initial compiling amnezia lib exchanged for wireguard-go

basic structs and feature for amnezia configuration - libs still build
nymtech · Oct 30, 2024 · fe7dc5f · fe7dc5f
1 parent 150fe46
commit fe7dc5f
Show file tree

Hide file tree

Showing 26 changed files with 1,814 additions and 40 deletions.
diff --git a/Makefile b/Makefile
@@ -6,6 +6,9 @@ all: build-wireguard build-nym-vpn-core
 build-wireguard:
 	./wireguard/build-wireguard-go.sh
 
+build-amnezia-wg:
+	./wireguard/build-wireguard-go.sh --amnezia
+
 build-wireguard-ios:
 	./wireguard/build-wireguard-go.sh --ios
 

diff --git a/nym-vpn-core/crates/nym-vpn-lib/build.rs b/nym-vpn-core/crates/nym-vpn-lib/build.rs
@@ -1,6 +1,7 @@
 // Copyright 2024 - Nym Technologies SA <[email protected]>
 // SPDX-License-Identifier: GPL-3.0-only
 
+use std::{env, path::PathBuf};
 use vergen::EmitBuilder;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -11,5 +12,39 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .all_cargo()
         .emit()
         .expect("failed to extract build metadata");
+
+    let manifest_path = env::var_os("CARGO_MANIFEST_DIR").expect("manifest dir is not set");
+    let target = env::var("TARGET").expect("target is not set");
+    let target_os = env::var("CARGO_CFG_TARGET_OS").expect("target os is not set");
+
+    let mut build_dir = PathBuf::from(manifest_path)
+        .join("../../../build/lib")
+        .canonicalize()
+        .expect("failed to canonicalize build dir path");
+
+    build_dir.push(target);
+
+    // CI may only provide universal builds
+    if target_os == "macos" {
+        let target_dir_exists = build_dir
+            .try_exists()
+            .expect("failed to check existence of target dir");
+
+        if !target_dir_exists {
+            build_dir.pop();
+            build_dir.push("universal-apple-darwin");
+        }
+    }
+
+    println!("cargo::rustc-link-search={}", build_dir.display());
+
+    let link_type = match target_os.as_str() {
+        "android" => "",
+        "linux" | "macos" | "ios" => "=static",
+        "windows" => "dylib",
+        _ => panic!("Unsupported platform: {}", target_os),
+    };
+    println!("cargo:rustc-link-lib{}=wg", link_type);
+
     Ok(())
 }
diff --git a/nym-vpn-core/crates/nym-vpnd/build.rs b/nym-vpn-core/crates/nym-vpnd/build.rs
@@ -1,6 +1,7 @@
 // Copyright 2024 - Nym Technologies SA <[email protected]>
 // SPDX-License-Identifier: GPL-3.0-only
 
+use std::{env, path::PathBuf};
 use vergen::EmitBuilder;
 
 fn main() -> Result<(), Box<dyn std::error::Error>> {
@@ -11,5 +12,39 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .all_cargo()
         .emit()
         .expect("failed to extract build metadata");
+
+    let manifest_path = env::var_os("CARGO_MANIFEST_DIR").expect("manifest dir is not set");
+    let target = env::var("TARGET").expect("target is not set");
+    let target_os = env::var("CARGO_CFG_TARGET_OS").expect("target os is not set");
+
+    let mut build_dir = PathBuf::from(manifest_path)
+        .join("../../../build/lib")
+        .canonicalize()
+        .expect("failed to canonicalize build dir path");
+
+    build_dir.push(target);
+
+    // CI may only provide universal builds
+    if target_os == "macos" {
+        let target_dir_exists = build_dir
+            .try_exists()
+            .expect("failed to check existence of target dir");
+
+        if !target_dir_exists {
+            build_dir.pop();
+            build_dir.push("universal-apple-darwin");
+        }
+    }
+
+    println!("cargo::rustc-link-search={}", build_dir.display());
+
+    let link_type = match target_os.as_str() {
+        "android" => "",
+        "linux" | "macos" | "ios" => "=static",
+        "windows" => "dylib",
+        _ => panic!("Unsupported platform: {}", target_os),
+    };
+    println!("cargo:rustc-link-lib{}=wg", link_type);
+
     Ok(())
 }
diff --git a/nym-vpn-core/crates/nym-wg-go/Cargo.toml b/nym-vpn-core/crates/nym-wg-go/Cargo.toml
@@ -8,6 +8,10 @@ documentation.workspace = true
 edition.workspace = true
 license.workspace = true
 
+[features]
+default = []
+amnezia = []
+
 [dependencies]
 ipnetwork.workspace = true
 thiserror.workspace = true

diff --git a/nym-vpn-core/crates/nym-wg-go/src/netstack.rs b/nym-vpn-core/crates/nym-wg-go/src/netstack.rs
@@ -20,6 +20,8 @@ pub struct InterfaceConfig {
     pub local_addrs: Vec<IpAddr>,
     pub dns_addrs: Vec<IpAddr>,
     pub mtu: u16,
+    #[cfg(feature = "amnezia")]
+    pub azwg_config: Option<AmneziaConfig>,
 }
 
 impl fmt::Debug for InterfaceConfig {
@@ -33,6 +35,47 @@ impl fmt::Debug for InterfaceConfig {
     }
 }
 
