diff options
Diffstat (limited to 'src/wireguard/tests.rs')
-rw-r--r-- | src/wireguard/tests.rs | 116 |
1 files changed, 99 insertions, 17 deletions
diff --git a/src/wireguard/tests.rs b/src/wireguard/tests.rs index 7c87056..28dedec 100644 --- a/src/wireguard/tests.rs +++ b/src/wireguard/tests.rs @@ -5,13 +5,23 @@ use std::net::IpAddr; use std::thread; use std::time::Duration; -use rand::rngs::OsRng; +use hex; + +use rand_chacha::ChaCha8Rng; +use rand_core::{RngCore, SeedableRng}; use x25519_dalek::{PublicKey, StaticSecret}; use pnet::packet::ipv4::MutableIpv4Packet; use pnet::packet::ipv6::MutableIpv6Packet; -fn make_packet(size: usize, src: IpAddr, dst: IpAddr) -> Vec<u8> { +fn make_packet(size: usize, src: IpAddr, dst: IpAddr, id: u64) -> Vec<u8> { + // expand pseudo random payload + let mut rng: _ = ChaCha8Rng::seed_from_u64(id); + let mut p: Vec<u8> = vec![]; + for _ in 0..size { + p.push(rng.next_u32() as u8); + } + // create "IP packet" let mut msg = Vec::with_capacity(size); msg.resize(size, 0); @@ -19,21 +29,25 @@ fn make_packet(size: usize, src: IpAddr, dst: IpAddr) -> Vec<u8> { IpAddr::V4(dst) => { let mut packet = MutableIpv4Packet::new(&mut msg[..]).unwrap(); packet.set_destination(dst); + packet.set_total_length(size as u16); packet.set_source(if let IpAddr::V4(src) = src { src } else { panic!("src.version != dst.version") }); + packet.set_payload(&p[..]); packet.set_version(4); } IpAddr::V6(dst) => { let mut packet = MutableIpv6Packet::new(&mut msg[..]).unwrap(); packet.set_destination(dst); + packet.set_payload_length((size - MutableIpv6Packet::minimum_packet_size()) as u16); packet.set_source(if let IpAddr::V6(src) = src { src } else { panic!("src.version != dst.version") }); + packet.set_payload(&p[..]); packet.set_version(6); } } @@ -55,7 +69,7 @@ fn wait() { fn test_pure_wireguard() { init(); - // create WG instances for fake TUN devices + // create WG instances for dummy TUN devices let (fake1, tun_reader1, tun_writer1, mtu1) = dummy::TunTest::create(1500, true); let wg1: Wireguard<dummy::TunTest, dummy::PairBind> = @@ -77,10 +91,20 @@ fn test_pure_wireguard() { // generate (public, pivate) key pairs - let mut rng = OsRng::new().unwrap(); - let sk1 = StaticSecret::new(&mut rng); - let sk2 = StaticSecret::new(&mut rng); + let sk1 = StaticSecret::from([ + 0x3f, 0x69, 0x86, 0xd1, 0xc0, 0xec, 0x25, 0xa0, 0x9c, 0x8e, 0x56, 0xb5, 0x1d, 0xb7, 0x3c, + 0xed, 0x56, 0x8e, 0x59, 0x9d, 0xd9, 0xc3, 0x98, 0x67, 0x74, 0x69, 0x90, 0xc3, 0x43, 0x36, + 0x78, 0x89, + ]); + + let sk2 = StaticSecret::from([ + 0xfb, 0xd1, 0xd6, 0xe4, 0x65, 0x06, 0xd2, 0xe5, 0xc5, 0xdf, 0x6e, 0xab, 0x51, 0x71, 0xd8, + 0x70, 0xb5, 0xb7, 0x77, 0x51, 0xb4, 0xbe, 0xfb, 0xbc, 0x88, 0x62, 0x40, 0xca, 0x2c, 0xc2, + 0x66, 0xe2, + ]); + let pk1 = PublicKey::from(&sk1); + let pk2 = PublicKey::from(&sk2); wg1.new_peer(pk2); @@ -94,21 +118,79 @@ fn test_pure_wireguard() { let peer2 = wg1.lookup_peer(&pk2).unwrap(); let peer1 = wg2.lookup_peer(&pk1).unwrap(); - peer1.router.add_subnet("192.168.2.0".parse().unwrap(), 24); - peer2.router.add_subnet("192.168.1.0".parse().unwrap(), 24); + peer1 + .router + .add_allowed_ips("192.168.1.0".parse().unwrap(), 24); + + peer2 + .router + .add_allowed_ips("192.168.2.0".parse().unwrap(), 24); - // set endpoints + // set endpoint (the other should be learned dynamically) - peer1.router.set_endpoint(dummy::UnitEndpoint::new()); peer2.router.set_endpoint(dummy::UnitEndpoint::new()); - // create IP packets (causing a new handshake) + let num_packets = 20; + + // send IP packets (causing a new handshake) + + { + let mut packets: Vec<Vec<u8>> = Vec::with_capacity(num_packets); + + for id in 0..num_packets { + packets.push(make_packet( + 50 + 50 * id as usize, // size + "192.168.1.20".parse().unwrap(), // src + "192.168.2.10".parse().unwrap(), // dst + id as u64, // prng seed + )); + } + + let mut backup = packets.clone(); + + while let Some(p) = packets.pop() { + fake1.write(p); + } - let packet_p1_to_p2 = make_packet( - 1000, - "192.168.2.20".parse().unwrap(), // src - "192.168.1.10".parse().unwrap(), // dst - ); + wait(); - fake1.write(packet_p1_to_p2); + while let Some(p) = backup.pop() { + assert_eq!( + hex::encode(fake2.read()), + hex::encode(p), + "Failed to receive valid IPv4 packet unmodified and in-order" + ); + } + } + + // send IP packets (other direction) + + { + let mut packets: Vec<Vec<u8>> = Vec::with_capacity(num_packets); + + for id in 0..num_packets { + packets.push(make_packet( + 50 + 50 * id as usize, // size + "192.168.2.10".parse().unwrap(), // src + "192.168.1.20".parse().unwrap(), // dst + (id + 100) as u64, // prng seed + )); + } + + let mut backup = packets.clone(); + + while let Some(p) = packets.pop() { + fake2.write(p); + } + + wait(); + + while let Some(p) = backup.pop() { + assert_eq!( + hex::encode(fake1.read()), + hex::encode(p), + "Failed to receive valid IPv4 packet unmodified and in-order" + ); + } + } } |