kern/58479: experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/58479: experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
From: campbell+netbsd%mumble.net@localhost
Date: Sun, 28 Jul 2024 12:10:00 +0000 (UTC)

>Number:         58479
>Category:       kern
>Synopsis:       experimental wg(4) uses 32-bit cookie secret, not 32-byte cookie secret
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 28 12:10:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The NetWG Cookiedation
>Environment:
>Description:
The WireGuard whitepaper https://www.wireguard.com/papers/wireguard.pdf doesn't say much about the cookie secret `R_m' (Sec. 5.4.7, `Under Load: Cookie Reply Message'), but it is a reasonable default choice for a PRF key (or `MAC' key as the whitepaper says) to be 32 bytes long.

Currently we use a 32-bit key.

While this is just for DoS mitigation, so its predictability has relatively limited security impact, we ought to use a 32-byte key instead of a 32-bit key.
>How-To-Repeat:
code inspection
>Fix:
change uint32_t to uint8_t[32]

Prev by Date: kern/58478: experimental wg(4) probably doesn't build with INET6-only
Next by Date: kern/58480: experimental wg(4) sliding window logic has oopsie
Previous by Thread: kern/58478: experimental wg(4) probably doesn't build with INET6-only
Next by Thread: kern/58480: experimental wg(4) sliding window logic has oopsie
Indexes:

Home | Main Index | Thread Index | Old Index