void/amneziawg-tools
2
0
Fork 0
mirror of https://github.com/amnezia-vpn/amneziawg-tools.git synced 2025-08-02 01:22:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: special handshake continue

Browse source
This commit is contained in:
Mark Puha 2025-06-13 20:25:07 +02:00
parent 3be9c02b19
commit 09e36b2416
14 changed files with 1552 additions and 1120 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
contrib/embeddable-wg-library/wireguard.c
View file

@ -72,7 +72,8 @@ enum wgdevice_attribute {
enum wgpeer_flag { enum wgpeer_flag {
WGPEER_F_REMOVE_ME = 1U << 0, WGPEER_F_REMOVE_ME = 1U << 0,
WGPEER_F_REPLACE_ALLOWEDIPS = 1U << 1, WGPEER_F_REPLACE_ALLOWEDIPS = 1U << 1,
WGPEER_F_HAS_ADVANCED_SECURITY = 1U << 3 WGPEER_F_HAS_ADVANCED_SECURITY = 1U << 3,
WGPEER_F_HAS_SPECIAL_HANDSHAKE = 1U << 4
}; };
enum wgpeer_attribute { enum wgpeer_attribute {
WGPEER_A_UNSPEC, WGPEER_A_UNSPEC,
@ -87,6 +88,7 @@ enum wgpeer_attribute {
WGPEER_A_ALLOWEDIPS, WGPEER_A_ALLOWEDIPS,
WGPEER_A_PROTOCOL_VERSION, WGPEER_A_PROTOCOL_VERSION,
WGPEER_A_ADVANCED_SECURITY, WGPEER_A_ADVANCED_SECURITY,
WGPEER_A_SPECIAL_HANDSHAKE,
__WGPEER_A_LAST __WGPEER_A_LAST
}; };

3
contrib/peer-approver/approve.sh
View file

@ -5,6 +5,7 @@ INTERFACE_NAME=$2
PUBLIC_KEY=$3 PUBLIC_KEY=$3
ENDPOINT=$4 ENDPOINT=$4
ADVANCED_SECURITY=$5 ADVANCED_SECURITY=$5
SPECIAL_HANDSHAKE=$6
ACCOUNT_STR=`grep "${PUBLIC_KEY}" "${ACCOUNTS_FILE}"` ACCOUNT_STR=`grep "${PUBLIC_KEY}" "${ACCOUNTS_FILE}"`
@ -19,7 +20,7 @@ PSK=$(echo ${ACCOUNT[2]}|tr -d '"')
PSK_FILE=$(tempfile) PSK_FILE=$(tempfile)
echo "${PSK}" > "${PSK_FILE}" echo "${PSK}" > "${PSK_FILE}"
awg set "${INTERFACE_NAME}" peer "${PUBLIC_KEY}" allowed-ips "${ALLOWED_IPS}" endpoint "${ENDPOINT}" allowed-ips "${ALLOWED_IPS}" preshared-key "${PSK_FILE}" advanced-security "${ADVANCED_SECURITY}" awg set "${INTERFACE_NAME}" peer "${PUBLIC_KEY}" allowed-ips "${ALLOWED_IPS}" endpoint "${ENDPOINT}" allowed-ips "${ALLOWED_IPS}" preshared-key "${PSK_FILE}" advanced-security "${ADVANCED_SECURITY}" special-handshake "${SPECIAL_HANDSHAKE}"
EXIT_CODE=$? EXIT_CODE=$?
rm -f "{$PSK_FILE}" rm -f "{$PSK_FILE}"

