Commit 18cc8dc7 authored by Jose Blaya's avatar Jose Blaya
Browse files

Merge branch '164-add-new-encryption-and-integrity-algorithms-for-ikev2' into 'release/2.2.0'

Resolve "Add new encryption and integrity algorithms for IKEv2"

See merge request ios/client-library-apple!221
parents 27a2b2d5 3d221731
......@@ -76,8 +76,8 @@ protocol PlainStore: class {
var nmtRulesEnabled: Bool? { get set }
//MARK: IKEv2
var ikeV2IntegrityAlgorithm: Int { get set }
var ikeV2IntegrityAlgorithm: String { get set }
var ikeV2EncryptionAlgorithm: Int { get set }
var ikeV2EncryptionAlgorithm: String { get set }
}
......@@ -9,39 +9,51 @@
import Foundation
import NetworkExtension
public enum IKEv2EncryptionAlgorithm: Int, EnumsBuilder {
public static let defaultAlgorithm: Int = 2
public enum IKEv2EncryptionAlgorithm: String, EnumsBuilder {
//case algorithmDES = 1
case algorithm3DES = 2
case algorithmAES128
case algorithmAES256
//case algorithmAES128GCM
//case algorithmAES256GCM
//@available(iOS 13.0, *)
//case algorithmChaCha20Poly1305
public static let defaultAlgorithm: IKEv2EncryptionAlgorithm = .algorithmAES256GCM
case algorithm3DES = "3DES"
case algorithmAES128 = "AES-128"
case algorithmAES256 = "AES-256"
case algorithmAES128GCM = "AES-128-GCM"
case algorithmAES256GCM = "AES-256-GCM"
public func description() -> String {
return self.rawValue
}
public func value() -> String {
return self.rawValue
}
public func networkExtensionValue() -> NEVPNIKEv2EncryptionAlgorithm {
switch self {
// case .algorithmDES: return "Data Encryption Standard (DES)"
case .algorithm3DES: return "Triple Data Encryption Algorithm (aka 3DES)"
case .algorithmAES128: return "Advanced Encryption Standard 128 bit (AES128)"
case .algorithmAES256: return "Advanced Encryption Standard 256 bit (AES256)"
// case .algorithmAES128GCM: return "Advanced Encryption Standard 128 bit (AES128GCM)"
// case .algorithmAES256GCM: return "Advanced Encryption Standard 256 bit (AES256GCM)"
// case .algorithmChaCha20Poly1305 : return "CHACHA20-POLY1305"
case .algorithm3DES: return NEVPNIKEv2EncryptionAlgorithm.algorithm3DES
case .algorithmAES128: return NEVPNIKEv2EncryptionAlgorithm.algorithmAES128
case .algorithmAES256: return NEVPNIKEv2EncryptionAlgorithm.algorithmAES256
case .algorithmAES128GCM: return NEVPNIKEv2EncryptionAlgorithm.algorithmAES128GCM
case .algorithmAES256GCM: return NEVPNIKEv2EncryptionAlgorithm.algorithmAES256GCM
default: return NEVPNIKEv2EncryptionAlgorithm.algorithmAES256GCM
}
}
public func networkExtensionValue() -> NEVPNIKEv2EncryptionAlgorithm {
return NEVPNIKEv2EncryptionAlgorithm(rawValue: self.rawValue) ?? .algorithm3DES
public func integrityAlgorithms() -> [IKEv2IntegrityAlgorithm] {
switch self {
case .algorithm3DES: return [.SHA96]
case .algorithmAES128: return [.SHA96, .SHA256, .SHA384, .SHA512]
case .algorithmAES256: return [.SHA96, .SHA256, .SHA384, .SHA512]
case .algorithmAES128GCM: return [.SHA96, .SHA256, .SHA384, .SHA512]
case .algorithmAES256GCM: return [.SHA96, .SHA256, .SHA384, .SHA512]
}
}
public static func allValues() -> [IKEv2EncryptionAlgorithm] {
return [.algorithm3DES,
.algorithmAES128,
.algorithmAES256
.algorithmAES256,
.algorithmAES128GCM,
.algorithmAES256GCM
]
}
}
......
......@@ -9,28 +9,33 @@
import Foundation
import NetworkExtension
public enum IKEv2IntegrityAlgorithm: Int, EnumsBuilder {
public enum IKEv2IntegrityAlgorithm: String, EnumsBuilder {
public static let defaultAlgorithm: Int = 1
case SHA96 = 1
//case SHA160
//case SHA256
//case SHA384
//case SHA512
public static let defaultIntegrity: IKEv2IntegrityAlgorithm = .SHA256
case SHA96 = "SHA96"
case SHA160 = "SHA160"
