David Miller (), inotarisira networking subsystem yeLinux kernel, kubazi remambure-rinotevera nekushandiswa kweiyo VPN interface kubva purojekiti . Kutanga kwegore rinouya, shanduko dzakaunganidzwa munet-rinotevera bazi inoumba hwaro hwekuburitswa kweLinux kernel 5.6.
Kuedza kusundira kodhi yeWireGuard mukernel huru yakaitwa mumakore mashoma apfuura, asi yakaramba isina kubudirira nekuda kwekusungirirwa kune hunyanzvi hwekuita kwecryptographic mabasa akashandiswa kuvandudza mashandiro. Pakutanga, mabasa aya aive nokuti kernel seimwe yakaderera-pamwero Zinc API, izvo zvinogona pakupedzisira kutsiva mureza Crypto API.
Kutevera nhaurirano pamusangano weKernel Recipes, vagadziri veWireGuard munaGunyana endesa zvigamba zvako kuti ushandise Crypto API inowanikwa mukati, iyo iyo WireGuard Developers vane zvichemo mumunda wekuita uye kuchengetedzwa kwese. Zvakasarudzwa kuenderera mberi nekugadzira Zinc API, asi sechirongwa chakasiyana.
MunaNovember, vanogadzira kernel mukupindura kubvumirana uye vakabvumirana kuendesa chikamu chekodhi kubva kuZinc kuenda kune main kernel. Chaizvoizvo, zvimwe zvikamu zveZinc zvichaendeswa mukati, asi kwete seyakasiyana API, asi sechikamu cheCrypto API subsystem. Semuenzaniso, iyo Crypto API nechekare kukurumidza kuita kweChaCha20 uye Poly1305 algorithms yakagadzirirwa muWireGuard.
Nezvekuuya kwekuuya kweWireGuard mumusimboti mukuru, muvambi weprojekiti nezve kugadzirisa zvakare repository. Kurerutsa budiriro, iyo monolithic "WireGuard.git" repository, iyo yakagadzirirwa kuvepo yega, ichatsiviwa nematatu akapatsanurwa repositori, anonyatsokodzera kuronga basa nekodhi muiyo huru kernel:
- - muti wakakwana wekernel une shanduko kubva kuWireguard purojekiti, zvigamba kubva pairi zvinozoongororwa kuti zviiswe mukernel uye zvinogara zvichiendeswa kumambure/mambure-anotevera mapazi.
- - repository yezvishandiso uye zvinyorwa zvinomhanya munzvimbo yevashandisi, senge wg uye wg-nekukurumidza. Iyo repository inogona kushandiswa kugadzira mapakeji ekugovera.
- - nzvimbo ine mutsauko wemodule, yakapihwa zvakasiyana kubva ku kernel uye kusanganisira iyo compat.h layer kuti ive nechokwadi chekuenderana nekernels dzakakura. Iko kusimudzira kukuru kuchaitwa mune wireguard-linux.git repository, asi chero paine mukana uye kudiwa pakati pevashandisi, imwe yakaparadzana vhezheni yezvigamba ichatsigirwawo mukushanda fomu.
Ngatikuyeuchidzei kuti VPN WireGuard inoshandiswa pahwaro hwemazuva ano encryption nzira, inopa yakanyanya kukwirira kuita, iri nyore kushandisa, isina matambudziko uye yakazviratidza mune akati wandei e deployments anogadzira mavhoriyamu makuru emotokari. Iyo purojekiti yanga ichikura kubva 2015, yakaongororwa uye encryption nzira dzakashandiswa. Tsigiro yeWireGuard yakatobatanidzwa muNetworkManager uye systemd, uye kernel zvigamba zvinosanganisirwa mukugovera kwekutanga. , Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, ΠΈ .
WireGuard inoshandisa iyo pfungwa ye encryption kiyi nzira, iyo inosanganisira kubatanidza yakavanzika kiyi kune yega yega network interface uye kuishandisa kusunga makiyi eruzhinji. Makiyi eruzhinji anotsinhaniswa kuti amise chinongedzo nenzira yakafanana kune SSH. Kutaurirana makiyi uye kubatana pasina kumhanyisa daemon yakaparadzana munzvimbo yemushandisi, iyo Noise_IK michina kubva zvakafanana nekuchengetedza authorized_keys muSSH. Kuendesa data kunoitwa kuburikidza ne encapsulation muUDP mapaketi. Inotsigira kushandura IP kero yeVPN server (kutenderera) pasina kudzima kubatana uye kugadzirisa otomatiki mutengi.
For encryption stream cipher uye meseji yekusimbisa algorithm (MAC) , yakagadzirwa naDaniel Bernstein (), Tanya Lange
(Tanja Lange) naPeter Schwabe. ChaCha20 nePoly1305 zvakamisikidzwa seanokurumidza uye akachengeteka analogues eAES-256-CTR neHMAC, iyo software yekumisikidza inobvumira kuwana yakatemwa yekuuraya nguva pasina kushandisa yakakosha Hardware rutsigiro. Kugadzira kiyi yakavanzika yakagovaniswa, iyo elliptic curve Diffie-Hellman protocol inoshandiswa mukuita , zvakare yakakurudzirwa naDaniel Bernstein. Iyo algorithm inoshandiswa kune hashing ndeye .
pa Performance WireGuard yakaratidza 3.9 nguva yakakwirira kupfuura uye 3.8 nguva yakakwirira kuterera kana ichienzaniswa neOpenVPN (256-bit AES ine HMAC-SHA2-256). Kuenzaniswa ne IPsec (256-bit ChaCha20 + Poly1305 uye AES-256-GCM-128), WireGuard inoratidza kuderera kwekuita zvishoma (13-18%) uye pasi latency (21-23%). Iwo maedzo akaitwa pachishandiswa kukurumidza kuisirwa encryption algorithms akagadzirwa neprojekiti - kuendesa kune yakajairwa Crypto API yekernel inogona kutungamirira kukuita kwakaipisisa.
Source: opennet.ru