Documentation ¶
Index ¶
- Constants
- Variables
- func DiscardLogf(format string, args ...interface{})
- func FromHex(dst []byte, src string) error
- func GenerateDeviceKeys() ([]byte, []byte)
- func HMAC1(sum *[blake2s.Size]byte, key, in0 []byte)
- func HMAC2(sum *[blake2s.Size]byte, key, in0, in1 []byte)
- func KDF1(t0 *[blake2s.Size]byte, key, input []byte)
- func KDF2(t0, t1 *[blake2s.Size]byte, key, input []byte)
- func KDF3(t0, t1, t2 *[blake2s.Size]byte, key, input []byte)
- func KeyToHex(key []byte) string
- type AllowedIPs
- func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet
- func (table *AllowedIPs) Insert(ip net.IP, cidr uint, peer *Peer)
- func (table *AllowedIPs) LookupIPv4(address []byte) *Peer
- func (table *AllowedIPs) LookupIPv6(address []byte) *Peer
- func (table *AllowedIPs) RemoveByPeer(peer *Peer)
- func (table *AllowedIPs) Reset()
- type AtomicBool
- type CCAKyberPK
- type CCAKyberSK
- type CPAKyberPK
- type CPAKyberSK
- type CookieChecker
- type CookieGenerator
- type Device
- func (device *Device) Bind() conn.Bind
- func (device *Device) BindClose() error
- func (device *Device) BindSetMark(mark uint32) error
- func (device *Device) BindUpdate() error
- func (device *Device) Close()
- func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
- func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
- func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
- func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
- func (device *Device) DeleteKeypair(key *Keypair)
- func (device *Device) DisableSomeRoamingForBrokenMobileSemantics()
- func (device *Device) Down()
- func (device *Device) FlushPacketQueues()
- func (device *Device) GetInboundElement() *QueueInboundElement
- func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
- func (device *Device) GetOutboundElement() *QueueOutboundElement
- func (device *Device) IpcGet() (string, error)
- func (device *Device) IpcGetOperation(w io.Writer) error
- func (device *Device) IpcHandle(socket net.Conn)
- func (device *Device) IpcSet(uapiConf string) error
- func (device *Device) IpcSetOperation(r io.Reader) (err error)
- func (device *Device) IsUnderLoad() bool
- func (device *Device) LookupPeer(hpk [blake2s.Size]byte) *Peer
- func (device *Device) NewOutboundElement() *QueueOutboundElement
- func (device *Device) NewPeer(pk CCAKyberPK) (*Peer, error)
- func (device *Device) PopulatePools()
- func (device *Device) PrintDevice()
- func (device *Device) PutInboundElement(elem *QueueInboundElement)
- func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
- func (device *Device) PutOutboundElement(elem *QueueOutboundElement)
- func (device *Device) RemoveAllPeers()
- func (device *Device) RemovePeer(hk [blake2s.Size]byte)
- func (device *Device) RoutineDecryption()
- func (device *Device) RoutineEncryption()
- func (device *Device) RoutineHandshake()
- func (device *Device) RoutineReadFromTUN()
- func (device *Device) RoutineReceiveIncoming(IP int, bind conn.Bind)
- func (device *Device) RoutineTUNEventReader()
- func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
- func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
- func (device *Device) SetPrivateKey(sk CCAKyberSK) error
- func (device *Device) SetPublicKey(pk CCAKyberPK) error
- func (device *Device) Up()
- func (device *Device) Wait() chan struct{}
- type Handshake
- type IPCError
- type IndexTable
- func (table *IndexTable) Delete(index uint32)
- func (table *IndexTable) Init()
- func (table *IndexTable) Lookup(id uint32) IndexTableEntry
- func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
- func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
- type IndexTableEntry
- type Keypair
- type Keypairs
- type Logger
- type MessageCookieReply
- type MessageInitiation
- type MessageResponse
- type MessageTransport
- type NoiseNonce
- type Peer
- func (peer *Peer) BeginSymmetricSession() error
