diff --git a/ios/MullvadRustRuntime/EphemeralPeerExchangeActor.swift b/ios/MullvadRustRuntime/EphemeralPeerExchangeActor.swift index 427f3defda0e..397b656d612b 100644 --- a/ios/MullvadRustRuntime/EphemeralPeerExchangeActor.swift +++ b/ios/MullvadRustRuntime/EphemeralPeerExchangeActor.swift @@ -1,5 +1,5 @@ // -// PostQuantumKeyExchangeActor.swift +// EphemeralPeerExchangeActor.swift // PacketTunnel // // Created by Marco Nikic on 2024-04-12. @@ -99,9 +99,9 @@ public class EphemeralPeerExchangeActor: EphemeralPeerExchangeActorProtocol { gatewayIP: IPv4Gateway, devicePublicKey: privateKey.publicKey, presharedKey: ephemeralSharedKey, - postQuantumKeyReceiver: packetTunnel, + peerReceiver: packetTunnel, tcpConnection: inTunnelTCPConnection, - postQuantumKeyExchangeTimeout: tcpConnectionTimeout, + peerExchangeTimeout: tcpConnectionTimeout, enablePostQuantum: enablePostQuantum, enableDaita: enableDaita ) { diff --git a/ios/MullvadRustRuntime/EphemeralPeerNegotiator.swift b/ios/MullvadRustRuntime/EphemeralPeerNegotiator.swift index d00c35ea3dad..ffc0dc15b394 100644 --- a/ios/MullvadRustRuntime/EphemeralPeerNegotiator.swift +++ b/ios/MullvadRustRuntime/EphemeralPeerNegotiator.swift @@ -17,9 +17,9 @@ public protocol EphemeralPeerNegotiating { gatewayIP: IPv4Address, devicePublicKey: PublicKey, presharedKey: PrivateKey, - postQuantumKeyReceiver: any TunnelProvider, + peerReceiver: any TunnelProvider, tcpConnection: NWTCPConnection, - postQuantumKeyExchangeTimeout: Duration, + peerExchangeTimeout: Duration, enablePostQuantum: Bool, enableDaita: Bool ) -> Bool @@ -29,9 +29,7 @@ public protocol EphemeralPeerNegotiating { init() } -/** - Attempt to start the asynchronous process of key negotiation. Returns true if successfully started, false if failed. - */ +/// Requests an ephemeral peer asynchronously. public class EphemeralPeerNegotiator: EphemeralPeerNegotiating { required public init() {} @@ -41,14 +39,14 @@ public class EphemeralPeerNegotiator: EphemeralPeerNegotiating { gatewayIP: IPv4Address, devicePublicKey: PublicKey, presharedKey: PrivateKey, - postQuantumKeyReceiver: any TunnelProvider, + peerReceiver: any TunnelProvider, tcpConnection: NWTCPConnection, - postQuantumKeyExchangeTimeout: Duration, + peerExchangeTimeout: Duration, enablePostQuantum: Bool, enableDaita: Bool ) -> Bool { // swiftlint:disable:next force_cast - let postQuantumKeyReceiver = Unmanaged.passUnretained(postQuantumKeyReceiver as! PostQuantumKeyReceiver) + let ephemeralPeerReceiver = Unmanaged.passUnretained(peerReceiver as! EphemeralPeerReceiver) .toOpaque() let opaqueConnection = Unmanaged.passUnretained(tcpConnection).toOpaque() var cancelToken = EphemeralPeerCancelToken() @@ -56,10 +54,10 @@ public class EphemeralPeerNegotiator: EphemeralPeerNegotiating { let result = request_ephemeral_peer( devicePublicKey.rawValue.map { $0 }, presharedKey.rawValue.map { $0 }, - postQuantumKeyReceiver, + ephemeralPeerReceiver, opaqueConnection, &cancelToken, - UInt64(postQuantumKeyExchangeTimeout.timeInterval), + UInt64(peerExchangeTimeout.timeInterval), enablePostQuantum, enableDaita ) @@ -72,12 +70,12 @@ public class EphemeralPeerNegotiator: EphemeralPeerNegotiating { public func cancelKeyNegotiation() { guard var cancelToken else { return } - cancel_post_quantum_key_exchange(&cancelToken) + cancel_ephemeral_peer_exchange(&cancelToken) } deinit { guard var cancelToken else { return } - drop_post_quantum_key_exchange_token(&cancelToken) + drop_ephemeral_peer_exchange_token(&cancelToken) } } diff --git a/ios/MullvadRustRuntime/PacketTunnelProvider+TCPConnection.swift b/ios/MullvadRustRuntime/PacketTunnelProvider+TCPConnection.swift index 486d7fbffb4d..dcb7a6c52148 100644 --- a/ios/MullvadRustRuntime/PacketTunnelProvider+TCPConnection.swift +++ b/ios/MullvadRustRuntime/PacketTunnelProvider+TCPConnection.swift @@ -80,37 +80,39 @@ func tcpConnectionReceive( /// End sequence of a quantum-secure pre shared key exchange. /// -/// This FFI function is called by Rust when the quantum-secure pre shared key exchange has either failed, or succeeded. +/// This FFI function is called by Rust when an ephemeral peer negotiation succeeded or failed. /// When both the `rawPresharedKey` and the `rawEphemeralKey` are raw pointers to 32 bytes data arrays, -/// the quantum-secure key exchange is considered successful. In any other case, the exchange is considered failed. +/// the quantum-secure key exchange is considered successful. +/// If the `rawPresharedKey` is nil, but there is a valid `rawEphemeralKey`, it means a Daita peer has been negotiated with. +/// If `rawEphemeralKey` is nil, the negotiation is considered failed. /// /// - Parameters: -/// - rawPacketTunnel: A raw pointer to the running instance of `NEPacketTunnelProvider` +/// - rawEphemeralPeerReceiver: A raw pointer to the running instance of `NEPacketTunnelProvider` /// - rawPresharedKey: A raw pointer to the quantum-secure pre shared key /// - rawEphemeralKey: A raw pointer to the ephemeral private key of the device -@_cdecl("swift_post_quantum_key_ready") +@_cdecl("swift_ephemeral_peer_ready") func receivePostQuantumKey( - rawPostQuantumKeyReceiver: UnsafeMutableRawPointer?, + rawEphemeralPeerReceiver: UnsafeMutableRawPointer?, rawPresharedKey: UnsafeMutableRawPointer?, rawEphemeralKey: UnsafeMutableRawPointer? ) { - guard let rawPostQuantumKeyReceiver else { return } - let postQuantumKeyReceiver = Unmanaged.fromOpaque(rawPostQuantumKeyReceiver) + guard let rawEphemeralPeerReceiver else { return } + let ephemeralPeerReceiver = Unmanaged.fromOpaque(rawEphemeralPeerReceiver) .takeUnretainedValue() // If there are no private keys for the ephemeral peer, then the negotiation either failed, or timed out. guard let rawEphemeralKey, let ephemeralKey = PrivateKey(rawValue: Data(bytes: rawEphemeralKey, count: 32)) else { - postQuantumKeyReceiver.ephemeralPeerExchangeFailed() + ephemeralPeerReceiver.ephemeralPeerExchangeFailed() return } // If there is a pre-shared key, an ephemeral peer was negotiated with Post Quantum options // Otherwise, a Daita enabled ephemeral peer was requested if let rawPresharedKey, let key = PreSharedKey(rawValue: Data(bytes: rawPresharedKey, count: 32)) { - postQuantumKeyReceiver.receivePostQuantumKey(key, ephemeralKey: ephemeralKey) + ephemeralPeerReceiver.receivePostQuantumKey(key, ephemeralKey: ephemeralKey) } else { - postQuantumKeyReceiver.receiveEphemeralPeerPrivateKey(ephemeralKey) + ephemeralPeerReceiver.receiveEphemeralPeerPrivateKey(ephemeralKey) } return } diff --git a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h index 64287b76db44..c42d2ae84074 100644 --- a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h +++ b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h @@ -17,28 +17,28 @@ typedef struct ProxyHandle { extern const uint16_t CONFIG_SERVICE_PORT; /** - * Called by the Swift side to signal that the quantum-secure key exchange should be cancelled. + * Called by the Swift side to signal that the ephemeral peer exchange should be cancelled. * After this call, the cancel token is no longer valid. * * # Safety - * `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the + * `sender` must be pointing to a valid instance of a `EphemeralPeerCancelToken` created by the * `PacketTunnelProvider`. */ -void cancel_post_quantum_key_exchange(const struct EphemeralPeerCancelToken *sender); +void cancel_ephemeral_peer_exchange(const struct EphemeralPeerCancelToken *sender); /** - * Called by the Swift side to signal that the Rust `PostQuantumCancelToken` can be safely dropped + * Called by the Swift side to signal that the Rust `EphemeralPeerCancelToken` can be safely dropped * from memory. * * # Safety - * `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the + * `sender` must be pointing to a valid instance of a `EphemeralPeerCancelToken` created