device

package
v0.0.0-...-0de9ac5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2020 License: MIT Imports: 42 Imported by: 2

Documentation

Overview

SPDX-License-Identifier: MIT * * Copyright (C) 2020 BI.ZONE LLC. All Rights Reserved.

SPDX-License-Identifier: MIT * * Copyright (C) 2020 BI.ZONE LLC. All Rights Reserved.

Index

Constants

View Source 
const (
	RekeyAfterMessages      = (1 << 60)
	RejectAfterMessages     = (1 << 64) - (1 << 13) - 1
	RekeyAfterTime          = time.Second * 120
	RekeyAttemptTime        = time.Second * 90
	RekeyTimeout            = time.Second * 5
	MaxTimerHandshakes      = 90 / 5 /* RekeyAttemptTime / RekeyTimeout */
	RekeyTimeoutJitterMaxMs = 334
	RejectAfterTime         = time.Second * 180
	KeepaliveTimeout        = time.Second * 10
	CookieRefreshTime       = time.Second * 120
	HandshakeInitationRate  = time.Second / 50
	PaddingMultiple         = 16
)
View Source 
const (
	MinMessageSize = MessageKeepaliveSize                  // minimum size of transport message (keepalive)
	MaxMessageSize = MaxSegmentSize                        // maximum size of transport message
	MaxContentSize = MaxSegmentSize - MessageTransportSize // maximum size of transport message content
)
View Source 
const (
	UnderLoadQueueSize = QueueHandshakeSize / 8
	UnderLoadAfterTime = time.Second // how long does the device remain under load after detected
	MaxPeers           = 1 << 16     // maximum number of configured peers
)
View Source 
const (
	IPv4offsetTotalLength = 2
	IPv4offsetSrc         = 12
	IPv4offsetDst         = IPv4offsetSrc + net.IPv4len
)
View Source 
const (
	IPv6offsetPayloadLength = 4
	IPv6offsetSrc           = 8
	IPv6offsetDst           = IPv6offsetSrc + net.IPv6len
)
View Source 
const (
	LogLevelSilent = iota
	LogLevelError
	LogLevelInfo
	LogLevelDebug
)
View Source 
const (
	AtomicFalse = int32(iota)
	AtomicTrue
)
View Source 
const (
	KDF1Label = "KDF_GOST_R_3411_2012_256_LABEL_1"
	KDF2Label = "KDF_GOST_R_3411_2012_256_LABEL_2"
	KDF3Label = "KDF_GOST_R_3411_2012_256_LABEL_3"
)
View Source 
const (
	AEADSymmetricKeySize = 32
	AEADNonceSize        = 16
	AEADTagSize          = 16
)
View Source 
const (
	NoisePublicKeySize  = 32 + 1 // size of Noise public key encoded in compressed ANSI X9.62 format.
	NoisePrivateKeySize = 32     // size of Noise private key.
)
View Source 
const (
	NoiseConstruction    = "Noise_IKpsk2_GC256A_GOST_R_341112_256_WITH_KUZNYECHIK_MGM"
	WireGuardIdentifier  = "RU WireGuard v1 2020 zx2c4 Jason@zx2c4.com"
	WireGuardLabelMAC1   = "RU mac1---- 2020"
	WireGuardLabelCookie = "RU cookie-- 2020"
)
View Source 
const (
	MessageInitiationType  = 1
	MessageResponseType    = 2
	MessageCookieReplyType = 3
	MessageTransportType   = 4
)
View Source 
const (
	MessageInitiationSize      = 182                                      // size of the first message
	MessageResponseSize        = 125                                      // size of the second response message
	MessageCookieReplySize     = 72                                       // size of cookie reply message
	MessageTransportHeaderSize = 16                                       // size of data preceding content in transport message
	MessageTransportSize       = MessageTransportHeaderSize + AEADTagSize // size of empty transport
	MessageKeepaliveSize       = MessageTransportSize                     // size of keepalive
	MessageHandshakeSize       = MessageInitiationSize                    // size of largest handshake related message
	AdditionalDataSize         = 12                                       // size of additional data in the MGM primitive
)
View Source 
const (
	MessageTransportOffsetReceiver = 4
	MessageTransportOffsetCounter  = 8
	MessageTransportOffsetContent  = 16
)
View Source 
const (
	QueueOutboundSize          = 1024
	QueueInboundSize           = 1024
	QueueHandshakeSize         = 1024
	MaxSegmentSize             = (1 << 16) - 1 // largest possible UDP datagram
	PreallocatedBuffersPerPool = 0             // Disable and allow for infinite memory growth
)
View Source 
const DefaultMTU = 1420
View Source 
const (
	PeerRoutineNumber = 3
)
View Source 
const WireGuardGoVersion = "0.0.20201118"

