[ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

[ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

[Jason A. Donenfeld]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20170531`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  This rather large snapshot touches quite a few sensitive areas, so I'm
  releasing it now rather than later to receive feedback on any possible issues.
  It also contains fixes, so everybody should upgrade.
  
  * man: fix psk mention in wg-quick man page
  * man: update wg-quick(8) to show Debian resolvconf braindamage
  
  Documentation cleanups.
  
  * wg-quick: use src routing for default routes in v6
  
  ip-rule(8) doesn't do the right thing with source addresses, unless we
  explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
  
  * curve25519: actually, do some things on heap sometimes
  * curve25519: align the basepoint to 32 bytes
  * curve25519: add NEON versions for ARM
  * data: enable BH during parallel crypto on ARM/NEON
  * chacha20poly1305: move constants to rodata
  * chacha20poly1305: add NEON versions for ARM and ARM64
  
  We now have faster primitives on ARM and ARM64 processors, which should
  improve performance.
  
  * handshake: process in parallel
  
  Handshakes are now processed in parallel using all cores, which should improve
  throughput during a storm.
  
  * noise: no need to store ephemeral public key
  * noise: precompute static-static ECDH operation
  
  We can precompute the ECDH(s, s) calculation, which improves handshake
  initiation message performance by double.
  
  * style: spaces after for loops
  * peer: use iterator macro instead of callback
  
  The most unreadable C ever produced. It might be wise to find a sexier-looking
  alternative at some point.
  
  * compat: remove warning for < 4.1
  * compat: ship padata if kernel doesn't have it
  
  The usual array of annoying compat things.
  
  * rust test: convert screech test to snow
  * rust test: add icmp ping
  
  We now use Jake's snow library for Noise in the test, which we've expanded to
  complete a ping.
  
  * config: do not error out when getting if no peers
  * tools: allow creating device with no peers
  
  Fixing some small things in the tool/config interaction.
  
  * device: keep going when share_check fails
  * routingtable: remove unnecessary check in node_placement()
  * config: it's faster to memcpy than strncpy
  * timers: fix typo in comment
  
  Nits.
  
  * debug: print interface name in dmesg
  
  For those who compile with `make debug`, you'll be happy to see a bit better
  information in dmesg.
  
  * timers: rework handshake reply control flow
  * timers: the completion of a handshake also is on key confirmation
  * timers: reset retry-attempt counter when not retrying
  
  Tightening up our timer implementation, which is quite important.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .

This snapshot is available in tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170531.tar.xz
  SHA2-256: 2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7cacc
  BLAKE2b-256: 64e5d061e0d03133b781b902d3b5b61658b6d9f664b304325476d5add3a701ca

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlku1IoQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drh/KD/4iyKcLlhBivsvC9pGbIcAL9nvsnFq7dkOz
MILh3048lMRGCts7RsgH7+Q6Yzzn0HwbwPfAugsjcXrGJGhVwSx5WP5H9oD1ev+1
A9H+zVU4srLBJa/khC3ccjYNmOHEiC2ugv6DSy8cNn4cnH/2YPbhocqhnrvVnEKU
4ESXcF35/iuc6c3XJCd9EK1bF7263zIodDS3HkBh31muV4x8POr7m897v78AIUJb
GR7w5P6y27kH2VU0onobLXQ0vfy2Nr3SHSZwu7HBFdXAX//okB+sdmMloBUmqgx3
wNT0rjcd6KB4W8w44Cj2i61p2d8o+Up50r7EA0E+rU8oIVrQXkmpkeLBWkmzHD6H
ZlZVMxSfosW+2yIslWzjJ7EOHn72FI5ANXoP0IQymON2NVhbegevI3+HbxrR+tvQ
sAQHvIwsfJ116ACrISYt1xo7b2mMmGjS8/XNcpqGaIkqLGwxHJ7kJiOlzl0lBtaP
cSHzjeVMD4BKo63UQioLGUkIL7lj36L9VK46gBZ3C0HvllgOfHv6MOUD+Ev1vw7N
4z4UjmhuiHDq7xQ1Bq5haH8d6Pager5ece4DMKN5YUrYmQIikLTEGFcktGsow9ym
mUoeYskrkhw2uJN32Dr6nDHdxG+WQaGIMk+CpIoCh7e6dRa7eYJ9MeNaF2/Pl5TL
F7yVoGQFgQ==
=llZj
-----END PGP SIGNATURE-----

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

[Le Sandie]

[-- Attachment #1: Type: text/plain, Size: 5904 bytes --]

Hi all!,

My user feedback :-)

I have tested the WireGuard-0.0.20170531 snapshot between two ARM peers (a
couple of rpi3s with the same snapshot) and it works nice. I haven't had
time to iperf but will do to check that performance raise in ARM SoCs.

Also i tested this snapshot with one ARM peer and the other peer with a
LEDE (17.01.1) router with wireguard and the handshake goes well but no
connectivity between peers. If i downgrade the ARM peer snapshot to
WireGuard-0.0.20170421, both peers see each other with connectivity.
Probably when the openwrt/LEDE package maintainer bump up the package to
the new snapshot it will work.

