]>
git.ipfire.org Git - people/ms/strongswan.git/blob - programs/pluto/cookie.c
1 /* cookie generation/verification routines.
2 * Copyright (C) 1997 Angelos D. Keromytis.
3 * Copyright (C) 1998-2002 D. Hugh Redelmeier.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: cookie.c,v 1.2 2005/08/17 16:38:20 as Exp $
20 #include <sys/types.h>
21 #include <sys/socket.h>
22 #include <netinet/in.h>
26 #include "constants.h"
32 const u_char zero_cookie
[COOKIE_SIZE
]; /* guaranteed 0 */
35 * First argument is true if we're to create an Initiator cookie.
36 * Length SHOULD be a multiple of sizeof(u_int32_t).
39 get_cookie(bool initiator
, u_int8_t
*cookie
, int length
, const ip_address
*addr
)
41 u_char buffer
[SHA1_DIGEST_SIZE
];
47 get_rnd_bytes(cookie
, length
);
49 else /* Responder cookie */
51 /* This looks as good as any way */
53 static u_int32_t counter
= 0;
54 unsigned char addr_buff
[
55 sizeof(union {struct in_addr A
; struct in6_addr B
;})];
57 addr_length
= addrbytesof(addr
, addr_buff
, sizeof(addr_buff
));
59 SHA1Update(&ctx
, addr_buff
, addr_length
);
60 SHA1Update(&ctx
, secret_of_the_day
, sizeof(secret_of_the_day
));
62 SHA1Update(&ctx
, (const void *) &counter
, sizeof(counter
));
63 SHA1Final(buffer
, &ctx
);
64 memcpy(cookie
, buffer
, length
);
66 } while (is_zero_cookie(cookie
)); /* probably never loops */