Skip to content

Commit

Permalink
Add a Rust FFI, Disable sandboxing for scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
buggmagnet authored and pinkisemils committed Jul 17, 2024
1 parent b6fe083 commit 2df280f
Show file tree
Hide file tree
Showing 58 changed files with 705 additions and 1,422 deletions.
40 changes: 17 additions & 23 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,12 @@ rust-version = "1.77.0"
resolver = "2"
members = [
"android/translations-converter",
"ios/MullvadREST/Transport/Shadowsocks/shadowsocks-proxy",
"ios/TunnelObfuscation/tunnel-obfuscator-proxy",
"mullvad-api",
"mullvad-cli",
"mullvad-daemon",
"mullvad-exclude",
"mullvad-fs",
"mullvad-ios",
"mullvad-jni",
"mullvad-management-interface",
"mullvad-nsis",
Expand All @@ -39,7 +38,7 @@ members = [
"talpid-windows",
"talpid-wireguard",
"tunnel-obfuscation",
"wireguard-go-rs"
"wireguard-go-rs",
]

# Keep all lints in sync with `test/Cargo.toml`
Expand Down Expand Up @@ -81,7 +80,7 @@ shadowsocks-service = { version = "1.16" }

windows-sys = "0.52.0"

chrono = { version = "0.4.26", default-features = false}
chrono = { version = "0.4.26", default-features = false }
clap = { version = "4.4.18", features = ["cargo", "derive"] }
once_cell = "1.13"

Expand Down
10 changes: 0 additions & 10 deletions ios/MullvadPostQuantum/MullvadPostQuantum.h

This file was deleted.

5 changes: 0 additions & 5 deletions ios/MullvadPostQuantum/module.private.modulemap

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -7,92 +7,3 @@
* Port used by the tunnel config service.
*/
#define CONFIG_SERVICE_PORT 1337

typedef struct PostQuantumCancelToken {
void *context;
} PostQuantumCancelToken;

/**
* Called by the Swift side to signal that the quantum-secure key exchange should be cancelled.
*
* # Safety
* `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the
* `PacketTunnelProvider`.
*/
void cancel_post_quantum_key_exchange(const struct PostQuantumCancelToken *sender);

/**
* Called by the Swift side to signal that the Rust `PostQuantumCancelToken` can be safely dropped
* from memory.
*
* # Safety
* `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the
* `PacketTunnelProvider`.
*/
void drop_post_quantum_key_exchange_token(const struct PostQuantumCancelToken *sender);

/**
* Called by Swift whenever data has been written to the in-tunnel TCP connection when exchanging
* quantum-resistant pre shared keys.
*
* If `bytes_sent` is 0, this indicates that the connection was closed or that an error occurred.
*
* # Safety
* `sender` must be pointing to a valid instance of a `write_tx` created by the `IosTcpProvider`
* Callback to call when the TCP connection has written data.
*/
void handle_sent(uintptr_t bytes_sent, const void *sender);

/**
* Called by Swift whenever data has been read from the in-tunnel TCP connection when exchanging
* quantum-resistant pre shared keys.
*
* If `data` is null or empty, this indicates that the connection was closed or that an error
* occurred. An empty buffer is sent to the underlying reader to signal EOF.
*
* # Safety
* `sender` must be pointing to a valid instance of a `read_tx` created by the `IosTcpProvider`
*
* Callback to call when the TCP connection has received data.
*/
void handle_recv(const uint8_t *data, uintptr_t data_len, const void *sender);

/**
* Entry point for exchanging post quantum keys on iOS.
* The TCP connection must be created to go through the tunnel.
* # Safety
* `public_key` and `ephemeral_key` must be valid respective `PublicKey` and `PrivateKey` types.
* They will not be valid after this function is called, and thus must be copied here.
* `packet_tunnel` and `tcp_connection` must be valid pointers to a packet tunnel and a TCP
* connection instances.
* `cancel_token` should be owned by the caller of this function.
*/
int32_t negotiate_post_quantum_key(const uint8_t *public_key,
const uint8_t *ephemeral_key,
const void *packet_tunnel,
const void *tcp_connection,
struct PostQuantumCancelToken *cancel_token,
uint64_t post_quantum_key_exchange_timeout);

/**
* Called when there is data to send on the TCP connection.
* The TCP connection must write data on the wire, then call the `handle_sent` function.
*/
extern void swift_nw_tcp_connection_send(const void *connection,
const void *data,
uintptr_t data_len,
const void *sender);

/**
* Called when there is data to read on the TCP connection.
* The TCP connection must read data from the wire, then call the `handle_read` function.
*/
extern void swift_nw_tcp_connection_read(const void *connection, const void *sender);

/**
* Called when the preshared post quantum key is ready.
* `raw_preshared_key` might be NULL if the key negotiation failed.
*/
extern void swift_post_quantum_key_ready(const void *raw_packet_tunnel,
const uint8_t *raw_preshared_key,
const uint8_t *raw_ephemeral_private_key);
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
//

import Foundation
import MullvadRustRuntime
import MullvadTypes

public final class ShadowsocksTransport: RESTTransport {
Expand Down

This file was deleted.

26 changes: 0 additions & 26 deletions ios/MullvadREST/Transport/Shadowsocks/shadowsocks-proxy/Cargo.toml

This file was deleted.

14 changes: 0 additions & 14 deletions ios/MullvadREST/Transport/Shadowsocks/shadowsocks-proxy/build.rs

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Loading

0 comments on commit 2df280f

Please sign in to comment.