Mtengo wa FreeBSD wasinthidwa ndi kukhazikitsa kwatsopano kwa VPN. WireGuard, kutengera code ya kernel module yokonzedwa pamodzi ndi magulu opanga chitukuko cha FreeBSD ndi WireGuard yokhala ndi Jason A. Donenfeld, wolemba VPN WireGuard, ndi John H. Baldwin, katswiri wodziwika bwino wa GDB ndi FreeBSD yemwe adakhazikitsa thandizo la SMP ndi NUMA mu kernel ya FreeBSD kumayambiriro kwa zaka za m'ma 2000. Dalaivala ikavomerezedwa mu FreeBSD (sys/dev/wg), kupangidwa kwake ndi kukonzedwa kwake tsopano kudzachitika mu malo osungira a FreeBSD.
Code isanavomerezedwe, kuunikanso kwathunthu kwa zosinthazo kunachitika mothandizidwa ndi FreeBSD Foundation, pomwe kuyanjana kwa dalaivala ndi magawo ena onse a kernel kudawunikidwanso komanso kuthekera kogwiritsa ntchito zoyambira za cryptographic zoperekedwa ndi kernel idawunikidwa.
Kuti mugwiritse ntchito ma aligorivimu a cryptographic omwe dalaivala amafunikira, API ya FreeBSD kernel crypto subsystem idawonjezedwa, komwe kumangiriza kunawonjezeredwa komwe kumalola kugwiritsa ntchito ma aligorivimu osathandizidwa mu FreeBSD kudzera mu crypto API, pogwiritsa ntchito kukhazikitsidwa kwa ma aligorivimu ofunikira kuchokera ku library ya libsodium. . Mwa ma aligorivimu omwe amapangidwa mu dalaivala, ma code okha owerengera ma hashi a Blake2 ndi omwe atsala, popeza kukhazikitsidwa kwa algorithm iyi yoperekedwa mu FreeBSD kumangiriridwa ndi kukula kokhazikika.
Kuphatikiza apo, panthawi yowunikiranso, kukonza ma code kunachitika kuti kuwonjezere magwiridwe antchito a kugawa katundu pa ma CPU ambiri (kutsimikizira kulinganiza kofanana kwa ntchito zobisa ndi kuchotsa ma code pa ma CPU onse). Zotsatira zake, ntchito yokonza ma code inayatsidwa pafupi ndi momwe dalaivala amagwirira ntchito. LinuxKhodiyi imaperekanso mwayi wogwiritsa ntchito dalaivala wa ossl kuti mufulumizitse ntchito zobisa.
Mosiyana ndi kuyesa koyambirira kophatikizana WireGuard Mu FreeBSD, kukhazikitsa kwatsopano kumagwiritsa ntchito standard wg utility, m'malo mwa mtundu wosinthidwa wa ifconfig, womwe unapangitsa kuti zikhale zotheka kuphatikiza kasinthidwe mu Linux ndi FreeBSD. Wg utility, monga driver, ikuphatikizidwa mu FreeBSD source code, yomwe idatheka chifukwa chosintha wg code laisensi (khodiyi tsopano ikupezeka pansi pa MIT ndi GPL licenses). Kuyesa kwakale kuphatikiza WireGuard Kuyesa kuphatikiza FreeBSD kunachitika mu 2020, koma kunatha ndi mkangano, pomwe khodiyo idawonjezedwa kale chifukwa cha khalidwe loipa, kusagwiritsa ntchito bwino buffer, kugwiritsa ntchito stubs m'malo mwa macheke, kusakwaniritsa protocol, komanso kuphwanya malamulo a GPL.
Kumbukirani kuti VPN WireGuard Pogwiritsa ntchito njira zamakono zobisa, imapereka magwiridwe antchito apamwamba kwambiri, ndi yosavuta kugwiritsa ntchito, ilibe zovuta, ndipo yadziwonetsa yokha m'magawo ambiri akuluakulu omwe amasamalira kuchuluka kwa anthu omwe amalowa. Pulojekitiyi yakhala ikupangidwa kuyambira 2015 ndipo yawunikidwa ndikutsimikiziridwa mwalamulo kwa njira zake zobisa. WireGuard Lingaliro la njira yolumikizira makiyi limagwiritsidwa ntchito, lomwe limaphatikizapo kumangirira kiyi yachinsinsi ku mawonekedwe aliwonse a netiweki ndikugwiritsa ntchito makiyi apagulu pomangirira.
Kusinthana kwa makiyi a anthu onse kuti akhazikitse kulumikizana kuli kofanana ndi SSH. Kuti mulumikizane makiyi ndikulumikiza popanda kugwiritsa ntchito daemon yosiyana pamalo ogwiritsira ntchito, njira ya Noise_IK kuchokera ku Noise Protocol Framework imagwiritsidwa ntchito, mofanana ndi kusamalira makiyi ovomerezeka mu SSH. Kusamutsa deta kumachitika kudzera mu encapsulation mu mapaketi a UDP. Kusintha kumathandizidwa. IP ma adilesi Ma seva a VPN (oyendayenda) popanda kusokoneza kulumikizana ndi kusintha kwa kasitomala wokha.
Kubisa kumagwiritsa ntchito ChaCha20 stream cipher ndi Poly1305 message authentication (MAC) algorithm yopangidwa ndi Daniel J. Bernstein, Tanja Lange, ndi Peter Schwabe. ChaCha20 ndi Poly1305 zimayikidwa ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kuphatikizira chithandizo chapadera cha Hardware. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol mu Curve25519 kukhazikitsa, yomwe idaperekedwanso ndi Daniel Bernstein, imagwiritsidwa ntchito. Kwa hashing, algorithm ya BLAKE2s (RFC7693) imagwiritsidwa ntchito.
Source: opennet.ru
