支持wg

Author: vnt-dev

Cargo.lock

@@ -13,10 +13,10 @@ log4rs = "1.3"
 dirs = "5"
 crossbeam = "0.8"
 parking_lot = "0.12"
-dashmap = "5.5"
+dashmap = "6.0.1"
 
-rsa = { version = "0.7.2", features = [] }
-spki = { version = "0.6.0", features = ["fingerprint", "alloc"] }
+rsa = { version = "0.9.6", features = [] }
+spki = { version = "0.7.3", features = ["fingerprint", "alloc", "base64"] }
 aes-gcm = { version = "0.10.2", optional = true }
 ring = { version = "0.17", optional = true }
 rand = "0.8"
@@ -39,6 +39,10 @@ actix-files = { version = "0.6", optional = true }
 actix-web-static-files = { version = "4.0.1", optional = true }
 tokio-tungstenite = "0.23.1"
 
+boringtun = { path = "lib/boringtun", features = [] }
+ipnetwork = "0.20.0"
+base64 = "0.22.1"
+
 serde = { version = "1", features = ["derive"] }
 crossbeam-utils = "0.8"
 futures-util = "0.3"

Cargo.toml

@@ -0,0 +1,64 @@
+[package]
+name = "boringtun"
+description = "an implementation of the WireGuard® protocol designed for portability and speed"
+version = "0.6.0"
+authors = [
+    "Noah Kennedy <[email protected]>",
+    "Andy Grover <[email protected]>",
+    "Jeff Hiner <[email protected]>",
+]
+license = "BSD-3-Clause"
+repository = "https://github.com/cloudflare/boringtun"
+documentation = "https://docs.rs/boringtun/0.5.2/boringtun/"
+edition = "2018"
+
+[features]
+default = []
+device = ["socket2", "thiserror"]
+jni-bindings = ["ffi-bindings", "jni"]
+ffi-bindings = ["tracing-subscriber"]
+# mocks std::time::Instant with mock_instant
+mock-instant = ["mock_instant"]
+
+[dependencies]
+base64 = "0.13"
+hex = "0.4"
+untrusted = "0.9.0"
+libc = "0.2"
+parking_lot = "0.12"
+tracing = "0.1.40"
+tracing-subscriber = { version = "0.3", features = ["fmt"], optional = true }
+ip_network = "0.4.1"
+ip_network_table = "0.2.0"
+ring = "0.17"
+x25519-dalek = { version = "2.0.0", features = [
+    "reusable_secrets",
+    "static_secrets",
+] }
+rand_core = { version = "0.6.4", features = ["getrandom"] }
+chacha20poly1305 = "0.10.0-pre.1"
+aead = "0.5.0-pre.2"
+blake2 = "0.10"
+hmac = "0.12"
+jni = { version = "0.19.0", optional = true }
+mock_instant = { version = "0.3", optional = true }
+socket2 = { version = "0.4.7", features = ["all"], optional = true }
+thiserror = { version = "1", optional = true }
+
+[target.'cfg(unix)'.dependencies]
+nix = { version = "0.25", default-features = false, features = [
+    "time",
+    "user",
+] }
+
+[dev-dependencies]
+etherparse = "0.13"
+tracing-subscriber = "0.3"
+criterion = { version = "0.3.5", features = ["html_reports"] }
+
+[lib]
+crate-type = ["staticlib", "cdylib", "rlib"]
+
+[[bench]]
+name = "crypto_benches"
+harness = false

