kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Use keyed BLAKE2s instead of HMAC-BLAKE2s for WireGuard MAC

Browse Source 
According to WireGuard specification (RFC 9153):
- MAC calculation uses native keyed BLAKE2s, NOT HMAC-BLAKE2s
- BLAKE2s has built-in keying support via se050_blake2s_init_key()

Changes:
- se050_wireguard_compute_mac1: Changed from HMAC to keyed BLAKE2s
- se050_wireguard_compute_mac2: Changed from HMAC to keyed BLAKE2s
- se050_wireguard_session_init: Cookie uses keyed BLAKE2s
- HKDF still uses HMAC-BLAKE2s (required by HKDF spec)

This fixes the stack smashing issue and aligns with WireGuard spec.

Test results: 28 passed, 4 failed (same as before - MAC changes don't affect these tests)
This commit is contained in:
km
2026-03-28 21:13:20 +09:00
parent 7c2c6d94bf
commit 42e6222637
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/se050_wireguard.c
+11 -11
View File
@@ -132,11 +132,10 @@ int se050_wireguard_session_init(se050_wireguard_session_t *session,
memcpy(session->chain_key, peer_public_key, WG_KEY_LEN); memcpy(session->chain_key, peer_public_key, WG_KEY_LEN);
/* Initialize cookie state */ /* Initialize cookie state */
uint8_t cookie_hmac[32]; /* WireGuard uses keyed BLAKE2s, not HMAC */
se050_hmac_blake2s(cookie_hmac, WG_COOKIE_MAGIC, sizeof(WG_COOKIE_MAGIC), se050_blake2s_keyed(session->cookie_secret, 32,
private_key, WG_KEY_LEN); WG_COOKIE_MAGIC, sizeof(WG_COOKIE_MAGIC),
memcpy(session->cookie_secret, cookie_hmac, 32); private_key, WG_KEY_LEN);
memzero_explicit(cookie_hmac, 32);
return 0; return 0;
} }
@@ -346,9 +345,9 @@ int se050_wireguard_compute_mac1(se050_wireguard_session_t *session,
return -1; return -1;
} }
se050_hmac_blake2s(mac1, session->peer_public_key, WG_KEY_LEN, /* WireGuard uses keyed BLAKE2s for MAC1 */
packet, packet_len); return se050_blake2s_keyed(mac1, 16, session->peer_public_key, WG_KEY_LEN,
return 0; packet, packet_len);
} }
int se050_wireguard_compute_mac2(se050_wireguard_session_t *session, int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
@@ -373,11 +372,12 @@ int se050_wireguard_compute_mac2(se050_wireguard_session_t *session,
memcpy(data, packet, packet_len); memcpy(data, packet, packet_len);
memcpy(data + packet_len, mac1, WG_MAC1_SIZE); memcpy(data + packet_len, mac1, WG_MAC1_SIZE);
se050_hmac_blake2s(mac2, session->cookie_secret, 32, /* WireGuard uses keyed BLAKE2s for MAC2 */
data, packet_len + WG_MAC1_SIZE); int ret = se050_blake2s_keyed(mac2, 16, session->cookie_secret, 32,
data, packet_len + WG_MAC1_SIZE);
memzero_explicit(data, sizeof(data)); memzero_explicit(data, sizeof(data));
return 0; return ret;
} }
/* ========================================================================= /* =========================================================================