Mtengo woyambira wa FreeBSD wasinthidwa ndikukhazikitsa kwatsopano kwa VPN WireGuard kutengera code kuchokera ku kernel module yokonzedwa pamodzi ndi magulu otukuka a FreeBSD ndi WireGuard ndi ndemanga zochokera kwa Jason A. Donenfeld, wolemba VPN WireGuard, ndi John H. Baldwin ), katswiri wodziwika bwino wa GDB ndi FreeBSD, yemwe adakhazikitsa chithandizo cha SMP ndi NUMA mu FreeBSD kernel koyambirira kwa 2000s. Dalaivala ikavomerezedwa ku FreeBSD (sys/dev/wg), imapangidwa ndikusungidwa munkhokwe ya FreeBSD kuyambira pano.
Code isanavomerezedwe, kuunikanso kwathunthu kwa zosinthazo kunachitika mothandizidwa ndi FreeBSD Foundation, pomwe kuyanjana kwa dalaivala ndi magawo ena onse a kernel kudawunikidwanso komanso kuthekera kogwiritsa ntchito zoyambira za cryptographic zoperekedwa ndi kernel idawunikidwa.
Kuti mugwiritse ntchito ma aligorivimu a cryptographic omwe dalaivala amafunikira, API ya FreeBSD kernel crypto subsystem idawonjezedwa, komwe kumangiriza kunawonjezeredwa komwe kumalola kugwiritsa ntchito ma aligorivimu osathandizidwa mu FreeBSD kudzera mu crypto API, pogwiritsa ntchito kukhazikitsidwa kwa ma aligorivimu ofunikira kuchokera ku library ya libsodium. . Mwa ma aligorivimu omwe amapangidwa mu dalaivala, ma code okha owerengera ma hashi a Blake2 ndi omwe atsala, popeza kukhazikitsidwa kwa algorithm iyi yoperekedwa mu FreeBSD kumangiriridwa ndi kukula kokhazikika.
Kuphatikiza apo, pakuwunikanso, kukhathamiritsa kwa ma code kudachitika, zomwe zidapangitsa kuti ziwonjezeke bwino pakugawa katundu pa ma CPU amitundu yambiri (kulumikizana kofanana kwa kumangirira kwa encryption ndi paketi decryption ntchito ku CPU cores kunatsimikizika). Zotsatira zake, kupitilira kwa mapaketi okonza zidabweretsedwa pafupi ndi kukhazikitsidwa kwa dalaivala wa Linux. Khodiyo imaperekanso mwayi wogwiritsa ntchito ossl driver kuti afulumizitse ntchito za encryption.
Mosiyana ndi kuyesa kwam'mbuyomu kuphatikiza WireGuard mu FreeBSD, kukhazikitsa kwatsopano kumagwiritsa ntchito stock wg utility, m'malo mwa mtundu wosinthidwa wa ifconfig, womwe umalola kusinthika kogwirizana pakati pa Linux ndi FreeBSD. Zomwe zimagwiritsidwa ntchito ndi wg, komanso dalaivala, zikuphatikizidwa ndi magwero a FreeBSD, zomwe zimatheka ndi kusintha kwa laisensi ku wg code (code tsopano ikupezeka pansi pa MIT ndi GPL layisensi). Kuyesera komaliza kuphatikizira WireGuard mu FreeBSD kudapangidwa mu 2020, koma kudachitika mwamanyazi, chifukwa chake code yomwe idawonjezedwa kale idachotsedwa chifukwa chotsika kwambiri, kusamalidwa mosasamala, kugwiritsa ntchito ma stubs m'malo mwa macheke, kusakwanira kwa protocol. ndi kuphwanya chilolezo cha GPL.
Kumbukirani kuti VPN WireGuard ikugwiritsidwa ntchito pogwiritsa ntchito njira zamakono zolembera, zimapereka ntchito zapamwamba kwambiri, ndizosavuta kugwiritsa ntchito, zopanda zovuta ndipo zadziwonetsera yokha m'magulu akuluakulu omwe amayendetsa magalimoto ambiri. Ntchitoyi yakhala ikukula kuyambira 2015, idadutsa kafukufuku ndi kutsimikizira njira zolembera zomwe zimagwiritsidwa ntchito. WireGuard amagwiritsa ntchito lingaliro la encryption key routing, zomwe zimaphatikizapo kumanga kiyi yachinsinsi pa intaneti iliyonse ndikugwiritsa ntchito makiyi apagulu kuti amange.
Kusinthana kwa makiyi apagulu kuti akhazikitse kulumikizana kuli kofanana ndi SSH. Kukambilana makiyi ndikulumikizana popanda kugwiritsa ntchito daemon yosiyana, njira ya Noise_IK ya Noise Protocol Framework imagwiritsidwa ntchito, mofanana ndi kusunga authorized_keys mu SSH. Kutumiza kwa data kumachitika kudzera mu encapsulation mu mapaketi a UDP. Imathandizira kusintha adilesi ya IP ya seva ya VPN (kuyendayenda) osasokoneza kulumikizana ndikusinthanso kwa kasitomala.
Kubisa kumagwiritsa ntchito ChaCha20 stream cipher ndi Poly1305 message authentication (MAC) algorithm yopangidwa ndi Daniel J. Bernstein, Tanja Lange, ndi Peter Schwabe. ChaCha20 ndi Poly1305 zimayikidwa ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kuphatikizira chithandizo chapadera cha Hardware. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol mu Curve25519 kukhazikitsa, yomwe idaperekedwanso ndi Daniel Bernstein, imagwiritsidwa ntchito. Kwa hashing, algorithm ya BLAKE2s (RFC7693) imagwiritsidwa ntchito.
Source: opennet.ru