by the * `PacketTunnelProvider`. */ -void drop_post_quantum_key_exchange_token(const struct EphemeralPeerCancelToken *sender); +void drop_ephemeral_peer_exchange_token(const struct EphemeralPeerCancelToken *sender); /** * Called by Swift whenever data has been written to the in-tunnel TCP connection when exchanging - * quantum-resistant pre shared keys. + * quantum-resistant pre shared keys, or ephemeral peers. * * If `bytes_sent` is 0, this indicates that the connection was closed or that an error occurred. * @@ -50,7 +50,7 @@ void handle_sent(uintptr_t bytes_sent, const void *sender); /** * Called by Swift whenever data has been read from the in-tunnel TCP connection when exchanging - * quantum-resistant pre shared keys. + * quantum-resistant pre shared keys, or ephemeral peers. * * If `data` is null or empty, this indicates that the connection was closed or that an error * occurred. An empty buffer is sent to the underlying reader to signal EOF. @@ -63,7 +63,7 @@ void handle_sent(uintptr_t bytes_sent, const void *sender); void handle_recv(const uint8_t *data, uintptr_t data_len, const void *sender); /** - * Entry point for exchanging post quantum keys on iOS. + * Entry point for requesting ephemeral peers on iOS. * The TCP connection must be created to go through the tunnel. * # Safety * `public_key` and `ephemeral_key` must be valid respective `PublicKey` and `PrivateKey` types. @@ -77,7 +77,7 @@ int32_t request_ephemeral_peer(const uint8_t *public_key, const void *packet_tunnel, const void *tcp_connection, struct EphemeralPeerCancelToken *cancel_token, - uint64_t post_quantum_key_exchange_timeout, + uint64_t peer_exchange_timeout, bool enable_post_quantum, bool enable_daita); @@ -100,13 +100,12 @@ extern void swift_nw_tcp_connection_read(const void *connection, const void *sen * Called when the preshared post quantum key is ready, * or when a Daita peer has been successfully requested. * `raw_preshared_key` will be NULL if: - * - The post qunatum key negotiation failed + * - The post quantum key negotiation failed * - A Daita peer has been requested without enabling post quantum keys. */ -extern void swift_post_quantum_key_ready(const void *raw_packet_tunnel, - const uint8_t *raw_preshared_key, - const uint8_t *raw_ephemeral_private_key, - bool daita_enabled); +extern void swift_ephemeral_peer_ready(const void *raw_packet_tunnel, + const uint8_t *raw_preshared_key, + const uint8_t *raw_ephemeral_private_key); /** * # Safety diff --git a/ios/MullvadRustRuntimeTests/MullvadPostQuantumTests.swift b/ios/MullvadRustRuntimeTests/EphemeralPeerExchangeActorTests.swift similarity index 96% rename from ios/MullvadRustRuntimeTests/MullvadPostQuantumTests.swift rename to ios/MullvadRustRuntimeTests/EphemeralPeerExchangeActorTests.swift index 419198a9667b..662aeef9087e 100644 --- a/ios/MullvadRustRuntimeTests/MullvadPostQuantumTests.swift +++ b/ios/MullvadRustRuntimeTests/EphemeralPeerExchangeActorTests.swift @@ -1,6 +1,6 @@ // -// MullvadPostQuantumTests.swift -// MullvadPostQuantumTests +// EphemeralPeerExchangeActorTests.swift +// MullvadRustRuntimeTests // // Created by Marco Nikic on 2024-06-12. // Copyright © 2024 Mullvad VPN AB. All rights reserved. @@ -14,7 +14,7 @@ import NetworkExtension @testable import WireGuardKitTypes import XCTest -class MullvadPostQuantumTests: XCTestCase { +class EphemeralPeerExchangeActorTests: XCTestCase { var tcpConnection: NWTCPConnectionStub! var tunnelProvider: TunnelProviderStub! diff --git a/ios/MullvadRustRuntimeTests/MullvadPostQuantum+Stubs.swift b/ios/MullvadRustRuntimeTests/MullvadPostQuantum+Stubs.swift index fd9b9460f13a..683e1ab8de61 100644 --- a/ios/MullvadRustRuntimeTests/MullvadPostQuantum+Stubs.swift +++ b/ios/MullvadRustRuntimeTests/MullvadPostQuantum+Stubs.swift @@ -1,6 +1,6 @@ // // MullvadPostQuantum+Stubs.swift -// MullvadPostQuantumTests +// MullvadRustRuntimeTests // // Created by Marco Nikic on 2024-06-12. // Copyright © 2024 Mullvad VPN AB. All rights reserved. @@ -58,9 +58,9 @@ class FailedNegotiatorStub: EphemeralPeerNegotiating { gatewayIP: IPv4Address, devicePublicKey: WireGuardKitTypes.PublicKey, presharedKey: WireGuardKitTypes.PrivateKey, - postQuantumKeyReceiver packetTunnel: any MullvadTypes.TunnelProvider, + peerReceiver packetTunnel: any MullvadTypes.TunnelProvider, tcpConnection: NWTCPConnection, - postQuantumKeyExchangeTimeout: MullvadTypes.Duration, + peerExchangeTimeout: MullvadTypes.Duration, enablePostQuantum: Bool, enableDaita: Bool ) -> Bool { false } @@ -84,9 +84,9 @@ class SuccessfulNegotiatorStub: EphemeralPeerNegotiating { gatewayIP: IPv4Address, devicePublicKey: WireGuardKitTypes.PublicKey, presharedKey: WireGuardKitTypes.PrivateKey, - postQuantumKeyReceiver packetTunnel: any MullvadTypes.TunnelProvider, + peerReceiver packetTunnel: any MullvadTypes.TunnelProvider, tcpConnection: NWTCPConnection, - postQuantumKeyExchangeTimeout: MullvadTypes.Duration, + peerExchangeTimeout: MullvadTypes.Duration, enablePostQuantum: Bool, enableDaita: Bool ) -> Bool { true } diff --git a/ios/MullvadRustRuntimeTests/TCPConnection.swift b/ios/MullvadRustRuntimeTests/TCPConnection.swift index 64c4e2a77d51..c8543b4879c8 100644 --- a/ios/MullvadRustRuntimeTests/TCPConnection.swift +++ b/ios/MullvadRustRuntimeTests/TCPConnection.swift @@ -1,6 +1,6 @@ // // TCPConnection.swift -// TunnelObfuscationTests +// MullvadRustRuntimeTests // // Created by pronebird on 27/06/2023. // Copyright © 2023 Mullvad VPN AB. All rights reserved. diff --git a/ios/MullvadRustRuntimeTests/TCPUnsafeListener.swift b/ios/MullvadRustRuntimeTests/TCPUnsafeListener.swift index 7d7b9ed949ab..d01fc29dbb48 100644 --- a/ios/MullvadRustRuntimeTests/TCPUnsafeListener.swift +++ b/ios/MullvadRustRuntimeTests/TCPUnsafeListener.swift @@ -1,6 +1,6 @@ // // TCPUnsafeListener.swift -// TunnelObfuscationTests +// MullvadRustRuntimeTests // // Created by pronebird on 27/06/2023. // Copyright © 2023 Mullvad VPN AB. All rights reserved. diff --git a/ios/MullvadRustRuntimeTests/TunnelObfuscationTests.swift b/ios/MullvadRustRuntimeTests/TunnelObfuscationTests.swift index b2e28a468ff9..7372842c8d81 100644 --- a/ios/MullvadRustRuntimeTests/TunnelObfuscationTests.swift +++ b/ios/MullvadRustRuntimeTests/TunnelObfuscationTests.swift @@ -1,6 +1,6 @@ // // TunnelObfuscationTests.swift -// TunnelObfuscationTests +// MullvadRustRuntimeTests // // Created by pronebird on 27/06/2023. // Copyright © 2023 Mullvad VPN AB. All rights reserved. diff --git a/ios/MullvadRustRuntimeTests/UDPConnection.swift b/ios/MullvadRustRuntimeTests/UDPConnection.swift index 8848643c053b..f0886e5fb57f 100644 --- a/ios/MullvadRustRuntimeTests/UDPConnection.swift +++ b/ios/MullvadRustRuntimeTests/UDPConnection.swift @@ -1,6 +1,6 @@ // // UDPConnection.swift -// TunnelObfuscationTests +// MullvadRustRuntimeTests // // Created by pronebird on 27/06/2023. // Copyright © 2023 Mullvad VPN AB. All rights reserved. diff --git a/ios/MullvadTypes/Protocols/PostQuantumKeyReceiver.swift b/ios/MullvadTypes/Protocols/EphemeralPeerReceiver.swift similarity index 93% rename from ios/MullvadTypes/Protocols/PostQuantumKeyReceiver.swift rename to ios/MullvadTypes/Protocols/EphemeralPeerReceiver.swift index 3695b63bac7d..e5fc68f68a47 100644 --- a/ios/MullvadTypes/Protocols/PostQuantumKeyReceiver.swift +++ b/ios/MullvadTypes/Protocols/EphemeralPeerReceiver.swift @@ -10,14 +10,14 @@ import Foundation import NetworkExtension import WireGuardKitTypes -public class PostQuantumKeyReceiver: EphemeralPeerReceiving, TunnelProvider { +public class EphemeralPeerReceiver: EphemeralPeerReceiving, TunnelProvider { unowned let tunnelProvider: NEPacketTunnelProvider public init(tunnelProvider: NEPacketTunnelProvider) { self.tunnelProvider = tunnelProvider } - // MARK: - PostQuantumKeyReceiving + // MARK: - EphemeralPeerReceiving public