Variables

View Source 
var (
	InitialChainKey [gost34112012256.Size]byte
	InitialHash     [gost34112012256.Size]byte
	ZeroNonce       [AEADNonceSize]byte // Used in the first and second handshake messages.
)

Functions

func Hash 

func Hash(dst *[gost34112012256.Size]byte, data []byte)

func KDF1 

func KDF1(t1 *[gost34112012256.Size]byte, key, input []byte)

func KDF2 

func KDF2(t1, t2 *[gost34112012256.Size]byte, key, input []byte)

func KDF3 

func KDF3(t1, t2, t3 *[gost34112012256.Size]byte, key, input []byte)

func MAC 

func MAC(sum *[gost34112012256.Size]byte, key, in0 []byte)

MAC computes the keyed MAC value based on HMAC_GOSTR3411_2012_256.

Types

type AEADNonce 

type AEADNonce [AEADNonceSize]byte

type AEADSymmetricKey 

type AEADSymmetricKey [AEADSymmetricKeySize]byte

func (*AEADSymmetricKey) FromHex 

func (key *AEADSymmetricKey) FromHex(src string) error

func (AEADSymmetricKey) ToHex 

func (key AEADSymmetricKey) ToHex() string

type AllowedIPs 

type AllowedIPs struct {
	IPv4 *trieEntry
	IPv6 *trieEntry
	// contains filtered or unexported fields
}

func (*AllowedIPs) EntriesForPeer 

func (table *AllowedIPs) EntriesForPeer(peer *Peer) []net.IPNet

func (*AllowedIPs) Insert 

func (table *AllowedIPs) Insert(ip net.IP, cidr uint, peer *Peer)

func (*AllowedIPs) LookupIPv4 

func (table *AllowedIPs) LookupIPv4(address []byte) *Peer

func (*AllowedIPs) LookupIPv6 

func (table *AllowedIPs) LookupIPv6(address []byte) *Peer

func (*AllowedIPs) RemoveByPeer 

func (table *AllowedIPs) RemoveByPeer(peer *Peer)

func (*AllowedIPs) Reset 

func (table *AllowedIPs) Reset()

type AtomicBool 

type AtomicBool struct {
	// contains filtered or unexported fields
}

func (*AtomicBool) Get 

func (a *AtomicBool) Get() bool

func (*AtomicBool) Set 

func (a *AtomicBool) Set(val bool)

func (*AtomicBool) Swap 

func (a *AtomicBool) Swap(val bool) bool

type CookieChecker 

type CookieChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieChecker) CheckMAC1 

func (st *CookieChecker) CheckMAC1(msg []byte) bool

func (*CookieChecker) CheckMAC2 

func (st *CookieChecker) CheckMAC2(msg []byte, src []byte) bool

func (*CookieChecker) CreateReply 

func (st *CookieChecker) CreateReply(
	msg []byte,
	recv uint32,
	src []byte,
) (*MessageCookieReply, error)

func (*CookieChecker) Init 

func (st *CookieChecker) Init(pk NoisePublicKey)

type CookieGenerator 

type CookieGenerator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*CookieGenerator) AddMacs 

func (st *CookieGenerator) AddMacs(msg []byte)

