The wireguard_write encryption result is different from the official one

[zxcvbnmkl112]

Hi!

client: windows 10 server : centos 9

I used wireguard.exe and the allowed IP is 8.8.8.8.When I ping 8.8.8.8, I find that the original ICMP packet size is 60bit. 64bit after being encrypted by wireguard.

When I use wireguard_write, I find that it is still 60bit after encryption, and my server is not responding to the package.

My IP packet processing flow: 1.use windivert to get the IP package (60bit)

2. changed the sending address of the IP packet to 10.66.66.2 and recalculated the checksum
3. use wireguard_write to encrypt
4. udp socket send the result of step 3. Is there anything else I need to do?

[zxcvbnmkl112]

This is my code about the handshake：

[zxcvbnmkl112]

i follow this step . https://www.ntkernel.com/boringtun-based-wireguard-client-for-windows/

[alanesmizi]

It could be related to the size of the packet not being 100% Wireguard spec:

https://github.com/cloudflare/boringtun/blob/18eaf59c9c9718850c63e1c82ba933e09224d3dd/boringtun/src/noise/mod.rs#L141

encrypted_static: &src[40..88], // SIZE u8;32, 88-40 = 48 bytes, seems too big for the spec (32) encrypted_timestamp: &src[88..116], // SIZE u8;12, 116-88 = 28 bytes, seems too big for the spec (12)

[zxcvbnmkl112]

It could be related to the size of the packet not being 100% Wireguard spec:

https://github.com/cloudflare/boringtun/blob/18eaf59c9c9718850c63e1c82ba933e09224d3dd/boringtun/src/noise/mod.rs#L141

encrypted_static: &src[40..88], // SIZE u8;32, 88-40 = 48 bytes, seems too big for the spec (32) encrypted_timestamp: &src[88..116], // SIZE u8;12, 116-88 = 28 bytes, seems too big for the spec (12)

Is there something wrong with my handshake data? How do I deal with this? Thank you for your reply。

[alanesmizi]

I am afraid you need to do the analysis yourself. It may be related to handshake field length, but this is for you to find out...