func receivePostQuantumKey(_ key: PreSharedKey, ephemeralKey: PrivateKey) { guard let receiver = tunnelProvider as? EphemeralPeerReceiving else { return } diff --git a/ios/MullvadTypes/Protocols/EphemeralPeerReceiving.swift b/ios/MullvadTypes/Protocols/EphemeralPeerReceiving.swift index 04741cb9ddde..d55ec09f1ff6 100644 --- a/ios/MullvadTypes/Protocols/EphemeralPeerReceiving.swift +++ b/ios/MullvadTypes/Protocols/EphemeralPeerReceiving.swift @@ -1,5 +1,5 @@ // -// PostQuantumKeyReceiving.swift +// EphemeralPeerReceiving.swift // MullvadTypes // // Created by Andrew Bulhak on 2024-03-05. @@ -13,10 +13,12 @@ public protocol EphemeralPeerReceiving { /// Called when successfully requesting an ephemeral peer with Post Quantum PSK enabled /// /// - Parameters: - /// - key: The preshared key used by the Post Quantum Peer - /// - ephemeralKey: The private key used by the Post Quantum Peer + /// - key: The preshared key used by the Ephemeral Peer + /// - ephemeralKey: The private key used by the Ephemeral Peer func receivePostQuantumKey(_ key: PreSharedKey, ephemeralKey: PrivateKey) + /// Called when successfully requesting an ephemeral peer with Daita enabled, and Post Quantum PSK disabled + /// - Parameter _:_ The private key used by the Ephemeral Peer func receiveEphemeralPeerPrivateKey(_: PrivateKey) /// Called when an ephemeral peer could not be successfully negotiated diff --git a/ios/MullvadVPN.xcodeproj/project.pbxproj b/ios/MullvadVPN.xcodeproj/project.pbxproj index 208cefc25008..f624bf5eaffa 100644 --- a/ios/MullvadVPN.xcodeproj/project.pbxproj +++ b/ios/MullvadVPN.xcodeproj/project.pbxproj @@ -679,7 +679,7 @@ A90763C32B2858630045ADF0 /* Socks5Configuration.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90763C22B2858630045ADF0 /* Socks5Configuration.swift */; }; A90763C52B2858B40045ADF0 /* AnyIPEndpoint+Socks5.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90763C42B2858B40045ADF0 /* AnyIPEndpoint+Socks5.swift */; }; A90763C72B2858DC0045ADF0 /* CancellableChain.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90763C62B2858DC0045ADF0 /* CancellableChain.swift */; }; - A90C48672C36BC2600DCB94C /* PostQuantumKeyReceiver.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90C48662C36BC2600DCB94C /* PostQuantumKeyReceiver.swift */; }; + A90C48672C36BC2600DCB94C /* EphemeralPeerReceiver.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90C48662C36BC2600DCB94C /* EphemeralPeerReceiver.swift */; }; A90C48692C36BF3900DCB94C /* TunnelProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90C48682C36BF3900DCB94C /* TunnelProvider.swift */; }; A91614D12B108D1B00F416EB /* TransportLayer.swift in Sources */ = {isa = PBXBuildFile; fileRef = A91614D02B108D1B00F416EB /* TransportLayer.swift */; }; A91614D62B10B26B00F416EB /* TunnelControlViewModel.swift in Sources */ = {isa = PBXBuildFile; fileRef = A91614D52B10B26B00F416EB /* TunnelControlViewModel.swift */; }; @@ -892,7 +892,7 @@ F072D3D22C071AD100906F64 /* ShadowsocksLoaderTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F072D3D12C071AD100906F64 /* ShadowsocksLoaderTests.swift */; }; F073FCB32C6617D70062EA1D /* TunnelStore+Stubs.swift in Sources */ = {isa = PBXBuildFile; fileRef = F073FCB22C6617D70062EA1D /* TunnelStore+Stubs.swift */; }; F07751552C50F149006E6A12 /* EphemeralPeerExchangeActorStub.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C4C9BF2C495E7500A79006 /* EphemeralPeerExchangeActorStub.swift */; }; - F07751572C50F149006E6A12 /* PostQuantumKeyExchangingPipelineTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F053F4B92C4A94D300FBD937 /* PostQuantumKeyExchangingPipelineTests.swift */; }; + F07751572C50F149006E6A12 /* EphemeralPeerExchangingPipelineTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F053F4B92C4A94D300FBD937 /* EphemeralPeerExchangingPipelineTests.swift */; }; F07751582C50F149006E6A12 /* MultiHopEphemeralPeerExchangerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0C4C9BD2C49477B00A79006 /* MultiHopEphemeralPeerExchangerTests.swift */; }; F07751592C50F149006E6A12 /* SingleHopEphemeralPeerExchangerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F0A163882C47B46300592300 /* SingleHopEphemeralPeerExchangerTests.swift */; }; F07B53572C53B5270024F547 /* LocalNetworkIPs.swift in Sources */ = {isa = PBXBuildFile; fileRef = F07B53562C53B5270024F547 /* LocalNetworkIPs.swift */; }; @@ -903,7 +903,7 @@ F08827872B318C840020A383 /* ShadowsocksCipherOptions.swift in Sources */ = {isa = PBXBuildFile; fileRef = 58DFF7D92B02862E00F864E0 /* ShadowsocksCipherOptions.swift */; }; F08827882B318F960020A383 /* PersistentAccessMethod.swift in Sources */ = {isa = PBXBuildFile; fileRef = 586C0D962B04E0AC00E7CDD7 /* PersistentAccessMethod.swift */; }; F08827892B3192110020A383 /* AccessMethodRepositoryProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = 58EF875A2B16385400C098B2 /* AccessMethodRepositoryProtocol.swift */; }; - F08B6B772C52878400D0A121 /* MullvadPostQuantumTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = A98F1B502C19C48D003C869E /* MullvadPostQuantumTests.swift */; }; + F08B6B772C52878400D0A121 /* EphemeralPeerExchangeActorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = A98F1B502C19C48D003C869E /* EphemeralPeerExchangeActorTests.swift */; }; F08B6B782C528B8A00D0A121 /* EphemeralPeerExchangingProtocol.swift in Sources */ = {isa = PBXBuildFile; fileRef = F059197E2C454CE000C301F3 /* EphemeralPeerExchangingProtocol.swift */; }; F08B6B7C2C528C6300D0A121 /* SingleHopEphemeralPeerExchanger.swift in Sources */ = {isa = PBXBuildFile; fileRef = F05919782C45402E00C301F3 /* SingleHopEphemeralPeerExchanger.swift */; }; F08B6B7D2C528C6300D0A121 /* EphemeralPeerExchangingPipeline.swift in Sources */ = {isa = PBXBuildFile; fileRef = F05919762C453FAF00C301F3 /* EphemeralPeerExchangingPipeline.swift */; }; @@ -1993,7 +1993,7 @@ A90763C22B2858630045ADF0 /* Socks5Configuration.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Socks5Configuration.swift; sourceTree = ""; }; A90763C42B2858B40045ADF0 /* AnyIPEndpoint+Socks5.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "AnyIPEndpoint+Socks5.swift"; sourceTree = ""; }; A90763C62B2858DC0045ADF0 /* CancellableChain.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CancellableChain.swift; sourceTree = ""; }; - A90C48662C36BC2600DCB94C /* PostQuantumKeyReceiver.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PostQuantumKeyReceiver.swift; sourceTree = ""; }; + A90C48662C36BC2600DCB94C /* EphemeralPeerReceiver.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EphemeralPeerReceiver.swift; sourceTree = ""; }; A90C48682C36BF3900DCB94C /* TunnelProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelProvider.swift; sourceTree = ""; }; A91614D02B108D1B00F416EB /* TransportLayer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TransportLayer.swift; sourceTree = ""; }; A91614D52B10B26B00F416EB /* TunnelControlViewModel.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelControlViewModel.swift; sourceTree = ""; }; @@ -2026,7 +2026,7 @@ A98502022B627B120061901E /* LocalNetworkProbe.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LocalNetworkProbe.swift; sourceTree = ""; }; A988DF252ADE86ED00D807EF /* WireGuardObfuscationSettings.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = WireGuardObfuscationSettings.swift; sourceTree = ""; }; A988DF282ADE880300D807EF /* TunnelSettingsV3.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelSettingsV3.swift; sourceTree = ""; }; - A98F1B502C19C48D003C869E /* MullvadPostQuantumTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MullvadPostQuantumTests.swift; sourceTree = ""; }; + A98F1B502C19C48D003C869E /* EphemeralPeerExchangeActorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EphemeralPeerExchangeActorTests.swift; sourceTree = ""; }; A992DA1D2C24709F00DE7CE5 /* MullvadRustRuntime.