- func (peer *Peer) ExpireCurrentKeypairs()
- func (peer *Peer) FlushNonceQueue()
- func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer
- func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool
- func (peer *Peer) RoutineNonce()
- func (peer *Peer) RoutineSequentialReceiver()
- func (peer *Peer) RoutineSequentialSender()
- func (peer *Peer) SendBuffer(buffer []byte) error
- func (peer *Peer) SendHandshakeInitiation(isRetry bool) error
- func (peer *Peer) SendHandshakeResponse() error
- func (peer *Peer) SendKeepalive() bool
- func (peer *Peer) SetEndpointFromPacket(endpoint conn.Endpoint)
- func (peer *Peer) Start()
- func (peer *Peer) Stop()
- func (peer *Peer) String() string
- func (peer *Peer) ZeroAndFlushAll()
- type QueueHandshakeElement
- type QueueInboundElement
- type QueueOutboundElement
- type Timer
Constants ¶
const ( RekeyAfterMessages = (1 << 60) RejectAfterMessages = (1 << 64) - (1 << 13) - 1 RekeyAfterTime = time.Second * 120 RekeyAttemptTime = time.Second * 90 RekeyTimeout = time.Second * 5 MaxTimerHandshakes = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */ RekeyTimeoutJitterMaxMs = 334 RejectAfterTime = time.Second * 180 KeepaliveTimeout = time.Second * 10 CookieRefreshTime = time.Second * 120 HandshakeInitationRate = time.Second / 50 PaddingMultiple = 16 )
const ( MinMessageSize = MessageKeepaliveSize // minimum size of transport message (keepalive) MaxMessageSize = MaxSegmentSize // maximum size of transport message MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content )
const ( UnderLoadQueueSize = QueueHandshakeSize / 8 UnderLoadAfterTime = time.Second // how long does the device remain under load after detected MaxPeers = 1 << 16 // maximum number of configured peers )
const ( IPv4offsetTotalLength = 2 IPv4offsetSrc = 12 IPv4offsetDst = IPv4offsetSrc + net.IPv4len )
const ( IPv6offsetPayloadLength = 4 IPv6offsetSrc = 8 IPv6offsetDst = IPv6offsetSrc + net.IPv6len )
const ( LogLevelSilent = iota LogLevelError LogLevelVerbose )
Log levels for use with NewLogger.
const ( AtomicFalse = int32(iota) AtomicTrue )
const ( NoiseConstruction = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s" WGIdentifier = "WireGuard v1 zx2c4 Jason@zx2c4.com" WGLabelMAC1 = "mac1----" WGLabelCookie = "cookie--" PlaceHolder = 32 )
const ( MessageInitiationType = 1 MessageResponseType = 2 MessageCookieReplyType = 3 MessageTransportType = 4 )
const ( MessageInitiationSize = 2*4 + sizeCPAKyberPK + blake2s.Size + poly1305.TagSize + tai64n.TimestampSize + poly1305.TagSize + sizeCCAKyberC + 2*blake2s.Size128 //2388 // size of handshake initiation message ere add SIZEC MessageResponseSize = 3*4 + sizeCCAKyberC + sizeCPAKyberC + poly1305.TagSize + 2*blake2s.Size128 //2260 //92 + 2*utils.SIZEC // size of response message MessageCookieReplySize = 64 // size of cookie reply message MessageTransportHeaderSize = 16 // size of data preceding content in transport message MessageTransportSize = MessageTransportHeaderSize + poly1305.TagSize // size of empty transport MessageKeepaliveSize = MessageTransportSize // size of keepalive MessageHandshakeSize = MessageInitiationSize // size of largest handshake related message )
const ( MessageTransportOffsetReceiver = 4 MessageTransportOffsetCounter = 8 MessageTransportOffsetContent = 16 )
const ( QueueOutboundSize = 1024 QueueInboundSize = 1024 QueueHandshakeSize = 1024 MaxSegmentSize = (1 << 16) - 1 // largest possible UDP datagram PreallocatedBuffersPerPool = 0 // Disable and allow for infinite memory growth )
const DefaultMTU = 1420
const (
PeerRoutineNumber = 2
)
const WireGuardGoVersion = "0.0.20201118"
Variables ¶
var ( InitialChainKey [blake2s.Size]byte InitialHash [blake2s.Size]byte ZeroNonce [chacha20poly1305.NonceSize]byte )
Functions ¶
func DiscardLogf ¶
func DiscardLogf(format string, args ...interface{})
Function for use in Logger for discarding logged lines.