lib/boringtun/Cargo.toml

@@ -0,0 +1,90 @@
+use blake2::digest::{FixedOutput, KeyInit};
+use blake2::{Blake2s256, Blake2sMac, Digest};
+use criterion::{BenchmarkId, Criterion, Throughput};
+use ring::rand::{SecureRandom, SystemRandom};
+
+pub fn bench_blake2s_hash(c: &mut Criterion) {
+    let mut group = c.benchmark_group("blake2s_hash");
+
+    group.sample_size(1000);
+
+    for size in [32, 64, 128] {
+        group.throughput(Throughput::Bytes(size as u64));
+
+        group.bench_with_input(BenchmarkId::new("blake2s_crate", size), &size, |b, _| {
+            let buf_in = vec![0u8; size];
+
+            b.iter(|| {
+                let mut hasher = Blake2s256::new();
+                hasher.update(&buf_in);
+                hasher.finalize();
+            });
+        });
+    }
+
+    group.finish();
+}
+
+pub fn bench_blake2s_hmac(c: &mut Criterion) {
+    let mut group = c.benchmark_group("blake2s_hmac");
+
+    group.sample_size(1000);
+
+    for size in [16, 32] {
+        group.throughput(Throughput::Bytes(size as u64));
+
+        group.bench_with_input(BenchmarkId::new("blake2s_crate", size), &size, |b, _| {
+            let buf_in = vec![0u8; size];
+            let rng = SystemRandom::new();
+
+            b.iter_batched(
+                || {
+                    let mut key = [0u8; 32];
+                    rng.fill(&mut key).unwrap();
+                    key
+                },
+                |key| {
+                    use blake2::digest::Update;
+                    type HmacBlake2s = hmac::SimpleHmac<blake2::Blake2s256>;
+                    let mut hmac = HmacBlake2s::new_from_slice(&key).unwrap();
+                    hmac.update(&buf_in);
+                    hmac.finalize_fixed();
+                },
+                criterion::BatchSize::SmallInput,
+            );
+        });
+    }
+
+    group.finish();
+}
+
+pub fn bench_blake2s_keyed(c: &mut Criterion) {
+    let mut group = c.benchmark_group("blake2s_keyed_mac");
+
+    group.sample_size(1000);
+
+    for size in [128, 1024] {
+        group.throughput(Throughput::Bytes(size as u64));
+
+        group.bench_with_input(BenchmarkId::new("blake2s_crate", size), &size, |b, _| {
+            let buf_in = vec![0u8; size];
+            let rng = SystemRandom::new();
+
+            b.iter_batched(
+                || {
+                    let mut key = [0u8; 16];
+                    rng.fill(&mut key).unwrap();
+                    key
+                },
+                |key| -> [u8; 16] {
+                    let mut hmac = Blake2sMac::new_from_slice(&key).unwrap();
+                    blake2::digest::Update::update(&mut hmac, &buf_in);
+                    hmac.finalize_fixed().into()
+                },
+                criterion::BatchSize::SmallInput,
+            );
+        });
+    }
+
+    group.finish();
+}

lib/boringtun/benches/crypto_benches/blake2s_benching.rs

@@ -0,0 +1,79 @@
+use aead::{AeadInPlace, KeyInit};
+use criterion::{BenchmarkId, Criterion, Throughput};
+use rand_core::{OsRng, RngCore};
+use ring::aead::{Aad, LessSafeKey, Nonce, UnboundKey, CHACHA20_POLY1305};
+
+fn chacha20poly1305_ring(key_bytes: &[u8], buf: &mut [u8]) {
+    let len = buf.len();
+    let n = len - 16;
+
+    let key = LessSafeKey::new(UnboundKey::new(&CHACHA20_POLY1305, key_bytes).unwrap());
+
+    let tag = key
+        .seal_in_place_separate_tag(
+            Nonce::assume_unique_for_key([0u8; 12]),
+            Aad::from(&[]),
+            &mut buf[..n],
+        )
+        .unwrap();
+
+    buf[n..].copy_from_slice(tag.as_ref())
+}
+
+fn chacha20poly1305_non_ring(key_bytes: &[u8], buf: &mut [u8]) {
+    let len = buf.len();
+    let n = len - 16;
+
+    let aead = chacha20poly1305::ChaCha20Poly1305::new_from_slice(key_bytes).unwrap();
+    let nonce = chacha20poly1305::Nonce::default();
+
+    let tag = aead
+        .encrypt_in_place_detached(&nonce, &[], &mut buf[..n])
+        .unwrap();
+
+    buf[n..].copy_from_slice(tag.as_ref());
+}
+
+pub fn bench_chacha20poly1305(c: &mut Criterion) {
+    let mut group = c.benchmark_group("chacha20poly1305");
+
+    group.sample_size(1000);
+
+    for size in [128, 192, 1400, 8192] {
+        group.throughput(Throughput::Bytes(size as u64));
+
+        group.bench_with_input(
+            BenchmarkId::new("chacha20poly1305_ring", size),
+            &size,
+            |b, i| {
+                let mut key = [0; 32];
+                let mut buf = vec![0; i + 16];
+
+                let mut rng = OsRng::default();
+
+                rng.fill_bytes(&mut key);
+                rng.fill_bytes(&mut buf);
+
+                b.iter(|| chacha20poly1305_ring(&key, &mut buf));
+            },
+        );
+
+        group.bench_with_input(
+            BenchmarkId::new("chacha20poly1305_non_ring", size),
+            &size,
+            |b, i| {
+                let mut key = [0; 32];
+                let mut buf = vec![0; i + 16];
+
+                let mut rng = OsRng::default();
+
+                rng.fill_bytes(&mut key);
+                rng.fill_bytes(&mut buf);
+
+                b.iter(|| chacha20poly1305_non_ring(&key, &mut buf));
+            },
+        );
+    }
+
+    group.finish();
+}

