kern/58501: experimental wg(4) needs known-answer test vectors

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/58501: experimental wg(4) needs known-answer test vectors
From: campbell+netbsd%mumble.net@localhost
Date: Sun, 28 Jul 2024 15:20:00 +0000 (UTC)

>Number:         58501
>Category:       kern
>Synopsis:       experimental wg(4) needs known-answer test vectors
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 28 15:20:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10
>Organization:
The TestWG Foundation
>Environment:
>Description:
wg(4) needs known-answer test vectors for key derivation, encryption, and decryption, including negative tests to verify forgeries are rejected.

wg(4) also needs self-tests for at least some of these -- ideally all, but the DH computation may be a bit costly to incur at boot when we're not using wg(4).  Maybe it could be done lazily with RUN_ONCE(9).
>How-To-Repeat:
code inspection
>Fix:
These don't appear to be published in the WireGuard whitepaper, so while we can generate them from the code in if_wg.c, we'll have to find some other way to independently generate them to verify.

Prev by Date: kern/58500: experimental wg(4) needs dtrace probes
Next by Date: toolchain/58503: gdb error rerunning tests/fs/nullfs/t_basic
Previous by Thread: kern/58500: experimental wg(4) needs dtrace probes
Next by Thread: toolchain/58503: gdb error rerunning tests/fs/nullfs/t_basic
Indexes:

Home | Main Index | Thread Index | Old Index