fix tea in big endian

go.mod

@@ -3,11 +3,11 @@ module github.com/fumiama/WireGold
 go 1.16
 
 require (
+	github.com/fumiama/blake2b-simd v0.0.0-20220412092318-c99573b3b2b1
 	github.com/fumiama/go-base16384 v1.3.0
 	github.com/fumiama/go-x25519 v1.0.0
 	github.com/fumiama/gofastTEA v0.0.9
 	github.com/fumiama/water v0.0.0-20211231134027-da391938d6ac
-	github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1
 	github.com/sirupsen/logrus v1.8.1
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
 )

go.sum

@@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fumiama/blake2b-simd v0.0.0-20220412092318-c99573b3b2b1 h1:bCiKcUQoZk2E68CPRYROZ9/N1BC21jtjxfqGc+5aoRs=
+github.com/fumiama/blake2b-simd v0.0.0-20220412092318-c99573b3b2b1/go.mod h1:Olmv2uLdFllRsvwhzOvG/O/Nvgzg0ViokUL4+hiaRSE=
 github.com/fumiama/go-base16384 v1.3.0 h1:J5Xtwh/3alGJt/z/0IFralo5UQA89iFWQqbxj5ZQZi8=
 github.com/fumiama/go-base16384 v1.3.0/go.mod h1:RGA715p34BiLoZvPRtaxuo2q25Kq9jFsgUsJb8dwy14=
 github.com/fumiama/go-x25519 v1.0.0 h1:hiGg9EhseVmGCc8T1jECVkj8Keu/aJ1ZK05RM8Vuavo=
@@ -10,8 +12,6 @@ github.com/fumiama/water v0.0.0-20211231134027-da391938d6ac h1:A/5A0rODsg+EQHH61
 github.com/fumiama/water v0.0.0-20211231134027-da391938d6ac/go.mod h1:BBnNY9PwK+UUn4trAU+H0qsMEypm7+3Bj1bVFuJItlo=
 github.com/fumiama/wintun v0.0.0-20211229152851-8bc97c8034c0 h1:WfrSFlIlCAtg6Rt2IGna0HhJYSDE45YVHiYqO4wwsEw=
 github.com/fumiama/wintun v0.0.0-20211229152851-8bc97c8034c0/go.mod h1:dPOG7Af/ArO62RgBz2JJTNFByBn/IXWLo/1kZKcLSe8=
-github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 h1:lYpkrQH5ajf0OXOcUbGjvZxxijuBwbbmlSxLiuofa+g=
-github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=

gold/head/packet.go

@@ -7,15 +7,16 @@ import (
 	"net"
 
 	"github.com/fumiama/WireGold/helper"
-	blake2b "github.com/minio/blake2b-simd"
+	blake2b "github.com/fumiama/blake2b-simd"
 	"github.com/sirupsen/logrus"
 )
 
 // Packet 是发送和接收的最小单位
 type Packet struct {
-	// DataSZ len(Data)
+	// TeaTypeDataSZ len(Data)
+	// 高 8 位指定加密所用 tea key
 	// 不得超过 65507-head 字节
-	DataSZ uint32
+	TeaTypeDataSZ uint32
 	// Proto 详见 head
 	Proto uint8
 	// TTL is time to live
@@ -32,7 +33,7 @@ type Packet struct {
 	Dst net.IP
 	// Hash 使用 BLAKE2 生成加密前 Packet 的摘要
 	// 生成时 Hash 全 0
-	// https://github.com/minio/blake2b-simd
+	// https://github.com/fumiama/blake2b-simd
 	Hash [32]byte
 	// Data 承载的数据
 	Data []byte
@@ -60,14 +61,16 @@ func (p *Packet) Unmarshal(data []byte) (complete bool, err error) {
 		return
 	}
 
-	if p.DataSZ == 0 && len(p.Data) == 0 {
-		p.DataSZ = binary.LittleEndian.Uint32(data[:4])
-		if int(p.DataSZ)+52 == len(data) {
+	sz := p.TeaTypeDataSZ & 0x00ffffff
+	if sz == 0 && len(p.Data) == 0 {
+		p.TeaTypeDataSZ = binary.LittleEndian.Uint32(data[:4])
+		sz = p.TeaTypeDataSZ & 0x00ffffff
+		if int(sz)+52 == len(data) {
 			p.Data = data[52:]
 			p.rembytes = 0
 		} else {
-			p.Data = make([]byte, p.DataSZ)
-			p.rembytes = p.DataSZ
+			p.Data = make([]byte, sz)
+			p.rembytes = sz
 		}
 		pt := binary.LittleEndian.Uint16(data[4:6])
 		p.Proto = uint8(pt)
@@ -98,14 +101,14 @@ func (p *Packet) Unmarshal(data []byte) (complete bool, err error) {
 
