PR #77492: security fix(gateway): defend pre-auth device-signature verify against CPU DoS

• Repository: openclaw/openclaw
• Author: fede-kamel
• State: open | merged: False
• Link: https://github.com/openclaw/openclaw/pull/77492

Description (problem / solution / changelog)

Closes #77979

Summary

• Pre-auth WS handshakes that include a device block ran crypto.createPublicKey plus a v3-then-v2 crypto.verify per request, gated only by frame-size limits. An unauthenticated remote attacker could pin a single Gateway core: PoC against a real running gateway hits ~510 forged handshakes/s/IP, degrading legit handshake p50 by 48.7× (1.16 ms → 56.6 ms) and p99 by 94.7×.
• Fix is layered: schema cap on device.publicKey (1024) and device.signature (256); shape pre-check on verifyDeviceSignature / deriveDeviceIdFromPublicKey / normalizeDevicePublicKeyBase64Url rejecting inputs that cannot decode to a 32-byte raw key or 64-byte signature; new AUTH_RATE_LIMIT_SCOPE_DEVICE_SIGNATURE bucket gating the verify per IP. The browser-origin rate limiter is always constructed (server.impl.ts:424), so the gate fires for browser-origin clients even when no gateway.auth.rateLimit is configured. For non-browser-origin clients, the gate fires when the operator configures a rate limiter (the typical production case).
• Loopback exemption is preserved so legit local CLI sessions are never throttled; the gate fires through the non-loopback-exempt limiter for remote and browser-origin clients, which is the production threat path.

Reproduction

The PoC (scripts/poc-preauth-flood-ws.mjs) opens N concurrent WS connections, each completing the connect-challenge handshake with a real Ed25519 PEM public key and a random 64-byte signature. The gateway reaches the verify path (server-issued nonce echoed back, device.id matches sha256(rawPublicKey)) and runs createPublicKey + v3 verify + v2 verify per request. A separate measurement client probes time-to-first-event in parallel.

Against a vulnerable gateway:

pnpm gateway:watch                                    # in another terminal

node scripts/poc-preauth-flood-ws.mjs \
     --gateway ws://127.0.0.1:18789 \
     --attackers 32 \
     --legit-iters 30 \
     --duration-ms 3000

Observed:

baseline:     n=30 p50=1.16ms  p90=1.80ms  p99=2.04ms
under-attack: n=30 p50=56.58ms p90=64.24ms p99=193.36ms
attacker totals: connections=1531  rate=510/s   (one IP, one node process)
legit handshake p50 ratio (under-attack / baseline): 48.69x
legit handshake p99 ratio: 94.73x

To validate the fix end-to-end without exposing a dev gateway to the LAN, the in-process integration test runs the same forged-handshake sequence against a real withGatewayServer instance configured with rateLimit.maxAttempts: 1, exemptLoopback: true:

pnpm test src/gateway/server.preauth-signature-rate-limit.test.ts

The test asserts:

1. The first N forged signatures fail with error.details.reason === "device-signature" (the verify ran).
2. The (N+1)th attempt fails with error.details.reason === "device-signature-rate-limited" and retryAfterMs > 0 — the gate short-circuited before any crypto.

Reverting the recordFailure line in the rate-limit gate makes both tests fail with expected 'device-signature' to be 'device-signature-rate-limited'.

Test plan

• src/gateway/server.preauth-signature-rate-limit.test.ts — new in-process WS integration test (2 cases). Both fail when the fix is disabled.
• src/infra/device-identity.test.ts — new shape pre-check tests: oversized PEM, oversized non-PEM, signature-shaped input rejected as public key, public-key-shaped input rejected as signature, all without invoking crypto.
• src/gateway/protocol/connect-device-bounds.test.ts — new schema-cap tests: validateConnectParams rejects oversized device.publicKey and device.signature; accepts them at the documented bounds.
• Existing src/gateway/server/ws-connection/handshake-auth-helpers.test.ts — 27/27 pass, no regression.
• Live PoC reproduction confirms the 50× p50 / 95× p99 degradation pre-fix.

Verification

• Targeted pnpm test of the four affected files: 41/41 pass.
• Build: dist contains the new rate-limit gate (grep AUTH_RATE_LIMIT_SCOPE_DEVICE_SIGNATURE on the bundle).
• Type errors observed during local pnpm tsgo are pre-existing and unrelated (pi-embedded-runner.* AgentMessage casts and missing web-tree-sitter dep).

Changed files

• CHANGELOG.md (modified, +1/-0)
• scripts/poc-preauth-flood-ws.mjs (added, +341/-0)
• src/gateway/auth-rate-limit.ts (modified, +5/-0)
• src/gateway/protocol/connect-device-bounds.test.ts (added, +63/-0)
• src/gateway/protocol/schema/frames.ts (modified, +9/-3)
• src/gateway/protocol/schema/primitives.ts (modified, +16/-0)
• src/gateway/server.auth.browser-hardening.test.ts (modified, +12/-2)
• src/gateway/server.auth.control-ui.suite.ts (modified, +12/-2)
• src/gateway/server.preauth-signature-rate-limit.test.ts (added, +310/-0)
• src/gateway/server/ws-connection/message-handler.ts (modified, +48/-1)
• src/infra/device-identity.test.ts (modified, +73/-0)
• src/infra/device-identity.ts (modified, +72/-3)