

Architectural Overview Kick-off Meeting 10/17/2024

#### **Outline**

- Wireguard Protocol
- Target Platform & Requirements
- HW/SW Partitioning
- HW Architecture
- SW Architecture
- Data Flow Example

#### **Wireguard Protocol**

- Stateless UDP-based Protocol + Timestamping
- Simple Two-Step Handshake
  - Curve25519 ECDH Exchange Static Public Keys
  - BLAKE2s MAC-HMAC DoS Mitigation
- ChaCha20-Poly1305 Encryption
- Cryptokey Routing

| $\texttt{type} := \texttt{0x1} \; (1 \; \texttt{byte})$ | $reserved := 0^3 (3 bytes)$ |  |  |  |
|---------------------------------------------------------|-----------------------------|--|--|--|
| $sender := I_i \text{ (4 bytes)}$                       |                             |  |  |  |
| ephemeral (32 bytes)                                    |                             |  |  |  |
| static $(\widehat{32} \text{ bytes})$                   |                             |  |  |  |
| timestamp ( $\widehat{12}$ bytes)                       |                             |  |  |  |
| mac1 (16 bytes)                                         | mac2 (16 bytes)             |  |  |  |
|                                                         | ,                           |  |  |  |

| type := 0x4 (1 byte)                   | $\texttt{reserved} \coloneqq 0^3 \; (3 \; \texttt{bytes})$ |  |  |
|----------------------------------------|------------------------------------------------------------|--|--|
| $receiver := I_{m'} (4 \text{ bytes})$ |                                                            |  |  |
| counter (8 bytes)                      |                                                            |  |  |
| packet $(\widehat{\ P\ }$ bytes)       |                                                            |  |  |





Jason Donenfeld, "WireGuard: Next Generation Kernel Network Tunnel," in *Proceedings of the Network and Distributed System Security Symposium*, NDSS 2017.

| type := 0x2 (1 byte)                | reserved := $0^3$ (3 bytes) |                                            |  |  |  |
|-------------------------------------|-----------------------------|--------------------------------------------|--|--|--|
| $sender := I_r (4 \text{ bytes})$   |                             | receiver $\coloneqq I_i \text{ (4 bytes)}$ |  |  |  |
| ephemeral (32 bytes)                |                             |                                            |  |  |  |
| empty $(\widehat{0} \text{ bytes})$ |                             |                                            |  |  |  |
| mac1 (16 bytes)                     |                             | mac2 (16 bytes)                            |  |  |  |
|                                     |                             |                                            |  |  |  |

### **Target Platform & Requirements**

- ALINX AMD Artix 7 XC7A200T FPGA Development Board
- 4 x Gigabit Ethernet (Realtek RTL8211EG PHY)
- 4 Gbps Encryption/Decryption



|                                  | Part Number                                         | XC7A200T |
|----------------------------------|-----------------------------------------------------|----------|
| Logic<br>Resources               | Logic Cells                                         | 215,360  |
|                                  | Slices                                              | 33,650   |
|                                  | CLB Flip-Flops                                      | 269,200  |
| Memory<br>Resources              | Maximum Distributed RAM (Kb)                        | 2,888    |
|                                  | Block RAM/FIFO w/ ECC (36 Kb each)                  | 365      |
|                                  | Total Block RAM (Kb)                                | 13,140   |
| Clock Resources                  | CMTs (1 MMCM + 1 PLL)                               | 10       |
| 1/0 P                            | Maximum Single-Ended I/O                            | 500      |
| I/O Resources                    | Maximum Differential I/O Pairs                      | 240      |
|                                  | DSP Slices                                          | 740      |
| Embedded<br>Hard IP<br>Resources | PCIe® Gen2 <sup>(1)</sup>                           | 1        |
|                                  | Analog Mixed Signal (AMS) / XADC                    | 1        |
|                                  | Configuration AES / HMAC Blocks                     | 1        |
|                                  | GTP Transceivers (6.6 Gb/s Max Rate) <sup>(2)</sup> | 16       |

# **HW/SW Partitioning**



#### **HW Architecture**



#### **SW Architecture**



#### **Data Flow Example**







## Data Flow Example (1 - 8)



```
Source Port: 43462
     Destination Port: 51820
     Length: 156
     Checksum: 0x14c2 [unverified]
     [Checksum Status: Unverified]
     [Stream index: 0]
   > [Timestamps]

∨ WireGuard Protocol

     Type: Handshake Initiation (1)
     Reserved: 000000
     Sender: 0x30d037d8
  > Ephemeral: X87HyOXI4uP3mJ7vYMIo2CMp1gK2seK7nQaPic+dTUU=
     Encrypted Static
  > Static Public Key: Igge9KzRytKNwrgkzDE/8hrLu6Ly00qVdvOPWhA5KR4=
     Encrypted Timestamp
  > Timestamp: Jul 20, 2018 22:38:51.356537872 UTC
     mac1: 533b01dd965e7ec76976e28f683d6712
  > [Receiver Static Public Key: YDCttCs9e1J52/g9vEnwJJa+2x6RqaayAYMpSVQfGEY=]
     [Stream index: 0]
     [Response in Frame: 2]
                                                  ME2x - m'& Of - p - - ' -
                                                  ·I·(V· & ·v>···S;
                                                  ···^~·iv ··h=g···
10.9.0.1
                                                     10.9.0.2
                         Handshake Initiation, sender=0x30D037D8
                43462 Handshake Response, sender=0xAB7DF406, receive.... 51820
                43462 Transport Data, receiver=0xAB7DF406, counter=0.
```

