Implement support for daita with multihop

7 files changed, 47 insertions, 17 deletions

diff --git a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/ManagementService.kt b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/ManagementService.kt
index bd27574cbe..d4cedd1e61 100644
--- a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/ManagementService.kt
+++ b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/ManagementService.kt
@@ -123,6 +123,7 @@ import net.mullvad.mullvadvpn.lib.model.WebsiteAuthToken
 import net.mullvad.mullvadvpn.lib.model.WireguardEndpointData as ModelWireguardEndpointData
 import net.mullvad.mullvadvpn.lib.model.addresses
 import net.mullvad.mullvadvpn.lib.model.customOptions
+import net.mullvad.mullvadvpn.lib.model.enabled
 import net.mullvad.mullvadvpn.lib.model.entryLocation
 import net.mullvad.mullvadvpn.lib.model.isMultihopEnabled
 import net.mullvad.mullvadvpn.lib.model.location
@@ -507,17 +508,12 @@ class ManagementService(
             .mapEmpty()
 
     suspend fun setDaitaEnabled(enabled: Boolean): Either<SetDaitaSettingsError, Unit> =
-        Either.catch {
-                val daitaSettings =
-                    ManagementInterface.DaitaSettings.newBuilder()
-                        .setEnabled(enabled)
-                        // Before Multihop is supported on Android, calling `setDirectOnly` with
-                        // false will cause undefined behaviour. Will be fixed by as part of
-                        // DROID-1412.
-                        .setDirectOnly(true)
-                        .build()
-                grpc.setDaitaSettings(daitaSettings)
-            }
+        Either.catch { grpc.setEnableDaita(BoolValue.of(enabled)) }
+            .mapLeft(SetDaitaSettingsError::Unknown)
+            .mapEmpty()
+
+    suspend fun setDaitaDirectOnly(enabled: Boolean): Either<SetDaitaSettingsError, Unit> =
+        Either.catch { grpc.setDaitaDirectOnly(BoolValue.of(enabled)) }
             .mapLeft(SetDaitaSettingsError::Unknown)
             .mapEmpty()
 
diff --git a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/FromDomain.kt b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/FromDomain.kt
index b3fe88bdc8..f62124a171 100644
--- a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/FromDomain.kt
+++ b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/FromDomain.kt
@@ -8,6 +8,7 @@ import net.mullvad.mullvadvpn.lib.model.Constraint
 import net.mullvad.mullvadvpn.lib.model.CustomDnsOptions
 import net.mullvad.mullvadvpn.lib.model.CustomList
 import net.mullvad.mullvadvpn.lib.model.CustomListId
+import net.mullvad.mullvadvpn.lib.model.DaitaSettings
 import net.mullvad.mullvadvpn.lib.model.DefaultDnsOptions
 import net.mullvad.mullvadvpn.lib.model.DnsOptions
 import net.mullvad.mullvadvpn.lib.model.DnsState
@@ -253,3 +254,9 @@ internal fun ShadowsocksSettings.fromDomain(): ManagementInterface.ShadowsocksSe
         is Constraint.Only ->
             ManagementInterface.ShadowsocksSettings.newBuilder().setPort(port.value.value).build()
     }
+
+internal fun DaitaSettings.fromDomain(): ManagementInterface.DaitaSettings =
+    ManagementInterface.DaitaSettings.newBuilder()
+        .setEnabled(enabled)
+        .setDirectOnly(directOnly)
+        .build()
diff --git a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/ToDomain.kt b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/ToDomain.kt
index 0412871f43..c7f47b0c29 100644
--- a/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/ToDomain.kt
+++ b/android/lib/daemon-grpc/src/main/kotlin/net/mullvad/mullvadvpn/lib/daemon/grpc/mapper/ToDomain.kt
@@ -26,6 +26,7 @@ import net.mullvad.mullvadvpn.lib.model.CustomDnsOptions
 import net.mullvad.mullvadvpn.lib.model.CustomList
 import net.mullvad.mullvadvpn.lib.model.CustomListId
 import net.mullvad.mullvadvpn.lib.model.CustomListName
+import net.mullvad.mullvadvpn.lib.model.DaitaSettings
 import net.mullvad.mullvadvpn.lib.model.DefaultDnsOptions
 import net.mullvad.mullvadvpn.lib.model.Device
 import net.mullvad.mullvadvpn.lib.model.DeviceId
@@ -436,9 +437,12 @@ internal fun ManagementInterface.TunnelOptions.WireguardOptions.toDomain(): Wire
     WireguardTunnelOptions(
         mtu = if (hasMtu()) Mtu(mtu) else null,
         quantumResistant = quantumResistant.toDomain(),
-        daita = daita.enabled,
+        daitaSettings = daita.toDomain(),
     )
 
