wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
From: Daniel Hope <daniel.hope@smartalock.com>
To: wireguard@lists.zx2c4.com
Subject: WireGuard Implementation for LwIP Stack
Date: Mon, 15 Mar 2021 16:55:36 +0000	[thread overview]
Message-ID: <7E828597-A5E0-4E54-B2C4-F1E83F25CD71@smartalock.com> (raw)

I have developed a WireGuard implementation for an embedded project we are working on that uses LwIP as the IP stack. The implementation has been released here: https://github.com/smartalock/wireguard-lwip 

LwIP is an open source TCP/IP stack that is used mainly in embedded systems, often those with very tight memory requirements for code/data size, and normally not running Linux / BSD or even any operating system at all.

The project contains a pure C, malloc free implementation of the WireGuard protocol, some glue in the form of a lwIP netif implementation and some crypto elements that end users will probably want to optimise for their specific embedded platform. I wish I’d seen the single file crypto.c file that Jason just announced in the FreeBSD code as that would have been useful… although the x25519 probably would still use too much stack for us.

In terms of size we can run a couple of WireGuard peers as well as our main application on an STM32F10x board that has just 64K RAM - the goal here being secure connectivity rather than raw packet throughput.

I’d welcome any feedback to improve the code!

In terms of other ideas I think this code could be adapted to run as a static C library to link against to enable per-application WireGuard support. Whilst there are other methods that already exist to do this - e.g. containerisation, or via the library here: https://git.zx2c4.com/wireguard-tools/tree/contrib/embeddable-wg-library/, etc these tend to require either operating system tunnel/network interface support or Linux in particular.

Daniel

                 reply	other threads:[~2021-03-15 19:55 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7E828597-A5E0-4E54-B2C4-F1E83F25CD71@smartalock.com \
    --to=daniel.hope@smartalock.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).