### Data Flow Example (9 - 18)



# Data Flow Example (19 - 25)



```
Ethernet II, Src: a2:e6:34:94:b5:83 (a2:e6:34:94:b5:83), Dst: 3a:36:e5:bf:5a:f8
> Internet Protocol Version 4, Src: 10.9.0.2, Dst: 10.9.0.1

	✓ User Datagram Protocol, Src Port: 51820, Dst Port: 43462

     Source Port: 51820
     Destination Port: 43462
     Length: 100
     Checksum: 0x148a [unverified]
     [Checksum Status: Unverified]
     [Stream index: 0]
   > [Timestamps]

∨ WireGuard Protocol

     Type: Handshake Response (2)
     Reserved: 000000
     Sender: 0xab7df406
     Receiver: 0x30d037d8
  > Ephemeral: sY1VUL1AQqN6RoI6wI2x7GaDm8DKLWS8Fc2AIytmIy8=
     Encrypted Empty
     [Handshake decryption successful: True]
     mac1: f272214c5260110dc4c61e32cdd85421
   > [Receiver Static Public Kev: Igge9KzRvtKNwrgkzDE/8hrLu6Lv0OqVdvOPWhA5KR4=1
     [Stream index: 0]
     [Response to Frame: 1]
              5d 5f 35 f2 72 21 4c 52 60 11 0d c4 c6
                                                   ·2··T!···
                  10.9.0.1
                                                      10.9.0.2
                         Handshake Initiation, sender=0x30D037D8
                      Handshake Response, sender=0xAB7DF406, receive ... 51820
```

43462 Transport Data, receiver=0xAB7DF406, counter=0, ... 51820

## Data Flow Example (26 - 35)



# Data Flow Example (36 - 40)



# Data Flow Example (41 - 45)



```
> Ethernet II, Src: 3a:36:e5:bf:5a:f8 (3a:36:e5:bf:5a:f8), Dst: a2:e6:34:94:b5:83
> Internet Protocol Version 4, Src: 10.9.0.1, Dst: 10.9.0.2
Source Port: 43462
    Destination Port: 51820
    Length: 136
    Checksum: 0x14ae [unverified]
    [Checksum Status: Unverified]
     [Stream index: 0]
  > [Timestamps]

→ WireGuard Protocol

     Type: Transport Data (4)
    Reserved: 000000
    Receiver: 0xab7df406
    Counter: 0
    Encrypted Packet
    [Stream index: 0]
       7 6c 59 36 28 bf 9d c7 be 03 34 6d 91 2e 91 6
      ad 86 25 45 45 47 01 36 4f 2d 24 86 d7 ce d4 c
                                                  %EEG-6 0-$...
      54 2c e5 47 dd b2 6e f6 a4 6b
```

Plain-text Packet = 84B + 12B (16B alignment) = 96B Encrypted Packet = 96B + 16B Auth. Tag = 112B



# Data Flow Example (46 - 51)



## Data Flow Example (52 - 55)



```
▼ Internet Protocol Version 4, Src: 10.10.0.2, Dst: 10.10.0.1

     0100 .... = Version: 4
     .... 0101 = Header Length: 20 bytes (5)
  > Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
     Total Length: 84
     Identification: 0xe546 (58694)
  > Flags: 0x4000, Don't fragment
     Fragment offset: 0
     Time to live: 64
     Protocol: ICMP (1)
     Header checksum: 0x414c [validation disabled]
     [Header checksum status: Unverified]
     Source: 10.10.0.2
     Destination: 10.10.0.1

▼ Internet Control Message Protocol

     Type: 8 (Echo (ping) request)
     Code: 0
     Checksum: 0xf95c [correct]
     [Checksum Status: Good]
     Identifier (BE): 27648 (0x6c00)
     Identifier (LE): 108 (0x006c)
     Sequence number (BE): 0 (0x0000)
     Sequence number (LE): 0 (0x0000)
     [Response frame: 41
  > Data (56 bytes)
     0050 00 00 00 00
                10.10.0.2
                                             10.10.0.1
                                                               16
                   Echo (ping) request id=0x6c00, seg=0/0, ttl=64 (repl...
```



Thank you!