+internal fun ManagementInterface.DaitaSettings.toDomain(): DaitaSettings =
+    DaitaSettings(enabled = enabled, directOnly = directOnly)
+
 internal fun ManagementInterface.QuantumResistantState.toDomain(): QuantumResistantState =
     when (state) {
         ManagementInterface.QuantumResistantState.State.AUTO -> QuantumResistantState.Auto
diff --git a/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/DaitaSettings.kt b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/DaitaSettings.kt
new file mode 100644
index 0000000000..791970cf70
--- /dev/null
+++ b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/DaitaSettings.kt
@@ -0,0 +1,8 @@
+package net.mullvad.mullvadvpn.lib.model
+
+import arrow.optics.optics
+
+@optics
+data class DaitaSettings(val enabled: Boolean, val directOnly: Boolean) {
+    companion object
+}
diff --git a/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/Settings.kt b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/Settings.kt
index b3f1a2e8a0..99e8a2b8dc 100644
--- a/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/Settings.kt
+++ b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/Settings.kt
@@ -14,7 +14,5 @@ data class Settings(
     val splitTunnelSettings: SplitTunnelSettings,
     val apiAccessMethodSettings: List<ApiAccessMethodSetting>,
 ) {
-    fun isDaitaEnabled() = tunnelOptions.wireguard.daita
-
     companion object
 }
diff --git a/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/WireguardTunnelOptions.kt b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/WireguardTunnelOptions.kt
index 70b1599c55..f6a489df12 100644
--- a/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/WireguardTunnelOptions.kt
+++ b/android/lib/model/src/main/kotlin/net/mullvad/mullvadvpn/lib/model/WireguardTunnelOptions.kt
@@ -1,7 +1,12 @@
 package net.mullvad.mullvadvpn.lib.model
 
+import arrow.optics.optics
+
+@optics
 data class WireguardTunnelOptions(
     val mtu: Mtu?,
     val quantumResistant: QuantumResistantState,
-    val daita: Boolean,
-)
+    val daitaSettings: DaitaSettings,
+) {
+    companion object
+}
diff --git a/android/lib/resource/src/main/res/values/strings.xml b/android/lib/resource/src/main/res/values/strings.xml
index 9877098d7c..cd71db65b3 100644
--- a/android/lib/resource/src/main/res/values/strings.xml
+++ b/android/lib/resource/src/main/res/values/strings.xml
@@ -359,7 +359,7 @@
     <string name="failed_to_set_current_unknown_error">Failed to set to current - Unknown reason</string>
     <string name="location_was_removed_from_list">%s was removed from \"%s\"</string>
     <string name="create_custom_list_message">\"%s\" was created</string>
-    <string name="daita_info">%s (%s) hides patterns in your encrypted VPN traffic. If anyone is monitoring your connection, this makes it significantly harder for them to identify what websites you are visiting. It does this by carefully adding network noise and making all network packets the same size.</string>
+    <string name="daita_info">By enabling \"Direct Only\" you will have to manually select a server that is DAITA-enabled. This can cause you to end up in a blocked state until you have selected a compatible server in the \"Select location\" view.</string>
     <string name="daita_warning">Attention: Since this increases your total network traffic, be cautious if you have a limited data plan. It can also negatively impact your network speed and battery usage.</string>
     <string name="setting_chip">Setting: %s</string>
     <string name="enable_anyway">Enable anyway</string>
@@ -410,4 +410,16 @@
     <string name="search_results">Search results</string>
     <string name="filters">Filters:</string>
     <string name="search_query_empty">Type at least 2 characters to start searching.</string>
+    <string name="daita_description_slide_1_first_paragraph">DAITA (Defense against AI-guided Traffic Analysis) hides patterns in your encrypted VPN traffic.</string>
+    <string name="daita_description_slide_1_second_paragraph">By using sophisticated AI it’s possible to analyze the traffic of data packets going in and out of your device (even if the traffic is encrypted).</string>
+    <string name="daita_description_slide_1_third_paragraph">If an observer monitors these data packets, DAITA makes it significantly harder for them to identify which websites you are visiting or with whom you are communicating.</string>
+    <string name="daita_description_slide_2_first_paragraph">DAITA does this by carefully adding network noise and making all network packets the same size.</string>
+    <string name="daita_description_slide_2_second_paragraph">Not all our servers are DAITA-enabled. Therefore, we use multihop automatically to enable DAITA with any server.</string>
+    <string name="daita_description_slide_2_third_paragraph">Attention: Be cautious if you have a limited data plan as this feature will increase your network traffic.</string>
+    <string name="direct_only">Direct only</string>
+    <string name="enable_direct_only">Enable \"Direct only\"</string>
+    <string name="direct_only_description">Not all our servers are DAITA-enabled. In order to use the internet, you might have to select a new location after enabling.</string>
+    <string name="multihop_entry_disabled_description">The entry server for multihop is currently overridden by DAITA. To select an entry server, please first enable “Direct only” or disable “DAITA” in the settings.</string>
+    <string name="open_daita_settings">Open DAITA settings</string>
+    <string name="search">Search</string>
 </resources>