David Miller (), yomwe imayang'anira ma network a Linux kernel, ku nthambi yotsatira ndikukhazikitsa mawonekedwe a VPN kuchokera ku polojekitiyi . Kumayambiriro kwa chaka chamawa, zosintha zomwe zidasonkhanitsidwa munthambi yotsatira zipanga maziko otulutsa Linux kernel 5.6.
Kuyesera kukankhira code ya WireGuard mu kernel yayikulu kwapangidwa zaka zingapo zapitazi, koma sizinaphule kanthu chifukwa chomangidwa ndi eni ake a ntchito za cryptographic zomwe zidagwiritsidwa ntchito kupititsa patsogolo ntchito. Poyamba, ntchito izi zinali kwa kernel monga zina otsika mlingo Zinc API, amene potsiriza atha m'malo muyezo Crypto API.
Kutsatira zokambirana pamsonkhano wa Kernel Recipes, omwe amapanga WireGuard mu Seputembala tumizani zigamba zanu kuti mugwiritse ntchito Crypto API yomwe ilipo pachimake, pomwe opanga ma WireGuard ali ndi madandaulo pankhani ya magwiridwe antchito ndi chitetezo chonse. Anaganiza zopitiliza kupanga Zinc API, koma ngati projekiti yosiyana.
Mu Novembala, opanga kernel poyankha kunyengerera ndikuvomera kusamutsa gawo la code kuchokera ku Zinc kupita ku kernel yayikulu. Kwenikweni, zigawo zina za Zinc zidzasunthidwa pachimake, koma osati ngati API yosiyana, koma monga gawo la Crypto API subsystem. Mwachitsanzo, Crypto API kale kukhazikitsa mwachangu kwa ChaCha20 ndi Poly1305 ma aligorivimu okonzedwa mu WireGuard.
Pokhudzana ndi kuperekedwa kwakubwera kwa WireGuard pachimake chachikulu, woyambitsa polojekitiyi za kukonzanso kosungirako. Kuti muchepetse chitukuko, malo osungiramo monolithic "WireGuard.git", omwe adapangidwa kuti azikhala pawokha, asinthidwa ndi nkhokwe zitatu zosiyana, zoyenera kukonzekera ntchito ndi code mu kernel yayikulu:
- - mtengo wamphumphu wathunthu wokhala ndi zosintha kuchokera ku projekiti ya Wireguard, zigamba zomwe zimawunikiridwa kuti ziphatikizidwe mu kernel ndikusamutsidwa pafupipafupi kunthambi / ukonde-nthambi zotsatira.
- - malo osungiramo zofunikira ndi zolemba zomwe zimayendetsedwa pamalo ogwiritsira ntchito, monga wg ndi wg-mwamsanga. Malo osungira angagwiritsidwe ntchito kupanga mapepala ogawa.
- - malo osungiramo ma module, operekedwa mosiyana ndi kernel komanso kuphatikiza compat.h wosanjikiza kuti zitsimikizire kuti zimagwirizana ndi maso akale. Kukula kwakukulu kudzachitika mu wireguard-linux.git repository, koma bola ngati pali mwayi ndi zosowa pakati pa ogwiritsa ntchito, mtundu wina wa zigamba udzathandizidwanso mu mawonekedwe ogwirira ntchito.
Tiyeni tikukumbutseni kuti VPN WireGuard ikugwiritsidwa ntchito pamaziko a njira zamakono zolembera, zimapereka ntchito zapamwamba kwambiri, ndizosavuta kugwiritsa ntchito, zopanda mavuto ndipo zadziwonetsera yokha m'magulu angapo akuluakulu omwe amayendetsa magalimoto ambiri. Ntchitoyi yakhala ikukula kuyambira 2015, idawunikidwa komanso njira zama encryption zomwe zimagwiritsidwa ntchito. Thandizo la WireGuard laphatikizidwa kale mu NetworkManager ndi systemd, ndipo zigamba za kernel zikuphatikizidwa mu magawo oyambira. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard amagwiritsa ntchito lingaliro la makiyi achinsinsi, omwe amaphatikiza kuyika kiyi yachinsinsi pa intaneti iliyonse ndikuigwiritsa ntchito kumanga makiyi a anthu onse. Makiyi apagulu amasinthidwa kuti akhazikitse kulumikizana mofanana ndi SSH. Kukambilana makiyi ndikulumikizana popanda kugwiritsa ntchito daemon yosiyana m'malo ogwiritsa ntchito, makina a Noise_IK kuchokera zofanana ndi kusunga authorized_keys mu SSH. Kutumiza kwa data kumachitika kudzera mu encapsulation mu mapaketi a UDP. Imathandizira kusintha adilesi ya IP ya seva ya VPN (kuyendayenda) popanda kulumikiza kulumikizana ndikukonzanso kasitomala.
Za kubisa mtsinje cipher ndi algorithm yotsimikizira uthenga (MAC) , lopangidwa ndi Daniel Bernstein (), Tanya Lange
(Tanja Lange) ndi Peter Schwabe. ChaCha20 ndi Poly1305 zili pabwino ngati ma analogue othamanga komanso otetezeka a AES-256-CTR ndi HMAC, kukhazikitsidwa kwa mapulogalamu omwe amalola kukwaniritsa nthawi yokhazikika popanda kugwiritsa ntchito zida zapadera zothandizira. Kuti mupange kiyi yachinsinsi yogawana, elliptic curve Diffie-Hellman protocol imagwiritsidwa ntchito pakukhazikitsa , yomwe idaperekedwanso ndi Daniel Bernstein. Algorithm yomwe imagwiritsidwa ntchito pa hashing ndi .
pa Performance WireGuard idawonetsa kuchulukira kuwirikiza ka 3.9 ndi kuyankha kokwera ka 3.8 poyerekeza ndi OpenVPN (256-bit AES yokhala ndi HMAC-SHA2-256). Poyerekeza ndi IPsec (256-bit ChaCha20+Poly1305 ndi AES-256-GCM-128), WireGuard ikuwonetsa kusintha pang'ono (13-18%) ndi latency yotsika (21-23%). Mayeserowo anachitidwa pogwiritsa ntchito kukhazikitsidwa kwachangu kwa ma aligorivimu achinsinsi opangidwa ndi pulojekitiyi - kusamutsa ku Crypto API ya kernel kungayambitse ntchito yoipitsitsa.
Source: opennet.ru