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = MullvadRustRuntime.framework; sourceTree = BUILT_PRODUCTS_DIR; }; A992DA1F2C24709F00DE7CE5 /* MullvadRustRuntime.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MullvadRustRuntime.h; sourceTree = ""; }; A998DA802BD147AD001D61A2 /* ListCustomListsPage.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ListCustomListsPage.swift; sourceTree = ""; }; @@ -2088,7 +2088,7 @@ F050AE5D2B739A73003F4EDB /* LocationDataSourceProtocol.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LocationDataSourceProtocol.swift; sourceTree = ""; }; F050AE5F2B73A41E003F4EDB /* AllLocationDataSource.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AllLocationDataSource.swift; sourceTree = ""; }; F050AE612B74DBAC003F4EDB /* CustomListsDataSource.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CustomListsDataSource.swift; sourceTree = ""; }; - F053F4B92C4A94D300FBD937 /* PostQuantumKeyExchangingPipelineTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PostQuantumKeyExchangingPipelineTests.swift; sourceTree = ""; }; + F053F4B92C4A94D300FBD937 /* EphemeralPeerExchangingPipelineTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EphemeralPeerExchangingPipelineTests.swift; sourceTree = ""; }; F05769B82C6656E400D9778B /* TunnelSettingsPropagator.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelSettingsPropagator.swift; sourceTree = ""; }; F05769BA2C6661EE00D9778B /* TunnelSettingsStrategy.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TunnelSettingsStrategy.swift; sourceTree = ""; }; F05919742C45194B00C301F3 /* EphemeralPeerKey.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = EphemeralPeerKey.swift; sourceTree = ""; }; @@ -2570,7 +2570,7 @@ isa = PBXGroup; children = ( 449EBA252B975B9700DFA4EB /* EphemeralPeerReceiving.swift */, - A90C48662C36BC2600DCB94C /* PostQuantumKeyReceiver.swift */, + A90C48662C36BC2600DCB94C /* EphemeralPeerReceiver.swift */, A90C48682C36BF3900DCB94C /* TunnelProvider.swift */, ); path = Protocols; @@ -3364,14 +3364,12 @@ isa = PBXGroup; children = ( 7A3FD1B42AD4465A0042BEA6 /* AppMessageHandlerTests.swift */, + F053F4B92C4A94D300FBD937 /* EphemeralPeerExchangingPipelineTests.swift */, 586C14572AC463BB00245C01 /* EventChannelTests.swift */, - F0FBD98E2C4A60CC00EE5323 /* KeyExchangingResultStub.swift */, 58EC067D2A8D2B0700BEB973 /* Mocks */, F0C4C9BD2C49477B00A79006 /* MultiHopEphemeralPeerExchangerTests.swift */, 58FE25D32AA729B5003D1918 /* PacketTunnelActorTests.swift */, 58C7A46F2A8649ED0060C66F /* PingerTests.swift */, - F0C4C9BF2C495E7500A79006 /* EphemeralPeerExchangeActorStub.swift */, - F053F4B92C4A94D300FBD937 /* PostQuantumKeyExchangingPipelineTests.swift */, A97D25B12B0CB02D00946B2D /* ProtocolObfuscatorTests.swift */, F0A163882C47B46300592300 /* SingleHopEphemeralPeerExchangerTests.swift */, 5838321C2AC1C54600EA2071 /* TaskSleepTests.swift */, @@ -3661,6 +3659,8 @@ children = ( 58F7753C2AB8473200425B47 /* BlockedStateErrorMapperStub.swift */, 581F23AC2A8CF92100788AB6 /* DefaultPathObserverFake.swift */, + F0C4C9BF2C495E7500A79006 /* EphemeralPeerExchangeActorStub.swift */, + F0FBD98E2C4A60CC00EE5323 /* KeyExchangingResultStub.swift */, 58EC067B2A8D2A0B00BEB973 /* NetworkCounters.swift */, 5838321A2AC1B18400EA2071 /* PacketTunnelActor+Mocks.swift */, 7AD0AA1B2AD6A63F00119E10 /* PacketTunnelActorStub.swift */, @@ -4024,7 +4024,7 @@ isa = PBXGroup; children = ( A9C308392C19DDA7008715F1 /* MullvadPostQuantum+Stubs.swift */, - A98F1B502C19C48D003C869E /* MullvadPostQuantumTests.swift */, + A98F1B502C19C48D003C869E /* EphemeralPeerExchangeActorTests.swift */, 585A02EC2A4B28F300C6CAFF /* TCPConnection.swift */, 585A02E82A4B283000C6CAFF /* TCPUnsafeListener.swift */, 58695A9F2A4ADA9200328DB3 /* TunnelObfuscationTests.swift */, @@ -4050,8 +4050,8 @@ F059197A2C45404500C301F3 /* PostQuantum */ = { isa = PBXGroup; children = ( - F059197C2C454C9200C301F3 /* MultiHopEphemeralPeerExchanger.swift */, F05919762C453FAF00C301F3 /* EphemeralPeerExchangingPipeline.swift */, + F059197C2C454C9200C301F3 /* MultiHopEphemeralPeerExchanger.swift */, F05919782C45402E00C301F3 /* SingleHopEphemeralPeerExchanger.swift */, ); path = PostQuantum; @@ -5534,7 +5534,7 @@ F0ACE3372BE517F1006D5333 /* ServerRelaysResponse+Stubs.swift in Sources */, 58F7753D2AB8473200425B47 /* BlockedStateErrorMapperStub.swift in Sources */, 58FE25D42AA729B5003D1918 /* PacketTunnelActorTests.swift in Sources */, - F07751572C50F149006E6A12 /* PostQuantumKeyExchangingPipelineTests.swift in Sources */, + F07751572C50F149006E6A12 /* EphemeralPeerExchangingPipelineTests.swift in Sources */, 7A3FD1B52AD4465A0042BEA6 /* AppMessageHandlerTests.swift in Sources */, 58C7A4702A8649ED0060C66F /* PingerTests.swift in Sources */, A97D25B22B0CB02D00946B2D /* ProtocolObfuscatorTests.swift in Sources */, @@ -5979,7 +5979,7 @@ 7A307AD92A8CD8DA0017618B /* Duration.swift in Sources */, 58D2240A294C90210029F5F8 /* IPAddress+Codable.swift in Sources */, 58E45A5729F12C5100281ECF /* Result+Extensions.swift in Sources */, - A90C48672C36BC2600DCB94C /* PostQuantumKeyReceiver.swift in Sources */, + A90C48672C36BC2600DCB94C /* EphemeralPeerReceiver.swift in Sources */, A9E031782ACB09930095D843 /* UIApplication+Extensions.swift in Sources */, 58D2240B294C90210029F5F8 /* Cancellable.swift in Sources */, 58D2240C294C90210029F5F8 /* WrappingError.swift in Sources */, @@ -6134,7 +6134,7 @@ buildActionMask = 2147483647; files = ( A9D9A4D22C36DBAF004088DD /* MullvadPostQuantum+Stubs.swift in Sources */, - F08B6B772C52878400D0A121 /* MullvadPostQuantumTests.swift in Sources */, + F08B6B772C52878400D0A121 /* EphemeralPeerExchangeActorTests.swift in Sources */, A9D9A4CF2C36D54E004088DD /* TCPConnection.swift in Sources */, A9D9A4CE2C36D54E004088DD /* TunnelObfuscationTests.swift in Sources */, A9D9A4CC2C36D54E004088DD /* TCPUnsafeListener.swift in Sources */, diff --git a/ios/PacketTunnel/PacketTunnelProvider/PacketTunnelProvider.swift b/ios/PacketTunnel/PacketTunnelProvider/PacketTunnelProvider.swift index ec04e7d58a93..2840e5419ab0 100644 --- a/ios/PacketTunnel/PacketTunnelProvider/PacketTunnelProvider.swift +++ b/ios/PacketTunnel/PacketTunnelProvider/PacketTunnelProvider.swift @@ -30,8 +30,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider { private let tunnelSettingsUpdater: SettingsUpdater! private let tunnelSettingsListener = TunnelSettingsListener() - private lazy var postQuantumReceiver = { - PostQuantumKeyReceiver(tunnelProvider: self) + private lazy var ephemeralPeerReceiver = { + EphemeralPeerReceiver(tunnelProvider: self) }() // swiftlint:disable:next function_body_length @@ -98,14 +98,14 @@ class PacketTunnelProvider: NEPacketTunnelProvider { ephemeralPeerExchangingPipeline = EphemeralPeerExchangingPipeline( EphemeralPeerExchangeActor( - packetTunnel: postQuantumReceiver, + packetTunnel: ephemeralPeerReceiver, onFailure: self.ephemeralPeerExchangeFailed, iteratorProvider: { REST.RetryStrategy.postQuantumKeyExchange.makeDelayIterator() } ), onUpdateConfiguration: { [unowned self] configuration in actor.changeEphemeralPeerNegotiationState(configuration: configuration) }, onFinish: { [unowned self] in - actor.notifyPostQuantumKeyExchanged() + actor.notifyEphemeralPeerNegotiated() } ) } @@ -133,9 +133,9 @@ class PacketTunnelProvider: NEPacketTunnelProvider { return } case .negotiatingEphemeralPeer: - // When negotiating post quantum keys, allow the connection to go through immediately. + // When negotiating ephemeral peers, allow the connection to go through immediately. // Otherwise, the in-tunnel TCP connection will never become ready as the OS doesn't let - // any traffic through until this function returns, which would prevent negotiating keys + // any traffic through until this function returns, which would prevent negotiating ephemeral peers // from an unconnected state. return default: diff --git a/ios/PacketTunnelCore/Actor/EphemeralPeerKey.swift b/ios/PacketTunnelCore/Actor/EphemeralPeerKey.swift index a3a296054ef2..d411965c6299 100644 --- a/ios/PacketTunnelCore/Actor/EphemeralPeerKey.swift +++ b/ios/PacketTunnelCore/Actor/EphemeralPeerKey.swift @@ -8,7 +8,7 @@ import WireGuardKitTypes -/// The private key used by ephemeral peers +/// The preshared / private key used by ephemeral peers public struct EphemeralPeerKey: Equatable { public let preSharedKey: PreSharedKey? public let ephemeralKey: PrivateKey diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActor+PostQuantum.