21
contrib/peer-approver/notification-listener.c
View file

@ -116,18 +116,19 @@ static int get_endpoint(struct nlattr *peer[], char **endpoint_ip)
return 0; return 0;
} }
static int run_callback(char *ifname, char *pubkey, char *endpoint_ip, bool advanced_security) static int run_callback(char *ifname, char *pubkey, char *endpoint_ip, bool advanced_security, bool special_handshake)
{ {
char** new_argv = malloc((cb_argc + 2) * sizeof *new_argv); char** new_argv = malloc((cb_argc + 2) * sizeof *new_argv);
new_argv[0] = cb_argv[1]; new_argv[0] = cb_argv[1];
for (int i = 2; i < cb_argc - 3; i++) { for (int i = 2; i < cb_argc - 4; i++) {
new_argv[i - 1] = cb_argv[i]; new_argv[i - 1] = cb_argv[i];
} }
new_argv[cb_argc - 4] = ifname; new_argv[cb_argc - 5] = ifname;
new_argv[cb_argc - 3] = pubkey; new_argv[cb_argc - 4] = pubkey;
new_argv[cb_argc - 2] = endpoint_ip; new_argv[cb_argc - 3] = endpoint_ip;
new_argv[cb_argc - 1] = (advanced_security ? "on\0" : "off\0"); new_argv[cb_argc - 2] = (advanced_security ? "on\0" : "off\0");
new_argv[cb_argc - 1] = (special_handshake ? "on\0" : "off\0");
new_argv[cb_argc] = NULL; new_argv[cb_argc] = NULL;
int child_pid = fork(), ret; int child_pid = fork(), ret;
@ -156,6 +157,7 @@ static int netlink_callback(struct nl_msg *msg, void *arg)
char *ifname, *pubkey, *endpoint_ip; char *ifname, *pubkey, *endpoint_ip;
bool advanced_security = false; bool advanced_security = false;
bool special_handshake = false;
int cb_ret; int cb_ret;
switch (gnlh->cmd) { switch (gnlh->cmd) {
@ -179,7 +181,10 @@ static int netlink_callback(struct nl_msg *msg, void *arg)
if (nla_get_flag(peer[WGPEER_A_ADVANCED_SECURITY])) { if (nla_get_flag(peer[WGPEER_A_ADVANCED_SECURITY])) {
advanced_security = true; advanced_security = true;
} }
if (cb_ret = run_callback(ifname, pubkey, endpoint_ip, advanced_security)) { if (nla_get_flag(peer[WGPEER_A_SPECIAL_HANDSHAKE])) {
special_handshake = true;
}
if (cb_ret = run_callback(ifname, pubkey, endpoint_ip, advanced_security, special_handshake)) {
prerr("failed to execute callback script: %d!\n", cb_ret); prerr("failed to execute callback script: %d!\n", cb_ret);
return NL_SKIP; return NL_SKIP;
} }
@ -260,4 +265,4 @@ int main(int argc, char *argv[])
} }
cleanup_and_exit(EXIT_FAILURE); cleanup_and_exit(EXIT_FAILURE);
} }

12
src/config.c
View file

@ -606,7 +606,7 @@ static bool process_line(struct config_ctx *ctx, const char *line)
ret = parse_string(&ctx->device->j3, "J3", value); ret = parse_string(&ctx->device->j3, "J3", value);
if (ret) if (ret)
ctx->device->flags |= WGDEVICE_HAS_J3; ctx->device->flags |= WGDEVICE_HAS_J3;
} else if (key_match("ITIME")) { } else if (key_match("Itime")) {
ret = parse_uint32(&ctx->device->itime, "Itime", value); ret = parse_uint32(&ctx->device->itime, "Itime", value);
if (ret) if (ret)
ctx->device->flags |= WGDEVICE_HAS_ITIME; ctx->device->flags |= WGDEVICE_HAS_ITIME;
@ -631,6 +631,10 @@ static bool process_line(struct config_ctx *ctx, const char *line)
ret = parse_bool(&ctx->last_peer->advanced_security, "AdvancedSecurity", value); ret = parse_bool(&ctx->last_peer->advanced_security, "AdvancedSecurity", value);
if (ret) if (ret)
ctx->last_peer->flags |= WGPEER_HAS_ADVANCED_SECURITY; ctx->last_peer->flags |= WGPEER_HAS_ADVANCED_SECURITY;
} else if (key_match("SpecialHandshake")) {
ret = parse_bool(&ctx->last_peer->special_handshake, "SpecialHandshake", value);
if (ret)
ctx->last_peer->flags |= WGPEER_HAS_SPECIAL_HANDSHAKE;
} else } else
goto error; goto error;
} else } else
@ -934,6 +938,12 @@ struct wgdevice *config_read_cmd(const char *argv[], int argc)
peer->flags |= WGPEER_HAS_ADVANCED_SECURITY; peer->flags |= WGPEER_HAS_ADVANCED_SECURITY;
argv += 2; argv += 2;
argc -= 2; argc -= 2;
} else if (!strcmp(argv[0], "special-handshake") && argc >= 2 && peer) {
if (!parse_bool(&peer->special_handshake, "SpecialHandshake", argv[1]))
goto error;
peer->flags |= WGPEER_HAS_SPECIAL_HANDSHAKE;
argv += 2;
argc -= 2;
} else { } else {
fprintf(stderr, "Invalid argument: %s\n", argv[0]); fprintf(stderr, "Invalid argument: %s\n", argv[0]);
goto error; goto error;

4
src/containers.h
View file

@ -53,7 +53,8 @@ enum
WGPEER_HAS_PUBLIC_KEY = 1U << 2, WGPEER_HAS_PUBLIC_KEY = 1U << 2,
WGPEER_HAS_PRESHARED_KEY = 1U << 3, WGPEER_HAS_PRESHARED_KEY = 1U << 3,
WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL = 1U << 4, WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL = 1U << 4,
WGPEER_HAS_ADVANCED_SECURITY = 1U << 5 WGPEER_HAS_ADVANCED_SECURITY = 1U << 5,
WGPEER_HAS_SPECIAL_HANDSHAKE = 1U << 6
}; };
struct wgpeer struct wgpeer
@ -75,6 +76,7 @@ struct wgpeer
uint16_t persistent_keepalive_interval; uint16_t persistent_keepalive_interval;
bool advanced_security; bool advanced_security;
bool special_handshake;
struct wgallowedip *first_allowedip, *last_allowedip; struct wgallowedip *first_allowedip, *last_allowedip;
struct wgpeer* next_peer; struct wgpeer* next_peer;

