[ANNOUNCE] wireguard-linux-compat v0.0.20200121 released

Jason A. Donenfeld Jason at zx2c4.com
Tue Jan 21 16:20:57 CET 2020

Hash: SHA256


A new version, v0.0.20200121, of the backported WireGuard kernel module for
3.10 <= Linux <= 5.5.y has been tagged in the git repository.

Please note that until Linux 5.6 is released, this snapshot is a
snapshot rather than a secure final release.

== Changes ==

  * Makefile: strip prefixed v from version.h
  This fixes a mistake in dmesg output and when parsing the sysfs entry in the
  * device: skb_list_walk_safe moved upstream
  This is a 5.6 change, which we won't support here, but it does make the code
  cleaner, so we make this change to keep things in sync.
  * curve25519: x86_64: replace with formally verified implementation
  This comes from INRIA's HACL*/Vale. It implements the same algorithm and
  implementation strategy as the code it replaces, only this code has been
  formally verified, sans the base point multiplication, which uses code
  similar to prior, only it uses the formally verified field arithmetic
  alongside reproducable ladder generation steps. This doesn't have a
  pure-bmi2 version, which means haswell no longer benefits, but the
  increased (doubled) code complexity is not worth it for a single
  generation of chips that's already old.
  Performance-wise, this is around 1% slower on older microarchitectures,
  and slightly faster on newer microarchitectures, mainly 10nm ones or
  backports of 10nm to 14nm. This implementation is "everest" below:
      Xeon E5-2680 v4 (Broadwell)
      armfazh: 133340 cycles per call
      everest: 133436 cycles per call
      Xeon Gold 5120 (Sky Lake Server)
      armfazh: 112636 cycles per call
      everest: 113906 cycles per call
      Core i5-6300U (Sky Lake Client)
      armfazh: 116810 cycles per call
      everest: 117916 cycles per call
      Core i7-7600U (Kaby Lake)
      armfazh: 119523 cycles per call
      everest: 119040 cycles per call
      Core i7-8750H (Coffee Lake)
      armfazh: 113914 cycles per call
      everest: 113650 cycles per call
      Core i9-9880H (Coffee Lake Refresh)
      armfazh: 112616 cycles per call
      everest: 114082 cycles per call
      Core i3-8121U (Cannon Lake)
      armfazh: 113202 cycles per call
      everest: 111382 cycles per call
      Core i7-8265U (Whiskey Lake)
      armfazh: 127307 cycles per call
      everest: 127697 cycles per call
      Core i7-8550U (Kaby Lake Refresh)
      armfazh: 127522 cycles per call
      everest: 127083 cycles per call
      Xeon Platinum 8275CL (Cascade Lake)
      armfazh: 114380 cycles per call
      everest: 114656 cycles per call
  Achieving these kind of results with formally verified code is quite
  remarkable, especialy considering that performance is favorable for
  newer chips.

This release contains commits from: Jason A. Donenfeld.

As always, the source is available at https://git.zx2c4.com/wireguard-linux-compat/
and information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  SHA2-256: 7726c2994d11913c4543fd3dc83636f7ce573ca689b15e11b83e980acc04422b

A PGP signature of that file decompressed is available here:
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
  Remember to unxz the tarball before verifying the signature.

If you're a package maintainer, please bump your package version. If you're a
user, the WireGuard team welcomes any and all feedback on this latest version.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld



More information about the WireGuard mailing list