func (*CookieGenerator) ConsumeReply 

func (st *CookieGenerator) ConsumeReply(msg *MessageCookieReply) bool

func (*CookieGenerator) Init 

func (st *CookieGenerator) Init(pk NoisePublicKey)

type Device 

type Device struct {
	// contains filtered or unexported fields
}

func NewDevice 

func NewDevice(tunDevice tun.Device, logger *Logger) *Device

func (*Device) Bind 

func (device *Device) Bind() conn.Bind

func (*Device) BindClose 

func (device *Device) BindClose() error

func (*Device) BindSetMark 

func (device *Device) BindSetMark(mark uint32) error

func (*Device) BindUpdate 

func (device *Device) BindUpdate() error

func (*Device) Close 

func (device *Device) Close()

func (*Device) ConsumeMessageInitiation 

func (device *Device) ConsumeMessageInitiation(msg *MessageInitiation) *Peer

func (*Device) ConsumeMessageResponse 

func (device *Device) ConsumeMessageResponse(msg *MessageResponse) *Peer

func (*Device) CreateMessageInitiation 

func (device *Device) CreateMessageInitiation(peer *Peer) (*MessageInitiation, error)

func (*Device) CreateMessageResponse 

func (device *Device) CreateMessageResponse(peer *Peer) (*MessageResponse, error)

func (*Device) DeleteKeypair 

func (device *Device) DeleteKeypair(key *Keypair)

func (*Device) DisableSomeRoamingForBrokenMobileSemantics 

func (device *Device) DisableSomeRoamingForBrokenMobileSemantics()

func (*Device) Down 

func (device *Device) Down()

func (*Device) FlushPacketQueues 

func (device *Device) FlushPacketQueues()

func (*Device) GetInboundElement 

func (device *Device) GetInboundElement() *QueueInboundElement

func (*Device) GetMessageBuffer 

func (device *Device) GetMessageBuffer() *[MaxMessageSize]byte

func (*Device) GetOutboundElement 

func (device *Device) GetOutboundElement() *QueueOutboundElement

func (*Device) IpcGetOperation 

func (device *Device) IpcGetOperation(socket *bufio.Writer) error

func (*Device) IpcHandle 

func (device *Device) IpcHandle(socket net.Conn)

func (*Device) IpcSetOperation 

func (device *Device) IpcSetOperation(socket *bufio.Reader) error

func (*Device) IsUnderLoad 

func (device *Device) IsUnderLoad() bool

func (*Device) LookupPeer 

func (device *Device) LookupPeer(pk NoisePublicKey) *Peer

func (*Device) NewOutboundElement 

func (device *Device) NewOutboundElement() *QueueOutboundElement

func (*Device) NewPeer 

func (device *Device) NewPeer(pk NoisePublicKey) (*Peer, error)

func (*Device) PopulatePools 

func (device *Device) PopulatePools()

func (*Device) PutInboundElement 

func (device *Device) PutInboundElement(msg *QueueInboundElement)

func (*Device) PutMessageBuffer 

func (device *Device) PutMessageBuffer(msg *[MaxMessageSize]byte)

func (*Device) PutOutboundElement 

func (device *Device) PutOutboundElement(msg *QueueOutboundElement)

func (*Device) RemoveAllPeers 

func (device *Device) RemoveAllPeers()

func (*Device) RemovePeer 

func (device *Device) RemovePeer(key NoisePublicKey)

func (*Device) RoutineDecryption 

func (device *Device) RoutineDecryption()

func (*Device) RoutineEncryption 

func (device *Device) RoutineEncryption()

Encrypts the elements in the queue * and marks them for sequential consumption (by releasing the mutex) * * Obs. One instance per core

func (*Device) RoutineHandshake 

func (device *Device) RoutineHandshake()

Handles incoming packets related to handshake

func (*Device) RoutineReadFromTUN 

func (device *Device) RoutineReadFromTUN()

Reads packets from the TUN and inserts * into nonce queue for peer * * Obs. Single instance per TUN device

func (*Device) RoutineReceiveIncoming 

func (device *Device) RoutineReceiveIncoming(IP int, bind conn.Bind)

