kernel: migrate wireguard into the kernel tree

On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit 06351f1bd0) (cherry picked from commit 464451d9ab)
2021-02-19 08:22:08 -08:00
parent c0cb86e1d5
commit a701d4b841
3 changed files with 184 additions and 89 deletions
--- a/package/kernel/linux/modules/crypto.mk
+++ b/package/kernel/linux/modules/crypto.mk
@@ -11,6 +11,8 @@ CRYPTO_MODULES = \
 	ALGAPI2=crypto_algapi \
 	BLKCIPHER2=crypto_blkcipher
 CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
 crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1)))
 crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko
 crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1))))
@@ -422,7 +424,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos))
 define KernelPackage/crypto-kpp
  TITLE:=Key-agreement Protocol Primitives
  KCONFIG:=CONFIG_CRYPTO_KPP
  HIDDEN:=1
  FILES:=$(LINUX_DIR)/crypto/kpp.ko
  AUTOLOAD:=$(call AutoLoad,09,kpp)
  $(call AddDepends/crypto)
@@ -431,6 +432,158 @@ endef
 $(eval $(call KernelPackage,crypto-kpp))
 define KernelPackage/crypto-lib-blake2s
  TITLE:=BLAKE2s hash function library
  KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
  HIDDEN:=1
  FILES:= \
 	$(LINUX_DIR)/lib/crypto/libblake2s.ko \
 	$(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
 endef
 define KernelPackage/crypto-lib-blake2s/config
  imply PACKAGE_kmod-crypto-hash
 endef
 define KernelPackage/crypto-lib-blake2s/x86/64
  KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
  FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
 endef
 $(eval $(call KernelPackage,crypto-lib-blake2s))
 define KernelPackage/crypto-lib-chacha20
  TITLE:=ChaCha library interface
  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
  HIDDEN:=1
  FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko
  $(call AddDepends/crypto)
 endef
 define KernelPackage/crypto-lib-chacha20/x86_64
  KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64
  FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko
 endef
 # Note that a non-neon fallback implementation is available on arm32 when
 # NEON is not supported, hence all arm targets can utilize lib-chacha20/arm
 define KernelPackage/crypto-lib-chacha20/arm
  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
  FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko
 endef
 define KernelPackage/crypto-lib-chacha20/aarch64
  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
  FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko
 endef
 define KernelPackage/crypto-lib-chacha20/mips32r2
  KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS
  FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko
 endef
 ifeq ($(CONFIG_CPU_MIPS32_R2),y)
  KernelPackage/crypto-lib-chacha20/$(ARCH)=\
 	  $(KernelPackage/crypto-lib-chacha20/mips32r2)
 endif
 ifdef KernelPackage/crypto-lib-chacha20/$(ARCH)
  KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\
 	  $(KernelPackage/crypto-lib-chacha20/$(ARCH))
 endif
 $(eval $(call KernelPackage,crypto-lib-chacha20))
 define KernelPackage/crypto-lib-chacha20poly1305
  TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version)
  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305
  HIDDEN:=1
  FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko
  $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305)
 endef
 $(eval $(call KernelPackage,crypto-lib-chacha20poly1305))
 define KernelPackage/crypto-lib-curve25519
  TITLE:=Curve25519 scalar multiplication library
  KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519
  HIDDEN:=1
  FILES:= \
 	$(LINUX_DIR)/lib/crypto/libcurve25519.ko \
 	$(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
 endef
 define KernelPackage/crypto-lib-curve25519/config
  imply PACKAGE_kmod-crypto-kpp
 endef
 define KernelPackage/crypto-lib-curve25519/x86/64
  KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86
  FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko
 endef
 define KernelPackage/crypto-lib-curve25519/arm-neon
  KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON
  FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko
 endef
 ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y)
  KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\
 	  $(KernelPackage/crypto-lib-curve25519/arm-neon)
 endif
 $(eval $(call KernelPackage,crypto-lib-curve25519))
 define KernelPackage/crypto-lib-poly1305
  TITLE:=Poly1305 library interface
  KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
  HIDDEN:=1
  FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
