NetBSD Problem Report #58479

From www@netbsd.org  Sun Jul 28 12:06:09 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 5DA341A923C
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 28 Jul 2024 12:06:09 +0000 (UTC)
Message-Id: <20240728120608.37D7E1A923E@mollari.NetBSD.org>
Date: Sun, 28 Jul 2024 12:06:08 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
X-Send-Pr-Version: www-1.0

>Number:         58479
>Category:       kern
>Synopsis:       experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 28 12:10:00 +0000 2024
>Closed-Date:    Wed Oct 09 14:38:22 +0000 2024
>Last-Modified:  Wed Oct 09 14:38:22 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The NetWG Cookiedation
>Environment:
>Description:
The WireGuard whitepaper https://www.wireguard.com/papers/wireguard.pdf doesn't say much about the cookie secret `R_m' (Sec. 5.4.7, `Under Load: Cookie Reply Message'), but it is a reasonable default choice for a PRF key (or `MAC' key as the whitepaper says) to be 32 bytes long.

Currently we use a 32-bit key.

While this is just for DoS mitigation, so its predictability has relatively limited security impact, we ought to use a 32-byte key instead of a 32-bit key.
>How-To-Repeat:
code inspection
>Fix:
change uint32_t to uint8_t[32]

>Release-Note:

>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58479 CVS commit: src/sys/net
Date: Sun, 28 Jul 2024 14:39:19 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Sun Jul 28 14:39:19 UTC 2024

 Modified Files:
 	src/sys/net: if_wg.c

 Log Message:
 wg(4): Expand cookie secret to 32 bytes.

 This is only relevant for denial of service mitigation, so it's not
 that big a deal, and the spec doesn't say anything about the size,
 but let's make it the standard key size.

 PR kern/58479: experimental wg(4) uses 32-bit cookie secret, not
 32-byte cookie secret


 To generate a diff of this commit:
 cvs rdiff -u -r1.97 -r1.98 src/sys/net/if_wg.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Mon, 29 Jul 2024 02:47:47 +0000
State-Changed-Why:
fixed in HEAD, needs pullup-10


State-Changed-From-To: needs-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Wed, 09 Oct 2024 14:38:22 +0000
State-Changed-Why:
fixed in HEAD, pulled up to 10
pullup-10 #934 https://releng.netbsd.org/cgi-bin/req-10.cgi?show=934


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.