-
-type TAP interface {
- io.Reader
- io.Writer
-}
-
-type Peer struct {
- addr *net.UDPAddr
- key *[KeySize]byte // encryption key
- nonceOur uint64 // nonce for our messages
- nonceRecv uint64 // latest received nonce from remote peer
-}
-
-type UDPPkt struct {
- addr *net.UDPAddr
- size int
-}
-
-func main() {
- flag.Parse()
- log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile)
-
- // Key decoding
- keyData, err := ioutil.ReadFile(*keyPath)
- if err != nil {
- panic("Unable to read keyfile: " + err.Error())
- }
- if len(keyData) < 64 {
- panic("Key must be 64 hex characters long")
- }
- keyDecoded, err := hex.DecodeString(string(keyData[0:64]))
- if err != nil {
- panic("Unable to decode the key: " + err.Error())
- }
- key := new([KeySize]byte)
- copy(key[:], keyDecoded)
- keyDecoded = nil
- keyData = nil
-
- // Interface listening
- maxIfacePktSize := *mtu - poly1305.TagSize - NonceSize
- log.Println("Max MTU", maxIfacePktSize, "on interface", *ifaceName)
- iface := NewTAP(*ifaceName)
- ethBuf := make([]byte, maxIfacePktSize)
- ethSink := make(chan int)
- ethSinkReady := make(chan bool)
- go func() {
- for {
- <-ethSinkReady
- n, err := iface.Read(ethBuf)
- if err != nil {
- panic(err)
- }
- ethSink <- n
- }
- }()
- ethSinkReady <- true
-
- // Network address parsing
- if (len(*bindAddr) > 1 && len(*remoteAddr) > 1) ||
- (len(*bindAddr) == 0 && len(*remoteAddr) == 0) {
- panic("Either -bind or -remote must be specified only")
- }
- var conn *net.UDPConn
- var remote *net.UDPAddr
- serverMode := false
- bindTo := "0.0.0.0:0"
-
- if len(*bindAddr) > 1 {
- bindTo = *bindAddr
- serverMode = true
- }
-
- bind, err := net.ResolveUDPAddr("udp", bindTo)
- if err != nil {
- panic(err)
- }
- conn, err = net.ListenUDP("udp", bind)
- if err != nil {
- panic(err)
- }
-
- if len(*remoteAddr) > 1 {
- remote, err = net.ResolveUDPAddr("udp", *remoteAddr)
- if err != nil {
- panic(err)
- }
- }
-
- udpBuf := make([]byte, *mtu)
- udpSink := make(chan *UDPPkt)
- udpSinkReady := make(chan bool)
- go func(conn *net.UDPConn) {
- for {
- <-udpSinkReady
- conn.SetReadDeadline(time.Now().Add(time.Second))
- n, addr, err := conn.ReadFromUDP(udpBuf)
- if err != nil {
- if *verbose {
- fmt.Print("B")
- }
- udpSink <- nil
- } else {
- udpSink <- &UDPPkt{addr, n}
- }
- }
- }(conn)
- udpSinkReady <- true
-
- // Process packets
- var udpPkt *UDPPkt
- var udpPktData []byte
- var ethPktSize int
- var addr string
- var peer *Peer
- var p *Peer
-
- timeouts := 0
- states := make(map[string]*Handshake)
- nonce := make([]byte, NonceSize)
- keyAuth := new([KeySize]byte)
- tag := new([poly1305.TagSize]byte)
- buf := make([]byte, *mtu+S20BS)
- emptyKey := make([]byte, KeySize)
- ethPkt := make([]byte, maxIfacePktSize)
- udpPktDataBuf := make([]byte, *mtu)
-
- if !serverMode {
- states[remote.String()] = HandshakeStart(conn, remote, key)
- }
-
- finished := false
- for {
- if finished {
- break
- }
- select {
- case udpPkt = <-udpSink:
- timeouts++
- if !serverMode && timeouts >= *timeout {
- finished = true
- }
- if udpPkt == nil {
- udpSinkReady <- true
- continue
- }
- copy(udpPktDataBuf, udpBuf[:udpPkt.size])
- udpSinkReady <- true
- udpPktData = udpPktDataBuf[:udpPkt.size]
- if isValidHandshakePkt(udpPktData) {
- addr = udpPkt.addr.String()
- state, exists := states[addr]
- if serverMode {
- if !exists {
- state = &Handshake{addr: udpPkt.addr}
- states[addr] = state
- }
- p = state.Server(conn, key, udpPktData)
- } else {
- if !exists {
- fmt.Print("[HS?]")
- continue
- }
- p = state.Client(conn, key, udpPktData)
- }
- if p != nil {
- fmt.Print("[HS-OK]")
- peer = p
- delete(states, addr)
- }
- continue
- }
- if peer == nil {
- continue
- }
- nonceRecv, _ := binary.Uvarint(udpPktData[:8])
- if peer.nonceRecv >= nonceRecv {
- fmt.Print("R")
- continue
- }
- copy(buf[:KeySize], emptyKey)
- copy(tag[:], udpPktData[udpPkt.size-poly1305.TagSize:])
- copy(buf[S20BS:], udpPktData[NonceSize:udpPkt.size-poly1305.TagSize])
- salsa20.XORKeyStream(
- buf[:S20BS+udpPkt.size-poly1305.TagSize],
- buf[:S20BS+udpPkt.size-poly1305.TagSize],
- udpPktData[:NonceSize],
- peer.key,
- )
- copy(keyAuth[:], buf[:KeySize])
- if !poly1305.Verify(tag, udpPktData[:udpPkt.size-poly1305.TagSize], keyAuth) {
- fmt.Print("T")
- continue
- }
- peer.nonceRecv = nonceRecv
- timeouts = 0
- if _, err := iface.Write(buf[S20BS : S20BS+udpPkt.size-NonceSize-poly1305.TagSize]); err != nil {
- log.Println("Error writing to iface: ", err)
- }
- if *verbose {
- fmt.Print("r")
- }
- case ethPktSize = <-ethSink:
- if ethPktSize > maxIfacePktSize {
- panic("Too large packet on interface")
- }
- if peer == nil {
- ethSinkReady <- true
- continue
- }
- copy(ethPkt, ethBuf[:ethPktSize])
- ethSinkReady <- true
- peer.nonceOur = peer.nonceOur + 2
- binary.PutUvarint(nonce, peer.nonceOur)
- copy(buf[:KeySize], emptyKey)
- copy(buf[S20BS:], ethPkt[:ethPktSize])
- salsa20.XORKeyStream(buf, buf, nonce, peer.key)
- copy(buf[S20BS-NonceSize:S20BS], nonce)
- copy(keyAuth[:], buf[:KeySize])
- dataToSend := buf[S20BS-NonceSize : S20BS+ethPktSize]
- poly1305.Sum(tag, dataToSend, keyAuth)
- if _, err := conn.WriteTo(append(dataToSend, tag[:]...), peer.addr); err != nil {
- log.Println("Error sending UDP", err)
- }
- if *verbose {
- fmt.Print("w")
- }
- }
- }
-}