mirror of
https://github.com/fumiama/WireGold.git
synced 2026-06-22 19:40:35 +08:00
完善密钥分发
This commit is contained in:
fumiama
5
go.mod
5
go.mod
@@ -2,4 +2,7 @@ module github.com/fumiama/WireGold
|
|||||||
|
|
||||||
go 1.16
|
go 1.16
|
||||||
|
|
||||||
require github.com/sirupsen/logrus v1.8.1
|
require (
|
||||||
|
github.com/fumiama/go-x25519 v1.0.0
|
||||||
|
github.com/sirupsen/logrus v1.8.1
|
||||||
|
)
|
||||||
|
|||||||
12
go.sum
12
go.sum
@@ -1,10 +1,20 @@
|
|||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/fumiama/go-x25519 v1.0.0 h1:hiGg9EhseVmGCc8T1jECVkj8Keu/aJ1ZK05RM8Vuavo=
|
||||||
|
github.com/fumiama/go-x25519 v1.0.0/go.mod h1:8VOhfyGZzw4IUs4nCjQFqW9cA3V/QpSCtP3fo2dLNg4=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
|
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
|
||||||
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||||
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
|
||||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
|
||||||
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||||
|
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||||
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
|
||||||
|
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
|
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||||
|
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||||
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
|||||||
@@ -1,6 +1,9 @@
|
|||||||
package head
|
package head
|
||||||
|
|
||||||
import "encoding/json"
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/json"
|
||||||
|
)
|
||||||
|
|
||||||
// Packet 是发送和接收的最小单位
|
// Packet 是发送和接收的最小单位
|
||||||
type Packet struct {
|
type Packet struct {
|
||||||
@@ -49,5 +52,6 @@ func (p *Packet) Mashal(src string, dst string) ([]byte, error) {
|
|||||||
p.DataSZ = uint32(len(p.Data))
|
p.DataSZ = uint32(len(p.Data))
|
||||||
p.Src = src
|
p.Src = src
|
||||||
p.Dst = dst
|
p.Dst = dst
|
||||||
|
rand.Reader.Read(p.Hash[:])
|
||||||
return json.Marshal(p)
|
return json.Marshal(p)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,13 +1,15 @@
|
|||||||
package link
|
package link
|
||||||
|
|
||||||
import "net"
|
import (
|
||||||
|
"net"
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// 本机私钥
|
// 本机私钥
|
||||||
// 利用 Curve25519 生成
|
// 利用 Curve25519 生成
|
||||||
// https://pkg.go.dev/golang.org/x/crypto/curve25519
|
// https://pkg.go.dev/golang.org/x/crypto/curve25519
|
||||||
// https://www.zhihu.com/question/266758647
|
// https://www.zhihu.com/question/266758647
|
||||||
privKey [32]byte
|
privKey []byte
|
||||||
// 本机虚拟 ip
|
// 本机虚拟 ip
|
||||||
me net.IP
|
me net.IP
|
||||||
// 本机 endpoint
|
// 本机 endpoint
|
||||||
@@ -15,7 +17,7 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// SetMyself 设置本机参数
|
// SetMyself 设置本机参数
|
||||||
func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
|
func SetMyself(privateKey []byte, myIP string, myEndpoint string) {
|
||||||
privKey = privateKey
|
privKey = privateKey
|
||||||
var err error
|
var err error
|
||||||
myend, err = net.ResolveUDPAddr("udp", myEndpoint)
|
myend, err = net.ResolveUDPAddr("udp", myEndpoint)
|
||||||
@@ -32,11 +34,31 @@ func SetMyself(privateKey [32]byte, myIP string, myEndpoint string) {
|
|||||||
// Encode 使用 ChaCha20-Poly1305 加密
|
// Encode 使用 ChaCha20-Poly1305 加密
|
||||||
// https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
|
// https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
|
||||||
func (l *Link) Encode(b []byte) (eb []byte, err error) {
|
func (l *Link) Encode(b []byte) (eb []byte, err error) {
