Packet that respects WG protocol contains Type on first byte followed by three reserved bytes. Because wireguard-go implementation uses element pools it is required to make sure that reserved bytes are cleared for outgoing traffic (can get dirty by "bad" clients). Clearing reserved bytes is also for backwards compatibility.
Signed-off-by: Laura Zelenku <[email protected]> --- device/noise-protocol.go | 12 ++++++++---- device/receive.go | 4 ++-- device/send.go | 6 ++++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/device/noise-protocol.go b/device/noise-protocol.go index 0212b7d..b5ef72b 100644 --- a/device/noise-protocol.go +++ b/device/noise-protocol.go @@ -82,7 +82,8 @@ const ( */ type MessageInitiation struct { - Type uint32 + Type uint8 + Reserved [3]byte Sender uint32 Ephemeral NoisePublicKey Static [NoisePublicKeySize + poly1305.TagSize]byte @@ -92,7 +93,8 @@ type MessageInitiation struct { } type MessageResponse struct { - Type uint32 + Type uint8 + Reserved [3]byte Sender uint32 Receiver uint32 Ephemeral NoisePublicKey @@ -102,14 +104,16 @@ type MessageResponse struct { } type MessageTransport struct { - Type uint32 + Type uint8 + Reserved [3]byte Receiver uint32 Counter uint64 Content []byte } type MessageCookieReply struct { - Type uint32 + Type uint8 + Reserved [3]byte Receiver uint32 Nonce [chacha20poly1305.NonceSizeX]byte Cookie [blake2s.Size128 + poly1305.TagSize]byte diff --git a/device/receive.go b/device/receive.go index b1959c6..e0d57bc 100644 --- a/device/receive.go +++ b/device/receive.go @@ -22,7 +22,7 @@ import ( ) type QueueHandshakeElement struct { - msgType uint32 + msgType uint8 packet []byte endpoint conn.Endpoint buffer *[MaxMessageSize]byte @@ -121,7 +121,7 @@ func (device *Device) RoutineReceiveIncoming(IP int, bind conn.Bind) { // check size of packet packet := buffer[:size] - msgType := binary.LittleEndian.Uint32(packet[:4]) + msgType := packet[0] var okay bool diff --git a/device/send.go b/device/send.go index a437cf1..dc4a8e2 100644 --- a/device/send.go +++ b/device/send.go @@ -373,11 +373,13 @@ func (device *Device) RoutineEncryption() { // populate header fields header := elem.buffer[:MessageTransportHeaderSize] - fieldType := header[0:4] + fieldType := header[0:1] + fieldReserved := header[1:4] fieldReceiver := header[4:8] fieldNonce := header[8:16] - binary.LittleEndian.PutUint32(fieldType, MessageTransportType) + fieldType[0] = byte(MessageTransportType) + copy(fieldReserved, []byte{}) // clear reserved bytes binary.LittleEndian.PutUint32(fieldReceiver, elem.keypair.remoteIndex) binary.LittleEndian.PutUint64(fieldNonce, elem.nonce) -- 2.28.0 -- *IMPORTANT NOTICE*: This email, its attachments and any rights attaching hereto are confidential and intended exclusively for the person to whom the email is addressed. If you are not the intended recipient, do not read, copy, disclose or use the contents in any way. Wandera accepts no liability for any loss, damage or consequence resulting directly or indirectly from the use of this email and attachments.
