hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions 4

add support for preshared keys

Browse source
This commit is contained in:
Jett Chen 2023-11-22 21:33:22 +08:00
parent 614e17d2d5
commit 5174fdd238
4 changed files with 33 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

14
burrow/src/daemon/mod.rs
View file

@ -21,18 +21,22 @@ pub use net::start_srv;
pub use response::{DaemonResponseData, DaemonResponse, ServerInfo};
#[throws]
fn parse_secret_key(string: &str) -> StaticSecret {
fn parse_key(string: &str) -> [u8; 32] {
let value = general_purpose::STANDARD.decode(string)?;
let mut key = [0u8; 32];
key.copy_from_slice(&value[..]);
key
}
#[throws]
fn parse_secret_key(string: &str) -> StaticSecret {
let key = parse_key(string)?;
StaticSecret::from(key)
}
#[throws]
fn parse_public_key(string: &str) -> PublicKey {
let value = general_purpose::STANDARD.decode(string)?;
let mut key = [0u8; 32];
key.copy_from_slice(&value[..]);
let key = parse_key(string)?;
PublicKey::from(key)
}
@ -47,11 +51,13 @@ pub async fn daemon_main() -> Result<()> {
let private_key = parse_secret_key("GNqIAOCRxjl/cicZyvkvpTklgQuUmGUIEkH7IXF/sEE=")?;
let public_key = parse_public_key("uy75leriJay0+oHLhRMpV+A5xAQ0hCJ+q7Ww81AOvT4=")?;
let preshared_key = Some(parse_key("s7lx/mg+reVEMnGnqeyYOQkzD86n2+gYnx1M9ygi08k=")?);
let endpoint = "wg.burrow.rs:51820".to_socket_addrs()?.next().unwrap();
let iface = Interface::new(tun, vec![Peer {
endpoint,
private_key,
public_key,
preshared_key,
allowed_ips: vec![IpNetwork::V4(Ipv4Network::DEFAULT_ROUTE)],
}])?;

4
burrow/src/wireguard/iface.rs
View file

@ -142,10 +142,6 @@ impl Interface {
Ok(siz) => {
log::info!("received {} bytes from peer",siz);
log::debug!("bytes: {:?}", &recv_buf[..siz]);
match tun.send(&recv_buf[..siz]).await{
Ok(..) => log::debug!("sent packet to interface"),
Err(e) => log::error!("failed to send packet {}", e),
}
},
Err(e) => {
log::error!("failed to receive packet {}", e);

27
burrow/src/wireguard/pcb.rs
View file

@ -23,7 +23,7 @@ pub struct PeerPcb {
impl PeerPcb {
#[throws]
pub fn new(peer: Peer) -> Self {
let tunnel = Tunnel::new(peer.private_key, peer.public_key, None, None, 1, None)
let tunnel = Tunnel::new(peer.private_key, peer.public_key, peer.preshared_key, None, 1, None)
.map_err(|s| anyhow::anyhow!("{}", s))?;
Self {
@ -72,22 +72,31 @@ impl PeerPcb {
};
let mut res_buf = [0;1500];
let (len, addr) = socket.recv_from(&mut res_buf).await?;
let res_dat = &res_buf[..len];
let mut res_dat = &res_buf[..len];
tracing::debug!("Decapsulating {} bytes from {}", len, addr);
tracing::debug!("{:?}", &res_dat);
loop {
match self.tunnel.decapsulate(None, res_dat, &mut buf[..]) {
TunnResult::Done => {tracing::debug!("Decapsulate done")}
TunnResult::Done => {
tracing::debug!("Decapsulate done");
break;
}
TunnResult::Err(e) => {
tracing::error!(message = "Decapsulate error", error = ?e)
tracing::error!(message = "Decapsulate error", error = ?e);
break;
}
TunnResult::WriteToNetwork(packet) => {
tracing::debug!("sending {} bytes to {}", packet.len(), addr);
let socket = self.socket().await?;
socket.send(packet).await?;
tracing::debug!("WriteToNetwork: {:?}", packet);
res_dat = &[];
continue;
}
TunnResult::WriteToTunnelV4(packet, addr) => {
tracing::debug!("WriteToTunnelV4: {:?}, {:?}", packet, addr);
continue;
}
e => panic!("Unexpected result from decapsulate: {:?}", e),
}
_ => panic!("Unexpected result from decapsulate"),
}
tracing::debug!("received {} bytes from {}", len, addr);
return Ok(len)
}
}

1
burrow/src/wireguard/peer.rs
View file

@ -10,6 +10,7 @@ pub struct Peer {
pub private_key: StaticSecret,
pub public_key: PublicKey,
pub allowed_ips: Vec<IpNetwork>,
pub preshared_key: Option<[u8; 32]>
}
impl fmt::Debug for Peer {