NetBSD Problem Report #58479
From www@netbsd.org Sun Jul 28 12:06:09 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 5DA341A923C
for <gnats-bugs@gnats.NetBSD.org>; Sun, 28 Jul 2024 12:06:09 +0000 (UTC)
Message-Id: <20240728120608.37D7E1A923E@mollari.NetBSD.org>
Date: Sun, 28 Jul 2024 12:06:08 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
X-Send-Pr-Version: www-1.0
>Number: 58479
>Category: kern
>Synopsis: experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jul 28 12:10:00 +0000 2024
>Closed-Date: Wed Oct 09 14:38:22 +0000 2024
>Last-Modified: Wed Oct 09 14:38:22 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10
>Organization:
The NetWG Cookiedation
>Environment:
>Description:
The WireGuard whitepaper https://www.wireguard.com/papers/wireguard.pdf doesn't say much about the cookie secret `R_m' (Sec. 5.4.7, `Under Load: Cookie Reply Message'), but it is a reasonable default choice for a PRF key (or `MAC' key as the whitepaper says) to be 32 bytes long.
Currently we use a 32-bit key.
While this is just for DoS mitigation, so its predictability has relatively limited security impact, we ought to use a 32-byte key instead of a 32-bit key.
>How-To-Repeat:
code inspection
>Fix:
change uint32_t to uint8_t[32]
>Release-Note:
>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/58479 CVS commit: src/sys/net
Date: Sun, 28 Jul 2024 14:39:19 +0000
Module Name: src
Committed By: riastradh
Date: Sun Jul 28 14:39:19 UTC 2024
Modified Files:
src/sys/net: if_wg.c
Log Message:
wg(4): Expand cookie secret to 32 bytes.
This is only relevant for denial of service mitigation, so it's not
that big a deal, and the spec doesn't say anything about the size,
but let's make it the standard key size.
PR kern/58479: experimental wg(4) uses 32-bit cookie secret, not
32-byte cookie secret
To generate a diff of this commit:
cvs rdiff -u -r1.97 -r1.98 src/sys/net/if_wg.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Mon, 29 Jul 2024 02:47:47 +0000
State-Changed-Why:
fixed in HEAD, needs pullup-10
State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Wed, 09 Oct 2024 14:38:22 +0000
State-Changed-Why:
fixed in HEAD, pulled up to 10
pullup-10 #934 https://releng.netbsd.org/cgi-bin/req-10.cgi?show=934
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.