The FreeBSD source tree yakagadziridzwa nekushandiswa kutsva kweVPN WireGuard, yakavakirwa pakernel module code yakabatanidzwa pamwe chete neiyo core FreeBSD neWireGuard zvikwata zvekusimudzira nemipiro kubva kuna Jason A. Donenfeld, munyori weVPN WireGuard, naJohn H. Baldwin ), mugadziri anozivikanwa weGDB uye FreeBSD, akaita rutsigiro rweSMP neNUMA muFreeBSD kernel mukutanga kwe2000s. Mushure mekunge mutyairi agamuchirwa muFreeBSD (sys/dev/wg), kusimudzirwa kwayo uye gadziriso kubva zvino zvichizoitwa muFreeBSD repository.
Kodhi isati yagamuchirwa, kuongororwa kwakazara kwekuchinja kwakaitwa nerutsigiro rweFreeBSD Foundation, panguva iyo kupindirana kwemutyairi nemamwe ese ekernel subsystems kwakaongororwa zvakare uye mukana wekushandisa cryptographic primitives yakapihwa nekernel. yakaongororwa.
Kuti ushandise cryptographic algorithms inodiwa nemutyairi, iyo API yeFreeBSD kernel crypto-subsystem yakawedzerwa, iyo harness yakawedzerwa iyo inobvumira kushandiswa kwealgorithms isingatsigirwe muFreeBSD kuburikidza neyakajairwa crypto-API, uchishandisa iyo anodiwa algorithms kubva ku libsodium raibhurari. Pamaalgorithms akavakirwa mumutyairi, chete kodhi yekuverenga Blake2 hashes yasara, sezvo kuitwa kweiyi algorithm yakapihwa muFreeBSD yakasungirirwa kune yakatarwa hashi saizi.
Uye zvakare, panguva yekudzokorora maitiro, kodhi optimization yakaitwa, izvo zvakaita kuti zvikwanise kuwedzera kugona kwekugovera mitoro pa-multi-core CPUs (uniform balancing yemugove wepacket encryption uye decryption mabasa kuCPU cores akavimbiswa). Nekuda kweizvozvo, iyo yepamusoro kana kugadzirisa mapaketi yaive padyo neiyo yeLinux mutyairi kuita. Iyo kodhi inopawo kugona kushandisa iyo ossl mutyairi kuti akurumidze encryption mashandiro.
Kusiyana nekuyedza kwekutanga kubatanidza WireGuard muFreeBSD, iyo nyowani yekushandisa inoshandisa yakajairwa wg utility, pane yakagadziridzwa vhezheni yeifconfig, izvo zvinoita kuti zvikwanise kubatanidza iyo kumisikidzwa paLinux neFreeBSD. Iyo wg utility, pamwe nemutyairi, inosanganisirwa muFreeBSD sosi kodhi, iyo yakaitwa kuti igoneke nekushandura rezinesi reiyo wg kodhi (iyo kodhi yave kuwanikwa pasi peMIT uye GPL marezinesi). Kuedza kwekupedzisira kusanganisa WireGuard muFreeBSD kwakaitwa muna 2020, asi kwakapera mukunyomba, semhedzisiro iyo kodhi yatowedzerwa kare yakabviswa nekuda kwemhando yakaderera, basa rekushaya hanya nemabuffers, kushandiswa kwemastubs pachinzvimbo checheki, kusakwana kuita. yeprotocol uye kutyorwa kwerezinesi reGPL.
Ngatikuyeuchidzei kuti VPN WireGuard inoshandiswa pahwaro hwemazuva ano encryption nzira, inopa yakanyanya kushanda, iri nyore kushandisa, isina matambudziko uye yakazviratidza mune akati wandei e deployments anogadzira mavhoriyamu makuru emotokari. Iyo purojekiti yanga ichikura kubva muna 2015, uye yakaongororwa uye yakasimbiswa nenzira dze encryption nzira dzinoshandiswa. WireGuard inoshandisa iyo pfungwa ye encryption kiyi nzira, iyo inosanganisira kubatanidza yakavanzika kiyi kune yega yega network interface uye kuishandisa kusunga makiyi eruzhinji.
Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise Protocol Framework's Noise_IK mechanism inoshandiswa, yakafanana nekuchengetedza mvumo_makiyi muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kudzima kubatana neotomatiki mutengi kugadzirisa.
Encryption inoshandisa ChaCha20 stream cipher uye Poly1305 message authentication algorithm (MAC), yakagadzirwa naDaniel J. Bernstein, Tanja Lange naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatarwa kuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuitwa kweCurve25519, zvakare yakakurudzirwa naDaniel Bernstein. Iyo BLAKE2s algorithm (RFC7693) inoshandiswa kuita hashing.
Source: opennet.ru