Attempt at decapsulation

Receives packet by remote wireguard server, but can't decapsulate currently

burrow/src/wireguard/iface.rs

@@ -92,6 +92,7 @@ impl Interface {
     pub async fn run(self) {
         let pcbs = self.pcbs;
         let tun = self.tun;
+        log::info!("starting interface");
 
         let outgoing = async move {
             loop {
@@ -124,12 +125,33 @@ impl Interface {
                     continue
                 };
 
-                log::debug!("found peer {}", idx);
+                log::debug!("found peer:{}", idx);
 
                 match pcbs.pcbs[idx].send(src).await {
-                    Ok(..) => {log::debug!("sent packet to peer {}", dst_addr);}
+                    Ok(..) => {
+                        log::debug!("sent packet to peer {}", dst_addr);
+                    }
+                    Err(e) => {
+                        log::error!("failed to send packet {}", e);
+                        continue
+                    },
+                }
+
+                let mut recv_buf = [0;1500];
+                match pcbs.pcbs[idx].recv(&mut recv_buf[..]).await {
+                    Ok(siz) => {
+                        log::info!("received {} bytes from peer",siz);
+                        log::debug!("bytes: {:?}", &recv_buf[..siz]);
+                        match tun.send(&recv_buf[..siz]).await{
+                            Ok(..) => log::debug!("sent packet to interface"),
                             Err(e) => log::error!("failed to send packet {}", e),
                         }
+                    },
+                    Err(e) => {
+                        log::error!("failed to receive packet {}", e);
+                        continue
+                    }
+                }
             }
         };
 

burrow/src/wireguard/noise/handshake.rs

@@ -137,6 +137,8 @@ fn aead_chacha20_open(
     let mut nonce: [u8; 12] = [0; 12];
     nonce[4..].copy_from_slice(&counter.to_le_bytes());
 
+    log::debug!("TAG A");
+
     aead_chacha20_open_inner(buffer, key, nonce, data, aad)
         .map_err(|_| WireGuardError::InvalidAeadTag)?;
     Ok(())
@@ -680,6 +682,7 @@ impl Handshake {
             aad: &mac1[0..16],
             msg: packet.encrypted_cookie,
         };
+        log::debug!("TAG B");
         let plaintext = XChaCha20Poly1305::new_from_slice(&key)
             .unwrap()
             .decrypt(packet.nonce.into(), payload)

burrow/src/wireguard/noise/mod.rs

@@ -146,6 +146,7 @@ impl Tunnel {
 
         // Checks the type, as well as the reserved zero fields
         let packet_type = u32::from_le_bytes(src[0..4].try_into().unwrap());
+        log::debug!("packet_type: {}", packet_type);
 
         Ok(match (packet_type, src.len()) {
             (HANDSHAKE_INIT, HANDSHAKE_INIT_SZ) => Packet::HandshakeInit(HandshakeInit {

burrow/src/wireguard/noise/rate_limiter.rs

@@ -6,6 +6,7 @@ use std::{
 
 use aead::{generic_array::GenericArray, AeadInPlace, KeyInit};
 use chacha20poly1305::{Key, XChaCha20Poly1305};
+use log::log;
 use parking_lot::Mutex;
 use rand_core::{OsRng, RngCore};
 use ring::constant_time::verify_slices_are_equal;
@@ -173,11 +174,14 @@ impl RateLimiter {
         dst: &'b mut [u8],
     ) -> Result<Packet<'a>, TunnResult<'b>> {
         let packet = Tunnel::parse_incoming_packet(src)?;
+        log::debug!("packet: {:?}", packet);
 
         // Verify and rate limit handshake messages only
         if let Packet::HandshakeInit(HandshakeInit { sender_idx, .. })
         | Packet::HandshakeResponse(HandshakeResponse { sender_idx, .. }) = packet
         {
+            log::debug!("sender_idx: {}", sender_idx);
+            log::debug!("response: {:?}", packet);
             let (msg, macs) = src.split_at(src.len() - 32);
             let (mac1, mac2) = macs.split_at(16);
 

burrow/src/wireguard/noise/session.rs

@@ -253,6 +253,7 @@ impl Session {
         // check the counter without running expensive decryption
         self.receiving_counter_quick_check(packet.counter)?;
 
+        log::debug!("TAG C");
         let ret = {
             let mut nonce = [0u8; 12];
             nonce[4..12].copy_from_slice(&packet.counter.to_le_bytes());

burrow/src/wireguard/pcb.rs

@@ -65,6 +65,33 @@ impl PeerPcb {
         }
     }
 
+    pub async fn recv(&mut self, buf: &mut [u8]) -> Result<usize, Error> {
+        loop{
+            let Some(socket) = self.socket.as_ref() else {
+                continue
+            };
+            let mut res_buf = [0;1500];
+            let (len, addr) = socket.recv_from(&mut res_buf).await?;
+            let res_dat = &res_buf[..len];
+            tracing::debug!("Decapsulating {} bytes from {}", len, addr);
+            tracing::debug!("{:?}", &res_dat);
+            match self.tunnel.decapsulate(None, res_dat, &mut buf[..]) {
+                TunnResult::Done => {tracing::debug!("Decapsulate done")}
+                TunnResult::Err(e) => {
+                    tracing::error!(message = "Decapsulate error", error = ?e)
+                }
+                TunnResult::WriteToNetwork(packet) => {
+                    tracing::debug!("sending {} bytes to {}", packet.len(), addr);
+                    let socket = self.socket().await?;
+                    socket.send(packet).await?;
+                }
+                _ => panic!("Unexpected result from decapsulate"),
+            }
+            tracing::debug!("received {} bytes from {}", len, addr);
+            return Ok(len)
+        }
+    }
+
     pub async fn socket(&mut self) -> Result<&UdpSocket, Error> {
         self.open_if_closed().await?;
         Ok(self.socket.as_ref().expect("socket was just opened"))