Receives incoming datagrams for the device * * Every time the bind is updated a new routine is started for * IPv4 and IPv6 (separately)

func (*Device) RoutineTUNEventReader 

func (device *Device) RoutineTUNEventReader()

func (*Device) SendHandshakeCookie 

func (device *Device) SendHandshakeCookie(initiatingElem *QueueHandshakeElement) error

func (*Device) SendKeepalivesToPeersWithCurrentKeypair 

func (device *Device) SendKeepalivesToPeersWithCurrentKeypair()

func (*Device) SetPrivateKey 

func (device *Device) SetPrivateKey(sk NoisePrivateKey) error

func (*Device) Up 

func (device *Device) Up()

func (*Device) Wait 

func (device *Device) Wait() chan struct{}

type Handshake 

type Handshake struct {
	// contains filtered or unexported fields
}

func (*Handshake) Clear 

func (h *Handshake) Clear()

type IPCError 

type IPCError struct {
	// contains filtered or unexported fields
}

func (IPCError) Error 

func (s IPCError) Error() string

func (IPCError) ErrorCode 

func (s IPCError) ErrorCode() int64

type IndexTable 

type IndexTable struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*IndexTable) Delete 

func (table *IndexTable) Delete(index uint32)

func (*IndexTable) Init 

func (table *IndexTable) Init()

func (*IndexTable) Lookup 

func (table *IndexTable) Lookup(id uint32) IndexTableEntry

func (*IndexTable) NewIndexForHandshake 

func (table *IndexTable) NewIndexForHandshake(peer *Peer, handshake *Handshake) (uint32, error)

func (*IndexTable) SwapIndexForKeypair 

func (table *IndexTable) SwapIndexForKeypair(index uint32, keypair *Keypair)

type IndexTableEntry 

type IndexTableEntry struct {
	// contains filtered or unexported fields
}

type Keypair 

type Keypair struct {
	// contains filtered or unexported fields
}

type Keypairs 

type Keypairs struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*Keypairs) Current 

func (kp *Keypairs) Current() *Keypair

type Logger 

type Logger struct {
	Debug *log.Logger
	Info  *log.Logger
	Error *log.Logger
}

func NewLogger 

func NewLogger(level int, prepend string) *Logger

type MessageCookieReply 

type MessageCookieReply struct {
	Type     uint32
	Receiver uint32
	Nonce    [AEADNonceSize]byte
	Cookie   [gost34112012256.Size + AEADTagSize]byte
}

type MessageInitiation 

type MessageInitiation struct {
	Type      uint32
	Sender    uint32
	Ephemeral NoisePublicKey
	Static    [NoisePublicKeySize + AEADTagSize]byte
	Timestamp [tai64n.TimestampSize + AEADTagSize]byte
	MAC1      [gost34112012256.Size]byte
	MAC2      [gost34112012256.Size]byte
}

type MessageResponse 

type MessageResponse struct {
	Type      uint32
	Sender    uint32
	Receiver  uint32
	Ephemeral NoisePublicKey
	Empty     [AEADTagSize]byte
	MAC1      [gost34112012256.Size]byte
	MAC2      [gost34112012256.Size]byte
}

type NoisePrivateKey 

type NoisePrivateKey [NoisePrivateKeySize]byte

func (NoisePrivateKey) Equals 

func (key NoisePrivateKey) Equals(tar NoisePrivateKey) bool

func (*NoisePrivateKey) FromMaybeZeroHex 

func (key *NoisePrivateKey) FromMaybeZeroHex(src string) (err error)

func (NoisePrivateKey) IsZero 

func (key NoisePrivateKey) IsZero() bool

func (*NoisePrivateKey) PublicKey 

func (key *NoisePrivateKey) PublicKey() (pk NoisePublicKey)

PublicKey returns a public key encoded in compressed ANSI X9.62 format.