func GenerateDeviceKeys ¶
Types ¶
type AllowedIPs ¶
type AllowedIPs struct { IPv4 *trieEntry IPv6 *trieEntry // contains filtered or unexported fields }
func (*AllowedIPs) EntriesForPeer ¶
func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet
func (*AllowedIPs) LookupIPv4 ¶
func (table *AllowedIPs) LookupIPv4(address []byte) *Peer
func (*AllowedIPs) LookupIPv6 ¶
func (table *AllowedIPs) LookupIPv6(address []byte) *Peer
func (*AllowedIPs) RemoveByPeer ¶
func (table *AllowedIPs) RemoveByPeer(peer *Peer)
func (*AllowedIPs) Reset ¶
func (table *AllowedIPs) Reset()
type AtomicBool ¶
type AtomicBool struct {
// contains filtered or unexported fields
}
func (*AtomicBool) Get ¶
func (a *AtomicBool) Get() bool
func (*AtomicBool) Set ¶
func (a *AtomicBool) Set(val bool)
func (*AtomicBool) Swap ¶
func (a *AtomicBool) Swap(val bool) bool
type CCAKyberPK ¶
type CCAKyberPK [sizeCCAKyberPK]byte
func (CCAKyberPK) Equals ¶
func (key CCAKyberPK) Equals(tar CCAKyberPK) bool
func (CCAKyberPK) IsZero ¶
func (key CCAKyberPK) IsZero() bool
type CCAKyberSK ¶
type CCAKyberSK [sizeCCAKyberSK]byte
func (CCAKyberSK) Equals ¶
func (key CCAKyberSK) Equals(tar CCAKyberSK) bool
func (CCAKyberSK) IsZero ¶
func (key CCAKyberSK) IsZero() bool
type CPAKyberPK ¶
type CPAKyberPK [sizeCPAKyberPK]byte
type CPAKyberSK ¶
type CPAKyberSK [sizeCPAKyberSK]byte
type CookieChecker ¶
func (*CookieChecker) CheckMAC1 ¶
func (st *CookieChecker) CheckMAC1(msg []byte) bool
func (*CookieChecker) CreateReply ¶
func (st *CookieChecker) CreateReply( msg []byte, recv uint32, src []byte, ) (*MessageCookieReply, error)
type CookieGenerator ¶
func (*CookieGenerator) AddMacs ¶
func (st *CookieGenerator) AddMacs(msg []byte)
func (*CookieGenerator) ConsumeReply ¶
func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool
type Device ¶
type Device struct {
// contains filtered or unexported fields
}
func (*Device) BindSetMark ¶
func (*Device) BindUpdate ¶
func (*Device) ConsumeMessageInitiation ¶
func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer
func (*Device) ConsumeMessageResponse ¶
func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer
func (*Device) CreateMessageInitiation ¶
func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)
func (*Device) CreateMessageResponse ¶
func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)
func (*Device) DeleteKeypair ¶
func (*Device) DisableSomeRoamingForBrokenMobileSemantics ¶
func (device *Device) DisableSomeRoamingForBrokenMobileSemantics()
func (*Device) FlushPacketQueues ¶
func (device *Device) FlushPacketQueues()
func (*Device) GetInboundElement ¶
func (device *Device) GetInboundElement() *QueueInboundElement
func (*Device) GetMessageBuffer ¶
func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte
func (*Device) GetOutboundElement ¶
func (device *Device) GetOutboundElement() *QueueOutboundElement
func (*Device) IpcGetOperation ¶
IpcGetOperation implements the WireGuard configuration protocol "get" operation. See https://www.wireguard.com/xplatform/#configuration-protocol for details.
func (*Device) IpcSetOperation ¶
IpcSetOperation implements the WireGuard configuration protocol "set" operation. See https://www.wireguard.com/xplatform/#configuration-protocol for details.
