cookie: do not expose csprng directly

It may not be wise to directly publish the output of the CSPRNG, so we run the output through a round of Blake2s first.
author: Jason A. Donenfeld <Jason@zx2c4.com> 2016-07-11 03:15:00 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2016-07-22 15:17:15 +0200
commit: f327cfe15cb9bb1ada3c6371960f94e2cee05b8f (patch)
tree: 7dd682bd0f6a1603d0026a6cc667165bec6a07a5 /src/cookie.c
parent: tools: add -MP to makefile (diff)
download: wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.tar.xz
wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/cookie.c b/src/cookie.c
index f02a7e8..0409b56 100644
--- a/src/cookie.c
+++ b/src/cookie.c
@@ -164,6 +164,7 @@ void cookie_message_create(struct message_handshake_cookie *dst, struct sk_buff
 	dst->header.type = MESSAGE_HANDSHAKE_COOKIE;
 	dst->receiver_index = index;
 	get_random_bytes(dst->salt, COOKIE_SALT_LEN);
+	blake2s(dst->salt, dst->salt, NULL, COOKIE_SALT_LEN, COOKIE_SALT_LEN, 0); /* Avoid directly transmitting RNG output. */
 
 	down_read(&checker->device->static_identity.lock);
 	if (unlikely(!checker->device->static_identity.has_identity)) {
author	Jason A. Donenfeld <Jason@zx2c4.com>	2016-07-11 03:15:00 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2016-07-22 15:17:15 +0200
commit	f327cfe15cb9bb1ada3c6371960f94e2cee05b8f (patch)
tree	7dd682bd0f6a1603d0026a6cc667165bec6a07a5 /src/cookie.c
parent	tools: add -MP to makefile (diff)
download	wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.tar.xz wireguard-monolithic-historical-f327cfe15cb9bb1ada3c6371960f94e2cee05b8f.zip