README
¶
RuWireGuard-Go
This is a reference implementation of the Ru-WireGuard protocol in Go.
Ru-WireGuard-Go is a WireGuard-Go fork.
It has the same semantics as the original WireGuard protocol but employs the cryptographic algorithms defined by the Russian national standards (GOST).
Warnings
- Maturity: The code is experimental. You must not use this in production
- Audit: The code is not audited
- Stability: Breaking changes are expected
- Performance: elliptic curve and MGM implementations are extremely slow
Goals
At the present time, the main goal of the project is to provide an implementation of the core protocol with GOST primitives. Formal verification, high-performance and stable cross-platform usage are out of the scope.
Dependencies
RuWireGuard-Go relies on the following packages:
Quickstart
Build
make
Test
make gotest
Protocol Benchmark
make tests
Contributing
Ru-WireGuard-Go welcomes contributions.
Usage
Most Linux kernel WireGuard users are used to adding an interface with ip link add wg0 type wireguard. With wireguard-go, instead simply run:
$ wireguard-go wg0
This will create an interface and fork into the background. To remove the interface, use the usual ip link del wg0, or if your system does not support removing interfaces directly, you may instead remove the control socket via rm -f /var/run/wireguard/wg0.sock, which will result in wireguard-go shutting down.
To run wireguard-go without forking to the background, pass -f or --foreground:
$ wireguard-go -f wg0
When an interface is running, you may use wg(8) to configure it, as well as the usual ip(8) and ifconfig(8) commands.
To run with more logging you may set the environment variable LOG_LEVEL=debug.
Platforms
Linux
This will run on Linux; however you should instead use the kernel module, which is faster and better integrated into the OS. See the installation page for instructions.
macOS
This runs on macOS using the utun driver. It does not yet support sticky sockets, and won't support fwmarks because of Darwin limitations. Since the utun driver cannot have arbitrary interface names, you must either use utun[0-9]+ for an explicit interface name or utun to have the kernel select one for you. If you choose utun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.
Windows
This runs on Windows, but you should instead use it from the more fully featured Windows app, which uses this as a module.
FreeBSD
This will run on FreeBSD. It does not yet support sticky sockets. Fwmark is mapped to SO_USER_COOKIE.
OpenBSD
This will run on OpenBSD. It does not yet support sticky sockets. Fwmark is mapped to SO_RTABLE. Since the tun driver cannot have arbitrary interface names, you must either use tun[0-9]+ for an explicit interface name or tun to have the program select one for you. If you choose tun as the interface name, and the environment variable WG_TUN_NAME_FILE is defined, then the actual name of the interface chosen by the kernel is written to the file specified by that variable.
License
Copyright (C) 2017-2020 WireGuard LLC. All Rights Reserved.
Copyright (C) 2020 BI.ZONE LLC. All Rights Reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Documentation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
Package conn implements WireGuard's network connections.
|
Package conn implements WireGuard's network connections. |
|
crypto
|
|
|
gost/gost3410
GOST R 34.10-2001 (RFC 5832), GOST R 34.10-2012 (RFC 7091) signature algorithms and VKO GOST R 34.10-2001 (RFC 4357), VKO GOST R 34.10-2012 (RFC 7836) key agreement algorithms.
|
GOST R 34.10-2001 (RFC 5832), GOST R 34.10-2012 (RFC 7091) signature algorithms and VKO GOST R 34.10-2001 (RFC 4357), VKO GOST R 34.10-2012 (RFC 7836) key agreement algorithms. |
|
gost/gost34112012256
GOST R 34.11-2012 256-bit hash function.
|
GOST R 34.11-2012 256-bit hash function. |
|
gost/gost34112012512
GOST R 34.11-2012 512-bit hash function.
|
GOST R 34.11-2012 512-bit hash function. |
|
gost/gost3412128
GOST 34.12-2015 128-bit (Кузнечик (Kuznechik)) block cipher.
|
GOST 34.12-2015 128-bit (Кузнечик (Kuznechik)) block cipher. |
|
gost/internal/gost34112012
GOST R 34.11-2012 hash function.
|
GOST R 34.11-2012 hash function. |
|
gosthopper
/\_/\ ( 0.0 ) = ^ = /|_|\ (") (")=~ ~= GOSTHopper =~ Implementation of block cipher Kuznyechik, GOST R 34.12-2015 Author: Alexander Venedioukhin, dxdt.ru Date: 17/02/2019 Free software, distribution unlimited.
|
/\_/\ ( 0.0 ) = ^ = /|_|\ (") (")=~ ~= GOSTHopper =~ Implementation of block cipher Kuznyechik, GOST R 34.12-2015 Author: Alexander Venedioukhin, dxdt.ru Date: 17/02/2019 Free software, distribution unlimited. |
|
mgm
Package mgm provides a custom implementation of Multilinear Galois Mode (MGM) suitable for RU-WireGuard.
|
Package mgm provides a custom implementation of Multilinear Galois Mode (MGM) suitable for RU-WireGuard. |
|
SPDX-License-Identifier: MIT * * Copyright (C) 2020 BI.ZONE LLC.
|
SPDX-License-Identifier: MIT * * Copyright (C) 2020 BI.ZONE LLC. |
|
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479.
|
Package replay implements an efficient anti-replay algorithm as specified in RFC 6479. |
|
Package rwcancel implements cancelable read/write operations on a file descriptor.
|
Package rwcancel implements cancelable read/write operations on a file descriptor. |
|
Package wgctrl enables control of WireGuard devices on multiple platforms.
|
Package wgctrl enables control of WireGuard devices on multiple platforms. |
|
internal/wginternal
Package wginternal contains shared internal types for wgctrl.
|
Package wginternal contains shared internal types for wgctrl. |
|
internal/wgtest
Package wgtest contains shared testing utilities for package wgctrl.
|
Package wgtest contains shared testing utilities for package wgctrl. |
|
internal/wguser
Package wguser provides internal access to the userspace WireGuard configuration protocol interface.
|
Package wguser provides internal access to the userspace WireGuard configuration protocol interface. |
|
wgtypes
Package wgtypes provides shared types for the wgctrl family of packages.
|
Package wgtypes provides shared types for the wgctrl family of packages. |