完善密钥分发

go.mod

@@ -2,4 +2,7 @@ module github.com/fumiama/WireGold
 
 go 1.16
 
-require github.com/sirupsen/logrus v1.8.1
+require (
+	github.com/fumiama/go-x25519 v1.0.0
+	github.com/sirupsen/logrus v1.8.1
+)

go.sum

@@ -1,10 +1,20 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fumiama/go-x25519 v1.0.0 h1:hiGg9EhseVmGCc8T1jECVkj8Keu/aJ1ZK05RM8Vuavo=
+github.com/fumiama/go-x25519 v1.0.0/go.mod h1:8VOhfyGZzw4IUs4nCjQFqW9cA3V/QpSCtP3fo2dLNg4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

gold/head/packet.go

@@ -1,6 +1,9 @@
 package head
 
-import "encoding/json"
+import (
+	"crypto/rand"
+	"encoding/json"
+)
 
 // Packet 是发送和接收的最小单位
 type Packet struct {
@@ -49,5 +52,6 @@ func (p *Packet) Mashal(src string, dst string) ([]byte, error) {
 	p.DataSZ = uint32(len(p.Data))
 	p.Src = src
 	p.Dst = dst
+	rand.Reader.Read(p.Hash[:])
 	return json.Marshal(p)
 }

gold/link/crypto.go

@@ -1,13 +1,15 @@
 package link
 
-import "net"
+import (
+	"net"
+)
 
 var (
 	// 本机私钥
 	// 利用 Curve25519 生成
 	// https://pkg.go.dev/golang.org/x/crypto/curve25519
 	// https://www.zhihu.com/question/266758647
-	privKey [32]byte
+	privKey []byte
 	// 本机虚拟 ip
 	me net.IP
 	// 本机 endpoint
@@ -15,7 +17,7 @@ var (
 )
 
 // SetMyself 设置本机参数
-func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
+func SetMyself(privateKey []byte, myIP string, myEndpoint string) {
 	privKey = privateKey
 	var err error
 	myend, err = net.ResolveUDPAddr("udp", myEndpoint)
@@ -32,11 +34,31 @@ func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
 // Encode 使用 ChaCha20-Poly1305 加密
 // https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
 func (l *Link) Encode(b []byte) (eb []byte, err error) {
-	return b, nil
+	if b == nil {
+		return
+	}
+	if l.key == nil {
+		eb = b
+	} else {
+		// 在此处填写加密逻辑，密钥是l.key，输入是b，输出是eb
+		// 不用写return，直接赋值给eb即可
+		eb = b
+	}
+	return
 }
 
 // Decode 使用 ChaCha20-Poly1305 解密
 // https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
 func (l *Link) Decode(b []byte) (db []byte, err error) {
-	return b, nil
+	if b == nil {
+		return
+	}
+	if l.key == nil {
+		db = b
+	} else {
+		// 在此处填写解密逻辑，密钥是l.key，输入是b，输出是db
+		// 不用写return，直接赋值给db即可
+		db = b
+	}
+	return
 }

gold/link/link.go

@@ -12,7 +12,7 @@ import (
 // Link 是本机到 peer 的连接抽象
 type Link struct {
 	// peer 的公钥
-	pubk [32]byte
+	pubk *[32]byte
 	// peer 的公网 ip:port
 	pep string
 	// 决定本机是否定时向 peer 发送 hello 保持 NAT。
@@ -32,6 +32,8 @@ type Link struct {
 	allowtrans bool
 	// 连接的状态，详见下方 const
 	status int
+	// 连接所用对称加密密钥
+	key *[]byte
 }
 
 const (

gold/link/peer.go

@@ -3,11 +3,13 @@ package link
 import (
 	"net"
 
+	curve "github.com/fumiama/go-x25519"
+
 	"github.com/fumiama/WireGold/gold/head"
 )
 
 // AddPeer 添加一个 peer
-func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
+func AddPeer(peerip string, pubicKey *[32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
 	peerip = net.ParseIP(peerip).String()
 	var ok bool
 	l, ok = IsInPeer(peerip)
@@ -21,6 +23,13 @@ func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []str
 		peerip:     net.ParseIP(peerip),
 		allowtrans: allowTrans,
 	}
+	if pubicKey != nil {
+		c := curve.Get(privKey)
+		k, err := c.Shared(pubicKey)
+		if err == nil {
+			l.key = &k
+		}
+	}
 	if endPoint != "" {
 		e, err := net.ResolveUDPAddr("udp", endPoint)
 		if err != nil {

upper/services/tunnel/tunnel_test.go

@@ -9,8 +9,8 @@ import (
 
 func TestTunnel(t *testing.T) {
 	logrus.SetLevel(logrus.DebugLevel)
-	link.SetMyself([32]byte{}, "192.168.1.2", "127.0.0.1:1236")
-	link.AddPeer("192.168.1.2", [32]byte{}, "127.0.0.1:1236", nil, 0, false)
+	link.SetMyself(nil, "192.168.1.2", "127.0.0.1:1236")
+	link.AddPeer("192.168.1.2", nil, "127.0.0.1:1236", nil, 0, false)
 	tunn, err := Create("192.168.1.2", 1, 1)
 	if err != nil {
 		t.Error(err)