Best

On Wed, May 31, 2017 at 4:35 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> A new snapshot, `0.0.20170531`, has been tagged in the git repository.
>
> Please note that this snapshot is, like the rest of the project at this
> point
> in time, experimental, and does not consitute a real release that would be
> considered secure and bug-free. WireGuard is generally thought to be fairly
> stable, and most likely will not crash your computer (though it may).
> However, as this is a pre-release snapshot, it comes with no guarantees,
> and
> its security is not yet to be depended on; it is not applicable for CVEs.
>
> With all that said, if you'd like to test this snapshot out, there are a
> few relevent changes.
>
> == Changes ==
>
>   This rather large snapshot touches quite a few sensitive areas, so I'm
>   releasing it now rather than later to receive feedback on any possible
> issues.
>   It also contains fixes, so everybody should upgrade.
>
>   * man: fix psk mention in wg-quick man page
>   * man: update wg-quick(8) to show Debian resolvconf braindamage
>
>   Documentation cleanups.
>
>   * wg-quick: use src routing for default routes in v6
>
>   ip-rule(8) doesn't do the right thing with source addresses, unless we
>   explicitly set it inside the route. This fixes wg-quick on IPv6 systems.
>
>   * curve25519: actually, do some things on heap sometimes
>   * curve25519: align the basepoint to 32 bytes
>   * curve25519: add NEON versions for ARM
>   * data: enable BH during parallel crypto on ARM/NEON
>   * chacha20poly1305: move constants to rodata
>   * chacha20poly1305: add NEON versions for ARM and ARM64
>
>   We now have faster primitives on ARM and ARM64 processors, which should
>   improve performance.
>
>   * handshake: process in parallel
>
>   Handshakes are now processed in parallel using all cores, which should
> improve
>   throughput during a storm.
>
>   * noise: no need to store ephemeral public key
>   * noise: precompute static-static ECDH operation
>
>   We can precompute the ECDH(s, s) calculation, which improves handshake
>   initiation message performance by double.
>
>   * style: spaces after for loops
>   * peer: use iterator macro instead of callback
>
>   The most unreadable C ever produced. It might be wise to find a
> sexier-looking
>   alternative at some point.
>
>   * compat: remove warning for < 4.1
>   * compat: ship padata if kernel doesn't have it
>
>   The usual array of annoying compat things.
>
>   * rust test: convert screech test to snow
>   * rust test: add icmp ping
>
>   We now use Jake's snow library for Noise in the test, which we've
> expanded to
>   complete a ping.
>
>   * config: do not error out when getting if no peers
>   * tools: allow creating device with no peers
>
>   Fixing some small things in the tool/config interaction.
>
>   * device: keep going when share_check fails
>   * routingtable: remove unnecessary check in node_placement()
>   * config: it's faster to memcpy than strncpy
>   * timers: fix typo in comment
>
>   Nits.
>
>   * debug: print interface name in dmesg
>
>   For those who compile with `make debug`, you'll be happy to see a bit
> better
>   information in dmesg.
>
>   * timers: rework handshake reply control flow
>   * timers: the completion of a handshake also is on key confirmation
>   * timers: reset retry-attempt counter when not retrying
>
>   Tightening up our timer implementation, which is quite important.
>
> As always, the source is available at https://git.zx2c4.com/WireGuard/ and
> information about the project is available at https://www.wireguard.io/ .
>
> This snapshot is available in tarball form here:
>   https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20170531.tar.xz
>   SHA2-256: 2eb7d9aaf11dcb35e5066837bb1c768398ad3655744fdeb656bd7e7c7ad7
> cacc
>   BLAKE2b-256: 64e5d061e0d03133b781b902d3b5b6
> 1658b6d9f664b304325476d5add3a701ca
>
> If you're a snapshot package maintainer, please bump your package version.
> If
> you're a user, the WireGuard team welcomes any and all feedback on this
> latest
> snapshot.
>
> Thank you,
> Jason Donenfeld
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAlku1IoQHGphc29uQHp4
> MmM0LmNvbQAKCRBJ/HASpd4Drh/KD/4iyKcLlhBivsvC9pGbIcAL9nvsnFq7dkOz
> MILh3048lMRGCts7RsgH7+Q6Yzzn0HwbwPfAugsjcXrGJGhVwSx5WP5H9oD1ev+1
> A9H+zVU4srLBJa/khC3ccjYNmOHEiC2ugv6DSy8cNn4cnH/2YPbhocqhnrvVnEKU
> 4ESXcF35/iuc6c3XJCd9EK1bF7263zIodDS3HkBh31muV4x8POr7m897v78AIUJb
> GR7w5P6y27kH2VU0onobLXQ0vfy2Nr3SHSZwu7HBFdXAX//okB+sdmMloBUmqgx3
> wNT0rjcd6KB4W8w44Cj2i61p2d8o+Up50r7EA0E+rU8oIVrQXkmpkeLBWkmzHD6H
> ZlZVMxSfosW+2yIslWzjJ7EOHn72FI5ANXoP0IQymON2NVhbegevI3+HbxrR+tvQ
> sAQHvIwsfJ116ACrISYt1xo7b2mMmGjS8/XNcpqGaIkqLGwxHJ7kJiOlzl0lBtaP
> cSHzjeVMD4BKo63UQioLGUkIL7lj36L9VK46gBZ3C0HvllgOfHv6MOUD+Ev1vw7N
> 4z4UjmhuiHDq7xQ1Bq5haH8d6Pager5ece4DMKN5YUrYmQIikLTEGFcktGsow9ym
> mUoeYskrkhw2uJN32Dr6nDHdxG+WQaGIMk+CpIoCh7e6dRa7eYJ9MeNaF2/Pl5TL
> F7yVoGQFgQ==
> =llZj
> -----END PGP SIGNATURE-----
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>