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActor+PostQuantum.swift index 8d43c98ee834..4bebc5c32446 100644 --- a/ios/PacketTunnelCore/Actor/PacketTunnelActor+PostQuantum.swift +++ b/ios/PacketTunnelCore/Actor/PacketTunnelActor+PostQuantum.swift @@ -28,7 +28,7 @@ extension PacketTunnelActor { /** Called on receipt of the new PQ-negotiated key, to reconnect to the relay, in PQ-secure mode. */ - internal func postQuantumConnect() async { + internal func connectWithEphemeralPeer() async { guard let connectionData = state.connectionData else { logger.error("Could not create connection state in PostQuantumConnect") eventChannel.send(.reconnect(.current)) @@ -47,7 +47,7 @@ extension PacketTunnelActor { } /** - Called to reconfigure the tunnel after each key negotiation. + Called to reconfigure the tunnel after each ephemeral peer negotiation. */ internal func updateEphemeralPeerNegotiationState(configuration: EphemeralPeerNegotiationState) async throws { /** @@ -60,7 +60,7 @@ extension PacketTunnelActor { settings: settings, reason: .userInitiated ) else { - logger.error("Tried to replace post quantum configuration in invalid state: \(state.name)") + logger.error("Tried to update ephemeral peer negotiation in invalid state: \(state.name)") return } @@ -97,8 +97,6 @@ extension PacketTunnelActor { preSharedKey: firstHop.configuration.preSharedKey ).makeConfiguration() - // wireguard-go will only turn on daita for the entry peer, - // so pass the daita configuration to the exit peer for consistency let exitConfiguration = try ConfigurationBuilder( privateKey: secondHop.configuration.privateKey, interfaceAddresses: settings.interfaceAddresses, diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActor+Public.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActor+Public.swift index a226092a1b9c..05b69deb35d2 100644 --- a/ios/PacketTunnelCore/Actor/PacketTunnelActor+Public.swift +++ b/ios/PacketTunnelCore/Actor/PacketTunnelActor+Public.swift @@ -52,15 +52,15 @@ extension PacketTunnelActor { } /** - Tell actor that post quantum key exchanging took place. + Tell actor that the ephemeral peer exchanging took place. */ - nonisolated public func notifyPostQuantumKeyExchanged() { - eventChannel.send(.notifyPostQuantumKeyExchanged) + nonisolated public func notifyEphemeralPeerNegotiated() { + eventChannel.send(.notifyEphemeralPeerNegotiated) } /** - Issue a new preshared key to the Actor. + Tell actor that the ephemeral peer negotiation state changed. - Parameter key: the new key */ diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActor.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActor.swift index 389cf7c674a0..68f724b9e2d3 100644 --- a/ios/PacketTunnelCore/Actor/PacketTunnelActor.swift +++ b/ios/PacketTunnelCore/Actor/PacketTunnelActor.swift @@ -145,8 +145,8 @@ public actor PacketTunnelActor { logger.error(error: error, message: "Failed to reconfigure tunnel after each hop negotiation.") await setErrorStateInternal(with: error) } - case .postQuantumConnect: - await postQuantumConnect() + case .connectWithEphemeralPeer: + await connectWithEphemeralPeer() case .setDisconnectedState: self.state = .disconnected } diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActorCommand.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActorCommand.swift index 9ee8f4e3ad12..0fb8acaba5d8 100644 --- a/ios/PacketTunnelCore/Actor/PacketTunnelActorCommand.swift +++ b/ios/PacketTunnelCore/Actor/PacketTunnelActorCommand.swift @@ -39,8 +39,8 @@ extension PacketTunnelActor { /// Update the device private key, as per post-quantum protocols case ephemeralPeerNegotiationStateChanged(EphemeralPeerNegotiationState) - /// Notify that post quantum key exchanging took place - case notifyPostQuantumKeyExchanged + /// Notify that an ephemeral peer exchanging took place + case notifyEphemeralPeerNegotiated /// Format command for log output. func logFormat() -> String { @@ -76,7 +76,7 @@ extension PacketTunnelActor { // TODO: Handle Daita here ??? case .ephemeralPeerNegotiationStateChanged: return "postQuantumNegotiationStateChanged" - case .notifyPostQuantumKeyExchanged: + case .notifyEphemeralPeerNegotiated: return "notifyPostQuantumKeyExchanged" } } diff --git a/ios/PacketTunnelCore/Actor/PacketTunnelActorReducer.swift b/ios/PacketTunnelCore/Actor/PacketTunnelActorReducer.swift index dfd8b889b1e3..3382baf2092a 100644 --- a/ios/PacketTunnelCore/Actor/PacketTunnelActorReducer.swift +++ b/ios/PacketTunnelCore/Actor/PacketTunnelActorReducer.swift @@ -26,7 +26,7 @@ extension PacketTunnelActor { case configureForErrorState(BlockedStateReason) case cacheActiveKey(Date?) case reconfigureForEphemeralPeer(EphemeralPeerNegotiationState) - case postQuantumConnect + case connectWithEphemeralPeer // acknowledge that the disconnection process has concluded, go to .disconnected. case setDisconnectedState @@ -46,7 +46,7 @@ extension PacketTunnelActor { case let (.configureForErrorState(r0), .configureForErrorState(r1)): r0 == r1 case let (.cacheActiveKey(d0), .cacheActiveKey(d1)): d0 == d1 case let (.reconfigureForEphemeralPeer(eph0), .reconfigureForEphemeralPeer(eph1)): eph0 == eph1 - case (.postQuantumConnect, .postQuantumConnect): true + case (.connectWithEphemeralPeer, .connectWithEphemeralPeer): true case (.setDisconnectedState, .setDisconnectedState): true default: false } @@ -92,8 +92,8 @@ extension PacketTunnelActor { case let .ephemeralPeerNegotiationStateChanged(configuration): return [.reconfigureForEphemeralPeer(configuration)] - case .notifyPostQuantumKeyExchanged: - return [.postQuantumConnect] + case .notifyEphemeralPeerNegotiated: + return [.connectWithEphemeralPeer] } } diff --git a/ios/PacketTunnelCore/Actor/State.swift b/ios/PacketTunnelCore/Actor/State.swift index f0aabd275947..10a28b5a2486 100644 --- a/ios/PacketTunnelCore/Actor/State.swift +++ b/ios/PacketTunnelCore/Actor/State.swift @@ -59,7 +59,7 @@ enum State: Equatable { /// Initial state at the time when actor is initialized but before the first connection attempt. case initial - /// Establish a connection to the gateway, and exchange a post quantum key with the GRPC service that resides there. + /// Establish a connection to the gateway, and exchange an ephemeral wireguard peer with the GRPC service that resides there. case negotiatingEphemeralPeer(ConnectionData, PrivateKey) /// Tunnel is attempting to connect. @@ -257,7 +257,7 @@ public enum ActorReconnectReason: Equatable { /// Initiated by user. case userInitiated - /// Initiated by tunnel monitor due to loss of connectivity, or if post quantum key negotiation times out. + /// Initiated by tunnel monitor due to loss of connectivity, or if ephemeral peer negotiation times out. /// Actor will increment the connection attempt counter before picking next relay. case connectionLoss } diff --git a/ios/PacketTunnelCoreTests/PostQuantumKeyExchangingPipelineTests.swift b/ios/PacketTunnelCoreTests/EphemeralPeerExchangingPipelineTests.swift similarity index 57% rename from ios/PacketTunnelCoreTests/PostQuantumKeyExchangingPipelineTests.swift rename to ios/PacketTunnelCoreTests/EphemeralPeerExchangingPipelineTests.swift index 50551db1d545..e5a679ec58c8 100644 --- a/ios/PacketTunnelCoreTests/PostQuantumKeyExchangingPipelineTests.swift +++ b/ios/PacketTunnelCoreTests/EphemeralPeerExchangingPipelineTests.swift @@ -1,5 +1,5 @@ // -// PostQuantumKeyExchangingPipelineTests.swift +// EphemeralPeerExchangingPipelineTests.swift // MullvadPostQuantumTests // // Created by Mojgan on 2024-07-19. @@ -13,7 +13,7 @@ @testable import WireGuardKitTypes import XCTest -final class PostQuantumKeyExchangingPipelineTests: XCTestCase { +final class EphemeralPeerExchangingPipelineTests: XCTestCase { var entryRelay: SelectedRelay! var exitRelay: SelectedRelay! var relayConstraints: RelayConstraints! @@ -60,7 +60,7 @@ final class PostQuantumKeyExchangingPipelineTests: XCTestCase { ) } - func testSingleHopKeyExchange() throws { + func testSingleHopPostQuantumKeyExchange() throws { let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") reconfigurationExpectation.expectedFulfillmentCount = 2 @@ -81,17 +81,37 @@ final class PostQuantumKeyExchangingPipelineTests: XCTestCase { postQuantumKeyExchangingPipeline.receivePostQuantumKey(preSharedKey, ephemeralKey: privateKey) }) - let connectionState = ObservedConnectionState( - selectedRelays: SelectedRelays(entry: nil, exit: exitRelay, retryAttempt: 0), - relayConstraints: relayConstraints, - networkReachability: NetworkReachability.reachable, - connectionAttemptCount: 0, - transportLayer: .udp, - remotePort: 1234, - isPostQuantum: true, - isDaitaEnabled: false + let connectionState = stubConnectionState(enableMultiHop: false, enablePostQuantum: true, enableDaita: false) + postQuantumKeyExchangingPipeline.startNegotiation(connectionState, privateKey: PrivateKey()) + + wait( + for: [reconfigurationExpectation, negotiationSuccessful], + timeout: .UnitTest.invertedTimeout ) + } + + func testSingleHopDaitaPeerExchange() throws { + let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") + reconfigurationExpectation.expectedFulfillmentCount = 2 + + let negotiationSuccessful = expectation(description: "Negotiation succeeded.") + negotiationSuccessful.expectedFulfillmentCount = 1 + let keyExchangeActor = EphemeralPeerExchangeActorStub() + let preSharedKey = try XCTUnwrap(PreSharedKey(hexKey: PrivateKey().hexKey)) + keyExchangeActor.result = .success((preSharedKey, PrivateKey())) + + let postQuantumKeyExchangingPipeline = EphemeralPeerExchangingPipeline(keyExchangeActor) { _ in + reconfigurationExpectation.fulfill() + } onFinish: { + negotiationSuccessful.fulfill() + } + + keyExchangeActor.delegate = KeyExchangingResultStub(onReceiveEphemeralPeerPrivateKey: { privateKey in + postQuantumKeyExchangingPipeline.receiveEphemeralPeerPrivateKey(privateKey) + }) + + let connectionState = stubConnectionState(enableMultiHop: false, enablePostQuantum: false, enableDaita: true) postQuantumKeyExchangingPipeline.startNegotiation(connectionState, privateKey: PrivateKey()) wait( @@ -100,7 +120,7 @@ final class PostQuantumKeyExchangingPipelineTests: XCTestCase { ) } - func testMultiHopKeyExchange() throws { + func testMultiHopPostQuantumKeyExchange() throws { let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") reconfigurationExpectation.expectedFulfillmentCount = 3 @@ -121,17 +141,37 @@ final class PostQuantumKeyExchangingPipelineTests: XCTestCase { postQuantumKeyExchangingPipeline.receivePostQuantumKey(preSharedKey, ephemeralKey: privateKey) }) - let connectionState = ObservedConnectionState( - selectedRelays: SelectedRelays(entry: entryRelay, exit: exitRelay, retryAttempt: 0), - relayConstraints: relayConstraints, - networkReachability: NetworkReachability.reachable, - connectionAttemptCount: 0, - transportLayer: .udp, - remotePort: 1234, - isPostQuantum: true, - isDaitaEnabled: false + let connectionState = stubConnectionState(enableMultiHop: true, enablePostQuantum: true, enableDaita: false) + postQuantumKeyExchangingPipeline.startNegotiation(connectionState, privateKey: PrivateKey()) + + wait( + for: [reconfigurationExpectation, negotiationSuccessful], + timeout: .UnitTest.invertedTimeout ) + } + + func testMultiHopDaitaExchange() throws { + let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") + reconfigurationExpectation.expectedFulfillmentCount = 3 + + let negotiationSuccessful = expectation(description: "Negotiation succeeded.") + negotiationSuccessful.expectedFulfillmentCount = 1 + + let keyExchangeActor = EphemeralPeerExchangeActorStub() + let preSharedKey = try XCTUnwrap(PreSharedKey(hexKey: PrivateKey().hexKey)) + keyExchangeActor.result = .success((preSharedKey, PrivateKey())) + let postQuantumKeyExchangingPipeline = EphemeralPeerExchangingPipeline(keyExchangeActor) { _ in + reconfigurationExpectation.fulfill() + } onFinish: { + negotiationSuccessful.fulfill() + } + + keyExchangeActor.delegate = KeyExchangingResultStub(onReceiveEphemeralPeerPrivateKey: { privateKey in + postQuantumKeyExchangingPipeline.receiveEphemeralPeerPrivateKey(privateKey) + }) + + let connectionState = stubConnectionState(enableMultiHop: true, enablePostQuantum: false, enableDaita: true) postQuantumKeyExchangingPipeline.startNegotiation(connectionState, privateKey: PrivateKey()) wait( @@ -139,4 +179,21 @@ final class PostQuantumKeyExchangingPipelineTests: XCTestCase { timeout: .UnitTest.invertedTimeout ) } + + func stubConnectionState( + enableMultiHop: Bool, + enablePostQuantum: Bool, + enableDaita: Bool + ) -> ObservedConnectionState { + ObservedConnectionState( + selectedRelays: SelectedRelays(entry: enableMultiHop ? entryRelay : nil, exit: exitRelay, retryAttempt: 0), + relayConstraints: relayConstraints, + networkReachability: NetworkReachability.reachable, + connectionAttemptCount: 0, + transportLayer: .udp, + remotePort: 1234, + isPostQuantum: enablePostQuantum, + isDaitaEnabled: enableDaita + ) + } } diff --git a/ios/PacketTunnelCoreTests/EphemeralPeerExchangeActorStub.swift b/ios/PacketTunnelCoreTests/Mocks/EphemeralPeerExchangeActorStub.swift similarity index 78% rename from ios/PacketTunnelCoreTests/EphemeralPeerExchangeActorStub.swift rename to ios/PacketTunnelCoreTests/Mocks/EphemeralPeerExchangeActorStub.swift index 600702fe0643..7f17af56bec8 100644 --- a/ios/PacketTunnelCoreTests/EphemeralPeerExchangeActorStub.swift +++ b/ios/PacketTunnelCoreTests/Mocks/EphemeralPeerExchangeActorStub.swift @@ -1,5 +1,5 @@ // -// PostQuantumKeyExchangeActorStub.swift +// EphemeralPeerExchangeActorStub.swift // MullvadPostQuantumTests // // Created by Mojgan on 2024-07-18. @@ -21,7 +21,11 @@ final class EphemeralPeerExchangeActorStub: EphemeralPeerExchangeActorProtocol { func startNegotiation(with privateKey: PrivateKey, enablePostQuantum: Bool, enableDaita: Bool) { switch result { case let .success((preSharedKey, ephemeralKey)): - delegate?.receivePostQuantumKey(preSharedKey, ephemeralKey: ephemeralKey) + if enablePostQuantum { + delegate?.receivePostQuantumKey(preSharedKey, ephemeralKey: ephemeralKey) + } else { + delegate?.receiveEphemeralPeerPrivateKey(ephemeralKey) + } case .failure: delegate?.ephemeralPeerExchangeFailed() } diff --git a/ios/PacketTunnelCoreTests/KeyExchangingResultStub.swift b/ios/PacketTunnelCoreTests/Mocks/KeyExchangingResultStub.swift similarity index 100% rename from ios/PacketTunnelCoreTests/KeyExchangingResultStub.swift rename to ios/PacketTunnelCoreTests/Mocks/KeyExchangingResultStub.swift diff --git a/ios/PacketTunnelCoreTests/MultiHopEphemeralPeerExchangerTests.swift b/ios/PacketTunnelCoreTests/MultiHopEphemeralPeerExchangerTests.swift index f81194c24d59..95436edb4c9c 100644 --- a/ios/PacketTunnelCoreTests/MultiHopEphemeralPeerExchangerTests.swift +++ b/ios/PacketTunnelCoreTests/MultiHopEphemeralPeerExchangerTests.swift @@ -59,7 +59,7 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { ) } - func testKeyExchangeFailsWhenNegotiationCannotStart() { + func testEphemeralPeerExchangeFailsWhenNegotiationCannotStart() { let