+/// Hold Amnezia-wireguard configuration parameters.
+///
+/// All parameters should be the same between Client and Server, except Jc - it can vary.
+///
+/// - Jc — 1 ≤ Jc ≤ 128; recommended range is from 3 to 10 inclusive
+/// - Jmin — Jmin < Jmax; recommended value is 50
+/// - Jmax — Jmin < Jmax ≤ 1280; recommended value is 1000
+/// - S1 — S1 < 1280; S1 + 56 ≠ S2; recommended range is from 15 to 150 inclusive
+/// - S2 — S2 < 1280; recommended range is from 15 to 150 inclusive
+/// - H1/H2/H3/H4 — must be unique among each other;
+///     recommended range is from 5 to 2_147_483_647  (2^31 - 1   i.e. signed 32 bit int) inclusive
+#[cfg(feature = "amnezia")]
+#[derive(Debug)]
+pub struct AmneziaConfig {
+    pub junk_packet_count: i32,              // Jc
+    pub junk_packet_min_size: i32,           // Jmin
+    pub junk_packet_max_size: i32,           // Jmax
+    pub init_packet_junk_size: i32,          // S0
+    pub response_packet_junk_size: i32,      // S1
+    pub init_packet_magic_header: u32,       // H1
+    pub response_packet_magic_header: u32,   // H2
+    pub under_load_packet_magic_header: u32, // H3
+    pub transport_packet_magic_header: u32,  // H4
+}
+
+#[cfg(feature = "amnezia")]
+impl Default for AmneziaConfig {
+    fn default() -> Self {
+        Self {
+            junk_packet_count: 4_i32,
+            junk_packet_min_size: 40_i32,
+            junk_packet_max_size: 70_i32,
+            init_packet_junk_size: 0_i32,
+            response_packet_junk_size: 0_i32,
+            init_packet_magic_header: 1_u32,
+            response_packet_magic_header: 2_u32,
+            under_load_packet_magic_header: 3_u32,
+            transport_packet_magic_header: 4_u32,
+        }
+    }
+}
 /// Netstack configuration.
 #[derive(Debug)]
 pub struct Config {

diff --git a/nym-vpn-core/crates/nym-wg-go/src/wireguard_go.rs b/nym-vpn-core/crates/nym-wg-go/src/wireguard_go.rs
@@ -20,6 +20,8 @@ pub struct InterfaceConfig {
     pub mtu: u16,
     #[cfg(target_os = "linux")]
     pub fwmark: Option<u32>,
+    #[cfg(feature = "amnezia")]
+    pub azwg_config: Option<AmneziaConfig>,
 }
 
 impl fmt::Debug for InterfaceConfig {
@@ -33,6 +35,47 @@ impl fmt::Debug for InterfaceConfig {
         d.finish()
     }
 }
+/// Hold Amnezia-wireguard configuration parameters.
+///
+/// All parameters should be the same between Client and Server, except Jc - it can vary.
+///
+/// - Jc — 1 ≤ Jc ≤ 128; recommended range is from 3 to 10 inclusive
+/// - Jmin — Jmin < Jmax; recommended value is 50
+/// - Jmax — Jmin < Jmax ≤ 1280; recommended value is 1000
+/// - S1 — S1 < 1280; S1 + 56 ≠ S2; recommended range is from 15 to 150 inclusive
+/// - S2 — S2 < 1280; recommended range is from 15 to 150 inclusive
+/// - H1/H2/H3/H4 — must be unique among each other;
+///     recommended range is from 5 to 2_147_483_647  (2^31 - 1   i.e. signed 32 bit int) inclusive
+#[cfg(feature = "amnezia")]
+#[derive(Debug)]
+pub struct AmneziaConfig {
+    pub junk_packet_count: i32,              // Jc
+    pub junk_packet_min_size: i32,           // Jmin
+    pub junk_packet_max_size: i32,           // Jmax
+    pub init_packet_junk_size: i32,          // S0
+    pub response_packet_junk_size: i32,      // S1
+    pub init_packet_magic_header: u32,       // H1
+    pub response_packet_magic_header: u32,   // H2
+    pub under_load_packet_magic_header: u32, // H3
+    pub transport_packet_magic_header: u32,  // H4
+}
+
+#[cfg(feature = "amnezia")]
+impl Default for AmneziaConfig {
+    fn default() -> Self {
+        Self {
+            junk_packet_count: 4_i32,
+            junk_packet_min_size: 40_i32,
+            junk_packet_max_size: 70_i32,
+            init_packet_junk_size: 0_i32,
+            response_packet_junk_size: 0_i32,
+            init_packet_magic_header: 1_u32,
+            response_packet_magic_header: 2_u32,
+            under_load_packet_magic_header: 3_u32,
+            transport_packet_magic_header: 4_u32,
+        }
+    }
+}
 
 /// Classic WireGuard configuration.
 #[derive(Debug)]