2
src/ipc-freebsd.h
View file

@ -251,7 +251,7 @@ static int kernel_get_device(struct wgdevice** device, const char* ifname)
if (nvlist_exists_binary(nvl_device, "itime")) if (nvlist_exists_binary(nvl_device, "itime"))
{ {
number = nvlist_get_number(nvl_device, "itime"); number = nvlist_get_number(nvl_device, "itime");
if (number <= INT32_MAX) if (number <= UINT32_MAX)
{ {
dev->itime = number; dev->itime = number;
dev->flags |= WGDEVICE_HAS_ITIME; dev->flags |= WGDEVICE_HAS_ITIME;

45
src/ipc-linux.h
View file

@ -6,6 +6,7 @@
#include "containers.h" #include "containers.h"
#include "encoding.h" #include "encoding.h"
#include "netlink.h" #include "netlink.h"
#include "uapi/linux/linux/wireguard.h"
#include <errno.h> #include <errno.h>
#include <linux/genetlink.h> #include <linux/genetlink.h>
#include <linux/if_link.h> #include <linux/if_link.h>
@ -191,6 +192,25 @@ again:
mnl_attr_put_u32(nlh, WGDEVICE_A_H3, dev->underload_packet_magic_header); mnl_attr_put_u32(nlh, WGDEVICE_A_H3, dev->underload_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_H4) if (dev->flags & WGDEVICE_HAS_H4)
mnl_attr_put_u32(nlh, WGDEVICE_A_H4, dev->transport_packet_magic_header); mnl_attr_put_u32(nlh, WGDEVICE_A_H4, dev->transport_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_I1)
mnl_attr_put_strz(nlh, WGDEVICE_A_I1, dev->i1);
if (dev->flags & WGDEVICE_HAS_I2)
mnl_attr_put_strz(nlh, WGDEVICE_A_I2, dev->i2);
if (dev->flags & WGDEVICE_HAS_I3)
mnl_attr_put_strz(nlh, WGDEVICE_A_I3, dev->i3);
if (dev->flags & WGDEVICE_HAS_I4)
mnl_attr_put_strz(nlh, WGDEVICE_A_I4, dev->i4);
if (dev->flags & WGDEVICE_HAS_I5)
mnl_attr_put_strz(nlh, WGDEVICE_A_I5, dev->i5);
if (dev->flags & WGDEVICE_HAS_J1)
mnl_attr_put_strz(nlh, WGDEVICE_A_J1, dev->j1);
if (dev->flags & WGDEVICE_HAS_J2)
mnl_attr_put_strz(nlh, WGDEVICE_A_J2, dev->j2);
if (dev->flags & WGDEVICE_HAS_J3)
mnl_attr_put_strz(nlh, WGDEVICE_A_J3, dev->j3);
if (dev->flags & WGDEVICE_HAS_ITIME)
mnl_attr_put_u32(nlh, WGDEVICE_A_ITIME, dev->itime);
if (dev->flags & WGDEVICE_HAS_FWMARK) if (dev->flags & WGDEVICE_HAS_FWMARK)
mnl_attr_put_u32(nlh, WGDEVICE_A_FWMARK, dev->fwmark); mnl_attr_put_u32(nlh, WGDEVICE_A_FWMARK, dev->fwmark);
if (dev->flags & WGDEVICE_REPLACE_PEERS) if (dev->flags & WGDEVICE_REPLACE_PEERS)
@ -269,6 +289,13 @@ again:
nlh, SOCKET_BUFFER_SIZE, WGPEER_A_ADVANCED_SECURITY, 0, NULL); nlh, SOCKET_BUFFER_SIZE, WGPEER_A_ADVANCED_SECURITY, 0, NULL);
flags |= WGPEER_F_HAS_ADVANCED_SECURITY; flags |= WGPEER_F_HAS_ADVANCED_SECURITY;
} }
if (peer->flags & WGPEER_HAS_SPECIAL_HANDSHAKE)
{
if (peer->special_handshake)
mnl_attr_put_check(
nlh, SOCKET_BUFFER_SIZE, WGPEER_A_SPECIAL_HANDSHAKE, 0, NULL);
flags |= WGPEER_F_HAS_SPECIAL_HANDSHAKE;
}
if (flags) if (flags)
{ {
if (!mnl_attr_put_u32_check(nlh, SOCKET_BUFFER_SIZE, WGPEER_A_FLAGS, flags)) if (!mnl_attr_put_u32_check(nlh, SOCKET_BUFFER_SIZE, WGPEER_A_FLAGS, flags))
@ -489,6 +516,13 @@ static int parse_peer(const struct nlattr* attr, void* data)
peer->flags |= WGPEER_HAS_ADVANCED_SECURITY; peer->flags |= WGPEER_HAS_ADVANCED_SECURITY;
peer->advanced_security = false; peer->advanced_security = false;
} }
else if (
flags & WGPEER_F_HAS_SPECIAL_HANDSHAKE &&
!(peer->flags & WGPEER_HAS_SPECIAL_HANDSHAKE))
{
peer->flags |= WGPEER_HAS_SPECIAL_HANDSHAKE;
peer->special_handshake = false;
}
} }
break; break;
case WGPEER_A_ADVANCED_SECURITY: case WGPEER_A_ADVANCED_SECURITY:
@ -502,6 +536,17 @@ static int parse_peer(const struct nlattr* attr, void* data)
} }
} }
break; break;
case WGPEER_A_SPECIAL_HANDSHAKE:
if (!mnl_attr_validate(attr, MNL_TYPE_FLAG))
{
peer->special_handshake = true;
if (!(peer->flags & WGPEER_HAS_SPECIAL_HANDSHAKE))
{
peer->flags |= WGPEER_HAS_SPECIAL_HANDSHAKE;
}
}
break;
case WGPEER_A_ALLOWEDIPS: case WGPEER_A_ALLOWEDIPS:
return mnl_attr_parse_nested(attr, parse_allowedips, peer); return mnl_attr_parse_nested(attr, parse_allowedips, peer);
} }

