wireguard-go-bridge: use system go installation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Importing: Only the main thread shall access lastFileImportErrorText

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Make use of lastError returned from TunnelsManager.addMultiple()

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: addMultiple() should also return the last error

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Simplify TunnelImporter

Signed-off-by: Roopesh Chander <roop@roopc.net>

wireguard-go-bridge: use go modules

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: update to Go 1.12

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Importing: macOS: Support importing of multiple files at a time

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Use case-insensitive comparison for zip extension

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Hack to restart active tunnel after adding a new tunnel

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Show OS error when unable to open a .conf file

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnel edit: Disable user interaction when OS VPN prompt is shown

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnel edit: s/populateTextFields()/populateFields()/g;

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: When programmatically selecting a tunnel, also scroll if required

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Replace NSSegmentedControl with NSPopUpButton and NSButton

Thereby avoiding the hacky way of showing the menus.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Give a clearer error message on importing an invalid config

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Show 'quitting with active tunnel' only when appropriate

Not when logging off or when the machine's shutting down

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Fix removal of DNSes from AllowedIPs when DNS has changed

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: On changing DNS, update AllowedIPs with the current DNS servers

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: On saving, update AllowedIPs with the current DNS servers

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Better error message when .conf file is not readable

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Specify crypto compliance

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelViewModel: Remove DNS from AllowedIPs when unchecking 'Exclude private IPs'

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Exclude private IPs

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelViewModel: Minor refactoring of exclude private IPs handling

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: lowercase only once

Also fix submodule regression.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ConfTextStorage: Let's keep the AllowedIPs and DNS servers as strings

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: Make fieldType an enum

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: keep track of single peer state for exclude private IPs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

macOS: Tunnel detail: Set min width/height

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnels list: Use constant width for the table view

Signed-off-by: Roopesh Chander <roop@roopc.net>

.mobileconfig: fix lists

Signed-off-by: Roopesh Chander <roop@roopc.net>

README: supports macOS

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

README: recursive cloning

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

README: Xcode has a lowercase 'c'

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

macOS: Show privacy notice on adding first tunnel

App store reviewers don't understand that this isn't a service.

Revert this as soon as they come to their senses.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go: bump for ARM64 ChaCha20

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

.mobileconfig: fix formatting

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

.mobileconfig: note keychain limitation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Preshared key field in the detail view should just say 'enabled'

Signed-off-by: Roopesh Chander <roop@roopc.net>

Log migration of tunnel configuration

Signed-off-by: Roopesh Chander <roop@roopc.net>

Document installing WireGuard tunnels using Configuration Profiles

Signed-off-by: Roopesh Chander <roop@roopc.net>

Migrate when we notice a new tunnel in reload()

Signed-off-by: Roopesh Chander <roop@roopc.net>

Don't migrate in asTunnelConfiguration()

It causes problems when installing a tunnel through a
Configuration Profile on macOS and activating it first through
Network Preferences.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Info.plist: Localize with InfoPlist.strings

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Change keyboard shortcut for importing to Cmd+O

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Adapt to the new applyConfiguration API

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Rewrite applying runtime configuration

To make scrolling smoother while the fields are modified

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Ignore case in matching file extensions inside zip files

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: No need to access tunnelConfiguration on status change

Signed-off-by: Roopesh Chander <roop@roopc.net>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fix writing of preshared key to config format

Signed-off-by: Roopesh Chander <roop@roopc.net>

Project: don't embed swift binaries into appex

Otherwise we're rejected from the app store.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Global: fix swiftlint issues

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: get rid of nopie warning

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: Cache go tarballs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

KeyEncoding: rename file to match extension filename style

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: we already do len checking in C

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Info.plist: Add missing key types

I worry that LSMinimumSystemVersion in the extension's plist might be
problematic, since that same plist runs on macOS and iOS. We _might_
need to bifurcate.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

First Mac App Store release if all goes well.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: Use C implementation instead

Swift compiles so slowly and it's unclear all of the insane type punning
was even correct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: Constant time encoding

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: Ignore status changes on tunnel providers we don't have

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Use shorter pretty time

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Turn off animation when showing fields changing

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Show alert if exiting with an active tunnel

Instead of deactivating the tunnel.

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Don't lose .restarting state

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Log startDeactivation calls

Signed-off-by: Roopesh Chander <roop@roopc.net>

wireguard-go: Bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Enable hardened runtime

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

NetworkExtensionMac: Don't forget to link to the networkextension framework

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

StatusItemController: Show animation when deactivating

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

PacketTunnelProvider: proper fix for 32073323

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: When creating/modifying a tunnel, update the associated object

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: prohibit multiple instances of app

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

PrivateDataConfirmation: prompt with touch/face/pin/password ID for viewing/exporting keys

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

LegacyConfig: Remove and support plaintext for .mobileconfig

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Keychain: store configurations in keychain instead of providerConfig

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: cache access to configuration object

Supposedly we never change it once per object, so we do the objective C
hack of adding it cached to the extension. This prevents 1000s of calls
to the keychain and improves the speed of imports.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Project: Remove OS name from appex file name

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: Wait for 6 seconds on deactivation instead of 5

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick conf parser: Handle inline comments correctly

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Select tunnel after adding it with 'Add empty tunnel'

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Ensure fields are updated on saving

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Ensure fields are updated on saving

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Apply runtime configuration by diff-ing

And apply the diff on the tableView as insertRows/removeRows.

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelViewModel: Don't call peer change handler if there are no changes

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnel detail: Refactor calculation of tableViewModelRows

Signed-off-by: Roopesh Chander <roop@roopc.net>

x25519: demand RNG is successful

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Config: Add template for macOS key

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: SwitchCell should hold the observation token

And should nil the token when preparing for reuse.

This also reverts "iOS: Tunnel detail: Refactor updation of status"

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: KeyValueCell should hold the observation token

And should nil the token when preparing for reuse.

Otherwise, the observation closure is still active even after the cell
gets reused.

Signed-off-by: Roopesh Chander <roop@roopc.net>

wireguard-go: bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: Apply runtime configuration by diff-ing

And apply the diff on the tableView as insert/remove/reloads.

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Keep track of visible fields with a [Bool] array

Signed-off-by: Roopesh Chander <roop@roopc.net>

Strings: fix backwards clock wording

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: Tunnel detail: Reload runtime config every second

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Refactor updation of status

Signed-off-by: Roopesh Chander <roop@roopc.net>

Fix handling of 'PersistentKeepalive: every n seconds'

Signed-off-by: Roopesh Chander <roop@roopc.net>