David Miller (), which is responsible for the network subsystem of the Linux kernel, to the net-next branch with the implementation of the VPN interface from the project . Early next year, the changes accumulated in the net-next branch will form the basis for the release of the Linux 5.6 kernel.
Attempts to promote the WireGuard code into the main kernel have been made over the past few years, but have been unsuccessful due to being tied to native implementations of cryptographic functions that were used to improve performance. Initially, these functions were for the kernel as an additional low-level Zinc API, which over time could replace the regular Crypto API.
After negotiations at the Kernel Recipes conference, the creators of WireGuard in September transfer their patches to use the Crypto API available in the core, to which WireGuard developers have claims in the field of performance and general security. It was decided to continue developing the Zinc API, but as a separate project.
In November, kernel developers for a reciprocal compromise and agreed to transfer part of the code from Zinc to the main core. In fact, some Zinc components will be moved to the core, not as a separate API, but as part of the Crypto API subsystem. For example, in Crypto API already fast implementations of the ChaCha20 and Poly1305 algorithms prepared in WireGuard.
In connection with the upcoming delivery of WireGuard in the main composition of the kernel, the founder of the project about the restructuring of the repository. To simplify development, the monolithic "WireGuard.git" repository, which was designed to exist in isolation, will be replaced by three separate repositories, better suited for organizing work with code in the main core:
- - a complete kernel tree with changes from the Wireguard project, patches from which will be reviewed for inclusion in the kernel and regularly transferred to the net / net-next branches.
- is a repository for userspace-run utilities and scripts such as wg and wg-quick. The repository can be used to create packages for distributions.
- - a repository with a module variant shipped separately from the kernel and including the compat.h layer to ensure compatibility with older kernels. The main development will be carried out in the wireguard-linux.git repository, but as long as there is an opportunity and a need for users, a separate version of the patches will also be supported in working form.
Recall that VPN WireGuard is implemented on the basis of modern encryption methods, provides very high performance, is easy to use, devoid of complications and has proven itself in a number of large deployments that process large amounts of traffic. The project has been developing since 2015, passed the audit and the encryption methods used. WireGuard support is already integrated into NetworkManager and systemd, and kernel patches are included in the base distributions , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, и .
WireGuard uses the concept of encryption key routing, which involves binding a private key to each network interface and using public keys to bind. The exchange of public keys to establish a connection is similar to SSH. To negotiate keys and connect without running a separate user-space daemon, the Noise_IK mechanism from , similar to maintaining authorized_keys in SSH. Data transmission is carried out through encapsulation in UDP packets. It supports changing the IP address of the VPN server (roaming) without disconnecting the connection and automatically reconfiguring the client.
For encryption stream cipher and Message Authentication Algorithm (MAC) , designed by Daniel Bernstein (), Tanya Lange
(Tanja Lange) and Peter Schwabe (Peter Schwabe). ChaCha20 and Poly1305 are positioned as faster and more secure analogues of AES-256-CTR and HMAC, the software implementation of which allows achieving a fixed execution time without involving special hardware support. To generate a shared secret key, the Diffie-Hellman protocol on elliptic curves is used in the implementation , also proposed by Daniel Bernstein. Algorithm used for hashing .
RџSЂRё WireGuard demonstrated 3.9 times higher throughput and 3.8 times higher responsiveness than OpenVPN (256-bit AES with HMAC-SHA2-256). Compared to IPsec (256-bit ChaCha20+Poly1305 and AES-256-GCM-128), WireGuard has a slight performance advantage (13-18%) and latency reduction (21-23%). The tests were performed using the fast implementations of encryption algorithms developed by the project - switching to the regular Crypto API of the kernel may lead to a deterioration in performance.
Source: opennet.ru