7
src/ipc-uapi.h
View file

@ -89,6 +89,8 @@ static int userspace_set_device(struct wgdevice* dev)
if (dev->flags & WGDEVICE_HAS_ITIME) if (dev->flags & WGDEVICE_HAS_ITIME)
fprintf(f, "itime=%u\n", dev->itime); fprintf(f, "itime=%u\n", dev->itime);
printf("i1: %s\n", dev->i1);
for_each_wgpeer(dev, peer) for_each_wgpeer(dev, peer)
{ {
key_to_hex(hex, peer->public_key); key_to_hex(hex, peer->public_key);
@ -98,6 +100,11 @@ static int userspace_set_device(struct wgdevice* dev)
ret = -EINVAL; ret = -EINVAL;
goto out; goto out;
} }
if (peer->flags & WGPEER_HAS_SPECIAL_HANDSHAKE)
{
ret = -EINVAL;
goto out;
}
if (peer->flags & WGPEER_REMOVE_ME) if (peer->flags & WGPEER_REMOVE_ME)
{ {
fprintf(f, "remove=true\n"); fprintf(f, "remove=true\n");

1139
src/ipc-windows.h
View file

File diff suppressed because it is too large Load diff

1117
src/netlink.h
View file

File diff suppressed because it is too large Load diff

3
src/showconf.c
View file

@ -94,6 +94,9 @@ int showconf_main(int argc, const char *argv[])
if (peer->flags & WGPEER_HAS_ADVANCED_SECURITY) { if (peer->flags & WGPEER_HAS_ADVANCED_SECURITY) {
printf("AdvancedSecurity = %s\n", peer->advanced_security ? "on" : "off"); printf("AdvancedSecurity = %s\n", peer->advanced_security ? "on" : "off");
} }
if (peer->flags & WGPEER_HAS_SPECIAL_HANDSHAKE) {
printf("SpecialHandshake = %s\n", peer->special_handshake ? "on" : "off");
}
if (peer->first_allowedip) if (peer->first_allowedip)
printf("AllowedIPs = "); printf("AllowedIPs = ");
for_each_wgallowedip(peer, allowedip) { for_each_wgallowedip(peer, allowedip) {

