Fix: split tunnel data packages are not compressed

psiphon/common/authPackage.go

@@ -115,12 +115,21 @@ func WriteAuthenticatedDataPackage(
 // ReadAuthenticatedDataPackage extracts and verifies authenticated
 // data from an AuthenticatedDataPackage. The package must have been
 // signed with the given key.
+//
+// Set isCompressed to false to read packages that are not compressed.
 func ReadAuthenticatedDataPackage(
-	compressedPackage []byte, signingPublicKey string) (string, error) {
+	dataPackage []byte, isCompressed bool, signingPublicKey string) (string, error) {
 
-	packageJSON, err := Decompress(compressedPackage)
-	if err != nil {
-		return "", ContextError(err)
+	var packageJSON []byte
+	var err error
+
+	if isCompressed {
+		packageJSON, err = Decompress(dataPackage)
+		if err != nil {
+			return "", ContextError(err)
+		}
+	} else {
+		packageJSON = dataPackage
 	}
 
 	var authenticatedDataPackage *AuthenticatedDataPackage

psiphon/common/authPackage_test.go

@@ -84,7 +84,7 @@ func TestAuthenticatedPackage(t *testing.T) {
 
 	t.Run("read package: success", func(t *testing.T) {
 		content, err := ReadAuthenticatedDataPackage(
-			packagePayload, signingPublicKey)
+			packagePayload, true, signingPublicKey)
 		if err != nil {
 			t.Fatalf("ReadAuthenticatedDataPackage failed: %s", err)
 		}
@@ -114,7 +114,7 @@ func TestAuthenticatedPackage(t *testing.T) {
 
 	t.Run("read package: wrong signing key", func(t *testing.T) {
 		_, err = ReadAuthenticatedDataPackage(
-			packagePayload, wrongSigningPublicKey)
+			packagePayload, true, wrongSigningPublicKey)
 		if err == nil {
 			t.Fatalf("ReadAuthenticatedDataPackage unexpectedly succeeded")
 		}
@@ -130,7 +130,7 @@ func TestAuthenticatedPackage(t *testing.T) {
 
 	t.Run("read package: tampered data", func(t *testing.T) {
 		_, err = ReadAuthenticatedDataPackage(
-			tamperedPackagePayload, signingPublicKey)
+			tamperedPackagePayload, true, signingPublicKey)
 		if err == nil {
 			t.Fatalf("ReadAuthenticatedDataPackage unexpectedly succeeded")
 		}
@@ -172,7 +172,7 @@ func BenchmarkAuthenticatedPackage(b *testing.B) {
 	b.Run("read package", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			_, err := ReadAuthenticatedDataPackage(
-				packagePayload, signingPublicKey)
+				packagePayload, true, signingPublicKey)
 			if err != nil {
 				b.Fatalf("ReadAuthenticatedDataPackage failed: %s", err)
 			}

psiphon/common/osl/osl.go

@@ -1101,7 +1101,7 @@ func UnpackRegistry(
 	registryPackage []byte, signingPublicKey string) (*Registry, []byte, error) {
 
 	encodedRegistry, err := common.ReadAuthenticatedDataPackage(
-		registryPackage, signingPublicKey)
+		registryPackage, true, signingPublicKey)
 	if err != nil {
 		return nil, nil, common.ContextError(err)
 	}
@@ -1278,7 +1278,7 @@ func (registry *Registry) UnpackOSL(
 	}
 
 	oslPayload, err := common.ReadAuthenticatedDataPackage(
-		dataPackage, signingPublicKey)
+		dataPackage, true, signingPublicKey)
 	if err != nil {
 		return "", common.ContextError(err)
 	}

psiphon/splitTunnel.go

@@ -281,7 +281,7 @@ func (classifier *SplitTunnelClassifier) getRoutes(tunnel *Tunnel) (routesData [
 	var encodedRoutesData string
 	if !useCachedRoutes {
 		encodedRoutesData, err = common.ReadAuthenticatedDataPackage(
-			routesDataPackage, classifier.routesSignaturePublicKey)
+			routesDataPackage, false, classifier.routesSignaturePublicKey)
 		if err != nil {
 			NoticeAlert("failed to read split tunnel routes package: %s", common.ContextError(err))
 			useCachedRoutes = true