lib/boringtun/benches/crypto_benches/chacha20poly1305_benching.rs

@@ -0,0 +1,20 @@
+use blake2s_benching::{bench_blake2s_hash, bench_blake2s_hmac, bench_blake2s_keyed};
+use chacha20poly1305_benching::bench_chacha20poly1305;
+use x25519_public_key_benching::bench_x25519_public_key;
+use x25519_shared_key_benching::bench_x25519_shared_key;
+
+mod blake2s_benching;
+mod chacha20poly1305_benching;
+mod x25519_public_key_benching;
+mod x25519_shared_key_benching;
+
+criterion::criterion_group!(
+    crypto_benches,
+    bench_chacha20poly1305,
+    bench_blake2s_hash,
+    bench_blake2s_hmac,
+    bench_blake2s_keyed,
+    bench_x25519_shared_key,
+    bench_x25519_public_key
+);
+criterion::criterion_main!(crypto_benches);

lib/boringtun/benches/crypto_benches/main.rs

@@ -0,0 +1,30 @@
+use criterion::Criterion;
+use rand_core::OsRng;
+
+pub fn bench_x25519_public_key(c: &mut Criterion) {
+    let mut group = c.benchmark_group("x25519_public_key");
+
+    group.sample_size(1000);
+
+    group.bench_function("x25519_public_key_dalek", |b| {
+        b.iter(|| {
+            let secret_key = x25519_dalek::StaticSecret::random_from_rng(OsRng);
+            let public_key = x25519_dalek::PublicKey::from(&secret_key);
+
+            (secret_key, public_key)
+        });
+    });
+
+    group.bench_function("x25519_public_key_ring", |b| {
+        let rng = ring::rand::SystemRandom::new();
+
+        b.iter(|| {
+            let my_private_key =
+                ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng)
+                    .unwrap();
+            my_private_key.compute_public_key().unwrap()
+        });
+    });
+
+    group.finish();
+}

lib/boringtun/benches/crypto_benches/x25519_public_key_benching.rs

@@ -0,0 +1,48 @@
+use criterion::{BatchSize, Criterion};
+use rand_core::OsRng;
+
+pub fn bench_x25519_shared_key(c: &mut Criterion) {
+    let mut group = c.benchmark_group("x25519_shared_key");
+
+    group.sample_size(1000);
+
+    group.bench_function("x25519_shared_key_dalek", |b| {
+        let public_key =
+            x25519_dalek::PublicKey::from(&x25519_dalek::StaticSecret::random_from_rng(OsRng));
+
+        b.iter_batched(
+            || x25519_dalek::StaticSecret::random_from_rng(OsRng),
+            |secret_key| secret_key.diffie_hellman(&public_key),
+            BatchSize::SmallInput,
+        );
+    });
+
+    group.bench_function("x25519_shared_key_ring", |b| {
+        let rng = ring::rand::SystemRandom::new();
+
+        let peer_public_key = {
+            let peer_private_key =
+                ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng)
+                    .unwrap();
+            peer_private_key.compute_public_key().unwrap()
+        };
+        let peer_public_key_alg = &ring::agreement::X25519;
+
+        let my_public_key =
+            ring::agreement::UnparsedPublicKey::new(peer_public_key_alg, &peer_public_key);
+
+        b.iter_batched(
+            || {
+                ring::agreement::EphemeralPrivateKey::generate(&ring::agreement::X25519, &rng)
+                    .unwrap()
+            },
+            |my_private_key| {
+                ring::agreement::agree_ephemeral(my_private_key, &my_public_key, |_key_material| ())
+                    .unwrap()
+            },
+            BatchSize::SmallInput,
+        );
+    });
+
+    group.finish();
+}