8
src/uapi/linux/linux/wireguard.h
View file

@ -114,6 +114,9 @@
* WGPEER_A_ADVANCED_SECURITY: flag indicating that advanced security * WGPEER_A_ADVANCED_SECURITY: flag indicating that advanced security
* techniques provided by AmneziaWG should * techniques provided by AmneziaWG should
* be used. * be used.
* WGPEER_A_SPECIAL_HANDSHAKE: flag indicating that special handshake
* techniques provided by AmneziaWG should
* be used.
* 0: NLA_NESTED * 0: NLA_NESTED
* ... * ...
* ... * ...
@ -147,6 +150,9 @@
* WGPEER_A_ADVANCED_SECURITY: flag indicating that advanced security * WGPEER_A_ADVANCED_SECURITY: flag indicating that advanced security
* techniques provided by AmneziaWG should * techniques provided by AmneziaWG should
* be used. * be used.
* WGPEER_A_SPECIAL_HANDSHAKE: flag indicating that special handshake
* techniques provided by AmneziaWG should
* be used.
* *
*/ */
@ -210,6 +216,7 @@ enum wgpeer_flag {
WGPEER_F_REPLACE_ALLOWEDIPS = 1U << 1, WGPEER_F_REPLACE_ALLOWEDIPS = 1U << 1,
WGPEER_F_UPDATE_ONLY = 1U << 2, WGPEER_F_UPDATE_ONLY = 1U << 2,
WGPEER_F_HAS_ADVANCED_SECURITY = 1U << 3, WGPEER_F_HAS_ADVANCED_SECURITY = 1U << 3,
WGPEER_F_HAS_SPECIAL_HANDSHAKE = 1U << 4,
__WGPEER_F_ALL = WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS | __WGPEER_F_ALL = WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
WGPEER_F_UPDATE_ONLY WGPEER_F_UPDATE_ONLY
}; };
@ -226,6 +233,7 @@ enum wgpeer_attribute {
WGPEER_A_ALLOWEDIPS, WGPEER_A_ALLOWEDIPS,
WGPEER_A_PROTOCOL_VERSION, WGPEER_A_PROTOCOL_VERSION,
WGPEER_A_ADVANCED_SECURITY, WGPEER_A_ADVANCED_SECURITY,
WGPEER_A_SPECIAL_HANDSHAKE,
__WGPEER_A_LAST __WGPEER_A_LAST
}; };
#define WGPEER_A_MAX (__WGPEER_A_LAST - 1) #define WGPEER_A_MAX (__WGPEER_A_LAST - 1)

