[openwrt/openwrt] kernel: migrate wireguard into the kernel tree

LEDE Commits lede-commits at lists.infradead.org
Sat Apr 10 16:48:45 BST 2021


hauke pushed a commit to openwrt/openwrt.git, branch openwrt-21.02:
https://git.openwrt.org/a701d4b8414db2e1fafa676fad232cc9a0bfeaab

commit a701d4b8414db2e1fafa676fad232cc9a0bfeaab
Author: Ilya Lipnitskiy <ilya.lipnitskiy at gmail.com>
AuthorDate: Fri Feb 19 08:22:08 2021 -0800

    kernel: migrate wireguard into the kernel tree
    
    On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
    wireguard in-tree.
    
    Add in-kernel crypto libraries required by WireGuard along with
    arch-specific optimizations.
    
    Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy at gmail.com>
    (cherry picked from commit 06351f1bd0455abacb700db5098bb798f66948fc)
    (cherry picked from commit 464451d9ab824c2ed62f7da33f0a965f562714c8)
---
 package/kernel/linux/modules/crypto.mk      | 155 +++++++++++++++++++++++++++-
 package/kernel/linux/modules/netsupport.mk  |  30 ++++++
 package/network/services/wireguard/Makefile |  88 ----------------
 3 files changed, 184 insertions(+), 89 deletions(-)

diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk
index e9e78e7967..19b0d4696b 100644
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -11,6 +11,8 @@ CRYPTO_MODULES = \
 	ALGAPI2=crypto_algapi \
 	BLKCIPHER2=crypto_blkcipher
 
+CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
+
 crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1)))
 crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko
 crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1))))
@@ -422,7 +424,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos))
 define KernelPackage/crypto-kpp
   TITLE:=Key-agreement Protocol Primitives
   KCONFIG:=CONFIG_CRYPTO_KPP
-  HIDDEN:=1
   FILES:=$(LINUX_DIR)/crypto/kpp.ko
   AUTOLOAD:=$(call AutoLoad,09,kpp)
   $(call AddDepends/crypto)
@@ -431,6 +432,158 @@ endef
 $(eval $(call KernelPackage,crypto-kpp))
 
 
+define KernelPackage/crypto-lib-blake2s
+  TITLE:=BLAKE2s hash function library
+  KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
+  HIDDEN:=1
+  FILES:= \
+	$(LINUX_DIR)/lib/crypto/libblake2s.ko \
+	$(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-blake2s/config
+  imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-blake2s/x86/64
+  KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
+endef
+
+$(eval $(call KernelPackage,crypto-lib-blake2s))
+
+
+define KernelPackage/crypto-lib-chacha20
+  TITLE:=ChaCha library interface
+  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko
+  $(call AddDepends/crypto)
+endef
+
+define KernelPackage/crypto-lib-chacha20/x86_64
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko
+endef
+
+# Note that a non-neon fallback implementation is available on arm32 when
+# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm
+define KernelPackage/crypto-lib-chacha20/arm
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+  FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/aarch64
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+  FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/mips32r2
+  KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS
+  FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko
+endef
+
+ifeq ($(CONFIG_CPU_MIPS32_R2),y)
+  KernelPackage/crypto-lib-chacha20/$(ARCH)=\
+	  $(KernelPackage/crypto-lib-chacha20/mips32r2)
+endif
+
+ifdef KernelPackage/crypto-lib-chacha20/$(ARCH)
+  KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-chacha20/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-chacha20))
+
+
+define KernelPackage/crypto-lib-chacha20poly1305
+  TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version)
+  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko
+  $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305)
+endef
+
+$(eval $(call KernelPackage,crypto-lib-chacha20poly1305))
+
+
+define KernelPackage/crypto-lib-curve25519
+  TITLE:=Curve25519 scalar multiplication library
+  KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519
+  HIDDEN:=1
+  FILES:= \
+	$(LINUX_DIR)/lib/crypto/libcurve25519.ko \
+	$(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
+endef
+
+define KernelPackage/crypto-lib-curve25519/config
+  imply PACKAGE_kmod-crypto-kpp
+endef
+
+define KernelPackage/crypto-lib-curve25519/x86/64
+  KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-curve25519/arm-neon
+  KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON
+  FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko
+endef
+
+ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y)
+  KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-curve25519/arm-neon)
+endif
+
+$(eval $(call KernelPackage,crypto-lib-curve25519))
+
+
+define KernelPackage/crypto-lib-poly1305
+  TITLE:=Poly1305 library interface
+  KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-poly1305/config
+  imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-poly1305/x86_64
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/arm
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM
+  FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/aarch64
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON
+  FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/mips
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS
+  FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko
+endef
+
+KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips)
+
+ifdef KernelPackage/crypto-lib-poly1305/$(ARCH)
+  KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-poly1305/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-poly1305))
+
+
 define KernelPackage/crypto-manager
   TITLE:=CryptoAPI algorithm manager
   DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress
diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk
index 2c2fe82fa0..13f2283944 100644
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description
 endef
 
