1 /* $OpenBSD: cookie.c,v 1.17 2017/02/03 08:23:46 guenther Exp $ */
2 /* $EOM: cookie.c,v 1.21 1999/08/05 15:00:04 niklas Exp $ */
3
4 /*
5 * Copyright (c) 1998, 1999 Niklas Hallqvist. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 /*
29 * This code was written under funding by Ericsson Radio Systems.
30 */
31
32 #include <sys/types.h>
33 #include <sys/socket.h>
34 #include <netinet/in.h>
35 #include <stdlib.h>
36 #include <string.h>
37
38 #include "cookie.h"
39 #include "exchange.h"
40 #include "hash.h"
41 #include "transport.h"
42 #include "util.h"
43
44 #define COOKIE_SECRET_SIZE 16
45
46 /*
47 * Generate an anti-clogging token (a protection against an attacker forcing
48 * us to keep state for a flood of connection requests) a.k.a. a cookie
49 * at BUF, LEN bytes long. The cookie will be generated by hashing of
50 * information found, among otherplaces, in transport T and exchange
51 * EXCHANGE.
52 */
53 void
cookie_gen(struct transport * t,struct exchange * exchange,u_int8_t * buf,size_t len)54 cookie_gen(struct transport *t, struct exchange *exchange, u_int8_t *buf,
55 size_t len)
56 {
57 struct hash *hash = hash_get(HASH_SHA1);
58 u_int8_t tmpsecret[COOKIE_SECRET_SIZE];
59 struct sockaddr *name;
60
61 hash->Init(hash->ctx);
62 (*t->vtbl->get_dst)(t, &name);
63 hash->Update(hash->ctx, (u_int8_t *)name, SA_LEN(name));
64 (*t->vtbl->get_src)(t, &name);
65 hash->Update(hash->ctx, (u_int8_t *)name, SA_LEN(name));
66 if (exchange->initiator == 0)
67 hash->Update(hash->ctx, exchange->cookies +
68 ISAKMP_HDR_ICOOKIE_OFF, ISAKMP_HDR_ICOOKIE_LEN);
69 arc4random_buf(tmpsecret, COOKIE_SECRET_SIZE);
70 hash->Update(hash->ctx, tmpsecret, COOKIE_SECRET_SIZE);
71 hash->Final(hash->digest, hash->ctx);
72 memcpy(buf, hash->digest, len);
73 }
74