164
src/uapi/openbsd/net/if_wg.h
View file

@ -7,13 +7,12 @@
#ifndef __IF_WG_H__ #ifndef __IF_WG_H__
#define __IF_WG_H__ #define __IF_WG_H__
#include <sys/limits.h>
#include <sys/errno.h> #include <sys/errno.h>
#include <sys/limits.h>
#include <net/if.h> #include <net/if.h>
#include <netinet/in.h> #include <netinet/in.h>
/* /*
* This is the public interface to the WireGuard network interface. * This is the public interface to the WireGuard network interface.
* *
@ -25,87 +24,112 @@
#define SIOCSWG _IOWR('i', 210, struct wg_data_io) #define SIOCSWG _IOWR('i', 210, struct wg_data_io)
#define SIOCGWG _IOWR('i', 211, struct wg_data_io) #define SIOCGWG _IOWR('i', 211, struct wg_data_io)
#define a_ipv4 a_addr.addr_ipv4 #define a_ipv4 a_addr.addr_ipv4
#define a_ipv6 a_addr.addr_ipv6 #define a_ipv6 a_addr.addr_ipv6
struct wg_aip_io { struct wg_aip_io
sa_family_t a_af; {
int a_cidr; sa_family_t a_af;
union wg_aip_addr { int a_cidr;
struct in_addr addr_ipv4; union wg_aip_addr
struct in6_addr addr_ipv6; {
} a_addr; struct in_addr addr_ipv4;
struct in6_addr addr_ipv6;
} a_addr;
}; };
#define WG_PEER_HAS_PUBLIC (1 << 0) #define WG_PEER_HAS_PUBLIC (1 << 0)
#define WG_PEER_HAS_PSK (1 << 1) #define WG_PEER_HAS_PSK (1 << 1)
#define WG_PEER_HAS_PKA (1 << 2) #define WG_PEER_HAS_PKA (1 << 2)
#define WG_PEER_HAS_ENDPOINT (1 << 3) #define WG_PEER_HAS_ENDPOINT (1 << 3)
#define WG_PEER_REPLACE_AIPS (1 << 4) #define WG_PEER_REPLACE_AIPS (1 << 4)
#define WG_PEER_REMOVE (1 << 5) #define WG_PEER_REMOVE (1 << 5)
#define WG_PEER_UPDATE (1 << 6) #define WG_PEER_UPDATE (1 << 6)
#define p_sa p_endpoint.sa_sa #define p_sa p_endpoint.sa_sa
#define p_sin p_endpoint.sa_sin #define p_sin p_endpoint.sa_sin
#define p_sin6 p_endpoint.sa_sin6 #define p_sin6 p_endpoint.sa_sin6
struct wg_peer_io { struct wg_peer_io
int p_flags; {
int p_protocol_version; int p_flags;
uint8_t p_public[WG_KEY_LEN]; int p_protocol_version;
uint8_t p_psk[WG_KEY_LEN]; uint8_t p_public[WG_KEY_LEN];
uint16_t p_pka; uint8_t p_psk[WG_KEY_LEN];
union wg_peer_endpoint { uint16_t p_pka;
struct sockaddr sa_sa; union wg_peer_endpoint
struct sockaddr_in sa_sin; {
struct sockaddr_in6 sa_sin6; struct sockaddr sa_sa;
} p_endpoint; struct sockaddr_in sa_sin;
uint64_t p_txbytes; struct sockaddr_in6 sa_sin6;
uint64_t p_rxbytes; } p_endpoint;
struct timespec p_last_handshake; /* nanotime */ uint64_t p_txbytes;
size_t p_aips_count; uint64_t p_rxbytes;
struct wg_aip_io p_aips[]; struct timespec p_last_handshake; /* nanotime */
size_t p_aips_count;
struct wg_aip_io p_aips[];
}; };
#define WG_INTERFACE_HAS_PUBLIC (1 << 0) #define WG_INTERFACE_HAS_PUBLIC (1 << 0)
#define WG_INTERFACE_HAS_PRIVATE (1 << 1) #define WG_INTERFACE_HAS_PRIVATE (1 << 1)
#define WG_INTERFACE_HAS_PORT (1 << 2) #define WG_INTERFACE_HAS_PORT (1 << 2)
#define WG_INTERFACE_HAS_RTABLE (1 << 3) #define WG_INTERFACE_HAS_RTABLE (1 << 3)
#define WG_INTERFACE_REPLACE_PEERS (1 << 4) #define WG_INTERFACE_REPLACE_PEERS (1 << 4)
#define WG_INTERFACE_DEVICE_HAS_JC (1 << 5) #define WG_INTERFACE_DEVICE_HAS_JC (1 << 5)
#define WG_INTERFACE_DEVICE_HAS_JMIN (1 << 6) #define WG_INTERFACE_DEVICE_HAS_JMIN (1 << 6)
#define WG_INTERFACE_DEVICE_HAS_JMAX (1 << 7) #define WG_INTERFACE_DEVICE_HAS_JMAX (1 << 7)
#define WG_INTERFACE_DEVICE_HAS_S1 (1 << 8) #define WG_INTERFACE_DEVICE_HAS_S1 (1 << 8)
#define WG_INTERFACE_DEVICE_HAS_S2 (1 << 9) #define WG_INTERFACE_DEVICE_HAS_S2 (1 << 9)
#define WG_INTERFACE_DEVICE_HAS_H1 (1 << 10) #define WG_INTERFACE_DEVICE_HAS_H1 (1 << 10)
#define WG_INTERFACE_DEVICE_HAS_H2 (1 << 11) #define WG_INTERFACE_DEVICE_HAS_H2 (1 << 11)
#define WG_INTERFACE_DEVICE_HAS_H3 (1 << 12) #define WG_INTERFACE_DEVICE_HAS_H3 (1 << 12)
#define WG_INTERFACE_DEVICE_HAS_H4 (1 << 13) #define WG_INTERFACE_DEVICE_HAS_H4 (1 << 13)
#define WG_INTERFACE_DEVICE_HAS_I1 (1 << 14)
#define WG_INTERFACE_DEVICE_HAS_I2 (1 << 15)
#define WG_INTERFACE_DEVICE_HAS_I3 (1 << 16)
#define WG_INTERFACE_DEVICE_HAS_I4 (1 << 17)
#define WG_INTERFACE_DEVICE_HAS_I5 (1 << 18)
#define WG_INTERFACE_DEVICE_HAS_J1 (1 << 19)
#define WG_INTERFACE_DEVICE_HAS_J2 (1 << 20)
#define WG_INTERFACE_DEVICE_HAS_J3 (1 << 21)
#define WG_INTERFACE_DEVICE_HAS_ITIME (1 << 22)
struct wg_interface_io { struct wg_interface_io
uint16_t i_flags; {
in_port_t i_port; uint16_t i_flags;
int i_rtable; in_port_t i_port;
uint8_t i_public[WG_KEY_LEN]; int i_rtable;
uint8_t i_private[WG_KEY_LEN]; uint8_t i_public[WG_KEY_LEN];
size_t i_peers_count; uint8_t i_private[WG_KEY_LEN];
struct wg_peer_io i_peers[]; size_t i_peers_count;
struct wg_peer_io i_peers[];
uint16_t i_junk_packet_count; uint16_t i_junk_packet_count;
uint16_t i_junk_packet_min_size; uint16_t i_junk_packet_min_size;
uint16_t i_junk_packet_max_size; uint16_t i_junk_packet_max_size;
uint16_t i_init_packet_junk_size; uint16_t i_init_packet_junk_size;
uint16_t i_response_packet_junk_size; uint16_t i_response_packet_junk_size;
uint32_t i_init_packet_magic_header; uint32_t i_init_packet_magic_header;
uint32_t i_response_packet_magic_header; uint32_t i_response_packet_magic_header;
uint32_t i_underload_packet_magic_header; uint32_t i_underload_packet_magic_header;
uint32_t i_transport_packet_magic_header; uint32_t i_transport_packet_magic_header;
uint8_t* i_i1;
uint8_t* i_i2;
uint8_t* i_i3;
uint8_t* i_i4;
uint8_t* i_i5;
uint8_t* i_j1;
uint8_t* i_j2;
uint8_t* i_j3;
uint32_t i_itime;
}; };
struct wg_data_io { struct wg_data_io
char wgd_name[IFNAMSIZ]; {
size_t wgd_size; /* total size of the memory pointed to by wgd_interface */ char wgd_name[IFNAMSIZ];
struct wg_interface_io *wgd_interface; size_t wgd_size; /* total size of the memory pointed to by wgd_interface */
struct wg_interface_io* wgd_interface;
}; };
#endif /* __IF_WG_H__ */ #endif /* __IF_WG_H__ */