 $(eval $(call KernelPackage,netlink-diag))
+
+
+define KernelPackage/wireguard
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Support
+  TITLE:=WireGuard kernel module
+  DEPENDS:= \
+	  +kmod-crypto-lib-blake2s \
+	  +kmod-crypto-lib-chacha20poly1305 \
+	  +kmod-crypto-lib-curve25519 \
+	  +kmod-udptunnel4 \
+	  +IPV6:kmod-udptunnel6
+  KCONFIG:= \
+	  CONFIG_WIREGUARD \
+	  CONFIG_WIREGUARD_DEBUG=n
+  FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
+  AUTOLOAD:=$(call AutoProbe,wireguard)
+endef
+
+define KernelPackage/wireguard/description
+  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
+  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
+  more useful than IPSec, while avoiding the massive headache. It intends to
+  be considerably more performant than OpenVPN.  WireGuard is designed as a
+  general purpose VPN for running on embedded interfaces and super computers
+  alike, fit for many different circumstances. It uses UDP.
+endef
+
+$(eval $(call KernelPackage,wireguard))
diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile
deleted file mode 100644
index 91bdb0d7a7..0000000000
--- a/package/network/services/wireguard/Makefile
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason at zx2c4.com>
-# Copyright (C) 2016 Baptiste Jonglez <openwrt at bitsofnetworks.org>
-# Copyright (C) 2016-2017 Dan Luedtke <mail at danrl.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=wireguard
-
-PKG_VERSION:=1.0.20201112
-PKG_RELEASE:=1
-
-PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
-PKG_HASH:=89eae7f0c0bd6c8df3ba2e090984974ff68741a9f26aa0922890f8ca727897e1
-
-PKG_LICENSE:=GPL-2.0
-PKG_LICENSE_FILES:=COPYING
-
-PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
-PKG_BUILD_PARALLEL:=1
-PKG_USE_MIPS16:=0
-
-# WireGuard's makefile needs this to know where to build the kernel module
-export KERNELDIR:=$(LINUX_DIR)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/wireguard/Default
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=VPN
-  URL:=https://www.wireguard.com
-  MAINTAINER:=Jason A. Donenfeld <Jason at zx2c4.com>
-endef
-
-define Package/wireguard/Default/description
-  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
-  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
-  more useful than IPSec, while avoiding the massive headache. It intends to
-  be considerably more performant than OpenVPN.  WireGuard is designed as a
-  general purpose VPN for running on embedded interfaces and super computers
-  alike, fit for many different circumstances. It uses UDP.
-endef
-
-define Package/wireguard
-  $(call Package/wireguard/Default)
-  TITLE:=WireGuard meta-package
-  DEPENDS:=+wireguard-tools +kmod-wireguard
-endef
-
-include $(INCLUDE_DIR)/kernel-defaults.mk
-include $(INCLUDE_DIR)/package-defaults.mk
-
-define Build/Compile
-	$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
-endef
-
-define Package/wireguard/install
-  true
-endef
-
-define Package/wireguard/description
-  $(call Package/wireguard/Default/description)
-endef
-
-define KernelPackage/wireguard
-  SECTION:=kernel
-  CATEGORY:=Kernel modules
-  SUBMENU:=Network Support
-  TITLE:=WireGuard kernel module
-  DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
-  FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
-  AUTOLOAD:=$(call AutoProbe,wireguard)
-endef
-
-define KernelPackage/wireguard/description
-  $(call Package/wireguard/Default/description)
-
-  This package provides the kernel module for WireGuard.
-endef
-
-$(eval $(call BuildPackage,wireguard))
-$(eval $(call KernelPackage,wireguard))



More information about the lede-commits mailing list