expectedNegotiationFailure = expectation(description: "Negotiation failed.") let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") @@ -68,14 +68,14 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { let negotiationSuccessful = expectation(description: "Negotiation succeeded.") negotiationSuccessful.isInverted = true - let keyExchangeActor = EphemeralPeerExchangeActorStub() - keyExchangeActor.result = .failure(EphemeralPeerExchangeErrorStub.canceled) + let peerExchangeActor = EphemeralPeerExchangeActorStub() + peerExchangeActor.result = .failure(EphemeralPeerExchangeErrorStub.canceled) - let multiHopPostQuantumKeyExchanging = MultiHopEphemeralPeerExchanger( + let multiHopExchanger = MultiHopEphemeralPeerExchanger( entry: entryRelay, exit: exitRelay, devicePrivateKey: PrivateKey(), - keyExchanger: keyExchangeActor, + keyExchanger: peerExchangeActor, enablePostQuantum: true, enableDaita: false ) { _ in @@ -84,11 +84,11 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { negotiationSuccessful.fulfill() } - keyExchangeActor.delegate = KeyExchangingResultStub { + peerExchangeActor.delegate = KeyExchangingResultStub { expectedNegotiationFailure.fulfill() } - multiHopPostQuantumKeyExchanging.start() + multiHopExchanger.start() wait( for: [expectedNegotiationFailure, reconfigurationExpectation, negotiationSuccessful], @@ -96,7 +96,7 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { ) } - func testKeyExchangeSuccessWhenNegotiationStart() throws { + func testEphemeralPeerExchangeSuccessWhenPostQuantumNegotiationStarts() throws { let unexpectedNegotiationFailure = expectation(description: "Negotiation failed.") unexpectedNegotiationFailure.isInverted = true @@ -106,15 +106,15 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { let negotiationSuccessful = expectation(description: "Negotiation succeeded.") negotiationSuccessful.expectedFulfillmentCount = 1 - let keyExchangeActor = EphemeralPeerExchangeActorStub() + let peerExchangeActor = EphemeralPeerExchangeActorStub() let preSharedKey = try XCTUnwrap(PreSharedKey(hexKey: PrivateKey().hexKey)) - keyExchangeActor.result = .success((preSharedKey, PrivateKey())) + peerExchangeActor.result = .success((preSharedKey, PrivateKey())) - let multiHopPostQuantumKeyExchanging = MultiHopEphemeralPeerExchanger( + let multiHopPeerExchanger = MultiHopEphemeralPeerExchanger( entry: entryRelay, exit: exitRelay, devicePrivateKey: PrivateKey(), - keyExchanger: keyExchangeActor, + keyExchanger: peerExchangeActor, enablePostQuantum: true, enableDaita: false ) { _ in @@ -123,10 +123,48 @@ final class MultiHopEphemeralPeerExchangerTests: XCTestCase { negotiationSuccessful.fulfill() } - keyExchangeActor.delegate = KeyExchangingResultStub(onReceivePostQuantumKey: { preSharedKey, ephemeralKey in - multiHopPostQuantumKeyExchanging.receivePostQuantumKey(preSharedKey, ephemeralKey: ephemeralKey) + peerExchangeActor.delegate = KeyExchangingResultStub(onReceivePostQuantumKey: { preSharedKey, ephemeralKey in + multiHopPeerExchanger.receivePostQuantumKey(preSharedKey, ephemeralKey: ephemeralKey) }) - multiHopPostQuantumKeyExchanging.start() + multiHopPeerExchanger.start() + + wait( + for: [unexpectedNegotiationFailure, reconfigurationExpectation, negotiationSuccessful], + timeout: .UnitTest.invertedTimeout + ) + } + + func testEphemeralPeerExchangeSuccessWhenDaitaNegotiationStarts() throws { + let unexpectedNegotiationFailure = expectation(description: "Negotiation failed.") + unexpectedNegotiationFailure.isInverted = true + + let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") + reconfigurationExpectation.expectedFulfillmentCount = 3 + + let negotiationSuccessful = expectation(description: "Negotiation succeeded.") + negotiationSuccessful.expectedFulfillmentCount = 1 + + let peerExchangeActor = EphemeralPeerExchangeActorStub() + let preSharedKey = try XCTUnwrap(PreSharedKey(hexKey: PrivateKey().hexKey)) + peerExchangeActor.result = .success((preSharedKey, PrivateKey())) + + let multiHopPeerExchanger = MultiHopEphemeralPeerExchanger( + entry: entryRelay, + exit: exitRelay, + devicePrivateKey: PrivateKey(), + keyExchanger: peerExchangeActor, + enablePostQuantum: false, + enableDaita: true + ) { _ in + reconfigurationExpectation.fulfill() + } onFinish: { + negotiationSuccessful.fulfill() + } + + peerExchangeActor.delegate = KeyExchangingResultStub(onReceiveEphemeralPeerPrivateKey: { ephemeralKey in + multiHopPeerExchanger.receiveEphemeralPeerPrivateKey(ephemeralKey) + }) + multiHopPeerExchanger.start() wait( for: [unexpectedNegotiationFailure, reconfigurationExpectation, negotiationSuccessful], diff --git a/ios/PacketTunnelCoreTests/SingleHopEphemeralPeerExchangerTests.swift b/ios/PacketTunnelCoreTests/SingleHopEphemeralPeerExchangerTests.swift index 92a1e01f2334..e94ca0889e06 100644 --- a/ios/PacketTunnelCoreTests/SingleHopEphemeralPeerExchangerTests.swift +++ b/ios/PacketTunnelCoreTests/SingleHopEphemeralPeerExchangerTests.swift @@ -38,7 +38,7 @@ final class SingleHopEphemeralPeerExchangerTests: XCTestCase { exitRelay = SelectedRelay(endpoint: match.endpoint, hostname: match.relay.hostname, location: match.location) } - func testKeyExchangeFailsWhenNegotiationCannotStart() { + func testEphemeralPeerExchangeFailsWhenNegotiationCannotStart() { let expectedNegotiationFailure = expectation(description: "Negotiation failed.") let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") @@ -74,7 +74,7 @@ final class SingleHopEphemeralPeerExchangerTests: XCTestCase { ) } - func testKeyExchangeSuccessWhenNegotiationStart() throws { + func testEphemeralPeerExchangeSuccessWhenPostQuantumNegotiationStarts() throws { let unexpectedNegotiationFailure = expectation(description: "Negotiation failed.") unexpectedNegotiationFailure.isInverted = true @@ -110,4 +110,41 @@ final class SingleHopEphemeralPeerExchangerTests: XCTestCase { timeout: .UnitTest.invertedTimeout ) } + + func testEphemeralPeerExchangeSuccessWhenDaitaNegotiationStarts() throws { + let unexpectedNegotiationFailure = expectation(description: "Negotiation failed.") + unexpectedNegotiationFailure.isInverted = true + + let reconfigurationExpectation = expectation(description: "Tunnel reconfiguration took place") + reconfigurationExpectation.expectedFulfillmentCount = 2 + + let negotiationSuccessful = expectation(description: "Negotiation succeeded.") + negotiationSuccessful.expectedFulfillmentCount = 1 + + let peerExchangeActor = EphemeralPeerExchangeActorStub() + let preSharedKey = try XCTUnwrap(PreSharedKey(hexKey: PrivateKey().hexKey)) + peerExchangeActor.result = .success((preSharedKey, PrivateKey())) + + let multiHopPeerExchanger = SingleHopEphemeralPeerExchanger( + exit: exitRelay, + devicePrivateKey: PrivateKey(), + keyExchanger: peerExchangeActor, + enablePostQuantum: false, + enableDaita: true + ) { _ in + reconfigurationExpectation.fulfill() + } onFinish: { + negotiationSuccessful.fulfill() + } + + peerExchangeActor.delegate = KeyExchangingResultStub(onReceiveEphemeralPeerPrivateKey: { ephemeralKey in + multiHopPeerExchanger.receiveEphemeralPeerPrivateKey(ephemeralKey) + }) + multiHopPeerExchanger.start() + + wait( + for: [unexpectedNegotiationFailure, reconfigurationExpectation, negotiationSuccessful], + timeout: .UnitTest.invertedTimeout + ) + } } diff --git a/mullvad-ios/src/post_quantum_proxy/ios_runtime.rs b/mullvad-ios/src/post_quantum_proxy/ios_runtime.rs index a1e07d89dadc..1b4380c67061 100644 --- a/mullvad-ios/src/post_quantum_proxy/ios_runtime.rs +++ b/mullvad-ios/src/post_quantum_proxy/ios_runtime.rs @@ -21,8 +21,7 @@ pub unsafe fn run_post_quantum_psk_exchange( ephemeral_key: [u8; 32], packet_tunnel: *const c_void, tcp_connection: *const c_void, - post_quantum_key_exchange_timeout: u64, - tokio_handle: TokioHandle, + peer_exchange_timeout: u64, enable_post_quantum: bool, enable_daita: bool, ) -> Result { @@ -32,7 +31,7 @@ pub unsafe fn run_post_quantum_psk_exchange( ephemeral_key, packet_tunnel, tcp_connection, - post_quantum_key_exchange_timeout, + peer_exchange_timeout, enable_post_quantum, enable_daita, ) @@ -40,6 +39,14 @@ pub unsafe fn run_post_quantum_psk_exchange( Ok(runtime) => { let token = runtime.packet_tunnel.tcp_connection.clone(); + let tokio_handle = match crate::mullvad_ios_runtime() { + Ok(handle) => handle, + Err(err) => { + log::error!