Initial scaffolding
This commit is contained in:
Jason A. Donenfeld
175
src/ping-test.go
Normal file
175
src/ping-test.go
Normal file
@@ -0,0 +1,175 @@
|
||||
/* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"encoding/binary"
|
||||
"log"
|
||||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/dchest/blake2s"
|
||||
"github.com/titanous/noise"
|
||||
"golang.org/x/net/icmp"
|
||||
"golang.org/x/net/ipv4"
|
||||
)
|
||||
|
||||
func ipChecksum(buf []byte) uint16 {
|
||||
sum := uint32(0)
|
||||
for ; len(buf) >= 2; buf = buf[2:] {
|
||||
sum += uint32(buf[0])<<8 | uint32(buf[1])
|
||||
}
|
||||
if len(buf) > 0 {
|
||||
sum += uint32(buf[0]) << 8
|
||||
}
|
||||
for sum > 0xffff {
|
||||
sum = (sum >> 16) + (sum & 0xffff)
|
||||
}
|
||||
csum := ^uint16(sum)
|
||||
if csum == 0 {
|
||||
csum = 0xffff
|
||||
}
|
||||
return csum
|
||||
}
|
||||
|
||||
func main() {
|
||||
ourPrivate, _ := base64.StdEncoding.DecodeString("WAmgVYXkbT2bCtdcDwolI88/iVi/aV3/PHcUBTQSYmo=")
|
||||
ourPublic, _ := base64.StdEncoding.DecodeString("K5sF9yESrSBsOXPd6TcpKNgqoy1Ik3ZFKl4FolzrRyI=")
|
||||
theirPublic, _ := base64.StdEncoding.DecodeString("qRCwZSKInrMAq5sepfCdaCsRJaoLe5jhtzfiw7CjbwM=")
|
||||
preshared, _ := base64.StdEncoding.DecodeString("FpCyhws9cxwWoV4xELtfJvjJN+zQVRPISllRWgeopVE=")
|
||||
cs := noise.NewCipherSuite(noise.DH25519, noise.CipherChaChaPoly, noise.HashBLAKE2s)
|
||||
hs := noise.NewHandshakeState(noise.Config{
|
||||
CipherSuite: cs,
|
||||
Random: rand.Reader,
|
||||
Pattern: noise.HandshakeIK,
|
||||
Initiator: true,
|
||||
Prologue: []byte("WireGuard v1 zx2c4 Jason@zx2c4.com"),
|
||||
PresharedKey: preshared,
|
||||
PresharedKeyPlacement: 2,
|
||||
StaticKeypair: noise.DHKey{Private: ourPrivate, Public: ourPublic},
|
||||
PeerStatic: theirPublic,
|
||||
})
|
||||
conn, err := net.Dial("udp", "demo.wireguard.io:12913")
|
||||
if err != nil {
|
||||
log.Fatalf("error dialing udp socket: %s", err)
|
||||
}
|
||||
defer conn.Close()
|
||||
|
||||
// write handshake initiation packet
|
||||
now := time.Now()
|
||||
tai64n := make([]byte, 12)
|
||||
binary.BigEndian.PutUint64(tai64n[:], 4611686018427387914+uint64(now.Unix()))
|
||||
binary.BigEndian.PutUint32(tai64n[8:], uint32(now.UnixNano()))
|
||||
initiationPacket := make([]byte, 8)
|
||||
initiationPacket[0] = 1 // Type: Initiation
|
||||
initiationPacket[1] = 0 // Reserved
|
||||
initiationPacket[2] = 0 // Reserved
|
||||
initiationPacket[3] = 0 // Reserved
|
||||
binary.LittleEndian.PutUint32(initiationPacket[4:], 28) // Sender index: 28 (arbitrary)
|
||||
initiationPacket, _, _ = hs.WriteMessage(initiationPacket, tai64n)
|
||||
hasher, _ := blake2s.New(&blake2s.Config{Size: 32})
|
||||
hasher.Write([]byte("mac1----"))
|
||||
hasher.Write(theirPublic)
|
||||
hasher, _ = blake2s.New(&blake2s.Config{Size: 16, Key: hasher.Sum(nil)})
|
||||
hasher.Write(initiationPacket)
|
||||
initiationPacket = append(initiationPacket, hasher.Sum(nil)[:16]...)
|
||||
initiationPacket = append(initiationPacket, make([]byte, 16)...)
