trombik · Jauler · Dec 28, 2023 · Dec 29, 2023 · Dec 29, 2023 · Dec 29, 2023
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 /examples/*/sdkconfig
 /examples/*/sdkconfig.*
 /examples/*/.vagrant/
+/.vscode
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "files.associations": {
+        "wireguard.h": "c"
+    }
+}
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -1,5 +1,6 @@
 idf_component_register(
     SRCS "src/crypto.c"
+         "src/derp.c"
          "src/wireguard.c"
          "src/wireguardif.c"
          "src/wireguard-platform.c"
@@ -12,7 +13,7 @@ idf_component_register(
          "src/nacl/crypto_scalarmult/curve25519/ref/smult.c"
     INCLUDE_DIRS "include"
     PRIV_INCLUDE_DIRS "src"
-    REQUIRES esp_netif lwip mbedtls)
+    REQUIRES esp_netif esp-tls libsodium lwip mbedtls)
 
 if(${IDF_VERSION_MAJOR} STREQUAL 5)
     set_source_files_properties(src/crypto/refc/x25519.c

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,65 @@
+FROM ubuntu:22.04
+
+ENV EXPECTED_ESP_IDF_COMMIT = "38eeba213aa695aabfd6d89aa9f5078dbe5a94c3"
+
+RUN apt-get update && apt-get install -y \
+                    git \
+                    wget \
+                    flex \
+                    bison \
+                    gperf \
+                    python3 \
+                    python3-pip \
+                    python3-venv \
+                    python3-setuptools \
+                    cmake \
+                    ccache \
+                    libffi-dev \
+                    libssl-dev \
+                    dfu-util \
+                    libusb-1.0-0 \
+                    libgcrypt-dev \
+                    libglib2.0-dev \
+                    libfdt-dev \
+                    libpixman-1-dev \
+                    zlib1g-dev \
+                    ninja-build \
+                    libslirp-dev
+
+RUN mkdir -p ~/esp \
+    && cd ~/esp \
+    && git clone --depth 1 -b v4.4.7 --recursive https://github.com/espressif/esp-idf.git
+
+# Verify the esp-idf commit
+RUN cd ~/esp/esp-idf \
+    && ESP_IDF_COMMIT=$(git rev-parse HEAD) \
+    && if [ $ESP_IDF_COMMIT != $EXPECTED_ESP_IDF_COMMIT ]; then \
+           echo "ESP IDF commit hash verification failed: expected $EXPECTED_ESP_IDF_COMMIT but got $ESP_IDF_COMMIT" >&2; \
+           exit 1; \
+       fi
+
+RUN cd ~/esp/esp-idf \
+    && ./install.sh \
+    && /bin/bash -c "source ./export.sh"
+
+RUN echo 'source /root/esp/esp-idf/export.sh' >> $HOME/.bashrc
+
+RUN mkdir -p ~/qemu && cd ~/qemu && git clone --depth 1 -b esp-develop-9.0.0-20240606 --recursive https://github.com/espressif/qemu.git && cd qemu \
+    && mkdir build && cd build \
+    && ../configure  --target-list=xtensa-softmmu --enable-gcrypt --enable-slirp --enable-debug --enable-sanitizers --disable-sdl --disable-strip --disable-user --disable-capstone --disable-vnc --disable-gtk \
+    && cd .. \
+    && ninja -C build \
+    && ninja -C build install
+
+WORKDIR /root
+
+ENV PROJECT_ROOT=/root/esp/esp_wireguard
+ENV EXAMPLE_PATH=$PROJECT_ROOT/examples/demo_qemu
+
+COPY . $PROJECT_ROOT
+
+WORKDIR $EXAMPLE_PATH
+
+RUN ["/bin/bash", "-c", "source /root/esp/esp-idf/export.sh && idf.py build && cd build && esptool.py --chip esp32 merge_bin --fill-flash-size 4MB -o flash_image.bin @flash_args"]
+
+CMD ["/bin/bash", "-c", "/root/qemu/qemu/build/qemu-system-xtensa -nic user,model=open_eth,id=lo0 -no-reboot -nographic -machine esp32 -drive file=${EXAMPLE_PATH}/build/flash_image.bin,if=mtd,format=raw"]
diff --git a/Kconfig b/Kconfig
@@ -2,16 +2,18 @@ menu "WireGuard"
 
 choice WIREGUARD_ESP_ADAPTER_SELECTION
     prompt "TCP/IP adapter to use"
-    default WIREGUARD_ESP_NETIF
+    default WIREGUARD_ESP_NETIF_WIFI
     config WIREGUARD_ESP_TCPIP_ADAPTER
         bool "TCP/IP Adapter (pre esp-idf v4.1, ESP8266 RTOS SDK)"
-    config WIREGUARD_ESP_NETIF
+    config WIREGUARD_ESP_NETIF_WIFI
         bool "ESP-NETIF"
+    config WIREGUARD_ESP_NETIF_ETHERNET
+        bool "ESP-NETIF ETHERNET"
 endchoice
 
 config WIREGUARD_MAX_PEERS
     int "Max number of peers"
-    default 1
+    default 2
 
 config WIREGUARD_MAX_SRC_IPS
 	int "Max number of SRC IP addresses"

diff --git a/README.md b/README.md
@@ -57,8 +57,6 @@ wg_config.listen_port = CONFIG_WG_LOCAL_PORT;
 wg_config.public_key = CONFIG_WG_PEER_PUBLIC_KEY;
 wg_config.allowed_ip = CONFIG_WG_LOCAL_IP_ADDRESS;
 wg_config.allowed_ip_mask = CONFIG_WG_LOCAL_IP_NETMASK;
-wg_config.endpoint = CONFIG_WG_PEER_ADDRESS;
-wg_config.port = CONFIG_WG_PEER_PORT;
 