143
src/uapi/windows/wireguard.h
View file

@ -6,94 +6,113 @@
#ifndef _WIREGUARD_NT_H #ifndef _WIREGUARD_NT_H
#define _WIREGUARD_NT_H #define _WIREGUARD_NT_H
#include <in6addr.h>
#include <inaddr.h>
#include <ntdef.h> #include <ntdef.h>
#include <ws2def.h> #include <ws2def.h>
#include <ws2ipdef.h> #include <ws2ipdef.h>
#include <inaddr.h>
#include <in6addr.h>
#define WG_KEY_LEN 32 #define WG_KEY_LEN 32
typedef struct _WG_IOCTL_ALLOWED_IP typedef struct _WG_IOCTL_ALLOWED_IP
{ {
union union
{ {
IN_ADDR V4; IN_ADDR V4;
IN6_ADDR V6; IN6_ADDR V6;
} Address; } Address;
ADDRESS_FAMILY AddressFamily; ADDRESS_FAMILY AddressFamily;
UCHAR Cidr; UCHAR Cidr;
} __attribute__((aligned(8))) WG_IOCTL_ALLOWED_IP; } __attribute__((aligned(8))) WG_IOCTL_ALLOWED_IP;
typedef enum typedef enum
{ {
WG_IOCTL_PEER_HAS_PUBLIC_KEY = 1 << 0, WG_IOCTL_PEER_HAS_PUBLIC_KEY = 1 << 0,
WG_IOCTL_PEER_HAS_PRESHARED_KEY = 1 << 1, WG_IOCTL_PEER_HAS_PRESHARED_KEY = 1 << 1,
WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE = 1 << 2, WG_IOCTL_PEER_HAS_PERSISTENT_KEEPALIVE = 1 << 2,
WG_IOCTL_PEER_HAS_ENDPOINT = 1 << 3, WG_IOCTL_PEER_HAS_ENDPOINT = 1 << 3,
WG_IOCTL_PEER_HAS_PROTOCOL_VERSION = 1 << 4, WG_IOCTL_PEER_HAS_PROTOCOL_VERSION = 1 << 4,
WG_IOCTL_PEER_REPLACE_ALLOWED_IPS = 1 << 5, WG_IOCTL_PEER_REPLACE_ALLOWED_IPS = 1 << 5,
WG_IOCTL_PEER_REMOVE = 1 << 6, WG_IOCTL_PEER_REMOVE = 1 << 6,
WG_IOCTL_PEER_UPDATE = 1 << 7 WG_IOCTL_PEER_UPDATE = 1 << 7
} WG_IOCTL_PEER_FLAG; } WG_IOCTL_PEER_FLAG;
typedef struct _WG_IOCTL_PEER typedef struct _WG_IOCTL_PEER
{ {
WG_IOCTL_PEER_FLAG Flags; WG_IOCTL_PEER_FLAG Flags;
ULONG ProtocolVersion; /* 0 = latest protocol, 1 = this protocol. */ ULONG ProtocolVersion; /* 0 = latest protocol, 1 = this protocol. */
UCHAR PublicKey[WG_KEY_LEN]; UCHAR PublicKey[WG_KEY_LEN];
UCHAR PresharedKey[WG_KEY_LEN]; UCHAR PresharedKey[WG_KEY_LEN];
USHORT PersistentKeepalive; USHORT PersistentKeepalive;
SOCKADDR_INET Endpoint; SOCKADDR_INET Endpoint;
ULONG64 TxBytes; ULONG64 TxBytes;
ULONG64 RxBytes; ULONG64 RxBytes;
ULONG64 LastHandshake; ULONG64 LastHandshake;
ULONG AllowedIPsCount; ULONG AllowedIPsCount;
} __attribute__((aligned(8))) WG_IOCTL_PEER; } __attribute__((aligned(8))) WG_IOCTL_PEER;
typedef enum typedef enum
{ {
WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY = 1 << 0, WG_IOCTL_INTERFACE_HAS_PUBLIC_KEY = 1 << 0,
WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY = 1 << 1, WG_IOCTL_INTERFACE_HAS_PRIVATE_KEY = 1 << 1,
WG_IOCTL_INTERFACE_HAS_LISTEN_PORT = 1 << 2, WG_IOCTL_INTERFACE_HAS_LISTEN_PORT = 1 << 2,
WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3, WG_IOCTL_INTERFACE_REPLACE_PEERS = 1 << 3,
WG_IOCTL_INTERFACE_PEERS = 1 << 4, WG_IOCTL_INTERFACE_PEERS = 1 << 4,