case SHA256 = "SHA256"
case SHA384 = "SHA384"
case SHA512 = "SHA512"
public func value() -> String {
return self.rawValue
}
public func description() -> String {
switch self {
case .SHA96: return "SHA96"
//case .SHA160: return "SHA160"
//case .SHA256: return "SHA256"
//case .SHA384: return "SHA384"
//case .SHA512: return "SHA512"
}
return self.rawValue
}
public func networkExtensionValue() -> NEVPNIKEv2IntegrityAlgorithm {
return NEVPNIKEv2IntegrityAlgorithm(rawValue: self.rawValue) ?? .SHA96
switch self {
case .SHA96: return NEVPNIKEv2IntegrityAlgorithm.SHA96
case .SHA160: return NEVPNIKEv2IntegrityAlgorithm.SHA160
case .SHA256: return NEVPNIKEv2IntegrityAlgorithm.SHA256
case .SHA384: return NEVPNIKEv2IntegrityAlgorithm.SHA384
case .SHA512: return NEVPNIKEv2IntegrityAlgorithm.SHA512
default: return NEVPNIKEv2IntegrityAlgorithm.SHA96
}
}
}
......
......@@ -38,9 +38,9 @@ private protocol PreferencesStore: class {
var nmtRulesEnabled: Bool { get set }
var ikeV2IntegrityAlgorithm: Int { get set }
var ikeV2IntegrityAlgorithm: String { get set }
var ikeV2EncryptionAlgorithm: Int { get set }
var ikeV2EncryptionAlgorithm: String { get set }
func vpnCustomConfiguration(for vpnType: String) -> VPNCustomConfiguration?
......@@ -188,7 +188,7 @@ extension Client {
}
/// Integrity algorithm for IKEv2 VPN configuration
public fileprivate(set) var ikeV2IntegrityAlgorithm: Int {
public fileprivate(set) var ikeV2IntegrityAlgorithm: String {
get {
return accessedDatabase.plain.ikeV2IntegrityAlgorithm
}
......@@ -198,7 +198,7 @@ extension Client {
}
/// Encryption algorithm for IKEv2 VPN configuration
public fileprivate(set) var ikeV2EncryptionAlgorithm: Int {
public fileprivate(set) var ikeV2EncryptionAlgorithm: String {
get {
return accessedDatabase.plain.ikeV2EncryptionAlgorithm
}
......@@ -314,8 +314,8 @@ extension Client.Preferences {
availableNetworks = []
trustedNetworks = []
nmtRulesEnabled = false
ikeV2IntegrityAlgorithm = IKEv2IntegrityAlgorithm.defaultAlgorithm
ikeV2EncryptionAlgorithm = IKEv2EncryptionAlgorithm.defaultAlgorithm
ikeV2IntegrityAlgorithm = IKEv2IntegrityAlgorithm.defaultIntegrity.value()
ikeV2EncryptionAlgorithm = IKEv2EncryptionAlgorithm.defaultAlgorithm.value()
}
/**
......@@ -381,10 +381,10 @@ extension Client.Preferences {
public var nmtRulesEnabled: Bool
/// :nodoc:
public var ikeV2IntegrityAlgorithm: Int
public var ikeV2IntegrityAlgorithm: String
/// :nodoc:
public var ikeV2EncryptionAlgorithm: Int
public var ikeV2EncryptionAlgorithm: String
/// :nodoc:
public func vpnCustomConfiguration(for vpnType: String) -> VPNCustomConfiguration? {
......
......@@ -366,10 +366,10 @@ class UserDefaultsStore: PlainStore, ConfigurationAccess {
}
}
var ikeV2IntegrityAlgorithm: Int {
var ikeV2IntegrityAlgorithm: String {
get {
guard let value = backend.object(forKey: Entries.ikeV2IntegrityAlgorithm) as? Int else {
return IKEv2IntegrityAlgorithm.defaultAlgorithm
guard let value = backend.object(forKey: Entries.ikeV2IntegrityAlgorithm) as? String else {
return IKEv2IntegrityAlgorithm.defaultIntegrity.value()
}
return value
}
......@@ -378,10 +378,10 @@ class UserDefaultsStore: PlainStore, ConfigurationAccess {
}
}
var ikeV2EncryptionAlgorithm: Int {
var ikeV2EncryptionAlgorithm: String {
get {
guard let value = backend.object(forKey: Entries.ikeV2EncryptionAlgorithm) as? Int else {
return IKEv2EncryptionAlgorithm.defaultAlgorithm
guard let value = backend.object(forKey: Entries.ikeV2EncryptionAlgorithm) as? String else {
return IKEv2EncryptionAlgorithm.defaultAlgorithm.value()
}
return value
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment