Hey Christian, If you're already using noise-java, then that library should take care of all the HMAC/HKDF stuff for you. WireGuard builds upon the NoseIK handshake, and the aspects that WireGuard adds on top of Noise not require HKDF or HMAC. You should not be implementing the internal mechanisms of the Noise handshake yourself, if you're using the noise-java library. Instead you should be able to specify to it, "I would like to use NoiseIK", and then you'll get functions for generating and receiving the first handshake message and the second handshake message. Specifically, the two WireGuard handshake messages are:
msg1 = handshake_initiation { u8 message_type u8 reserved_zero[3] u32 sender_index u8 unencryped_ephemeral[32] u8 encrypted_static[AEAD_LEN(32)] u8 encrypted_timestamp[AEAD_LEN(12)] u8 mac1[16] u8 mac2[16] } msg2 = handshake_response { u8 message_type u8 reserved_zero[3] u32 sender_index u32 receiver_index u8 unencrypted_ephemeral[32] u8 encrypted_nothing[AEAD_LEN(0)] u8 mac1[16] u8 mac2[16] } In these you use the noise-java library generate the values {unencryped_ephemeral, encrypted_static, encrypted_timestamp} and {unencrypted_ephemeral, encrypted_nothing}, likely as one solid contiguous byte[] blob, where encrypted_timestamp is that handshake message's payload containing the TAI64N 12 byte timestamp (you pass the timestamp to the 'generate' function as the 'payload'), and where encrypted_nothing is that handshake message's payload containing nothing (but still with the result containing the noise-java generated auth tag). The wireguard.io/protocol/ page and the white paper try to describe the WireGuard protocol from the fundamentals. In the coming days, I think I'll add some documentation for building a WireGuard protocol implementation out of an existing Noise implementation. Feel free to find me on Freenode -- I'm zx2c4 -- and I'm happy to give you some pointers or walk you through the implementation. Looking forward to seeing what you come up with! Regards, Jason _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard