cookie: do not expose csprng directly

It may not be wise to directly publish the output of the CSPRNG, so we run the output through a round of Blake2s first. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2016-07-11 03:15:00 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2016-07-22 15:17:15 +0200
commit: 82831962b88b03ac4ced09e62e2822dfe482bb5b (patch)
tree: 978f695812a24860f4206893ecad1e6e0cafc24e /src/cookie.c
parent: socket: fix compat for 4.1 v6 sockets (diff)
download: wireguard-linux-compat-82831962b88b03ac4ced09e62e2822dfe482bb5b.tar.xz
wireguard-linux-compat-82831962b88b03ac4ced09e62e2822dfe482bb5b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/cookie.c b/src/cookie.c
index f02a7e8..0409b56 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -164,6 +164,7 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff
 	dst->header.type = MESSAGE_HANDSHAKE_COOKIE;
 	dst->receiver_index = index;
 	get_random_bytes(dst->salt, COOKIE_SALT_LEN);
+	blake2s(dst->salt, dst->salt, NULL, COOKIE_SALT_LEN, COOKIE_SALT_LEN, 0); /* Avoid directly transmitting RNG output. */
 
 	down_read(&checker->device->static_identity.lock);
 	if (unlikely(!checker->device->static_identity.has_identity)) {
author	Jason A. Donenfeld <Jason@zx2c4.com>	2016-07-11 03:15:00 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2016-07-22 15:17:15 +0200
commit	82831962b88b03ac4ced09e62e2822dfe482bb5b (patch)
tree	978f695812a24860f4206893ecad1e6e0cafc24e /src/cookie.c
parent	socket: fix compat for 4.1 v6 sockets (diff)
download	wireguard-linux-compat-82831962b88b03ac4ced09e62e2822dfe482bb5b.tar.xz wireguard-linux-compat-82831962b88b03ac4ced09e62e2822dfe482bb5b.zip