aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJake McGinty <me@jake.su>2018-02-17 20:12:29 +0000
committerJake McGinty <me@jake.su>2018-02-17 20:12:29 +0000
commit6a976a4c1636cf2a93224f472593c8c041e4e71d (patch)
tree335033ea5da24b7afbe421da37c9ca074c7ad201
parentfix criterion bench (diff)
downloadwireguard-rs-6a976a4c1636cf2a93224f472593c8c041e4e71d.tar.xz
wireguard-rs-6a976a4c1636cf2a93224f472593c8c041e4e71d.zip
cookie module
Diffstat
-rw-r--r--Cargo.lock18
-rw-r--r--Cargo.toml8
-rw-r--r--src/cookie.rs26
-rw-r--r--src/interface/peer_server.rs6
-rw-r--r--src/lib.rs2
-rw-r--r--src/noise.rs24
-rw-r--r--src/protocol/peer.rs5
7 files changed, 54 insertions, 35 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 68d67a1..d968c13 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -518,6 +518,19 @@ dependencies = [
]
[[package]]
+name = "nix"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "bitflags 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "bytes 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cfg-if 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
+ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
name = "nodrop"
version = "0.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1173,6 +1186,7 @@ dependencies = [
"blake2-rfc 0.2.18 (registry+https://github.com/rust-lang/crates.io-index)",
"byteorder 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
"bytes 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "chacha20-poly1305-aead 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
"criterion 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
"daemonize 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
"env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1180,9 +1194,8 @@ dependencies = [
"futures 0.1.18 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
"lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "libc 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)",
- "nix 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "nix 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
"pnet 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)",
"rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
"rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1320,6 +1333,7 @@ dependencies = [
"checksum mio-utun 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "8ed33b4a824985cedd49c2efde3d90487b7801ab98917c2ed8bb2acdbe08a3e5"
"checksum miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919"
"checksum net2 0.2.31 (registry+https://github.com/rust-lang/crates.io-index)" = "3a80f842784ef6c9a958b68b7516bc7e35883c614004dd94959a4dca1b716c09"
+"checksum nix 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b7fd5681d13fda646462cfbd4e5f2051279a89a544d50eb98c365b507246839f"
"checksum nix 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a2c5afeb0198ec7be8569d666644b574345aad2e95a53baf3a532da3e0f3fb32"
"checksum nodrop 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "9a2228dca57108069a5262f2ed8bd2e82496d2e074a06d1ccc7ce1687b6ae0a2"
"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31"
diff --git a/Cargo.toml b/Cargo.toml
index 6f4fa82..58115b2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,6 +29,7 @@ base64 = "^0.5"
blake2-rfc = "0.2"
byteorder = "^1.2"
bytes = "0.4"
+chacha20-poly1305-aead = "^0.1"
daemonize = "0.2"
env_logger = "^0.4"
failure = "^0.1"
@@ -37,8 +38,7 @@ lazy_static = "^1"
log = "^0.3"
hex = "^0.3"
rand = "^0.4"
-libc = "0.2"
-nix = "0.9"
+nix = "^0.10"
rustc-serialize = "0.3.22"
pnet = "*"
snow = { git = "https://github.com/mcginty/snow", features = ["ring-accelerated"], branch = "wireguard" }
@@ -46,11 +46,11 @@ socket2 = "^0.3"
structopt = "^0.1"
structopt-derive = "^0.1"
subtle = "^0.5"
-time = "*"
+time = "^0.1"
tokio-io = "^0.1"
tokio-core = "^0.1"
tokio-uds = "^0.1"
tokio-utun = "^0.1"
tokio-timer = "^0.1"
treebitmap = "^0.2"
-x25519-dalek = "0.1.0"
+x25519-dalek = "^0.1"
diff --git a/src/cookie.rs b/src/cookie.rs
new file mode 100644
index 0000000..2fd9f56
--- /dev/null
+++ b/src/cookie.rs
@@ -0,0 +1,26 @@
+use blake2_rfc::blake2s::blake2s;
+use chacha20_poly1305_aead;
+use failure::Error;
+use subtle;
+
+pub fn build_mac1(pub_key: &[u8], mac_input: &[u8], mac_output: &mut [u8]) {
+ debug_assert!(mac_output.len() == 16);
+ let mut mac_key_input = [0; 40];
+ mac_key_input[..8].copy_from_slice(b"mac1----");
+ mac_key_input[8..40].copy_from_slice(pub_key);
+ let mac_key = blake2s(32, &[], &mac_key_input);
+ let mac = blake2s(16, mac_key.as_bytes(), mac_input);
+ mac_output.copy_from_slice(mac.as_bytes());