("Failed to obtain a handle to a tokio runtime: {err}"); + return Err(Error::UnableToCreateRuntime); + } + }; + runtime.run(tokio_handle); Ok(EphemeralPeerCancelToken { context: Arc::into_raw(token) as *mut _, @@ -65,7 +72,7 @@ struct IOSRuntime { pub_key: [u8; 32], ephemeral_key: [u8; 32], packet_tunnel: SwiftContext, - post_quantum_key_exchange_timeout: u64, + peer_exchange_timeout: u64, enable_post_quantum: bool, enable_daita: bool, } @@ -89,7 +96,7 @@ impl IOSRuntime { pub_key, ephemeral_key, packet_tunnel: context, - post_quantum_key_exchange_timeout, + peer_exchange_timeout: post_quantum_key_exchange_timeout, enable_post_quantum, enable_daita, }) @@ -132,13 +139,13 @@ impl IOSRuntime { let (async_provider, shutdown_handle) = unsafe { match Self::ios_tcp_client(self.packet_tunnel.clone()).await { Ok(result) => result, + Err(error) => { log::error!("Failed to create iOS TCP client: {error}"); - swift_post_quantum_key_ready( + swift_ephemeral_peer_ready( self.packet_tunnel.packet_tunnel, ptr::null(), ptr::null(), - self.enable_daita, ); return; } @@ -164,18 +171,16 @@ impl IOSRuntime { match peer.psk { Some(preshared_key) => unsafe { let preshared_key_bytes = preshared_key.as_bytes(); - swift_post_quantum_key_ready(self.packet_tunnel.packet_tunnel, + swift_ephemeral_peer_ready(self.packet_tunnel.packet_tunnel, preshared_key_bytes.as_ptr(), - self.ephemeral_key.as_ptr(), - self.enable_daita); + self.ephemeral_key.as_ptr()); }, None => { // Daita peer was requested, but without enabling post quantum keys unsafe { - swift_post_quantum_key_ready(self.packet_tunnel.packet_tunnel, + swift_ephemeral_peer_ready(self.packet_tunnel.packet_tunnel, ptr::null(), - self.ephemeral_key.as_ptr(), - self.enable_daita); + self.ephemeral_key.as_ptr()); } } } @@ -183,24 +188,22 @@ impl IOSRuntime { Err(error) => { log::error!("Key exchange failed {}", error); unsafe { - swift_post_quantum_key_ready(self.packet_tunnel.packet_tunnel, + swift_ephemeral_peer_ready(self.packet_tunnel.packet_tunnel, ptr::null(), - ptr::null(), - self.enable_daita); + ptr::null()); } } } } - _ = tokio::time::sleep(std::time::Duration::from_secs(self.post_quantum_key_exchange_timeout)) => { + _ = tokio::time::sleep(std::time::Duration::from_secs(self.peer_exchange_timeout)) => { if let Ok(mut connection) = self.packet_tunnel.tcp_connection.lock() { connection.shutdown(); }; shutdown_handle.shutdown(); - unsafe { swift_post_quantum_key_ready(self.packet_tunnel.packet_tunnel, - ptr::null(), + unsafe { swift_ephemeral_peer_ready(self.packet_tunnel.packet_tunnel, ptr::null(), - self.enable_daita); } + ptr::null()); } } } } diff --git a/mullvad-ios/src/post_quantum_proxy/ios_tcp_connection.rs b/mullvad-ios/src/post_quantum_proxy/ios_tcp_connection.rs index de03bb931d2c..d91081fe576d 100644 --- a/mullvad-ios/src/post_quantum_proxy/ios_tcp_connection.rs +++ b/mullvad-ios/src/post_quantum_proxy/ios_tcp_connection.rs @@ -33,13 +33,12 @@ extern "C" { /// Called when the preshared post quantum key is ready, /// or when a Daita peer has been successfully requested. /// `raw_preshared_key` will be NULL if: - /// - The post qunatum key negotiation failed + /// - The post quantum key negotiation failed /// - A Daita peer has been requested without enabling post quantum keys. - pub fn swift_post_quantum_key_ready( + pub fn swift_ephemeral_peer_ready( raw_packet_tunnel: *const c_void, raw_preshared_key: *const u8, raw_ephemeral_private_key: *const u8, - daita_enabled: bool, ); } diff --git a/mullvad-ios/src/post_quantum_proxy/mod.rs b/mullvad-ios/src/post_quantum_proxy/mod.rs index a86387a005ec..a4090e58db7d 100644 --- a/mullvad-ios/src/post_quantum_proxy/mod.rs +++ b/mullvad-ios/src/post_quantum_proxy/mod.rs @@ -42,33 +42,33 @@ impl Drop for EphemeralPeerCancelToken { unsafe impl Send for EphemeralPeerCancelToken {} -/// Called by the Swift side to signal that the quantum-secure key exchange should be cancelled. +/// Called by the Swift side to signal that the ephemeral peer exchange should be cancelled. /// After this call, the cancel token is no longer valid. /// /// # Safety -/// `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the +/// `sender` must be pointing to a valid instance of a `EphemeralPeerCancelToken` created by the /// `PacketTunnelProvider`. #[no_mangle] -pub unsafe extern "C" fn cancel_post_quantum_key_exchange(sender: *const EphemeralPeerCancelToken) { +pub unsafe extern "C" fn cancel_ephemeral_peer_exchange(sender: *const EphemeralPeerCancelToken) { let sender = unsafe { &*sender }; sender.cancel(); } -/// Called by the Swift side to signal that the Rust `PostQuantumCancelToken` can be safely dropped +/// Called by the Swift side to signal that the Rust `EphemeralPeerCancelToken` can be safely dropped /// from memory. /// /// # Safety -/// `sender` must be pointing to a valid instance of a `PostQuantumCancelToken` created by the +/// `sender` must be pointing to a valid instance of a `EphemeralPeerCancelToken` created by the /// `PacketTunnelProvider`. #[no_mangle] -pub unsafe extern "C" fn drop_post_quantum_key_exchange_token( +pub unsafe extern "C" fn drop_ephemeral_peer_exchange_token( sender: *const EphemeralPeerCancelToken, ) { let _sender = unsafe { std::ptr::read(sender) }; } /// Called by Swift whenever data has been written to the in-tunnel TCP connection when exchanging -/// quantum-resistant pre shared keys. +/// quantum-resistant pre shared keys, or ephemeral peers. /// /// If `bytes_sent` is 0, this indicates that the connection was closed or that an error occurred. /// @@ -84,7 +84,7 @@ pub unsafe extern "C" fn handle_sent(bytes_sent: usize, sender: *const c_void) { } /// Called by Swift whenever data has been read from the in-tunnel TCP connection when exchanging -/// quantum-resistant pre shared keys. +/// quantum-resistant pre shared keys, or ephemeral peers. /// /// If `data` is null or empty, this indicates that the connection was closed or that an error /// occurred. An empty buffer is sent to the underlying reader to signal EOF. @@ -109,7 +109,7 @@ pub unsafe extern "C" fn handle_recv(data: *const u8, mut data_len: usize, sende } } -/// Entry point for exchanging post quantum keys on iOS. +/// Entry point for requesting ephemeral peers on iOS. /// The TCP connection must be created to go through the tunnel. /// # Safety /// `public_key` and `ephemeral_key` must be valid respective `PublicKey` and `PrivateKey` types. @@ -124,7 +124,7 @@ pub unsafe extern "C" fn request_ephemeral_peer( packet_tunnel: *const c_void, tcp_connection: *const c_void, cancel_token: *mut EphemeralPeerCancelToken, - post_quantum_key_exchange_timeout: u64, + peer_exchange_timeout: u64, enable_post_quantum: bool, enable_daita: bool, ) -> i32 { @@ -137,23 +137,13 @@ pub unsafe extern "C" fn request_ephemeral_peer( let pub_key: [u8; 32] = unsafe { std::ptr::read(public_key as *const [u8; 32]) }; let eph_key: [u8; 32] = unsafe { std::ptr::read(ephemeral_key as *const [u8; 32]) }; - let handle = match crate::mullvad_ios_runtime() { - Ok(handle) => handle, - Err(err) => { - log::error!("Failed to obtain a handle to a tokio runtime: {err}"); - - return -1; - } - }; - match unsafe { run_post_quantum_psk_exchange( pub_key, eph_key, packet_tunnel, tcp_connection, - post_quantum_key_exchange_timeout, - handle, + peer_exchange_timeout, enable_post_quantum, enable_daita, )