 endef
 define KernelPackage/crypto-lib-poly1305/config
  imply PACKAGE_kmod-crypto-hash
 endef
 define KernelPackage/crypto-lib-poly1305/x86_64
  KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64
  FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko
 endef
 define KernelPackage/crypto-lib-poly1305/arm
  KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM
  FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko
 endef
 define KernelPackage/crypto-lib-poly1305/aarch64
  KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON
  FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko
 endef
 define KernelPackage/crypto-lib-poly1305/mips
  KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS
  FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko
 endef
 KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips)
 KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips)
 KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips)
 ifdef KernelPackage/crypto-lib-poly1305/$(ARCH)
  KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\
 	  $(KernelPackage/crypto-lib-poly1305/$(ARCH))
 endif
 $(eval $(call KernelPackage,crypto-lib-poly1305))
 define KernelPackage/crypto-manager
  TITLE:=CryptoAPI algorithm manager
  DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description
 endef
 $(eval $(call KernelPackage,netlink-diag))
 define KernelPackage/wireguard
  SECTION:=kernel
  CATEGORY:=Kernel modules
  SUBMENU:=Network Support
  TITLE:=WireGuard kernel module
  DEPENDS:= \
 	  +kmod-crypto-lib-blake2s \
 	  +kmod-crypto-lib-chacha20poly1305 \
 	  +kmod-crypto-lib-curve25519 \
 	  +kmod-udptunnel4 \
 	  +IPV6:kmod-udptunnel6
  KCONFIG:= \
 	  CONFIG_WIREGUARD \
 	  CONFIG_WIREGUARD_DEBUG=n
  FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
  AUTOLOAD:=$(call AutoProbe,wireguard)
 endef
 define KernelPackage/wireguard/description
  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
  more useful than IPSec, while avoiding the massive headache. It intends to
  be considerably more performant than OpenVPN.  WireGuard is designed as a
  general purpose VPN for running on embedded interfaces and super computers
  alike, fit for many different circumstances. It uses UDP.
 endef
 $(eval $(call KernelPackage,wireguard))
--- a/package/network/services/wireguard/Makefile
+++ b/package/network/services/wireguard/Makefile
@@ -1,88 +0,0 @@
 #
 # Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
 # Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
 # Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 PKG_NAME:=wireguard
 PKG_VERSION:=1.0.20201112
 PKG_RELEASE:=1
 PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
 PKG_HASH:=89eae7f0c0bd6c8df3ba2e090984974ff68741a9f26aa0922890f8ca727897e1
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 # WireGuard's makefile needs this to know where to build the kernel module
 export KERNELDIR:=$(LINUX_DIR)
 include $(INCLUDE_DIR)/package.mk
 define Package/wireguard/Default
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=VPN
  URL:=https://www.wireguard.com
  MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com>
 endef
 define Package/wireguard/Default/description
  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
  more useful than IPSec, while avoiding the massive headache. It intends to
  be considerably more performant than OpenVPN.  WireGuard is designed as a
  general purpose VPN for running on embedded interfaces and super computers
  alike, fit for many different circumstances. It uses UDP.
 endef
 define Package/wireguard
  $(call Package/wireguard/Default)
  TITLE:=WireGuard meta-package
  DEPENDS:=+wireguard-tools +kmod-wireguard
 endef
 include $(INCLUDE_DIR)/kernel-defaults.mk
 include $(INCLUDE_DIR)/package-defaults.mk
 define Build/Compile
 	$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
 endef
 define Package/wireguard/install
  true
 endef
 define Package/wireguard/description
  $(call Package/wireguard/Default/description)
 endef
 define KernelPackage/wireguard
  SECTION:=kernel
  CATEGORY:=Kernel modules
  SUBMENU:=Network Support
  TITLE:=WireGuard kernel module
  DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
  FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
  AUTOLOAD:=$(call AutoProbe,wireguard)
 endef
 define KernelPackage/wireguard/description
  $(call Package/wireguard/Default/description)
  This package provides the kernel module for WireGuard.
 endef
 $(eval $(call BuildPackage,wireguard))
 $(eval $(call KernelPackage,wireguard))