Expand description
WireGuard VPN tunnel implementation
Implements the WireGuard protocol (Noise_IKpsk2 handshake pattern) for secure VPN tunneling. Provides:
- BLAKE2s hash function (RFC 7693)
- Noise IK handshake with pre-shared key
- ChaCha20-Poly1305 AEAD transport encryption
- Anti-replay sliding window
- Peer management with key rotation
- Virtual network interface (wg0)
- Timer-based session management
Structs§
- Allowed
Ip - Allowed IP range for a peer
- Anti
Replay Window - Sliding-window anti-replay mechanism (2048-bit bitmap)
- Handshake
Context - Handshake context for Noise_IKpsk2
- Peer
Timers - Timer state for a peer
- Session
Keys - Session keys derived from handshake
- Wire
Guard Interface - WireGuard virtual network interface (wg0)
- Wire
Guard Peer - WireGuard peer
- X25519
KeyPair - X25519 key pair (Curve25519 Diffie-Hellman)
Enums§
- Handshake
State - Handshake state machine
- Timer
Event - Timer events for WireGuard session management
- Wire
Guard Error - WireGuard protocol errors
Constants§
- DEFAULT_
PORT - Default WireGuard UDP port
Functions§
- blake2s
- Compute BLAKE2s hash of data with given output length
- blake2s_
keyed - Compute keyed BLAKE2s hash
- check_
peer_ timers - Check timer events for a peer
- decrypt_
transport - Decrypt a transport data packet
- encrypt_
transport - Encrypt a transport data packet
- hmac_
blake2s - HMAC-BLAKE2s: delegates to
HmacAlgorithm::HmacBlake2s