func (*NoisePrivateKey) SharedSecret 

func (key *NoisePrivateKey) SharedSecret(peerPublicKeyBytes NoisePublicKey) []byte

SharedSecret computes a 256-bit shared secret using VKO GOST R 34.10-2012 key agreement function.

func (NoisePrivateKey) ToHex 

func (key NoisePrivateKey) ToHex() string

type NoisePublicKey 

type NoisePublicKey [NoisePublicKeySize]byte

func (NoisePublicKey) Equals 

func (key NoisePublicKey) Equals(tar NoisePublicKey) bool

func (*NoisePublicKey) FromHex 

func (key *NoisePublicKey) FromHex(src string) error

func (NoisePublicKey) ToHex 

func (key NoisePublicKey) ToHex() string

type Peer 

type Peer struct {
	sync.RWMutex // Mostly protects endpoint, but is generally taken whenever we modify peer
	// contains filtered or unexported fields
}

func (*Peer) BeginSymmetricSession 

func (peer *Peer) BeginSymmetricSession() error

Derives a new keypair from the current handshake state *

func (*Peer) ExpireCurrentKeypairs 

func (peer *Peer) ExpireCurrentKeypairs()

func (*Peer) FlushNonceQueue 

func (peer *Peer) FlushNonceQueue()

func (*Peer) NewTimer 

func (peer *Peer) NewTimer(expirationFunction func(*Peer)) *Timer

func (*Peer) ReceivedWithKeypair 

func (peer *Peer) ReceivedWithKeypair(receivedKeypair *Keypair) bool

func (*Peer) RoutineNonce 

func (peer *Peer) RoutineNonce()

Queues packets when there is no handshake. * Then assigns nonces to packets sequentially * and creates "work" structs for workers * * Obs. A single instance per peer

func (*Peer) RoutineSequentialReceiver 

func (peer *Peer) RoutineSequentialReceiver()

func (*Peer) RoutineSequentialSender 

func (peer *Peer) RoutineSequentialSender()

Sequentially reads packets from queue and sends to endpoint * * Obs. Single instance per peer. * The routine terminates then the outbound queue is closed.

func (*Peer) SendBuffer 

func (peer *Peer) SendBuffer(buffer []byte) error

func (*Peer) SendHandshakeInitiation 

func (peer *Peer) SendHandshakeInitiation(isRetry bool) error

func (*Peer) SendHandshakeResponse 

func (peer *Peer) SendHandshakeResponse() error

func (*Peer) SendKeepalive 

func (peer *Peer) SendKeepalive() bool

Queues a keepalive if no packets are queued for peer

func (*Peer) SetEndpointFromPacket 

func (peer *Peer) SetEndpointFromPacket(endpoint conn.Endpoint)

func (*Peer) Start 

func (peer *Peer) Start()

func (*Peer) Stop 

func (peer *Peer) Stop()

func (*Peer) String 

func (peer *Peer) String() string

func (*Peer) ZeroAndFlushAll 

func (peer *Peer) ZeroAndFlushAll()

type QueueHandshakeElement 

type QueueHandshakeElement struct {
	// contains filtered or unexported fields
}

type QueueInboundElement 

type QueueInboundElement struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*QueueInboundElement) Drop 

func (elem *QueueInboundElement) Drop()

func (*QueueInboundElement) IsDropped 

func (elem *QueueInboundElement) IsDropped() bool

type QueueOutboundElement 

type QueueOutboundElement struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*QueueOutboundElement) Drop 

func (elem *QueueOutboundElement) Drop()

func (*QueueOutboundElement) IsDropped 

func (elem *QueueOutboundElement) IsDropped() bool

type Timer 

type Timer struct {
	*time.Timer
	// contains filtered or unexported fields
}

func (*Timer) Del 

func (timer *Timer) Del()

func (*Timer) DelSync 

func (timer *Timer) DelSync()

func (*Timer) IsPending 

func (timer *Timer) IsPending() bool

func (*Timer) Mod 

func (timer *Timer) Mod(d time.Duration)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.