func (*Device) IsUnderLoad ¶
func (*Device) NewOutboundElement ¶
func (device *Device) NewOutboundElement() *QueueOutboundElement
func (*Device) PopulatePools ¶
func (device *Device) PopulatePools()
func (*Device) PrintDevice ¶
func (device *Device) PrintDevice()
func (*Device) PutInboundElement ¶
func (device *Device) PutInboundElement(elem *QueueInboundElement)
func (*Device) PutMessageBuffer ¶
func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)
func (*Device) PutOutboundElement ¶
func (device *Device) PutOutboundElement(elem *QueueOutboundElement)
func (*Device) RemoveAllPeers ¶
func (device *Device) RemoveAllPeers()
func (*Device) RoutineDecryption ¶
func (device *Device) RoutineDecryption()
func (*Device) RoutineEncryption ¶
func (device *Device) RoutineEncryption()
Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core
func (*Device) RoutineHandshake ¶
func (device *Device) RoutineHandshake()
Handles incoming packets related to handshake
func (*Device) RoutineReadFromTUN ¶
func (device *Device) RoutineReadFromTUN()
Reads packets from the TUN and inserts * into nonce queue for peer * * Obs. Single instance per TUN device
func (*Device) RoutineReceiveIncoming ¶
Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)
func (*Device) RoutineTUNEventReader ¶
func (device *Device) RoutineTUNEventReader()
func (*Device) SendHandshakeCookie ¶
func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error
func (*Device) SendKeepalivesToPeersWithCurrentKeypair ¶
func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()
func (*Device) SetPrivateKey ¶
func (device *Device) SetPrivateKey(sk CCAKyberSK) error
Set the KEM keys
func (*Device) SetPublicKey ¶
func (device *Device) SetPublicKey(pk CCAKyberPK) error
Set the KEM keys
type IndexTable ¶
func (*IndexTable) Delete ¶
func (table *IndexTable) Delete(index uint32)
func (*IndexTable) Init ¶
func (table *IndexTable) Init()
func (*IndexTable) Lookup ¶
func (table *IndexTable) Lookup(id uint32) IndexTableEntry
func (*IndexTable) NewIndexForHandshake ¶
func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)
func (*IndexTable) SwapIndexForKeypair ¶
func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)
type IndexTableEntry ¶
type IndexTableEntry struct {
// contains filtered or unexported fields
}
type Logger ¶
type Logger struct { Verbosef func(format string, args ...interface{}) Errorf func(format string, args ...interface{}) }
A Logger provides logging for a Device. The functions are Printf-style functions. They must be safe for concurrent use. They do not require a trailing newline in the format. If nil, that level of logging will be silent.
type MessageCookieReply ¶
type MessageCookieReply struct { Type uint32 Receiver uint32 Nonce [chacha20poly1305.NonceSizeX]byte Cookie [blake2s.Size128 + poly1305.TagSize]byte //here }
type MessageInitiation ¶
type MessageResponse ¶
type MessageTransport ¶
type NoiseNonce ¶
type NoiseNonce uint64 // padded to 12-bytes
type Peer ¶
type Peer struct { sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer // contains filtered or unexported fields }
func (*Peer) BeginSymmetricSession ¶
Derives a new keypair from the current handshake state *
func (*Peer) ExpireCurrentKeypairs ¶
func (peer *Peer) ExpireCurrentKeypairs()
func (*Peer) FlushNonceQueue ¶
func (peer *Peer) FlushNonceQueue()
func (*Peer) ReceivedWithKeypair ¶
func (*Peer) RoutineNonce ¶
func (peer *Peer) RoutineNonce()
Queues packets when there is no handshake. * Then assigns nonces to packets sequentially * and creates "work" structs for workers * * Obs. A single instance per peer
func (*Peer) RoutineSequentialReceiver ¶
func (peer *Peer) RoutineSequentialReceiver()
func (*Peer) RoutineSequentialSender ¶
func (peer *Peer) RoutineSequentialSender()
Sequentially reads packets from queue and sends to endpoint * * Obs. Single instance per peer. * The routine terminates then the outbound queue is closed.
func (*Peer) SendBuffer ¶
func (*Peer) SendHandshakeInitiation ¶
func (*Peer) SendHandshakeResponse ¶
func (*Peer) SendKeepalive ¶
Queues a keepalive if no packets are queued for peer
func (*Peer) SetEndpointFromPacket ¶
func (*Peer) ZeroAndFlushAll ¶
func (peer *Peer) ZeroAndFlushAll()
type QueueHandshakeElement ¶
type QueueHandshakeElement struct {
// contains filtered or unexported fields
}