WireGuard on FreeBSD Stabilizes, Eyes Upstreaming
Links
WireGuard URL:https://www.wireguard.com/
wireguard-freebsd
codebase URL:https://git.zx2c4.com/wireguard-freebsd/
Contact: Jason A. Donenfeld <Jason@zx2c4.com>
WireGuard is a secure tunneling protocol that lives in the kernel.
For the last quarter, the wireguard-freebsd codebase has been quite stable and complete. For a while, there were rapid-fire releases fixing issues, and a lot of effort was made to track down every bug report on bugs.freebsd.org, IRC, the mailing list, or elsewhere. But by now, the reports have dried up, and mostly users come to IRC with questions on usage and integration, the usual types of things associated with a stabler project. We also have automated CI now for each commit, compiling and running a small smoke test on wireguard-freebsd’s supported releases — 12.1, 12.2, and 13.0. At some point, hopefully that small smoke test will expand to include the larger battery of tests from Linux.
The wireguard-freebsd repository has been geared around being an
out-of-tree kmod, which is distributed in ports. But it is also
organized to be eventually upstreamed. To that end, the repository
maintains two files: compat.h
and support.h.
compat.h contains polyfills of code that exists in FreeBSD’s main
branch but does not exist in various older releases, with ifdefs
for each of the various releases we support. On the other hand,
support.h contains code that is not yet in
FreeBSD’s main branch. The goal is to eventually move all the code
from support.h into compat.h, at which point, the repository will
be ready for upstreaming. As of writing, there’s basically only one
real function left — sogetsockaddr
— and then two
convenience macros that need to be sent upstream for consideration
by ConcurrencyKit.
A significant aspect that isn’t in support.h, though, is the
cryptographic primitives that the code uses. The files crypto.c
and crypto.h
contain boring C "reference implementations" of ChaCha20Poly1305,
XChaCha20Poly1305, Blake2s, and X25519 (which is formally verified
via MIT’s fiat-crypto project). These four algorithms are used by
the handshake path on very small inputs for WireGuard’s key
exchange, and will hopefully be making their way to sys/crypto/ in
the FreeBSD tree as just ordinary functions. On the flip side, the
datapath uses an entry point of ChaCha20Poly1305 that works on
mbufs (which might be rather large) and is performance critical. To
that end, jhb@ has been improving OCF for WireGuard’s particulars.
The next step will then be moving our current calls from
chacha20poly1305_{en,de}crypt_mbuf
in wg_noise.c
to instead call out to OCF, submitting crypto_buffer`s of
type `CRYPTO_BUF_MBUF
. This will automatically benefit from
Andy Polyakov’s optimized ChaPoly implementations that OCF has long
since imported from OpenSSL.
When we make the move to OCF, it’s likely that the wireguard-freebsd repo as-is will become "wireguard-freebsd-compat", which will be explicitly aimed at backports to earlier FreeBSD releases for ports, while a new wireguard-freebsd repository will be a whole FreeBSD tree, where we can work directly on integration patches for upstream. That repository will also have an imported version of the wg(8) utility from wireguard-tools, which I’ll be relicensing as MIT.
I’m quite excited for the upcoming quarter and seeing how much of wireguard-freebsd we’re able to land upstream.
Last modified on: November 15, 2021 by Daniel Ebdrup Jensen