mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-19 11:16:32 +00:00
kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit06351f1bd0
) (cherry picked from commit464451d9ab
)
This commit is contained in:
parent
c0cb86e1d5
commit
a701d4b841
@ -11,6 +11,8 @@ CRYPTO_MODULES = \
|
||||
ALGAPI2=crypto_algapi \
|
||||
BLKCIPHER2=crypto_blkcipher
|
||||
|
||||
CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
|
||||
|
||||
crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1)))
|
||||
crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko
|
||||
crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1))))
|
||||
@ -422,7 +424,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos))
|
||||
define KernelPackage/crypto-kpp
|
||||
TITLE:=Key-agreement Protocol Primitives
|
||||
KCONFIG:=CONFIG_CRYPTO_KPP
|
||||
HIDDEN:=1
|
||||
FILES:=$(LINUX_DIR)/crypto/kpp.ko
|
||||
AUTOLOAD:=$(call AutoLoad,09,kpp)
|
||||
$(call AddDepends/crypto)
|
||||
@ -431,6 +432,158 @@ endef
|
||||
$(eval $(call KernelPackage,crypto-kpp))
|
||||
|
||||
|
||||
define KernelPackage/crypto-lib-blake2s
|
||||
TITLE:=BLAKE2s hash function library
|
||||
KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
|
||||
HIDDEN:=1
|
||||
FILES:= \
|
||||
$(LINUX_DIR)/lib/crypto/libblake2s.ko \
|
||||
$(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
|
||||
$(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-blake2s/config
|
||||
imply PACKAGE_kmod-crypto-hash
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-blake2s/x86/64
|
||||
KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
|
||||
FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,crypto-lib-blake2s))
|
||||
|
||||
|
||||
define KernelPackage/crypto-lib-chacha20
|
||||
TITLE:=ChaCha library interface
|
||||
KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
|
||||
HIDDEN:=1
|
||||
FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko
|
||||
$(call AddDepends/crypto)
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-chacha20/x86_64
|
||||
KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64
|
||||
FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko
|
||||
endef
|
||||
|
||||
# Note that a non-neon fallback implementation is available on arm32 when
|
||||
# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm
|
||||
define KernelPackage/crypto-lib-chacha20/arm
|
||||
KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
|
||||
FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-chacha20/aarch64
|
||||
KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
|
||||
FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-chacha20/mips32r2
|
||||
KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS
|
||||
FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko
|
||||
endef
|
||||
|
||||
ifeq ($(CONFIG_CPU_MIPS32_R2),y)
|
||||
KernelPackage/crypto-lib-chacha20/$(ARCH)=\
|
||||
$(KernelPackage/crypto-lib-chacha20/mips32r2)
|
||||
endif
|
||||
|
||||
ifdef KernelPackage/crypto-lib-chacha20/$(ARCH)
|
||||
KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\
|
||||
$(KernelPackage/crypto-lib-chacha20/$(ARCH))
|
||||
endif
|
||||
|
||||
$(eval $(call KernelPackage,crypto-lib-chacha20))
|
||||
|
||||
|
||||
define KernelPackage/crypto-lib-chacha20poly1305
|
||||
TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version)
|
||||
KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305
|
||||
HIDDEN:=1
|
||||
FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko
|
||||
$(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305)
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,crypto-lib-chacha20poly1305))
|
||||
|
||||
|
||||
define KernelPackage/crypto-lib-curve25519
|
||||
TITLE:=Curve25519 scalar multiplication library
|
||||
KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519
|
||||
HIDDEN:=1
|
||||
FILES:= \
|
||||
$(LINUX_DIR)/lib/crypto/libcurve25519.ko \
|
||||
$(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
|
||||
$(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-curve25519/config
|
||||
imply PACKAGE_kmod-crypto-kpp
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-curve25519/x86/64
|
||||
KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86
|
||||
FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-curve25519/arm-neon
|
||||
KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON
|
||||
FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko
|
||||
endef
|
||||
|
||||
ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y)
|
||||
KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\
|
||||
$(KernelPackage/crypto-lib-curve25519/arm-neon)
|
||||
endif
|
||||
|
||||
$(eval $(call KernelPackage,crypto-lib-curve25519))
|
||||
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305
|
||||
TITLE:=Poly1305 library interface
|
||||
KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
|
||||
HIDDEN:=1
|
||||
FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
|
||||
$(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305/config
|
||||
imply PACKAGE_kmod-crypto-hash
