summaryrefslogtreecommitdiffstats
path: root/src/wireguard/tests.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/wireguard/tests.rs')
-rw-r--r--src/wireguard/tests.rs116
1 files changed, 99 insertions, 17 deletions
diff --git a/src/wireguard/tests.rs b/src/wireguard/tests.rs
index 7c87056..28dedec 100644
--- a/src/wireguard/tests.rs
+++ b/src/wireguard/tests.rs
@@ -5,13 +5,23 @@ use std::net::IpAddr;
use std::thread;
use std::time::Duration;
-use rand::rngs::OsRng;
+use hex;
+
+use rand_chacha::ChaCha8Rng;
+use rand_core::{RngCore, SeedableRng};
use x25519_dalek::{PublicKey, StaticSecret};
use pnet::packet::ipv4::MutableIpv4Packet;
use pnet::packet::ipv6::MutableIpv6Packet;
-fn make_packet(size: usize, src: IpAddr, dst: IpAddr) -> Vec<u8> {
+fn make_packet(size: usize, src: IpAddr, dst: IpAddr, id: u64) -> Vec<u8> {
+ // expand pseudo random payload
+ let mut rng: _ = ChaCha8Rng::seed_from_u64(id);
+ let mut p: Vec<u8> = vec![];
+ for _ in 0..size {
+ p.push(rng.next_u32() as u8);
+ }
+
// create "IP packet"
let mut msg = Vec::with_capacity(size);
msg.resize(size, 0);
@@ -19,21 +29,25 @@ fn make_packet(size: usize, src: IpAddr, dst: IpAddr) -> Vec<u8> {
IpAddr::V4(dst) => {
let mut packet = MutableIpv4Packet::new(&mut msg[..]).unwrap();
packet.set_destination(dst);
+ packet.set_total_length(size as u16);
packet.set_source(if let IpAddr::V4(src) = src {
src
} else {
panic!("src.version != dst.version")
});
+ packet.set_payload(&p[..]);
packet.set_version(4);
}
IpAddr::V6(dst) => {
let mut packet = MutableIpv6Packet::new(&mut msg[..]).unwrap();
packet.set_destination(dst);
+ packet.set_payload_length((size - MutableIpv6Packet::minimum_packet_size()) as u16);
packet.set_source(if let IpAddr::V6(src) = src {
src
} else {
panic!("src.version != dst.version")
});
+ packet.set_payload(&p[..]);
packet.set_version(6);
}
}
@@ -55,7 +69,7 @@ fn wait() {
fn test_pure_wireguard() {
init();
- // create WG instances for fake TUN devices
+ // create WG instances for dummy TUN devices
let (fake1, tun_reader1, tun_writer1, mtu1) = dummy::TunTest::create(1500, true);
let wg1: Wireguard<dummy::TunTest, dummy::PairBind> =
@@ -77,10 +91,20 @@ fn test_pure_wireguard() {
// generate (public, pivate) key pairs
- let mut rng = OsRng::new().unwrap();
- let sk1 = StaticSecret::new(&mut rng);
- let sk2 = StaticSecret::new(&mut rng);
+ let sk1 = StaticSecret::from([
+ 0x3f, 0x69, 0x86, 0xd1, 0xc0, 0xec, 0x25, 0xa0, 0x9c, 0x8e, 0x56, 0xb5, 0x1d, 0xb7, 0x3c,
+ 0xed, 0x56, 0x8e, 0x59, 0x9d, 0xd9, 0xc3, 0x98, 0x67, 0x74, 0x69, 0x90, 0xc3, 0x43, 0x36,
+ 0x78, 0x89,
+ ]);
+
+ let sk2 = StaticSecret::from([
+ 0xfb, 0xd1, 0xd6, 0xe4, 0x65, 0x06, 0xd2, 0xe5, 0xc5, 0xdf, 0x6e, 0xab, 0x51, 0x71, 0xd8,
+ 0x70, 0xb5, 0xb7, 0x77, 0x51, 0xb4, 0xbe, 0xfb, 0xbc, 0x88, 0x62, 0x40, 0xca, 0x2c, 0xc2,
+ 0x66, 0xe2,
+ ]);
+
let pk1 = PublicKey::from(&sk1);
+
let pk2 = PublicKey::from(&sk2);
wg1.new_peer(pk2);
@@ -94,21 +118,79 @@ fn test_pure_wireguard() {
let peer2 = wg1.lookup_peer(&pk2).unwrap();
let peer1 = wg2.lookup_peer(&pk1).unwrap();
- peer1.router.add_subnet("192.168.2.0".parse().unwrap(), 24);
- peer2.router.add_subnet("192.168.1.0".parse().unwrap(), 24);
+ peer1
+ .router
+ .add_allowed_ips("192.168.1.0".parse().unwrap(), 24);
+
+ peer2
+ .router
+ .add_allowed_ips("192.168.2.0".parse().unwrap(), 24);
- // set endpoints
+ // set endpoint (the other should be learned dynamically)
- peer1.router.set_endpoint(dummy::UnitEndpoint::new());
peer2.router.set_endpoint(dummy::UnitEndpoint::new());
- // create IP packets (causing a new handshake)
+ let num_packets = 20;
+
+ // send IP packets (causing a new handshake)
+
+ {
+ let mut packets: Vec<Vec<u8>> = Vec::with_capacity(num_packets);
+
+ for id in 0..num_packets {
+ packets.push(make_packet(
+ 50 + 50 * id as usize, // size
+ "192.168.1.20".parse().unwrap(), // src
+ "192.168.2.10".parse().unwrap(), // dst
+ id as u64, // prng seed
+ ));
+ }
+
+ let mut backup = packets.clone();
+
+ while let Some(p) = packets.pop() {
+ fake1.write(p);
+ }
- let packet_p1_to_p2 = make_packet(
- 1000,
- "192.168.2.20".parse().unwrap(), // src
- "192.168.1.10".parse().unwrap(), // dst
- );
+ wait();
- fake1.write(packet_p1_to_p2);
+ while let Some(p) = backup.pop() {
+ assert_eq!(
+ hex::encode(fake2.read()),
+ hex::encode(p),
+ "Failed to receive valid IPv4 packet unmodified and in-order"
+ );
+ }
+ }
+
+ // send IP packets (other direction)
+
+ {
+ let mut packets: Vec<Vec<u8>> = Vec::with_capacity(num_packets);
+
+ for id in 0..num_packets {
+ packets.push(make_packet(
+ 50 + 50 * id as usize, // size
+ "192.168.2.10".parse().unwrap(), // src
+ "192.168.1.20".parse().unwrap(), // dst
+ (id + 100) as u64, // prng seed
+ ));
+ }
+
+ let mut backup = packets.clone();
+
+ while let Some(p) = packets.pop() {
+ fake2.write(p);
+ }
+
+ wait();
+
+ while let Some(p) = backup.pop() {
+ assert_eq!(
+ hex::encode(fake1.read()),
+ hex::encode(p),
+ "Failed to receive valid IPv4 packet unmodified and in-order"
+ );
+ }
+ }
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.