+}
+
+pub fn verify_mac1(pub_key: &[u8], mac_input: &[u8], mac: &[u8]) -> Result<(), Error> {
+ debug_assert!(mac.len() == 16);
+ let mut mac_key_input = [0; 40];
+ mac_key_input[..8].copy_from_slice(b"mac1----");
+ mac_key_input[8..40].copy_from_slice(pub_key);
+ let mac_key = blake2s(32, &[], &mac_key_input);
+ let our_mac = blake2s(16, mac_key.as_bytes(), mac_input);
+
+ ensure!(subtle::slices_equal(mac, our_mac.as_bytes()) == 1, "mac mismatch");
+ Ok(())
+}
diff --git a/src/interface/peer_server.rs b/src/interface/peer_server.rs
index 0ad4cde..d8a9be2 100644
--- a/src/interface/peer_server.rs
+++ b/src/interface/peer_server.rs
@@ -1,8 +1,8 @@
use super::{SharedState, UtunPacket, trace_packet};
use consts::{REKEY_TIMEOUT, REKEY_AFTER_TIME, REJECT_AFTER_TIME, REKEY_ATTEMPT_TIME, KEEPALIVE_TIMEOUT, MAX_CONTENT_SIZE, TIMER_TICK_DURATION};
+use cookie;
use interface::SharedPeer;
use protocol::{Peer, SessionType};
-use noise::Noise;
use timer::{Timer, TimerMessage};
use std::io;
@@ -108,7 +108,7 @@ impl PeerServer {
let pubkey = state.interface_info.pub_key.as_ref()
.ok_or_else(|| err_msg("must have local interface key"))?;
let (mac_in, mac_out) = packet.split_at(116);
- Noise::verify_mac1(pubkey, mac_in, &mac_out[..16])?;
+ cookie::verify_mac1(pubkey, mac_in, &mac_out[..16])?;
}
debug!("got handshake initiation request (0x01)");
@@ -133,7 +133,7 @@ impl PeerServer {
let pubkey = state.interface_info.pub_key.as_ref()
.ok_or_else(|| err_msg("must have local interface key"))?;
let (mac_in, mac_out) = packet.split_at(60);
- Noise::verify_mac1(pubkey, mac_in, &mac_out[..16])?;
+ cookie::verify_mac1(pubkey, mac_in, &mac_out[..16])?;
}
debug!("got handshake response (0x02)");
diff --git a/src/lib.rs b/src/lib.rs
index f4442c7..b9e7132 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -14,6 +14,7 @@ extern crate base64;
extern crate blake2_rfc;
extern crate byteorder;
extern crate bytes;
+extern crate chacha20_poly1305_aead;
extern crate env_logger;
extern crate futures;
extern crate hex;
@@ -34,6 +35,7 @@ extern crate treebitmap;
extern crate x25519_dalek;
pub mod consts;
+pub mod cookie;
pub mod error;
pub mod interface;
pub mod noise;
diff --git a/src/noise.rs b/src/noise.rs
index 255a3ff..11310ab 100644
--- a/src/noise.rs
+++ b/src/noise.rs
@@ -1,9 +1,6 @@
-use blake2_rfc::blake2s::blake2s;
use failure::{Error, SyncFailure};
use snow::{NoiseBuilder, Session};
use snow::params::NoiseParams;
-use subtle;
-
lazy_static! {
static ref NOISE_PARAMS: NoiseParams = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s".parse().unwrap();
@@ -32,25 +29,4 @@ impl Noise {
.map_err(SyncFailure::new)?)
}
- pub fn build_mac1(pub_key: &[u8], mac_input: &[u8], mac_output: &mut [u8]) {
- debug_assert!(mac_output.len() == 16);
- let mut mac_key_input = [0; 40];
- mac_key_input[..8].copy_from_slice(b"mac1----");
- mac_key_input[8..40].copy_from_slice(pub_key);
- let mac_key = blake2s(32, &[], &mac_key_input);
- let mac = blake2s(16, mac_key.as_bytes(), mac_input);
- mac_output.copy_from_slice(mac.as_bytes());
- }
-
- pub fn verify_mac1(pub_key: &[u8], mac_input: &[u8], mac: &[u8]) -> Result<(), Error> {
- debug_assert!(mac.len() == 16);
- let mut mac_key_input = [0; 40];
- mac_key_input[..8].copy_from_slice(b"mac1----");
- mac_key_input[8..40].copy_from_slice(pub_key);
- let mac_key = blake2s(32, &[], &mac_key_input);
- let our_mac = blake2s(16, mac_key.as_bytes(), mac_input);
-
- ensure!(subtle::slices_equal(mac, our_mac.as_bytes()) == 1, "mac mismatch");
- Ok(())
- }
}
diff --git a/src/protocol/peer.rs b/src/protocol/peer.rs
index bafb892..13d1368 100644
--- a/src/protocol/peer.rs
+++ b/src/protocol/peer.rs
@@ -1,6 +1,7 @@
use anti_replay::AntiReplay;
use byteorder::{ByteOrder, LittleEndian};
use consts::{TRANSPORT_OVERHEAD, TRANSPORT_HEADER_SIZE, MAX_SEGMENT_SIZE, REJECT_AFTER_MESSAGES};
+use cookie;
use failure::{Error, SyncFailure, err_msg};
use noise::Noise;
use std::{self, mem};
@@ -145,7 +146,7 @@ impl Peer {
session.noise.write_message(&*tai64n, &mut packet[8..]).map_err(SyncFailure::new)?;
{
let (mac_in, mac_out) = packet.split_at_mut(116);
- Noise::build_mac1(&self.info.pub_key, mac_in, &mut mac_out[..16]);
+ cookie::build_mac1(&self.info.pub_key, mac_in, &mut mac_out[..16]);
}
let our_index = session.our_index;
@@ -206,7 +207,7 @@ impl Peer {
{
let (mac_in, mac_out) = packet.split_at_mut(60);
- Noise::build_mac1(&self.info.pub_key, mac_in, &mut mac_out[..16]);
+ cookie::build_mac1(&self.info.pub_key, mac_in, &mut mac_out[..16]);
}
Ok(packet)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.