 // Marshal 将自身数据编码为 []byte
 // offset 必须为 8 的倍数，表示偏移的 8 位
-func (p *Packet) Marshal(src net.IP, datasz uint32, offset uint16, dontfrag, hasmore bool) ([]byte, func()) {
+func (p *Packet) Marshal(src net.IP, teatype uint8, datasz uint32, offset uint16, dontfrag, hasmore bool) ([]byte, func()) {
 	p.TTL--
 	if p.TTL == 0 {
 		return nil, nil
 	}
 
 	if src != nil {
-		p.DataSZ = datasz
+		p.TeaTypeDataSZ = uint32(teatype)<<24 | datasz
 		p.Src = src
 		if dontfrag {
 			offset |= 0x4000
@@ -117,7 +120,7 @@ func (p *Packet) Marshal(src net.IP, datasz uint32, offset uint16, dontfrag, has
 	}
 
 	return helper.OpenWriterF(func(w *helper.Writer) {
-		w.WriteUInt32(p.DataSZ)
+		w.WriteUInt32(p.TeaTypeDataSZ)
 		w.WriteUInt16((uint16(p.TTL) << 8) | uint16(p.Proto))
 		w.WriteUInt16(p.SrcPort)
 		w.WriteUInt16(p.DstPort)
@@ -138,6 +141,7 @@ func (p *Packet) FillHash() {
 		return
 	}
 	_ = h.Sum(p.Hash[:0])
+	logrus.Debugln("[packet] sum calulated:", hex.EncodeToString(p.Hash[:]))
 }
 
 // IsVaildHash 验证 packet 合法性

gold/link/crypto.go

@@ -1,14 +1,8 @@
 package link
 
-import (
-	"unsafe"
-
-	tea "github.com/fumiama/gofastTEA"
-)
-
 // Encode 使用 TEA 加密
-func (l *Link) Encode(b []byte) (eb []byte) {
-	if b == nil {
+func (l *Link) Encode(teatype uint8, b []byte) (eb []byte) {
+	if b == nil || teatype >= 16 {
 		return
 	}
 	if l.key == nil {
@@ -16,14 +10,14 @@ func (l *Link) Encode(b []byte) (eb []byte) {
 	} else {
 		// 在此处填写加密逻辑，密钥是l.key，输入是b，输出是eb
 		// 不用写return，直接赋值给eb即可
-		eb = (*tea.TEA)(unsafe.Pointer(l.key)).Encrypt(b)
+		eb = l.key[teatype].Encrypt(b)
 	}
 	return
 }
 
 // Decode 使用 TEA 解密
-func (l *Link) Decode(b []byte) (db []byte) {
-	if b == nil {
+func (l *Link) Decode(teatype uint8, b []byte) (db []byte) {
+	if b == nil || teatype >= 16 {
 		return
 	}
 	if l.key == nil {
@@ -31,7 +25,7 @@ func (l *Link) Decode(b []byte) (db []byte) {
 	} else {
 		// 在此处填写解密逻辑，密钥是l.key，输入是b，输出是db
 		// 不用写return，直接赋值给db即可
-		db = (*tea.TEA)(unsafe.Pointer(l.key)).Decrypt(b)
+		db = l.key[teatype].Decrypt(b)
 	}
 	return
 }

gold/link/link.go

@@ -7,6 +7,7 @@ import (
 	"github.com/fumiama/WireGold/gold/head"
 	"github.com/fumiama/WireGold/helper"
 	base14 "github.com/fumiama/go-base16384"
+	tea "github.com/fumiama/gofastTEA"
 )
 
 // Link 是本机到 peer 的连接抽象
@@ -28,7 +29,7 @@ type Link struct {
 	// 连接的状态，详见下方 const
 	status int
 	// 连接所用对称加密密钥
-	key *[32]byte
+	key []tea.TEA
 	// 本机信息
 	me *Me
 }

gold/link/listen.go

@@ -22,7 +22,8 @@ func (m *Me) listen() (conn *net.UDPConn, err error) {
 					lbf = lbf[:n]
 					packet := m.wait(lbf)
 					if packet != nil {
-						r := int(packet.DataSZ) - len(packet.Data)
+						sz := packet.TeaTypeDataSZ & 0x00ffffff
+						r := int(sz) - len(packet.Data)
 						if r > 0 {
 							remain, err := readAll(conn, r)
 							if err == nil {
@@ -38,7 +39,7 @@ func (m *Me) listen() (conn *net.UDPConn, err error) {
 								p.endpoint = addr
 							}
 							if p.IsToMe(packet.Dst) {
-								packet.Data = p.Decode(packet.Data)
+								packet.Data = p.Decode(uint8(packet.TeaTypeDataSZ>>24), packet.Data)
 								if packet.IsVaildHash() {
 									switch packet.Proto {
 									case head.ProtoHello:

gold/link/peer.go

@@ -3,10 +3,10 @@ package link
 import (
 	"net"
 	"time"
-	"unsafe"
 
