xref: /openbsd-src/sbin/isakmpd/cookie.c (revision b2ea75c1b17e1a9a339660e7ed45cd24946b230e) 
1 /*	$OpenBSD: cookie.c,v 1.9 2001/06/29 18:52:16 ho Exp $	*/
2 /*	$EOM: cookie.c,v 1.21 1999/08/05 15:00:04 niklas Exp $	*/
3 
4 /*
5  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by Ericsson Radio Systems.
18  * 4. The name of the author may not be used to endorse or promote products
19  *    derived from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * This code was written under funding by Ericsson Radio Systems.
35  */
36 
37 #include <sys/types.h>
38 #include <sys/socket.h>
39 #include <sha1.h>
40 #include <stdlib.h>
41 #include <string.h>
42 
43 #include "sysdep.h"
44 
45 #include "cookie.h"
46 #include "exchange.h"
47 #include "hash.h"
48 #include "transport.h"
49 #include "util.h"
50 
51 #define COOKIE_SECRET_SIZE	16
52 
53 /*
54  * Generate an anti-clogging token (a protection against an attacker forcing
55  * us to keep state for a flood of connection requests) a.k.a. a cookie
56  * at BUF, LEN bytes long.  The cookie will be generated by hashing of
57  * information found, among otherplaces, in transport T and exchange
58  * EXCHANGE.
59  */
60 void
61 cookie_gen (struct transport *t, struct exchange *exchange, u_int8_t *buf,
62 	    size_t len)
63 {
64   struct hash* hash = hash_get (HASH_SHA1);
65   struct sockaddr *name;
66   u_int8_t tmpsecret[COOKIE_SECRET_SIZE];
67 
68   hash->Init (hash->ctx);
69   (*t->vtbl->get_dst) (t, &name);
70   hash->Update (hash->ctx, (u_int8_t *)name, name->sa_len);
71   (*t->vtbl->get_src) (t, &name);
72   hash->Update (hash->ctx, (u_int8_t *)name, name->sa_len);
73   if (exchange->initiator == 0)
74     hash->Update (hash->ctx, exchange->cookies + ISAKMP_HDR_ICOOKIE_OFF,
75 		  ISAKMP_HDR_ICOOKIE_LEN);
76   getrandom (tmpsecret, COOKIE_SECRET_SIZE);
77   hash->Update (hash->ctx, tmpsecret, COOKIE_SECRET_SIZE);
78   hash->Final (hash->digest, hash->ctx);
79   memcpy (buf, hash->digest, len);
80 }
81