Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net wg: Verify mac1 as the first step on INIT and RESP m...



details:   https://anonhg.NetBSD.org/src/rev/0b18a4a85ac9
branches:  trunk
changeset: 1013600:0b18a4a85ac9
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Mon Aug 31 20:27:06 2020 +0000

description:
wg: Verify mac1 as the first step on INIT and RESP messages.

This avoids the expensive DH computation before the sender has proven
knowledge of our public key.

diffstat:

 sys/net/if_wg.c |  52 ++++++++++++++++++++++++++--------------------------
 1 files changed, 26 insertions(+), 26 deletions(-)

diffs (96 lines):

diff -r e1c35057f123 -r 0b18a4a85ac9 sys/net/if_wg.c
--- a/sys/net/if_wg.c   Mon Aug 31 20:26:46 2020 +0000
+++ b/sys/net/if_wg.c   Mon Aug 31 20:27:06 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_wg.c,v 1.43 2020/08/31 20:26:46 riastradh Exp $     */
+/*     $NetBSD: if_wg.c,v 1.44 2020/08/31 20:27:06 riastradh Exp $     */
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota%gmail.com@localhost>
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.43 2020/08/31 20:26:46 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.44 2020/08/31 20:27:06 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1336,6 +1336,20 @@
 
        WG_TRACE("init msg received");
 
+       wg_algo_mac_mac1(mac1, sizeof(mac1),
+           wg->wg_pubkey, sizeof(wg->wg_pubkey),
+           (const uint8_t *)wgmi, offsetof(struct wg_msg_init, wgmi_mac1));
+
+       /*
+        * [W] 5.3: Denial of Service Mitigation & Cookies
+        * "the responder, ..., must always reject messages with an invalid
+        *  msg.mac1"
+        */
+       if (!consttime_memequal(mac1, wgmi->wgmi_mac1, sizeof(mac1))) {
+               WG_DLOG("mac1 is invalid\n");
+               return;
+       }
+
        /*
         * [W] 5.4.2: First Message: Initiator to Responder
         * "When the responder receives this message, it does the same
@@ -1411,20 +1425,6 @@
        wg_get_session(wgs, &psref_session);
        mutex_exit(wgs->wgs_lock);
 
-       wg_algo_mac_mac1(mac1, sizeof(mac1),
-           wg->wg_pubkey, sizeof(wg->wg_pubkey),
-           (const uint8_t *)wgmi, offsetof(struct wg_msg_init, wgmi_mac1));
-
-       /*
-        * [W] 5.3: Denial of Service Mitigation & Cookies
-        * "the responder, ..., must always reject messages with an invalid
-        *  msg.mac1"
-        */
-       if (!consttime_memequal(mac1, wgmi->wgmi_mac1, sizeof(mac1))) {
-               WG_DLOG("mac1 is invalid\n");
-               goto out;
-       }
-
        if (__predict_false(wg_is_underload(wg, wgp, WG_MSG_TYPE_INIT))) {
                WG_TRACE("under load");
                /*
@@ -1750,15 +1750,6 @@
        uint8_t mac1[WG_MAC_LEN];
        struct wg_session *wgs_prev;
 
-       WG_TRACE("resp msg received");
-       wgs = wg_lookup_session_by_index(wg, wgmr->wgmr_receiver, &psref);
-       if (wgs == NULL) {
-               WG_TRACE("No session found");
-               return;
-       }
-
-       wgp = wgs->wgs_peer;
-
        wg_algo_mac_mac1(mac1, sizeof(mac1),
            wg->wg_pubkey, sizeof(wg->wg_pubkey),
            (const uint8_t *)wgmr, offsetof(struct wg_msg_resp, wgmr_mac1));
@@ -1770,9 +1761,18 @@
         */
        if (!consttime_memequal(mac1, wgmr->wgmr_mac1, sizeof(mac1))) {
                WG_DLOG("mac1 is invalid\n");
-               goto out;
+               return;
        }
 
+       WG_TRACE("resp msg received");
+       wgs = wg_lookup_session_by_index(wg, wgmr->wgmr_receiver, &psref);
+       if (wgs == NULL) {
+               WG_TRACE("No session found");
+               return;
+       }
+
+       wgp = wgs->wgs_peer;
+
        if (__predict_false(wg_is_underload(wg, wgp, WG_MSG_TYPE_RESP))) {
                WG_TRACE("under load");
                /*



Home | Main Index | Thread Index | Old Index