WG_IOCTL_INTERFACE_JC = 1 << 5, WG_IOCTL_INTERFACE_JC = 1 << 5,
WG_IOCTL_INTERFACE_JMIN = 1 << 6, WG_IOCTL_INTERFACE_JMIN = 1 << 6,
WG_IOCTL_INTERFACE_JMAX = 1 << 7, WG_IOCTL_INTERFACE_JMAX = 1 << 7,
WG_IOCTL_INTERFACE_S1 = 1 << 8, WG_IOCTL_INTERFACE_S1 = 1 << 8,
WG_IOCTL_INTERFACE_S2 = 1 << 9, WG_IOCTL_INTERFACE_S2 = 1 << 9,
WG_IOCTL_INTERFACE_H1 = 1 << 10, WG_IOCTL_INTERFACE_H1 = 1 << 10,
WG_IOCTL_INTERFACE_H2 = 1 << 11, WG_IOCTL_INTERFACE_H2 = 1 << 11,
WG_IOCTL_INTERFACE_H3 = 1 << 12, WG_IOCTL_INTERFACE_H3 = 1 << 12,
WG_IOCTL_INTERFACE_H4 = 1 << 13 WG_IOCTL_INTERFACE_H4 = 1 << 13,
WG_IOCTL_INTERFACE_I1 = 1U << 14,
WG_IOCTL_INTERFACE_I2 = 1U << 15,
WG_IOCTL_INTERFACE_I3 = 1U << 16,
WG_IOCTL_INTERFACE_I4 = 1U << 17,
WG_IOCTL_INTERFACE_I5 = 1U << 18,
WG_IOCTL_INTERFACE_J1 = 1U << 19,
WG_IOCTL_INTERFACE_J2 = 1U << 20,
WG_IOCTL_INTERFACE_J3 = 1U << 21,
WG_IOCTL_INTERFACE_ITIME = 1U << 22
} WG_IOCTL_INTERFACE_FLAG; } WG_IOCTL_INTERFACE_FLAG;
typedef struct _WG_IOCTL_INTERFACE typedef struct _WG_IOCTL_INTERFACE
{ {
WG_IOCTL_INTERFACE_FLAG Flags; WG_IOCTL_INTERFACE_FLAG Flags;
USHORT ListenPort; USHORT ListenPort;
UCHAR PrivateKey[WG_KEY_LEN]; UCHAR PrivateKey[WG_KEY_LEN];
UCHAR PublicKey[WG_KEY_LEN]; UCHAR PublicKey[WG_KEY_LEN];
ULONG PeersCount; ULONG PeersCount;
USHORT JunkPacketCount; USHORT JunkPacketCount;
USHORT JunkPacketMinSize; USHORT JunkPacketMinSize;
USHORT JunkPacketMaxSize; USHORT JunkPacketMaxSize;
USHORT InitPacketJunkSize; USHORT InitPacketJunkSize;
USHORT ResponsePacketJunkSize; USHORT ResponsePacketJunkSize;
ULONG InitPacketMagicHeader; ULONG InitPacketMagicHeader;
ULONG ResponsePacketMagicHeader; ULONG ResponsePacketMagicHeader;
ULONG UnderloadPacketMagicHeader; ULONG UnderloadPacketMagicHeader;
ULONG TransportPacketMagicHeader; ULONG TransportPacketMagicHeader;
UCHAR* I1;
UCHAR* I2;
UCHAR* I3;
UCHAR* I4;
UCHAR* I5;
UCHAR* J1;
UCHAR* J2;
UCHAR* J3;
ULONG Itime;
} __attribute__((aligned(8))) WG_IOCTL_INTERFACE; } __attribute__((aligned(8))) WG_IOCTL_INTERFACE;
#define WG_IOCTL_GET CTL_CODE(45208U, 321, METHOD_OUT_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA) #define WG_IOCTL_GET \
#define WG_IOCTL_SET CTL_CODE(45208U, 322, METHOD_IN_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA) CTL_CODE(45208U, 321, METHOD_OUT_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA)
#define WG_IOCTL_SET \
#define DEVPKEY_WG_NAME (DEVPROPKEY) { \ CTL_CODE(45208U, 322, METHOD_IN_DIRECT, FILE_READ_DATA | FILE_WRITE_DATA)
{ 0x65726957, 0x7547, 0x7261, { 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79 } }, \
DEVPROPID_FIRST_USABLE + 1 \
}
#define DEVPKEY_WG_NAME \
(DEVPROPKEY){ \
{0x65726957, 0x7547, 0x7261, {0x64, 0x4e, 0x61, 0x6d, 0x65, 0x4b, 0x65, 0x79}}, \
DEVPROPID_FIRST_USABLE + 1}
#endif #endif