diff options
author | Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> | 2021-02-19 08:22:08 -0800 |
---|---|---|
committer | Hauke Mehrtens <hauke@hauke-m.de> | 2021-04-10 14:21:32 +0200 |
commit | a701d4b8414db2e1fafa676fad232cc9a0bfeaab (patch) | |
tree | 18ff31612302873efd42e61a5bb69b9a89bc3d90 /package/kernel/linux | |
parent | c0cb86e1d5ed9ab2fdbbe2d66ab612892d22d508 (diff) | |
download | upstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.tar.gz upstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.tar.bz2 upstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.zip |
kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.
Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0455abacb700db5098bb798f66948fc)
(cherry picked from commit 464451d9ab824c2ed62f7da33f0a965f562714c8)
Diffstat (limited to 'package/kernel/linux')
-rw-r--r-- | package/kernel/linux/modules/crypto.mk | 155 | ||||
-rw-r--r-- | package/kernel/linux/modules/netsupport.mk | 30 |
2 files changed, 184 insertions, 1 deletions
diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index e9e78e7967..19b0d4696b 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -11,6 +11,8 @@ CRYPTO_MODULES = \ ALGAPI2=crypto_algapi \ BLKCIPHER2=crypto_blkcipher +CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic) + crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1))) crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1)))) @@ -422,7 +424,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos)) define KernelPackage/crypto-kpp TITLE:=Key-agreement Protocol Primitives KCONFIG:=CONFIG_CRYPTO_KPP - HIDDEN:=1 FILES:=$(LINUX_DIR)/crypto/kpp.ko AUTOLOAD:=$(call AutoLoad,09,kpp) $(call AddDepends/crypto) @@ -431,6 +432,158 @@ endef $(eval $(call KernelPackage,crypto-kpp)) +define KernelPackage/crypto-lib-blake2s + TITLE:=BLAKE2s hash function library + KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S + HIDDEN:=1 + FILES:= \ + $(LINUX_DIR)/lib/crypto/libblake2s.ko \ + $(LINUX_DIR)/lib/crypto/libblake2s-generic.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash) +endef + +define KernelPackage/crypto-lib-blake2s/config + imply PACKAGE_kmod-crypto-hash +endef + +define KernelPackage/crypto-lib-blake2s/x86/64 + KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86 + FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko +endef + +$(eval $(call KernelPackage,crypto-lib-blake2s)) + + +define KernelPackage/crypto-lib-chacha20 + TITLE:=ChaCha library interface + KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko + $(call AddDepends/crypto) +endef + +define KernelPackage/crypto-lib-chacha20/x86_64 + KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64 + FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko +endef + +# Note that a non-neon fallback implementation is available on arm32 when +# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm +define KernelPackage/crypto-lib-chacha20/arm + KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON + FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko +endef + +define KernelPackage/crypto-lib-chacha20/aarch64 + KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON + FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko +endef + +define KernelPackage/crypto-lib-chacha20/mips32r2 + KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS + FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko +endef + +ifeq ($(CONFIG_CPU_MIPS32_R2),y) + KernelPackage/crypto-lib-chacha20/$(ARCH)=\ + $(KernelPackage/crypto-lib-chacha20/mips32r2) +endif + +ifdef KernelPackage/crypto-lib-chacha20/$(ARCH) + KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-chacha20/$(ARCH)) +endif + +$(eval $(call KernelPackage,crypto-lib-chacha20)) + + +define KernelPackage/crypto-lib-chacha20poly1305 + TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version) + KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305 + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko + $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305) +endef + +$(eval $(call KernelPackage,crypto-lib-chacha20poly1305)) + + +define KernelPackage/crypto-lib-curve25519 + TITLE:=Curve25519 scalar multiplication library + KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519 + HIDDEN:=1 + FILES:= \ + $(LINUX_DIR)/lib/crypto/libcurve25519.ko \ + $(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp) +endef + +define KernelPackage/crypto-lib-curve25519/config + imply PACKAGE_kmod-crypto-kpp +endef + +define KernelPackage/crypto-lib-curve25519/x86/64 + KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86 + FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko +endef + +define KernelPackage/crypto-lib-curve25519/arm-neon + KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON + FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko +endef + +ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y) + KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-curve25519/arm-neon) +endif + +$(eval $(call KernelPackage,crypto-lib-curve25519)) + + +define KernelPackage/crypto-lib-poly1305 + TITLE:=Poly1305 library interface + KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305 + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash) +endef + +define KernelPackage/crypto-lib-poly1305/config + imply PACKAGE_kmod-crypto-hash +endef + +define KernelPackage/crypto-lib-poly1305/x86_64 + KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64 + FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko +endef + +define KernelPackage/crypto-lib-poly1305/arm + KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM + FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko +endef + +define KernelPackage/crypto-lib-poly1305/aarch64 + KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON + FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko +endef + +define KernelPackage/crypto-lib-poly1305/mips + KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS + FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko +endef + +KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips) +KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips) +KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips) + +ifdef KernelPackage/crypto-lib-poly1305/$(ARCH) + KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-poly1305/$(ARCH)) +endif + +$(eval $(call KernelPackage,crypto-lib-poly1305)) + + define KernelPackage/crypto-manager TITLE:=CryptoAPI algorithm manager DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 2c2fe82fa0..13f2283944 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description endef $(eval $(call KernelPackage,netlink-diag)) + + +define KernelPackage/wireguard + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=WireGuard kernel module + DEPENDS:= \ + +kmod-crypto-lib-blake2s \ + +kmod-crypto-lib-chacha20poly1305 \ + +kmod-crypto-lib-curve25519 \ + +kmod-udptunnel4 \ + +IPV6:kmod-udptunnel6 + KCONFIG:= \ + CONFIG_WIREGUARD \ + CONFIG_WIREGUARD_DEBUG=n + FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko + AUTOLOAD:=$(call AutoProbe,wireguard) +endef + +define KernelPackage/wireguard/description + WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes + state-of-the-art cryptography. It aims to be faster, simpler, leaner, and + more useful than IPSec, while avoiding the massive headache. It intends to + be considerably more performant than OpenVPN. WireGuard is designed as a + general purpose VPN for running on embedded interfaces and super computers + alike, fit for many different circumstances. It uses UDP. +endef + +$(eval $(call KernelPackage,wireguard)) |