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305/x86_64
|
||||
KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64
|
||||
FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305/arm
|
||||
KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM
|
||||
FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305/aarch64
|
||||
KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON
|
||||
FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko
|
||||
endef
|
||||
|
||||
define KernelPackage/crypto-lib-poly1305/mips
|
||||
KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS
|
||||
FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko
|
||||
endef
|
||||
|
||||
KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips)
|
||||
KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips)
|
||||
KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips)
|
||||
|
||||
ifdef KernelPackage/crypto-lib-poly1305/$(ARCH)
|
||||
KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\
|
||||
$(KernelPackage/crypto-lib-poly1305/$(ARCH))
|
||||
endif
|
||||
|
||||
$(eval $(call KernelPackage,crypto-lib-poly1305))
|
||||
|
||||
|
||||
define KernelPackage/crypto-manager
|
||||
TITLE:=CryptoAPI algorithm manager
|
||||
DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress
|
||||
|
@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,netlink-diag))
|
||||
|
||||
|
||||
define KernelPackage/wireguard
|
||||
SECTION:=kernel
|
||||
CATEGORY:=Kernel modules
|
||||
SUBMENU:=Network Support
|
||||
TITLE:=WireGuard kernel module
|
||||
DEPENDS:= \
|
||||
+kmod-crypto-lib-blake2s \
|
||||
+kmod-crypto-lib-chacha20poly1305 \
|
||||
+kmod-crypto-lib-curve25519 \
|
||||
+kmod-udptunnel4 \
|
||||
+IPV6:kmod-udptunnel6
|
||||
KCONFIG:= \
|
||||
CONFIG_WIREGUARD \
|
||||
CONFIG_WIREGUARD_DEBUG=n
|
||||
FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
|
||||
AUTOLOAD:=$(call AutoProbe,wireguard)
|
||||
endef
|
||||
|
||||
define KernelPackage/wireguard/description
|
||||
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
||||
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
||||
more useful than IPSec, while avoiding the massive headache. It intends to
|
||||
be considerably more performant than OpenVPN. WireGuard is designed as a
|
||||
general purpose VPN for running on embedded interfaces and super computers
|
||||
alike, fit for many different circumstances. It uses UDP.
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,wireguard))
|
||||
|
@ -1,88 +0,0 @@
|
||||
#
|
||||
# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
||||
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=wireguard
|
||||
|
||||
PKG_VERSION:=1.0.20201112
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
|
||||
PKG_HASH:=89eae7f0c0bd6c8df3ba2e090984974ff68741a9f26aa0922890f8ca727897e1
|
||||
|
||||
PKG_LICENSE:=GPL-2.0
|
||||
PKG_LICENSE_FILES:=COPYING
|
||||
|
||||
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_USE_MIPS16:=0
|
||||
|
||||
# WireGuard's makefile needs this to know where to build the kernel module
|
||||
export KERNELDIR:=$(LINUX_DIR)
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/wireguard/Default
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
SUBMENU:=VPN
|
||||
URL:=https://www.wireguard.com
|
||||
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
endef
|
||||
|
||||
define Package/wireguard/Default/description
|
||||
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
||||
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
||||
more useful than IPSec, while avoiding the massive headache. It intends to
|
||||
be considerably more performant than OpenVPN. WireGuard is designed as a
|
||||
general purpose VPN for running on embedded interfaces and super computers
|
||||
alike, fit for many different circumstances. It uses UDP.
|
||||
endef
|
||||
|
||||
define Package/wireguard
|
||||
$(call Package/wireguard/Default)
|
||||
TITLE:=WireGuard meta-package
|
||||
DEPENDS:=+wireguard-tools +kmod-wireguard
|
||||
endef
|
||||
|
||||
include $(INCLUDE_DIR)/kernel-defaults.mk
|
||||
include $(INCLUDE_DIR)/package-defaults.mk
|
||||
|
||||
define Build/Compile
|
||||
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
||||
endef
|
||||
|
||||
define Package/wireguard/install
|
||||
true
|
||||
endef
|
||||
|
||||
define Package/wireguard/description
|
||||
$(call Package/wireguard/Default/description)
|
||||
endef
|
||||
|
||||
define KernelPackage/wireguard
|
||||
SECTION:=kernel
|
||||
CATEGORY:=Kernel modules
|
||||
SUBMENU:=Network Support
|
||||
TITLE:=WireGuard kernel module
|
||||
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
||||
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
||||
AUTOLOAD:=$(call AutoProbe,wireguard)
|
||||
endef
|
||||
|
||||
define KernelPackage/wireguard/description
|
||||
$(call Package/wireguard/Default/description)
|
||||
|
||||
This package provides the kernel module for WireGuard.
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,wireguard))
|
||||
$(eval $(call KernelPackage,wireguard))
|
Loading…
Reference in New Issue
Block a user