 /* If the device is behind NAT or stateful firewall, set persistent_keepalive.
    persistent_keepalive is disabled by default */

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,49 @@
+networks:
+  esp_wireguard_network:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.18.0.0/16
+
+x-wireguard:
+  &wireguard
+  build:
+    context: ./examples/demo_qemu/wireguard_peer
+    dockerfile: Dockerfile
+  image: wireguard
+  networks:
+    esp_wireguard_network:
+  privileged: true
+  tty: true
+
+services:
+  wireguard_peer1:
+    <<: *wireguard
+    container_name: wireguard_peer1
+    volumes:
+      - ${PWD}/examples/demo_qemu/wireguard_peer/peer1/wg0.conf:/etc/wireguard/wg0.conf
+    networks:
+      esp_wireguard_network:
+        ipv4_address: 172.18.0.3
+
+  wireguard_peer2:
+    <<: *wireguard
+    container_name: wireguard_peer2
+    volumes:
+      - ${PWD}/examples/demo_qemu/wireguard_peer/peer2/wg0.conf:/etc/wireguard/wg0.conf
+    networks:
+      esp_wireguard_network:
+        ipv4_address: 172.18.0.5
+
+  esp_wireguard_examples_demo:
+    build:
+      context: ./
+      dockerfile: Dockerfile
+    image: esp_wireguard
+    container_name: esp_wireguard_client
+    networks:
+      esp_wireguard_network:
+        ipv4_address: 172.18.0.4
+    privileged: true
+    stdin_open: true
+    tty: true
diff --git a/examples/demo/main/Kconfig.projbuild b/examples/demo/main/Kconfig.projbuild
@@ -21,51 +21,69 @@ menu "Example Configuration"
 
     config WG_PRIVATE_KEY
         string "Wireguard Private Key"
-        default "IsvT72MAXzA8EtV0FSD1QT59B4x0oe6Uea5rd/dDzhE="
+        default "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
         help
             Private key of the WireGuard device.
 
     config WG_LOCAL_IP_ADDRESS
         string "Wireguard local IP address"
-        default "192.168.4.58"
+        default "10.0.0.2"
         help
             Local IP address of the WireGuard device.
 
     config WG_LOCAL_IP_NETMASK
         string "Wireguard local netmask"
-        default "255.255.255.0"
+        default "255.255.255.255"
         help
             Netmask of the local network the WireGuard device belongs to.
 
     config WG_LOCAL_PORT
         int "Wireguard local port"
-        default 11010
+        default 53820
         help
             Local port to listen.
 
-    config WG_PEER_PUBLIC_KEY
+    config WG_PEER_ONE_PUBLIC_KEY
         string "Wireguard remote peer public key"
-        default "FjrsQ/HD1Q8fUlFILIasDlOuajMeZov4NGqMJpkswiw="
+        default "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
         help
-            Public key of the remote peer.
+            Public key of the 1st remote peer.
+
+    config WG_PEER_TWO_PUBLIC_KEY
+        string "Wireguard remote peer public key"
+        default "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
+        help
+            Public key of the 2nd remote peer.
 
     config WG_PRESHARED_KEY
         string "Wireguard pre-shared symmetric key"
-        default "0/2H97Sd5EJ9LAAAYUglVjPYv7ihNIm/ziuv6BtSI50="
+        default ""
         help
             Public key of the remote peer.
 
-    config WG_PEER_ADDRESS
+    config WG_PEER_ONE_ADDRESS
+        string "Wireguard remote peer address"
+        default "10.0.0.1"
+        help
+            Address of the 1st remote peer.
+
+    config WG_PEER_TWO_ADDRESS
         string "Wireguard remote peer address"
-        default "demo.wireguard.com"
+        default "10.0.0.3"
         help
-            Address of the remote peer.
+            Address of the 2nd remote peer.
 
-    config WG_PEER_PORT
-        int "Wireguard remote peer port"
-        default 12912
+    config WG_PEER_ONE_MASK
+        string "Wireguard remote peer net mask"
+        default "255.255.255.255"
         help
-            Port number of the remote peer.
+            Address of the 1st remote peer netmask
+
+    config WG_PEER_TWO_MASK
+        string "Wireguard remote peer net mask"
+        default "255.255.255.255"
+        help
+            Address of the 2nd remote peer netmask
 
     config WG_PERSISTENT_KEEP_ALIVE
         int "Interval to send an authenticated empty packet"
@@ -74,9 +92,10 @@ menu "Example Configuration"
             A seconds interval, between 1 and 65535 inclusive, of how often to
             send an authenticated empty packet to the peer for the purpose of
             keeping a stateful firewall or NAT mapping valid persistently
-    config EXAMPLE_PING_ADDRESS
+
+    config EXAMPLE_FALSE_ADDRESS
         string "Target IP address or name"
-        default "192.168.4.254"
+        default "10.0.2.3"
         help
             Target IP address to send ICMP echo requests.
 endmenu