b665856450
* Account for big-endian 2^26 conversion in Poly1305.
* Account for big-endian NEON in Curve25519.
* Fix macros in big-endian AArch64 code so that this will actually run there
at all.
* Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
* Call simd_relax() within any preempt-disabling glue code every once in a
while so as not to increase latency if folks pass in super long buffers.
* Prefer compiler-defined architecture macros in assembly code, which puts us
in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
* Non-static symbols are prefixed with wg_ to avoid polluting the global
namespace.
* Return a bool from simd_relax() indicating whether or not we were
rescheduled.
* Reflect the proper simd conditions on arm.
* Do not reorder lines in Kbuild files for the simd asm-generic addition,
since we don't want to cause merge conflicts.
* WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
block module loading, so we want to be loud.
* Document some interdependencies beside include statements.
* Add missing static statement to fpu init functions.
* Use union in chacha to access state words as a flat matrix, instead of
casting a struct to a u8 and hoping all goes well. Then, by passing around
that array as a struct for as long as possible, we can update counter[0]
instead of state[12] in the generic blocks, which makes it clearer what's
happening.
* Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
and the other implementations do not require that kind of alignment either.
* Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
that we can build code that uses umull.
* Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
variables consistently throughout.
* Document rationale for the 2^26->2^64/32 conversion in code comments.
* Convert all of remaining BUG_ON to WARN_ON.
* Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
ISAs via the macro in <asm/assembler.h>.
* Do not allow WireGuard to be a built-in if IPv6 is a module.
* Writeback the base register and reorder multiplications in the NEON x25519
implementation.
* Try all combinations of different implementations in selftests, so that
potential bugs are more immediately unearthed.
* Self tests and SIMD glue code work with #include, which lets the compiler
optimize these. Previously these files were .h, because they were included,
but a simple grep of the kernel tree shows 259 other files that carry out
this same pattern. Only they prefer to instead name the files with a .c
instead of a .h, so we now follow the convention.
* Support many more platforms in QEMU, especially big endian ones.
* Kernels < 3.17 don't have read_cpuid_part, so fix building there.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
116 lines
3.4 KiB
Makefile
116 lines
3.4 KiB
Makefile
#
|
|
# Copyright (C) 2016-2018 Jason A. Donenfeld <Jason@zx2c4.com>
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
PKG_VERSION:=0.0.20181006
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
|
|
PKG_HASH:=9fe7cd5767eda65647463ec29ed707f917f4a77babaaf247adc4be7acaab4665
|
|
|
|
PKG_LICENSE:=GPL-2.0 Apache-2.0
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/WireGuard-$(PKG_VERSION)
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_USE_MIPS16:=0
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/wireguard/Default
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
SUBMENU:=VPN
|
|
URL:=https://www.wireguard.com
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com> \
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
endef
|
|
|
|
define Package/wireguard/Default/description
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
endef
|
|
|
|
define Package/wireguard
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard meta-package
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
endef
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
# Used by Build/Compile/Default
|
|
MAKE_PATH:=src/tools
|
|
MAKE_VARS += PLATFORM=linux
|
|
|
|
define Build/Compile
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
$(call Build/Compile/Default)
|
|
endef
|
|
|
|
define Package/wireguard/install
|
|
true
|
|
endef
|
|
|
|
define Package/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
endef
|
|
|
|
define Package/wireguard-tools
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard userspace control program (wg)
|
|
DEPENDS:=+libmnl +ip
|
|
endef
|
|
|
|
define Package/wireguard-tools/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the userspace control program for WireGuard,
|
|
`wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
|
|
endef
|
|
|
|
define Package/wireguard-tools/install
|
|
$(INSTALL_DIR) $(1)/usr/bin/
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
|
|
$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto/
|
|
$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
|
|
endef
|
|
|
|
define KernelPackage/wireguard
|
|
SECTION:=kernel
|
|
CATEGORY:=Kernel modules
|
|
SUBMENU:=Network Support
|
|
TITLE:=WireGuard kernel module
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
endef
|
|
|
|
define KernelPackage/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
$(eval $(call BuildPackage,wireguard-tools))
|
|
$(eval $(call KernelPackage,wireguard))
|