Importing: Better error message when .conf file is not readable

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Specify crypto compliance

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelViewModel: Remove DNS from AllowedIPs when unchecking 'Exclude private IPs'

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Exclude private IPs

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelViewModel: Minor refactoring of exclude private IPs handling

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: lowercase only once

Also fix submodule regression.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

ConfTextStorage: Let's keep the AllowedIPs and DNS servers as strings

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: Make fieldType an enum

Signed-off-by: Roopesh Chander <roop@roopc.net>

ConfTextStorage: keep track of single peer state for exclude private IPs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

macOS: Tunnel detail: Set min width/height

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnels list: Use constant width for the table view

Signed-off-by: Roopesh Chander <roop@roopc.net>

.mobileconfig: fix lists

Signed-off-by: Roopesh Chander <roop@roopc.net>

README: supports macOS

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

README: recursive cloning

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

README: Xcode has a lowercase 'c'

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

macOS: Show privacy notice on adding first tunnel

App store reviewers don't understand that this isn't a service.

Revert this as soon as they come to their senses.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go: bump for ARM64 ChaCha20

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

.mobileconfig: fix formatting

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

.mobileconfig: note keychain limitation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Preshared key field in the detail view should just say 'enabled'

Signed-off-by: Roopesh Chander <roop@roopc.net>

Log migration of tunnel configuration

Signed-off-by: Roopesh Chander <roop@roopc.net>

Document installing WireGuard tunnels using Configuration Profiles

Signed-off-by: Roopesh Chander <roop@roopc.net>

Migrate when we notice a new tunnel in reload()

Signed-off-by: Roopesh Chander <roop@roopc.net>

Don't migrate in asTunnelConfiguration()

It causes problems when installing a tunnel through a
Configuration Profile on macOS and activating it first through
Network Preferences.

Signed-off-by: Roopesh Chander <roop@roopc.net>

Info.plist: Localize with InfoPlist.strings

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Change keyboard shortcut for importing to Cmd+O

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Adapt to the new applyConfiguration API

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Rewrite applying runtime configuration

To make scrolling smoother while the fields are modified

Signed-off-by: Roopesh Chander <roop@roopc.net>

Importing: Ignore case in matching file extensions inside zip files

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: No need to access tunnelConfiguration on status change

Signed-off-by: Roopesh Chander <roop@roopc.net>

Version bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Fix writing of preshared key to config format

Signed-off-by: Roopesh Chander <roop@roopc.net>

Project: don't embed swift binaries into appex

Otherwise we're rejected from the app store.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Global: fix swiftlint issues

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: get rid of nopie warning

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: Cache go tarballs

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

KeyEncoding: rename file to match extension filename style

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: we already do len checking in C

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Info.plist: Add missing key types

I worry that LSMinimumSystemVersion in the extension's plist might be
problematic, since that same plist runs on macOS and iOS. We _might_
need to bifurcate.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Version bump

First Mac App Store release if all goes well.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: Use C implementation instead

Swift compiles so slowly and it's unclear all of the insane type punning
was even correct.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Key: Constant time encoding

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: Ignore status changes on tunnel providers we don't have

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Use shorter pretty time

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Turn off animation when showing fields changing

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Show alert if exiting with an active tunnel

Instead of deactivating the tunnel.

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Don't lose .restarting state

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Log startDeactivation calls

Signed-off-by: Roopesh Chander <roop@roopc.net>

wireguard-go: Bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Enable hardened runtime

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

NetworkExtensionMac: Don't forget to link to the networkextension framework

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

StatusItemController: Show animation when deactivating

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

PacketTunnelProvider: proper fix for 32073323

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: When creating/modifying a tunnel, update the associated object

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: prohibit multiple instances of app

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

PrivateDataConfirmation: prompt with touch/face/pin/password ID for viewing/exporting keys

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

LegacyConfig: Remove and support plaintext for .mobileconfig

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Keychain: store configurations in keychain instead of providerConfig

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: cache access to configuration object

Supposedly we never change it once per object, so we do the objective C
hack of adding it cached to the extension. This prevents 1000s of calls
to the keychain and improves the speed of imports.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Project: Remove OS name from appex file name

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

TunnelsManager: Wait for 6 seconds on deactivation instead of 5

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wg-quick conf parser: Handle inline comments correctly

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Select tunnel after adding it with 'Add empty tunnel'

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Ensure fields are updated on saving

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Ensure fields are updated on saving

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Apply runtime configuration by diff-ing

And apply the diff on the tableView as insertRows/removeRows.

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelViewModel: Don't call peer change handler if there are no changes

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnel detail: Refactor calculation of tableViewModelRows

Signed-off-by: Roopesh Chander <roop@roopc.net>

x25519: demand RNG is successful

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Config: Add template for macOS key

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: SwitchCell should hold the observation token

And should nil the token when preparing for reuse.

This also reverts "iOS: Tunnel detail: Refactor updation of status"

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: KeyValueCell should hold the observation token

And should nil the token when preparing for reuse.

Otherwise, the observation closure is still active even after the cell
gets reused.

Signed-off-by: Roopesh Chander <roop@roopc.net>

wireguard-go: bump

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: Apply runtime configuration by diff-ing

And apply the diff on the tableView as insert/remove/reloads.

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Keep track of visible fields with a [Bool] array

Signed-off-by: Roopesh Chander <roop@roopc.net>

Strings: fix backwards clock wording

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

iOS: Tunnel detail: Reload runtime config every second

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Tunnel detail: Refactor updation of status

Signed-off-by: Roopesh Chander <roop@roopc.net>

Fix handling of 'PersistentKeepalive: every n seconds'

Signed-off-by: Roopesh Chander <roop@roopc.net>

iOS: Make it compile again

Signed-off-by: Roopesh Chander <roop@roopc.net>

Configure timers to fire even when tracking mouse events

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Tunnel detail: Reload runtime config every second

Signed-off-by: Roopesh Chander <roop@roopc.net>

Logger: Convert do-catch to try?

Signed-off-by: Roopesh Chander <roop@roopc.net>

Runtime info: Make bytecount and timestamp info prettier

Signed-off-by: Roopesh Chander <roop@roopc.net>

Persistent Keepalive detail should read 'every n seconds'

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: Invoke reload() in a subsequent runloop

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Delay .deactivated status to workaround system bug

For some time after it's connection status becomes .disconnected,
if a tunnel gets started, it gets automatically killed by the system
after ~25 seconds.

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Select the active tunnel when showing the manage tunnels window

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsTracker: Simplify using TunnelsManager.tunnelInOperation()

Signed-off-by: Roopesh Chander <roop@roopc.net>

TunnelsManager: func tunnelInOperation()

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Ensure status is up-to-date on startup

Signed-off-by: Roopesh Chander <roop@roopc.net>

Config file parsing: Fix bug when there are comments at the end

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: show runtime configuration in tunnel manager

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

Tunnel: support getting runtime configuration

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: allow querying internal settings

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

wireguard-go-bridge: fix standalone build

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

macOS: Tunnel detail: Fix updation of tunnelEditVC

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Deactivate any active tunnel when app exits

Signed-off-by: Roopesh Chander <roop@roopc.net>

macOS: Adapt to TunnelsManagerListDelegate changes

Signed-off-by: Roopesh Chander <roop@roopc.net>