UJason A. Donenfeld, umbhali we-WireGuard VPN, ukhiphe ukukhishwa kokuqala okukhulu kwesofthiwe yeklayenti le-WireGuard ye-Windows 1.0, kanye nabashayeli be-WireGuardNT 1.0 abane-port. i-VPN I-WireGuard ye-kernel ye-Windows 10 ne-11, esekela ukwakheka kwe-AMD64, x86, kanye ne-ARM64. Ikhodi yengxenye ye-kernel ye-Windows inelayisensi ngaphansi kwe-GPLv2, kanti isofthiwe yeklayenti inelayisensi ngaphansi kwelayisensi ye-MIT.
I-port isekelwe ku-codebase yokusetshenziswa okuyinhloko kwe-WireGuard kwe-kernel ye-Linux, eguqulwe ukuze isebenzise izinhlaka ze-Windows kernel kanye ne-NDIS network stack. Uma kuqhathaniswa nokusetshenziswa kwe-wireguard-go, okusebenza endaweni yomsebenzisi futhi kusebenzisa isikhombimsebenzisi senethiwekhi ye-Wintun, i-WireGuardNT inikeza ukuthuthukiswa kokusebenza okuphawulekayo ngokuqeda ukushintsha komongo nokukopisha okuqukethwe kwephakethe kusuka ku-kernel kuya endaweni yomsebenzisi. Ngokufanayo nokusetshenziswa kwe-Linux, i-OpenBSD, kanye ne-FreeBSD, yonke i-logic yokucubungula iphrothokholi ku-WireGuardNT isebenza ngqo ezingeni le-stack yenethiwekhi.
Inguqulo 1.0 imakwe njengengqophamlando, iphawula ukuxazululwa kwezinkinga eziningana kanye nokugcwaliseka kwemisebenzi ehlosiwe, njengokuthi: ukusetshenziswa komsebenzi we-NdisWdfGetAdapterContextFromAdapterHandle() esikhundleni sesitoreji esingavikelekile kakhulu sesimo somshayeli ensimini egciniwe kanye nokusetshenziswa kwama-offset angabhalisiwe; ukulandelela okulungile nokusheshayo kosayizi we-MTU (Maximum Transmission Unit) ngokusebenzisa ukuvinjelwa kwezingcingo zesistimu; ukusetshenziswa kwendinganiso ye-C23 kukhodi.
Njengesikhumbuzo, i-WireGuard VPN isekelwe ezindleleni zesimanje zokubethela, iletha ukusebenza okuhle kakhulu, kulula ukuyisebenzisa, ayinazo izinkinga, futhi izibonakalise ekusetshenzisweni okukhulu okuphatha inani elikhulu lethrafikhi. Le phrojekthi ibilokhu ithuthukiswa kusukela ngo-2015 futhi iye yahlolwa futhi yaqinisekiswa ngokusemthethweni izindlela zayo zokubethela. I-WireGuard isebenzisa umqondo wokuqondisa ukubethela okusekelwe kukhiye, ohilela ukubopha ukhiye wangasese ku-interface ngayinye yenethiwekhi nokusebenzisa okhiye bomphakathi ukubopha ukhiye.
Ukushintshaniswa kwezihluthulelo zomphakathi ukuze kusungulwe uxhumano kufana ne-SSH. Ukuze kuxoxiswane ngezihluthulelo futhi kuxhunywe ngaphandle kokusebenzisa i-daemon ehlukile esikhaleni somsebenzisi, kusetshenziswa indlela ye-Noise_IK evela ku-Noise Protocol Framework, efana nokugcinwa kwezihluthulelo ezigunyaziwe ku-SSH. Ukudluliswa kwedatha kwenziwa nge-encapsulation kumaphakethe e-UDP. Ukushintsha kusekelwa. Amakheli e-IP Amaseva e-VPN (azulazula) ngaphandle kokuphazamiseka kokuxhumeka ngokulungiswa kabusha kweklayenti okuzenzakalelayo.
I-ChaCha20 stream cipher kanye ne-Poly1305 message authentication algorithm (MAC), eyathuthukiswa nguDaniel J. Bernstein, uTanja Lange, noPeter Schwabe, isetshenziselwa ukubethela. I-ChaCha20 kanye ne-Poly1305 zithengiswa njengezindlela ezisheshayo neziphephile kakhulu kune-AES-256-CTR kanye ne-HMAC, lapho ukusetshenziswa kwesofthiwe kuvumela ukwenziwa kwesikhathi esinqunyiwe ngaphandle kokudinga ukwesekwa okukhethekile kwehadiwe. Ukhiye oyimfihlo owabiwe ukhiqizwa kusetshenziswa iphrothokholi ye-elliptic curve Diffie-Hellman ekusetshenzisweni kwe-Curve25519, nayo ephakanyiswe nguDaniel Bernstein. I-algorithm ye-BLAKE2s (RFC7693) isetshenziselwa i-hashing.
Source: opennet.ru
