commit dd3cdb0fbc43db2c1449548bf75956b3fe5929da
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jul 22 20:40:40 2014 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:15 2014 +0200
tree 3e172e170493acb5b2649bf7f0f887221dc84abb
parent 336b824f07d98932f794e883a966b70d8ea490e7

Start using client IP in HelloVerifyRequest

Dummy fixed key for now.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index eac553f..521552d 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1137,25 +1137,68 @@
 #endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
 
 #if defined(POLARSSL_SSL_PROTO_DTLS)
+
+/*
+ * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
+ * available. Try SHA-256 first, 512 wastes resources since we need to stay
+ * with max 32 bytes of cookie for DTLS 1.0
+ */
+#if defined(POLARSSL_SHA256_C)
+#define HVR_MD      POLARSSL_MD_SHA256
+#define HVR_MD_LEN  32
+#define HVR_MD_USE  32
+#elif defined(POLARSSL_SHA512_C)
+#define HVR_MD      POLARSSL_MD_SHA384
+#define HVR_MD_LEN  48
+#define HVR_MD_USE  32
+#elif defined(POLARSSL_SHA1_C)
+#define HVR_MD      POLARSSL_MD_SHA1
+#define HVR_MD_LEN  20
+#define HVR_MD_USE  20
+#else
+#error "DTLS hello verify needs SHA-1 or SHA-2"
+#endif
+
 /*
  * Generate cookie for DTLS ClientHello verification
  */
 static int ssl_generate_verify_cookie( ssl_context *ssl )
 {
+    int ret;
     unsigned char *cookie = ssl->handshake->verify_cookie;
     unsigned char cookie_len;
+    unsigned char hmac_out[HVR_MD_LEN];
+    unsigned char hmac_key[32] = { 0 }; /* temporary! */
+    md_context_t hmac_ctx;
+
+    md_init( &hmac_ctx );
 
     polarssl_free( cookie );
 
-    cookie_len = 16; /* fixed for now */
+    cookie_len = HVR_MD_LEN;
+
     if( ( cookie = polarssl_malloc( cookie_len ) ) == NULL )
     {
         SSL_DEBUG_MSG( 1, ( "malloc (%d bytes) failed\n", cookie_len ) );
         return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
-    /* Dummy, fixed string for now */
-    memset( cookie, 0x2a, cookie_len );
+    /* Do a HMAC of client id */
+    ret = md_init_ctx( &hmac_ctx, md_info_from_type( HVR_MD ) );
+    if( ret != 0 )
+    {
+        SSL_DEBUG_RET( 0, "md_init_ctx", ret );
+        return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
+    }
+
+    /* Only possible error is if hmac_ctx wasn't initialized */
+    (void) md_hmac_starts( &hmac_ctx, hmac_key, sizeof( hmac_key ) );
+    (void) md_hmac_update( &hmac_ctx, ssl->cli_id, ssl->cli_id_len );
+    (void) md_hmac_finish( &hmac_ctx, hmac_out );
+
+    memcpy( cookie, hmac_out, HVR_MD_USE );
+
+    md_free( &hmac_ctx );
 
     ssl->handshake->verify_cookie = cookie;
     ssl->handshake->verify_cookie_len = cookie_len;