 	"github.com/fumiama/WireGold/gold/head"
 	curve "github.com/fumiama/go-x25519"
+	tea "github.com/fumiama/gofastTEA"
 	"github.com/sirupsen/logrus"
 )
 
@@ -32,7 +32,10 @@ func (m *Me) AddPeer(peerip string, pubicKey *[32]byte, endPoint string, allowed
 		c := curve.Get(m.privKey[:])
 		k, err := c.Shared(pubicKey)
 		if err == nil {
-			l.key = (*[32]byte)(*(*unsafe.Pointer)(unsafe.Pointer(&k)))
+			l.key = make([]tea.TEA, 16)
+			for i := range l.key {
+				l.key[i] = tea.NewTeaCipherLittleEndian(k[i : 16+i])
+			}
 		}
 	}
 	if endPoint != "" {

gold/link/send.go

@@ -3,6 +3,7 @@ package link
 import (
 	"errors"
 	"fmt"
+	"math/rand"
 
 	"github.com/fumiama/WireGold/gold/head"
 	"github.com/sirupsen/logrus"
@@ -10,16 +11,17 @@ import (
 
 // Write 向 peer 发包
 func (l *Link) Write(p *head.Packet, istransfer bool) (n int, err error) {
+	teatype := uint8(rand.Intn(16))
 	if len(p.Data) <= int(l.me.mtu) {
 		if !istransfer {
 			p.FillHash()
-			p.Data = l.Encode(p.Data)
+			p.Data = l.Encode(teatype, p.Data)
 		}
-		return l.write(p, uint32(len(p.Data)), 0, istransfer, false)
+		return l.write(p, teatype, uint32(len(p.Data)), 0, istransfer, false)
 	}
 	if !istransfer {
 		p.FillHash()
-		p.Data = l.Encode(p.Data)
+		p.Data = l.Encode(teatype, p.Data)
 	}
 	data := p.Data
 	totl := uint32(len(data))
@@ -28,7 +30,7 @@ func (l *Link) Write(p *head.Packet, istransfer bool) (n int, err error) {
 		logrus.Debugln("[link] split frag", i, ":", i+int(l.me.mtu), ", remain:", int(totl)-i-int(l.me.mtu))
 		packet := *p
 		packet.Data = data[:int(l.me.mtu)]
-		cnt, err := l.write(&packet, totl, uint16(uint(i)>>3), istransfer, true)
+		cnt, err := l.write(&packet, teatype, totl, uint16(uint(i)>>3), istransfer, true)
 		n += cnt
 		if err != nil {
 			return n, err
@@ -36,7 +38,7 @@ func (l *Link) Write(p *head.Packet, istransfer bool) (n int, err error) {
 		data = data[int(l.me.mtu):]
 	}
 	p.Data = data
-	cnt, err := l.write(p, totl, uint16(uint(i)>>3), istransfer, false)
+	cnt, err := l.write(p, teatype, totl, uint16(uint(i)>>3), istransfer, false)
 	n += cnt
 	if err != nil {
 		return n, err
@@ -45,16 +47,16 @@ func (l *Link) Write(p *head.Packet, istransfer bool) (n int, err error) {
 }
 
 // write 向 peer 发一个包
-func (l *Link) write(p *head.Packet, datasz uint32, offset uint16, istransfer, hasmore bool) (n int, err error) {
+func (l *Link) write(p *head.Packet, teatype uint8, datasz uint32, offset uint16, istransfer, hasmore bool) (n int, err error) {
 	var d []byte
 	var cl func()
 	if istransfer {
 		if p.Flags&0x4000 == 0x4000 && len(p.Data) > int(l.me.mtu) {
 			return len(p.Data), errors.New("drop dont fragmnet big trans packet")
 		}
-		d, cl = p.Marshal(nil, 0, 0, false, false)
+		d, cl = p.Marshal(nil, teatype, 0, 0, false, false)
 	} else {
-		d, cl = p.Marshal(l.me.me, datasz, offset, false, hasmore)
+		d, cl = p.Marshal(l.me.me, teatype, datasz, offset, false, hasmore)
 	}
 	if d == nil {
 		return 0, errors.New("[link] ttl exceeded")

main.go

@@ -21,7 +21,7 @@ func main() {
 	gen := flag.Bool("g", false, "generate key pair")
 	showp := flag.Bool("p", false, "show my publickey")
 	file := flag.String("c", "config.yaml", "specify conf file")
-	mtu := flag.Int("m", 32768-68, "set the mtu of wg")
+	mtu := flag.Int("m", 1500-68, "set the mtu of wg")
 	debug := flag.Bool("d", false, "print debug logs")
 	warn := flag.Bool("w", false, "only show logs above warn level")
 	flag.Parse()