly) OpenVPNKeyType type; + +- (nullable NSData *)pemData:(out NSError * __nullable * __nullable)error; +- (nullable NSData *)derData:(out NSError * __nullable * __nullable)error; + +@end diff --git a/OpenVPN Adapter/OpenVPNPrivateKey.m b/OpenVPN Adapter/OpenVPNPrivateKey.m new file mode 100644 index 0000000..96100d8 --- /dev/null +++ b/OpenVPN Adapter/OpenVPNPrivateKey.m @@ -0,0 +1,141 @@ +// +// OpenVPNPrivateKey.m +// OpenVPN Adapter +// +// Created by Sergey Abramchuk on 07.09.17. +// +// + +#import + +#import "NSError+Message.h" +#import "OpenVPNError.h" +#import "OpenVPNPrivateKey.h" + +@interface OpenVPNPrivateKey () + +@property (nonatomic, assign) mbedtls_pk_context *ctx; + +@end + +@implementation OpenVPNPrivateKey + +- (instancetype)init { + self = [super init]; + if (self) { + self.ctx = malloc(sizeof(mbedtls_pk_context)); + mbedtls_pk_init(self.ctx); + } + return self; +} + +- (NSInteger)size { + return mbedtls_pk_get_bitlen(self.ctx); +} + +- (OpenVPNKeyType)type { + return (OpenVPNKeyType)mbedtls_pk_get_type(self.ctx); +} + ++ (nullable OpenVPNPrivateKey *)keyWithPEM:(NSData *)pemData password:(NSString *)password error:(out NSError **)error { + OpenVPNPrivateKey *key = [OpenVPNPrivateKey new]; + + NSString *pemString = [[NSString alloc] initWithData:pemData encoding:NSUTF8StringEncoding]; + + size_t pem_length = strlen(pemString.UTF8String) + 1; + size_t password_length = password != nil ? strlen(password.UTF8String) : 0; + + int result = mbedtls_pk_parse_key(key.ctx, (const unsigned char *)pemString.UTF8String, pem_length, (const unsigned char *)password.UTF8String, password_length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to read PEM data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + return nil; + } + + return key; +} + ++ (nullable OpenVPNPrivateKey *)keyWithDER:(NSData *)derData password:(NSString *)password error:(out NSError **)error { + OpenVPNPrivateKey *key = [OpenVPNPrivateKey new]; + + size_t password_length = password != nil ? strlen(password.UTF8String) : 0; + + int result = mbedtls_pk_parse_key(key.ctx, derData.bytes, derData.length, (const unsigned char *)password.UTF8String, password_length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to read DER data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + return nil; + } + + return key; +} + +- (NSData *)pemData:(out NSError **)error { + size_t buffer_length = mbedtls_pk_get_len(self.ctx) * 10; + unsigned char *pem_buffer = malloc(buffer_length); + + int result = mbedtls_pk_write_key_pem(self.ctx, pem_buffer, buffer_length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to write PEM data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + free(pem_buffer); + return nil; + } + + NSData *pemData = [[NSString stringWithCString:(const char *)pem_buffer encoding:NSUTF8StringEncoding] dataUsingEncoding:NSUTF8StringEncoding]; + + free(pem_buffer); + return pemData; +} + +- (NSData *)derData:(out NSError **)error { + size_t buffer_length = mbedtls_pk_get_len(self.ctx) * 10; + unsigned char *der_buffer = malloc(buffer_length); + + int result = mbedtls_pk_write_key_der(self.ctx, der_buffer, buffer_length); + if (result < 0) { + if (error) { + NSString *reason = [NSError reasonFromResult:result]; + *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{ + NSLocalizedDescriptionKey: @"Failed to write DER data.", + NSLocalizedFailureReasonErrorKey: reason + }]; + } + + free(der_buffer); + return nil; + } + + NSUInteger location = buffer_length - result; + NSRange range = NSMakeRange(location, result); + + NSData *derData = [[NSData dataWithBytes:der_buffer length:buffer_length] subdataWithRange:range]; + + free(der_buffer); + return derData; +} + +- (void)dealloc { + mbedtls_pk_free(self.ctx); + free(self.ctx); +} + +@end diff --git a/OpenVPN Adapter/Umbrella-Header.h b/OpenVPN Adapter/Umbrella-Header.h index eb6bacb..640441d 100644 --- a/OpenVPN Adapter/Umbrella-Header.h +++ b/OpenVPN Adapter/Umbrella-Header.h @@ -33,5 +33,8 @@ FOUNDATION_EXPORT const unsigned char OpenVPNAdapterVersionString[]; #import #import #import +#import +#import +#import #import #import