AmneziaWG v1.5 (#84)

Author: outspace

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.24 as awg
+FROM golang:1.24.4 as awg
 COPY . /awg
 WORKDIR /awg
 RUN go mod download && \
@@ -7,10 +7,24 @@ RUN go mod download && \
 
 FROM alpine:3.19
 ARG AWGTOOLS_RELEASE="1.0.20241018"
+
+RUN apk add linux-headers build-base
+COPY awg-tools /awg-tools
+RUN pwd && ls -la / && ls -la /awg-tools
+WORKDIR /awg-tools/src
+# RUN ls -la && pwd && ls awg-tools
+RUN make
+RUN mkdir -p build && \
+    cp wg ./build/awg && \
+    cp wg-quick/linux.bash ./build/awg-quick
+
+RUN cp build/awg /usr/bin/awg
+RUN cp build/awg-quick /usr/bin/awg-quick
+
 RUN apk --no-cache add iproute2 iptables bash && \
     cd /usr/bin/ && \
-    wget https://github.com/amnezia-vpn/amneziawg-tools/releases/download/v${AWGTOOLS_RELEASE}/alpine-3.19-amneziawg-tools.zip && \
-    unzip -j alpine-3.19-amneziawg-tools.zip && \
+    # wget https://github.com/amnezia-vpn/amneziawg-tools/releases/download/v${AWGTOOLS_RELEASE}/alpine-3.19-amneziawg-tools.zip && \
+    # unzip -j alpine-3.19-amneziawg-tools.zip && \
     chmod +x /usr/bin/awg /usr/bin/awg-quick && \
     ln -s /usr/bin/awg /usr/bin/wg && \
     ln -s /usr/bin/awg-quick /usr/bin/wg-quick

device/awg/awg.go

@@ -0,0 +1,144 @@
+package awg
+
+import (
+	"bytes"
+	"fmt"
+	"slices"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/tevino/abool"
+)
+
+type aSecCfgType struct {
+	IsSet                      bool
+	JunkPacketCount            int
+	JunkPacketMinSize          int
+	JunkPacketMaxSize          int
+	InitHeaderJunkSize         int
+	ResponseHeaderJunkSize     int
+	CookieReplyHeaderJunkSize  int
+	TransportHeaderJunkSize    int
+	InitPacketMagicHeader      uint32
+	ResponsePacketMagicHeader  uint32
+	UnderloadPacketMagicHeader uint32
+	TransportPacketMagicHeader uint32
+	// InitPacketMagicHeader      Limit
+	// ResponsePacketMagicHeader  Limit
+	// UnderloadPacketMagicHeader Limit
+	// TransportPacketMagicHeader Limit
+}
+
+type Limit struct {
+	Min        uint32
+	Max        uint32
+	HeaderType uint32
+}
+
+func NewLimit(min, max, headerType uint32) (Limit, error) {
+	if min > max {
+		return Limit{}, fmt.Errorf("min (%d) cannot be greater than max (%d)", min, max)
+	}
+
+	return Limit{
+		Min:        min,
+		Max:        max,
+		HeaderType: headerType,
+	}, nil
+}
+
+func ParseMagicHeader(key, value string, defaultHeaderType uint32) (Limit, error) {
+	// tempAwg.ASecCfg.InitPacketMagicHeader, err = awg.NewLimit(uint32(initPacketMagicHeaderMin), uint32(initPacketMagicHeaderMax), DNewLimit(min, max, headerType)efaultMessageInitiationType)
+	// var min, max, headerType uint32
+	// _, err := fmt.Sscanf(value, "%d-%d:%d", &min, &max, &headerType)
+	// if err != nil {
+	// 	return Limit{}, fmt.Errorf("invalid magic header format: %s", value)
+	// }
+
+	limits := strings.Split(value, "-")
+	if len(limits) != 2 {
+		return Limit{}, fmt.Errorf("invalid format for key: %s; %s", key, value)
+	}
+
+	min, err := strconv.ParseUint(limits[0], 10, 32)
+	if err != nil {
+		return Limit{}, fmt.Errorf("parse min key: %s; value: ; %w", key, limits[0], err)
+	}
+
+	max, err := strconv.ParseUint(limits[1], 10, 32)
+	if err != nil {
+		return Limit{}, fmt.Errorf("parse max key: %s; value: ; %w", key, limits[0], err)
+	}
+
+	limit, err := NewLimit(uint32(min), uint32(max), defaultHeaderType)
+	if err != nil {
+		return Limit{}, fmt.Errorf("new lmit key: %s; value: ; %w", key, limits[0], err)
+	}
+
+	return limit, nil
+}
+
+type Limits []Limit
+
+func NewLimits(limits []Limit) Limits {
+	slices.SortFunc(limits, func(a, b Limit) int {
+		if a.Min < b.Min {
+			return -1
+		} else if a.Min > b.Min {
+			return 1
+		}
+		return 0
+	})
+
+	return Limits(limits)
+}
+
+type Protocol struct {
+	IsASecOn abool.AtomicBool
+	// TODO: revision the need of the mutex
+	ASecMux     sync.RWMutex
+	ASecCfg     aSecCfgType
+	JunkCreator junkCreator
+
+	HandshakeHandler SpecialHandshakeHandler
+}
+
+func (protocol *Protocol) CreateInitHeaderJunk() ([]byte, error) {
+	return protocol.createHeaderJunk(protocol.ASecCfg.InitHeaderJunkSize)
+}
+
+func (protocol *Protocol) CreateResponseHeaderJunk() ([]byte, error) {
+	return protocol.createHeaderJunk(protocol.ASecCfg.ResponseHeaderJunkSize)
+}
+
+func (protocol *Protocol) CreateCookieReplyHeaderJunk() ([]byte, error) {
+	return protocol.createHeaderJunk(protocol.ASecCfg.CookieReplyHeaderJunkSize)
+}
+
+func (protocol *Protocol) CreateTransportHeaderJunk(packetSize int) ([]byte, error) {
+	return protocol.createHeaderJunk(protocol.ASecCfg.TransportHeaderJunkSize, packetSize)
+}
+
+func (protocol *Protocol) createHeaderJunk(junkSize int, optExtraSize ...int) ([]byte, error) {
+	extraSize := 0
+	if len(optExtraSize) == 1 {
+		extraSize = optExtraSize[0]
+	}
+
+	var junk []byte
+	protocol.ASecMux.RLock()
+	if junkSize != 0 {
+		buf := make([]byte, 0, junkSize+extraSize)
+		writer := bytes.NewBuffer(buf[:0])
+		err := protocol.JunkCreator.AppendJunk(writer, junkSize)
+		if err != nil {
+			protocol.ASecMux.RUnlock()
+			return nil, err
+		}
+		junk = writer.Bytes()
+	}
+	protocol.ASecMux.RUnlock()
+
+	return junk, nil
+}

device/awg/internal/mock.go

@@ -0,0 +1,37 @@
+package internal
+
+type mockGenerator struct {
+	size int
+}
+
+func NewMockGenerator(size int) mockGenerator {
+	return mockGenerator{size: size}
+}
+
+func (m mockGenerator) Generate() []byte {
+	return make([]byte, m.size)
+}
+
+func (m mockGenerator) Size() int {
+	return m.size
+}
+
+func (m mockGenerator) Name() string {
+	return "mock"
+}
+
+type mockByteGenerator struct {
+	data []byte
+}
+
+func NewMockByteGenerator(data []byte) mockByteGenerator {
+	return mockByteGenerator{data: data}
+}
+
+func (bg mockByteGenerator) Generate() []byte {
+	return bg.data
+}
+
+func (bg mockByteGenerator) Size() int {
+	return len(bg.data)
+}

device/junk_creator.go renamed to device/awg/junk_creator.go

@@ -1,4 +1,4 @@
-package device
+package awg
 
 import (
 	"bytes"
@@ -8,61 +8,62 @@ import (
 )
 
 type junkCreator struct {
-	device   *Device
+	aSecCfg  aSecCfgType
 	cha8Rand *v2.ChaCha8
 }
 
-func NewJunkCreator(d *Device) (junkCreator, error) {
+// TODO: refactor param to only pass the junk related params
+func NewJunkCreator(aSecCfg aSecCfgType) (junkCreator, error) {
 	buf := make([]byte, 32)
 	_, err := crand.Read(buf)
 	if err != nil {
 		return junkCreator{}, err
 	}
-	return junkCreator{device: d, cha8Rand: v2.NewChaCha8([32]byte(buf))}, nil
+	return junkCreator{aSecCfg: aSecCfg, cha8Rand: v2.NewChaCha8([32]byte(buf))}, nil
 }
 
 // Should be called with aSecMux RLocked
-func (jc *junkCreator) createJunkPackets() ([][]byte, error) {
-	if jc.device.aSecCfg.junkPacketCount == 0 {
-		return nil, nil
+func (jc *junkCreator) CreateJunkPackets(junks *[][]byte) error {
+	if jc.aSecCfg.JunkPacketCount == 0 {
+		return nil
 	}
 
-	junks := make([][]byte, 0, jc.device.aSecCfg.junkPacketCount)
-	for i := 0; i < jc.device.aSecCfg.junkPacketCount; i++ {
+	for range jc.aSecCfg.JunkPacketCount {
 		packetSize := jc.randomPacketSize()
 		junk, err := jc.randomJunkWithSize(packetSize)
 		if err != nil {
-			return nil, fmt.Errorf("Failed to create junk packet: %v", err)
+			return fmt.Errorf("create junk packet: %v", err)
 		}
-		junks = append(junks, junk)
+		*junks = append(*junks, junk)
 	}
-	return junks, nil
+	return nil
 }
 
 // Should be called with aSecMux RLocked
 func (jc *junkCreator) randomPacketSize() int {
 	return int(
 		jc.cha8Rand.Uint64()%uint64(
-			jc.device.aSecCfg.junkPacketMaxSize-jc.device.aSecCfg.junkPacketMinSize,
+			jc.aSecCfg.JunkPacketMaxSize-jc.aSecCfg.JunkPacketMinSize,
 		),
-	) + jc.device.aSecCfg.junkPacketMinSize
+	) + jc.aSecCfg.JunkPacketMinSize
 }
 
 // Should be called with aSecMux RLocked
-func (jc *junkCreator) appendJunk(writer *bytes.Buffer, size int) error {
+func (jc *junkCreator) AppendJunk(writer *bytes.Buffer, size int) error {
 	headerJunk, err := jc.randomJunkWithSize(size)
 	if err != nil {
-		return fmt.Errorf("failed to create header junk: %v", err)
+		return fmt.Errorf("create header junk: %v", err)
 	}
 	_, err = writer.Write(headerJunk)
 	if err != nil {
-		return fmt.Errorf("failed to write header junk: %v", err)
+		return fmt.Errorf("write header junk: %v", err)
 	}
 	return nil
 }
 
 // Should be called with aSecMux RLocked
 func (jc *junkCreator) randomJunkWithSize(size int) ([]byte, error) {
+	// TODO: use a memory pool to allocate
 	junk := make([]byte, size)
 	_, err := jc.cha8Rand.Read(junk)
 	return junk, err