aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/linux
diff options
context:
space:
mode:
authorIlya Lipnitskiy <ilya.lipnitskiy@gmail.com>2021-02-19 08:22:08 -0800
committerHauke Mehrtens <hauke@hauke-m.de>2021-04-10 14:21:32 +0200
commita701d4b8414db2e1fafa676fad232cc9a0bfeaab (patch)
tree18ff31612302873efd42e61a5bb69b9a89bc3d90 /package/kernel/linux
parentc0cb86e1d5ed9ab2fdbbe2d66ab612892d22d508 (diff)
downloadupstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.tar.gz
upstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.tar.bz2
upstream-a701d4b8414db2e1fafa676fad232cc9a0bfeaab.zip
kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit 06351f1bd0455abacb700db5098bb798f66948fc) (cherry picked from commit 464451d9ab824c2ed62f7da33f0a965f562714c8)
Diffstat (limited to 'package/kernel/linux')
-rw-r--r--package/kernel/linux/modules/crypto.mk155
-rw-r--r--package/kernel/linux/modules/netsupport.mk30
2 files changed, 184 insertions, 1 deletions
diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk
index e9e78e7967..19b0d4696b 100644
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -11,6 +11,8 @@ CRYPTO_MODULES = \
ALGAPI2=crypto_algapi \
BLKCIPHER2=crypto_blkcipher
+CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
+
crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1)))
crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko
crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1))))
@@ -422,7 +424,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos))
define KernelPackage/crypto-kpp
TITLE:=Key-agreement Protocol Primitives
KCONFIG:=CONFIG_CRYPTO_KPP
- HIDDEN:=1
FILES:=$(LINUX_DIR)/crypto/kpp.ko
AUTOLOAD:=$(call AutoLoad,09,kpp)
$(call AddDepends/crypto)
@@ -431,6 +432,158 @@ endef
$(eval $(call KernelPackage,crypto-kpp))
+define KernelPackage/crypto-lib-blake2s
+ TITLE:=BLAKE2s hash function library
+ KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
+ HIDDEN:=1
+ FILES:= \
+ $(LINUX_DIR)/lib/crypto/libblake2s.ko \
+ $(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
+ $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-blake2s/config
+ imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-blake2s/x86/64
+ KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
+ FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
+endef
+
+$(eval $(call KernelPackage,crypto-lib-blake2s))
+
+
+define KernelPackage/crypto-lib-chacha20
+ TITLE:=ChaCha library interface
+ KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
+ HIDDEN:=1
+ FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko
+ $(call AddDepends/crypto)
+endef
+
+define KernelPackage/crypto-lib-chacha20/x86_64
+ KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64
+ FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko
+endef
+
+# Note that a non-neon fallback implementation is available on arm32 when
+# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm
+define KernelPackage/crypto-lib-chacha20/arm
+ KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+ FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/aarch64
+ KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+ FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/mips32r2
+ KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS
+ FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko
+endef
+
+ifeq ($(CONFIG_CPU_MIPS32_R2),y)
+ KernelPackage/crypto-lib-chacha20/$(ARCH)=\
+ $(KernelPackage/crypto-lib-chacha20/mips32r2)
+endif
+
+ifdef KernelPackage/crypto-lib-chacha20/$(ARCH)
+ KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\
+ $(KernelPackage/crypto-lib-chacha20/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-chacha20))
+
+
+define KernelPackage/crypto-lib-chacha20poly1305
+ TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version)
+ KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305
+ HIDDEN:=1
+ FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko
+ $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305)
+endef
+
+$(eval $(call KernelPackage,crypto-lib-chacha20poly1305))
+
+
+define KernelPackage/crypto-lib-curve25519
+ TITLE:=Curve25519 scalar multiplication library
+ KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519
+ HIDDEN:=1
+ FILES:= \
+ $(LINUX_DIR)/lib/crypto/libcurve25519.ko \
+ $(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
+ $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
+endef
+
+define KernelPackage/crypto-lib-curve25519/config
+ imply PACKAGE_kmod-crypto-kpp
+endef
+
+define KernelPackage/crypto-lib-curve25519/x86/64
+ KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86
+ FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-curve25519/arm-neon
+ KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON
+ FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko
+endef
+
+ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y)
+ KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\
+ $(KernelPackage/crypto-lib-curve25519/arm-neon)
+endif
+
+$(eval $(call KernelPackage,crypto-lib-curve25519))
+
+
+define KernelPackage/crypto-lib-poly1305
+ TITLE:=Poly1305 library interface
+ KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
+ HIDDEN:=1
+ FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
+ $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-poly1305/config
+ imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-poly1305/x86_64
+ KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64
+ FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/arm
+ KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM
+ FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/aarch64
+ KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON
+ FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/mips
+ KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS
+ FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko
+endef
+
+KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips)
+
+ifdef KernelPackage/crypto-lib-poly1305/$(ARCH)
+ KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\
+ $(KernelPackage/crypto-lib-poly1305/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-poly1305))
+
+
define KernelPackage/crypto-manager
TITLE:=CryptoAPI algorithm manager
DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress
diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk
index 2c2fe82fa0..13f2283944 100644
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description
endef
$(eval $(call KernelPackage,netlink-diag))
+
+
+define KernelPackage/wireguard
+ SECTION:=kernel
+ CATEGORY:=Kernel modules
+ SUBMENU:=Network Support
+ TITLE:=WireGuard kernel module
+ DEPENDS:= \
+ +kmod-crypto-lib-blake2s \
+ +kmod-crypto-lib-chacha20poly1305 \
+ +kmod-crypto-lib-curve25519 \
+ +kmod-udptunnel4 \
+ +IPV6:kmod-udptunnel6
+ KCONFIG:= \
+ CONFIG_WIREGUARD \
+ CONFIG_WIREGUARD_DEBUG=n
+ FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
+ AUTOLOAD:=$(call AutoProbe,wireguard)
+endef
+
+define KernelPackage/wireguard/description
+ WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
+ state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
+ more useful than IPSec, while avoiding the massive headache. It intends to
+ be considerably more performant than OpenVPN. WireGuard is designed as a
+ general purpose VPN for running on embedded interfaces and super computers
+ alike, fit for many different circumstances. It uses UDP.
+endef
+
+$(eval $(call KernelPackage,wireguard))