-- 
Lt. Col. Sandie

[-- Attachment #2: Type: text/html, Size: 7452 bytes --]

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

[Jason A. Donenfeld]

On Sat, Jun 3, 2017 at 12:47 AM, Le Sandie <lesandie@gmail.com> wrote:
> I have tested the WireGuard-0.0.20170531 snapshot between two ARM peers (a
> couple of rpi3s with the same snapshot) and it works nice. I haven't had
> time to iperf but will do to check that performance raise in ARM SoCs.

Great, please do let me know.

>
> Also i tested this snapshot with one ARM peer and the other peer with a LEDE
> (17.01.1) router with wireguard and the handshake goes well but no
> connectivity between peers. If i downgrade the ARM peer snapshot to
> WireGuard-0.0.20170421, both peers see each other with connectivity.
> Probably when the openwrt/LEDE package maintainer bump up the package to the
> new snapshot it will work.

Yes indeed there was a backwards incompatible change made. The
openwrt/lede package already has been bumped, however, so just update
your system.
https://github.com/openwrt/packages/blob/master/net/wireguard/Makefile

Re: [ANNOUNCE] WireGuard Snapshot `0.0.20170531` Available

[Le Sandie]

[-- Attachment #1: Type: text/plain, Size: 2750 bytes --]

Hi!, iperf results!

Peers: server 10.11.12.1 and client 10.11.12.2

UDP test

100MB transfer (with a size similar to the theoretical raspberry pi fast
ethernet limit (100mbps)


pi@raspberrypi:~ $ iperf -c 10.11.12.2 -u -p 12345 -t 30 -b 100M
------------------------------------------------------------
Client connecting to 10.11.12.2, UDP port 12345
Sending 1470 byte datagrams
UDP buffer size:  160 KByte (default)
------------------------------------------------------------
[  3] local 10.11.12.3 port 47707 connected with 10.11.12.2 port 12345
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-30.0 sec   278 MBytes  77.8 Mbits/sec
[  3] Sent 198395 datagrams
[  3] Server Report:
[  3]  0.0-30.3 sec  6.30 MBytes  1.75 Mbits/sec  11.417 ms 193896/198393
(98%)
pi@raspberrypi:~ $


WITH the NEW SNAPSHOT (20170531)

pi@raspberrypi:~ $ iperf -c 10.11.12.2 -u -t 30 -b 100M
------------------------------------------------------------
Client connecting to 10.11.12.2, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  160 KByte (default)
------------------------------------------------------------
[  3] local 10.11.12.3 port 59246 connected with 10.11.12.2 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-30.0 sec   275 MBytes  77.0 Mbits/sec
[  3] Sent 196350 datagrams
[  3] Server Report:
[  3]  0.0-30.2 sec  6.67 MBytes  1.85 Mbits/sec  10.785 ms 191590/196347
(98%)
[  3]  0.0-30.2 sec  1 datagrams received out-of-order


Results are what i expected, both rpi3 hitting the limit of the fast
ethernet. I'm gonna test it with two routers (Netgear X4S nighthawk, with
ARM neon and Gigabit ethernet interface).

Best!


On Sat, Jun 3, 2017 at 3:31 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> On Sat, Jun 3, 2017 at 12:47 AM, Le Sandie <lesandie@gmail.com> wrote:
> > I have tested the WireGuard-0.0.20170531 snapshot between two ARM peers
> (a
> > couple of rpi3s with the same snapshot) and it works nice. I haven't had
> > time to iperf but will do to check that performance raise in ARM SoCs.
>
> Great, please do let me know.
>
> >
> > Also i tested this snapshot with one ARM peer and the other peer with a
> LEDE
> > (17.01.1) router with wireguard and the handshake goes well but no
> > connectivity between peers. If i downgrade the ARM peer snapshot to
> > WireGuard-0.0.20170421, both peers see each other with connectivity.
> > Probably when the openwrt/LEDE package maintainer bump up the package to
> the
> > new snapshot it will work.
>
> Yes indeed there was a backwards incompatible change made. The
> openwrt/lede package already has been bumped, however, so just update
> your system.
> https://github.com/openwrt/packages/blob/master/net/wireguard/Makefile
>



-- 
Lt. Col. Sandie

[-- Attachment #2: Type: text/html, Size: 3727 bytes --]