From 06351f1bd0455abacb700db5098bb798f66948fc Mon Sep 17 00:00:00 2001 From: Ilya Lipnitskiy Date: Fri, 19 Feb 2021 08:22:08 -0800 Subject: kernel: migrate wireguard into the kernel tree On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy --- package/kernel/linux/modules/crypto.mk | 152 ++++++++++++++++++++++++++++- package/kernel/linux/modules/netsupport.mk | 30 ++++++ 2 files changed, 181 insertions(+), 1 deletion(-) (limited to 'package/kernel/linux') diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index ba3211c10a..a64b91a8fe 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -11,6 +11,8 @@ CRYPTO_MODULES = \ ALGAPI2=crypto_algapi \ BLKCIPHER2=crypto_blkcipher +CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic) + crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1))) crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1)))) @@ -428,7 +430,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos)) define KernelPackage/crypto-kpp TITLE:=Key-agreement Protocol Primitives KCONFIG:=CONFIG_CRYPTO_KPP - HIDDEN:=1 FILES:=$(LINUX_DIR)/crypto/kpp.ko AUTOLOAD:=$(call AutoLoad,09,kpp) $(call AddDepends/crypto) @@ -437,6 +438,155 @@ endef $(eval $(call KernelPackage,crypto-kpp)) +define KernelPackage/crypto-lib-blake2s + TITLE:=BLAKE2s hash function library + KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S + HIDDEN:=1 + FILES:= \ + $(LINUX_DIR)/lib/crypto/libblake2s.ko \ + $(LINUX_DIR)/lib/crypto/libblake2s-generic.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash) +endef + +define KernelPackage/crypto-lib-blake2s/config + imply PACKAGE_kmod-crypto-hash +endef + +define KernelPackage/crypto-lib-blake2s/x86/64 + KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86 + FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko +endef + +$(eval $(call KernelPackage,crypto-lib-blake2s)) + + +define KernelPackage/crypto-lib-chacha20 + TITLE:=ChaCha library interface + KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko + $(call AddDepends/crypto) +endef + +define KernelPackage/crypto-lib-chacha20/x86_64 + KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64 + FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko +endef + +# Note that a non-neon fallback implementation is available on arm32 when +# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm +define KernelPackage/crypto-lib-chacha20/arm + KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON + FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko +endef + +define KernelPackage/crypto-lib-chacha20/aarch64 + KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON + FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko +endef + +define KernelPackage/crypto-lib-chacha20/mips + KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS + FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko +endef + +KernelPackage/crypto-lib-chacha20/mipsel=$(KernelPackage/crypto-lib-chacha20/mips) + +ifdef KernelPackage/crypto-lib-chacha20/$(ARCH) + KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-chacha20/$(ARCH)) +endif + +$(eval $(call KernelPackage,crypto-lib-chacha20)) + + +define KernelPackage/crypto-lib-chacha20poly1305 + TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version) + KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305 + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko + $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305) +endef + +$(eval $(call KernelPackage,crypto-lib-chacha20poly1305)) + + +define KernelPackage/crypto-lib-curve25519 + TITLE:=Curve25519 scalar multiplication library + KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519 + HIDDEN:=1 + FILES:= \ + $(LINUX_DIR)/lib/crypto/libcurve25519.ko \ + $(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp) +endef + +define KernelPackage/crypto-lib-curve25519/config + imply PACKAGE_kmod-crypto-kpp +endef + +define KernelPackage/crypto-lib-curve25519/x86/64 + KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86 + FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko +endef + +define KernelPackage/crypto-lib-curve25519/arm-neon + KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON + FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko +endef + +ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y) + KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-curve25519/arm-neon) +endif + +$(eval $(call KernelPackage,crypto-lib-curve25519)) + + +define KernelPackage/crypto-lib-poly1305 + TITLE:=Poly1305 library interface + KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305 + HIDDEN:=1 + FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko + $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash) +endef + +define KernelPackage/crypto-lib-poly1305/config + imply PACKAGE_kmod-crypto-hash +endef + +define KernelPackage/crypto-lib-poly1305/x86_64 + KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64 + FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko +endef + +define KernelPackage/crypto-lib-poly1305/arm + KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM + FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko +endef + +define KernelPackage/crypto-lib-poly1305/aarch64 + KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON + FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko +endef + +define KernelPackage/crypto-lib-poly1305/mips + KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS + FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko +endef + +KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips) +KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips) +KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips) + +ifdef KernelPackage/crypto-lib-poly1305/$(ARCH) + KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\ + $(KernelPackage/crypto-lib-poly1305/$(ARCH)) +endif + +$(eval $(call KernelPackage,crypto-lib-poly1305)) + + define KernelPackage/crypto-manager TITLE:=CryptoAPI algorithm manager DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 2c2fe82fa0..13f2283944 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description endef $(eval $(call KernelPackage,netlink-diag)) + + +define KernelPackage/wireguard + SECTION:=kernel + CATEGORY:=Kernel modules + SUBMENU:=Network Support + TITLE:=WireGuard kernel module + DEPENDS:= \ + +kmod-crypto-lib-blake2s \ + +kmod-crypto-lib-chacha20poly1305 \ + +kmod-crypto-lib-curve25519 \ + +kmod-udptunnel4 \ + +IPV6:kmod-udptunnel6 + KCONFIG:= \ + CONFIG_WIREGUARD \ + CONFIG_WIREGUARD_DEBUG=n + FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko + AUTOLOAD:=$(call AutoProbe,wireguard) +endef + +define KernelPackage/wireguard/description + WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes + state-of-the-art cryptography. It aims to be faster, simpler, leaner, and + more useful than IPSec, while avoiding the massive headache. It intends to + be considerably more performant than OpenVPN. WireGuard is designed as a + general purpose VPN for running on embedded interfaces and super computers + alike, fit for many different circumstances. It uses UDP. +endef + +$(eval $(call KernelPackage,wireguard)) -- cgit v1.2.3