|
||||||
return b, nil
|
if b == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if l.key == nil {
|
||||||
|
eb = b
|
||||||
|
} else {
|
||||||
|
// 在此处填写加密逻辑,密钥是l.key,输入是b,输出是eb
|
||||||
|
// 不用写return,直接赋值给eb即可
|
||||||
|
eb = b
|
||||||
|
}
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Decode 使用 ChaCha20-Poly1305 解密
|
// Decode 使用 ChaCha20-Poly1305 解密
|
||||||
// https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
|
// https://pkg.go.dev/golang.org/x/crypto/chacha20poly1305
|
||||||
func (l *Link) Decode(b []byte) (db []byte, err error) {
|
func (l *Link) Decode(b []byte) (db []byte, err error) {
|
||||||
return b, nil
|
if b == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if l.key == nil {
|
||||||
|
db = b
|
||||||
|
} else {
|
||||||
|
// 在此处填写解密逻辑,密钥是l.key,输入是b,输出是db
|
||||||
|
// 不用写return,直接赋值给db即可
|
||||||
|
db = b
|
||||||
|
}
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ import (
|
|||||||
// Link 是本机到 peer 的连接抽象
|
// Link 是本机到 peer 的连接抽象
|
||||||
type Link struct {
|
type Link struct {
|
||||||
// peer 的公钥
|
// peer 的公钥
|
||||||
pubk [32]byte
|
pubk *[32]byte
|
||||||
// peer 的公网 ip:port
|
// peer 的公网 ip:port
|
||||||
pep string
|
pep string
|
||||||
// 决定本机是否定时向 peer 发送 hello 保持 NAT。
|
// 决定本机是否定时向 peer 发送 hello 保持 NAT。
|
||||||
@@ -32,6 +32,8 @@ type Link struct {
|
|||||||
allowtrans bool
|
allowtrans bool
|
||||||
// 连接的状态,详见下方 const
|
// 连接的状态,详见下方 const
|
||||||
status int
|
status int
|
||||||
|
// 连接所用对称加密密钥
|
||||||
|
key *[]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|||||||
@@ -3,11 +3,13 @@ package link
|
|||||||
import (
|
import (
|
||||||
"net"
|
"net"
|
||||||
|
|
||||||
|
curve "github.com/fumiama/go-x25519"
|
||||||
|
|
||||||
"github.com/fumiama/WireGold/gold/head"
|
"github.com/fumiama/WireGold/gold/head"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AddPeer 添加一个 peer
|
// AddPeer 添加一个 peer
|
||||||
func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
|
func AddPeer(peerip string, pubicKey *[32]byte, endPoint string, allowedIPs []string, keepAlive int64, allowTrans bool) (l *Link) {
|
||||||
peerip = net.ParseIP(peerip).String()
|
peerip = net.ParseIP(peerip).String()
|
||||||
var ok bool
|
var ok bool
|
||||||
l, ok = IsInPeer(peerip)
|
l, ok = IsInPeer(peerip)
|
||||||
@@ -21,6 +23,13 @@ func AddPeer(peerip string, pubicKey [32]byte, endPoint string, allowedIPs []str
|
|||||||
peerip: net.ParseIP(peerip),
|
peerip: net.ParseIP(peerip),
|
||||||
allowtrans: allowTrans,
|
allowtrans: allowTrans,
|
||||||
}
|
}
|
||||||
|
if pubicKey != nil {
|
||||||
|
c := curve.Get(privKey)
|
||||||
|
k, err := c.Shared(pubicKey)
|
||||||
|
if err == nil {
|
||||||
|
l.key = &k
|
||||||
|
}
|
||||||
|
}
|
||||||
if endPoint != "" {
|
if endPoint != "" {
|
||||||
e, err := net.ResolveUDPAddr("udp", endPoint)
|
e, err := net.ResolveUDPAddr("udp", endPoint)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -9,8 +9,8 @@ import (
|
|||||||
|
|
||||||
func TestTunnel(t *testing.T) {
|
func TestTunnel(t *testing.T) {
|
||||||
logrus.SetLevel(logrus.DebugLevel)
|
logrus.SetLevel(logrus.DebugLevel)
|
||||||
link.SetMyself([32]byte{}, "192.168.1.2", "127.0.0.1:1236")
|
link.SetMyself(nil, "192.168.1.2", "127.0.0.1:1236")
|
||||||
link.AddPeer("192.168.1.2", [32]byte{}, "127.0.0.1:1236", nil, 0, false)
|
link.AddPeer("192.168.1.2", nil, "127.0.0.1:1236", nil, 0, false)
|
||||||
tunn, err := Create("192.168.1.2", 1, 1)
|
tunn, err := Create("192.168.1.2", 1, 1)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
|
|||||||
Reference in New Issue
Block a user