From 82831962b88b03ac4ced09e62e2822dfe482bb5b Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 11 Jul 2016 03:15:00 +0200
Subject: cookie: do not expose csprng directly

It may not be wise to directly publish the output of the CSPRNG, so we
run the output through a round of Blake2s first.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/cookie.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/cookie.c')

diff --git a/src/cookie.c b/src/cookie.c
index f02a7e8..0409b56 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -164,6 +164,7 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff
 	dst->header.type = MESSAGE_HANDSHAKE_COOKIE;
 	dst->receiver_index = index;
 	get_random_bytes(dst->salt, COOKIE_SALT_LEN);
+	blake2s(dst->salt, dst->salt, NULL, COOKIE_SALT_LEN, COOKIE_SALT_LEN, 0); /* Avoid directly transmitting RNG output. */
 
 	down_read(&checker->device->static_identity.lock);
 	if (unlikely(!checker->device->static_identity.has_identity)) {
-- 
cgit v1.2.3-59-g8ed1b