|
||||
if _, err := conn.Write(initiationPacket); err != nil {
|
||||
log.Fatalf("error writing initiation packet: %s", err)
|
||||
}
|
||||
|
||||
// read handshake response packet
|
||||
responsePacket := make([]byte, 92)
|
||||
n, err := conn.Read(responsePacket)
|
||||
if err != nil {
|
||||
log.Fatalf("error reading response packet: %s", err)
|
||||
}
|
||||
if n != len(responsePacket) {
|
||||
log.Fatalf("response packet too short: want %d, got %d", len(responsePacket), n)
|
||||
}
|
||||
if responsePacket[0] != 2 { // Type: Response
|
||||
log.Fatalf("response packet type wrong: want %d, got %d", 2, responsePacket[0])
|
||||
}
|
||||
if responsePacket[1] != 0 || responsePacket[2] != 0 || responsePacket[3] != 0 {
|
||||
log.Fatalf("response packet has non-zero reserved fields")
|
||||
}
|
||||
theirIndex := binary.LittleEndian.Uint32(responsePacket[4:])
|
||||
ourIndex := binary.LittleEndian.Uint32(responsePacket[8:])
|
||||
if ourIndex != 28 {
|
||||
log.Fatalf("response packet index wrong: want %d, got %d", 28, ourIndex)
|
||||
}
|
||||
payload, sendCipher, receiveCipher, err := hs.ReadMessage(nil, responsePacket[12:60])
|
||||
if err != nil {
|
||||
log.Fatalf("error reading handshake message: %s", err)
|
||||
}
|
||||
if len(payload) > 0 {
|
||||
log.Fatalf("unexpected payload: %x", payload)
|
||||
}
|
||||
|
||||
// write ICMP Echo packet
|
||||
pingMessage, _ := (&icmp.Message{
|
||||
Type: ipv4.ICMPTypeEcho,
|
||||
Body: &icmp.Echo{
|
||||
ID: 921,
|
||||
Seq: 438,
|
||||
Data: []byte("WireGuard"),
|
||||
},
|
||||
}).Marshal(nil)
|
||||
pingHeader, err := (&ipv4.Header{
|
||||
Version: ipv4.Version,
|
||||
Len: ipv4.HeaderLen,
|
||||
TotalLen: ipv4.HeaderLen + len(pingMessage),
|
||||
Protocol: 1, // ICMP
|
||||
TTL: 20,
|
||||
Src: net.IPv4(10, 189, 129, 2),
|
||||
Dst: net.IPv4(10, 189, 129, 1),
|
||||
}).Marshal()
|
||||
binary.BigEndian.PutUint16(pingHeader[2:], uint16(ipv4.HeaderLen+len(pingMessage))) // fix the length endianness on BSDs
|
||||
pingData := append(pingHeader, pingMessage...)
|
||||
binary.BigEndian.PutUint16(pingData[10:], ipChecksum(pingData))
|
||||
pingPacket := make([]byte, 16)
|
||||
pingPacket[0] = 4 // Type: Data
|
||||
pingPacket[1] = 0 // Reserved
|
||||
pingPacket[2] = 0 // Reserved
|
||||
pingPacket[3] = 0 // Reserved
|
||||
binary.LittleEndian.PutUint32(pingPacket[4:], theirIndex)
|
||||
binary.LittleEndian.PutUint64(pingPacket[8:], 0) // Nonce
|
||||
pingPacket = sendCipher.Encrypt(pingPacket, nil, pingData)
|
||||
if _, err := conn.Write(pingPacket); err != nil {
|
||||
log.Fatalf("error writing ping message: %s", err)
|
||||
}
|
||||
|
||||
// read ICMP Echo Reply packet
|
||||
replyPacket := make([]byte, 128)
|
||||
n, err = conn.Read(replyPacket)
|
||||
if err != nil {
|
||||
log.Fatalf("error reading ping reply message: %s", err)
|
||||
}
|
||||
replyPacket = replyPacket[:n]
|
||||
if replyPacket[0] != 4 { // Type: Data
|
||||
log.Fatalf("unexpected reply packet type: %d", replyPacket[0])
|
||||
}
|
||||
if replyPacket[1] != 0 || replyPacket[2] != 0 || replyPacket[3] != 0 {
|
||||
log.Fatalf("reply packet has non-zero reserved fields")
|
||||
}
|
||||
replyPacket, err = receiveCipher.Decrypt(nil, nil, replyPacket[16:])
|
||||
if err != nil {
|
||||
log.Fatalf("error decrypting reply packet: %s", err)
|
||||
}
|
||||
replyHeaderLen := int(replyPacket[0]&0x0f) << 2
|
||||
replyLen := binary.BigEndian.Uint16(replyPacket[2:])
|
||||
replyMessage, err := icmp.ParseMessage(1, replyPacket[replyHeaderLen:replyLen])
|
||||
if err != nil {
|
||||
log.Fatalf("error parsing echo: %s", err)
|
||||
}
|
||||
echo, ok := replyMessage.Body.(*icmp.Echo)
|
||||
if !ok {
|
||||
log.Fatalf("unexpected reply body type %T", replyMessage.Body)
|
||||
}
|
||||
|
||||
if echo.ID != 921 || echo.Seq != 438 || string(echo.Data) != "WireGuard" {
|
||||
log.Fatalf("incorrect echo response: %#v", echo)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user