UJason A. Donenfeld, umbhali weWireGuard VPN, ukhuphe ukukhutshwa kokuqala okukhulu kwesoftware yeklayenti yeWireGuard yeWindows 1.0, kunye nee-driver zeWireGuardNT 1.0 ezinezibuko. VPN I-WireGuard ye-Windows 10 kunye ne-11 kernel, exhasa uyilo lwe-AMD64, x86, kunye ne-ARM64. Ikhowudi yecandelo le-Windows kernel inelayisenisi phantsi kwe-GPLv2, kwaye isoftware yomthengi inelayisenisi phantsi kwelayisenisi ye-MIT.
Izibuko lisekelwe kwi-codebase ye-WireGuard eyintloko yokuphunyezwa kwe-kernel yeLinux, eguqulwe ukuba isebenzise ii-Windows kernel entities kunye ne-NDIS network stack. Xa kuthelekiswa ne-wireguard-go implementation, esebenza kwindawo yomsebenzisi kwaye isebenzisa i-interface yenethiwekhi yeWintun, iWireGuardNT inikezela ngophuculo olukhulu lokusebenza ngokususa utshintsho lomxholo kunye nokukopa umxholo wepakethi ukusuka kwi-kernel ukuya kwindawo yomsebenzisi. Ngokufanayo ne-implementations yeLinux, i-OpenBSD, kunye neFreeBSD, yonke i-protocol processing logic kwiWireGuardNT isebenza ngokuthe ngqo kwinqanaba le-network stack.
Inguqulelo 1.0 iphawulwe njengesiganeko esibalulekileyo, esiphawula ukusonjululwa kwemicimbi emininzi kunye nokuzalisekiswa kwemisebenzi ebekiweyo, efana: ukusetyenziswa komsebenzi we-NdisWdfGetAdapterContextFromAdapterHandle() endaweni yokugcina imeko yomqhubi engakhuselekanga kangako kwintsimi egciniweyo kunye nokusetyenziswa kwee-offset ezingabhalwanga; ukulandelwa ngokuchanekileyo nangokukhawulezileyo kobukhulu be-MTU (Maximum Transmission Unit) ngokusebenzisa i-interception yeefowuni zenkqubo; ukusetyenziswa komgangatho we-C23 kwikhowudi.
Masikukhumbuze ukuba i-VPN WireGuard iphunyezwa ngesiseko seendlela zokubethela zanamhlanje, ibonelela ngokusebenza okuphezulu kakhulu, kulula ukuyisebenzisa, ayinayo ingxaki kwaye izibonakalise kakuhle kwinani lokuphunyezwa okukhulu kokusetyenziswa kwemithamo emikhulu yezithuthi. Le projekthi iye yaphuhliswa ukususela ngo-2015 kwaye iqhutywe uphicotho kunye nokuqinisekiswa ngokusemthethweni kweendlela zokubhala ezisetyenziswayo. I-WireGuard isebenzisa ingqikelelo ye-key-based encryption routing, ebandakanya ukudibanisa isitshixo sabucala kunye nojongano lwenethiwekhi nganye kunye nokusebenzisa izitshixo zikawonke-wonke ukubopha.
Ukutshintshiselana ngee-public keys ukuze kusekwe uqhagamshelo kufana ne-SSH. Ukuze kuxoxiswane ngee-key kwaye kuqhagamshelwe ngaphandle kokusebenzisa i-daemon eyahlukileyo kwindawo yomsebenzisi, kusetyenziswa indlela ye-Noise_IK evela kwi-Noise Protocol Framework, efana nokugcinwa kwee-authorized_keys kwi-SSH. Ukudluliselwa kwedatha kwenziwa nge-encapsulation kwiipakethi ze-UDP. Ukutshintsha kuyaxhaswa. Iidilesi ze-IP Iiseva zeVPN (zizulazula) ngaphandle kokuphazamiseka konxibelelwano ngokutshintshwa koqwalaselo ngokuzenzekelayo lweklayenti.
I-encryption isebenzisa i-ChaCha20 stream cipher kunye ne-Poly1305 umyalezo wokuqinisekisa i-algorithm (MAC), ephuhliswe nguDaniel J. Bernstein, uTanja Lange, kunye noPeter Schwabe. I-ChaCha20 kunye ne-Poly1305 zibekwe njenge-analogues ezikhawulezayo nezikhuselekileyo ze-AES-256-CTR kunye ne-HMAC, ukuphunyezwa kwesoftware evumela ukufezekisa ixesha elimiselweyo lokubulawa ngaphandle kokusetyenziswa kwenkxaso ekhethekileyo ye-hardware. Ukuvelisa isitshixo esiyimfihlo ekwabelwana ngaso, i-Elliptic Curve Diffie-Hellman protocol isetyenziswa ekuphunyezweni kweCurve25519, ekwacetywa nguDaniel Bernstein. I-BLAKE2s (RFC7693) i-algorithm isetyenziselwa i-hashing.
umthombo: opennet.ru
