dtls: Implement DTLS cookie secret generation

5 files changed, 47 insertions, 22 deletions

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index f607c86ae3..16e0df2101 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -263,9 +263,14 @@ init({call, From}, {start, Timeout},
     {Record, State} = next_record(State3),
     next_event(hello, Record, State, Actions);
 init({call, _} = Type, Event, #state{role = server, transport_cb = gen_udp} = State) ->
-    ssl_connection:init(Type, Event, 
-			State#state{flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT}},
-			?MODULE);
+    Result = ssl_connection:init(Type, Event, 
+                                 State#state{flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT},
+                                             protocol_specific = #{current_cookie_secret => dtls_v1:cookie_secret(), 
+                                                                   previous_cookie_secret => <<>>}},
+                                 ?MODULE),
+    erlang:send_after(dtls_v1:cookie_timeout(), self(), new_cookie_secret),
+    Result;
+                                     
 init({call, _} = Type, Event, #state{role = server} = State) ->
     %% I.E. DTLS over sctp
     ssl_connection:init(Type, Event, State#state{flight_state = reliable}, ?MODULE);
@@ -288,10 +293,10 @@ error(_, _, _) ->
 hello(internal, #client_hello{cookie = <<>>,
 			      client_version = Version} = Hello, #state{role = server,
 									transport_cb = Transport,
-									socket = Socket} = State0) ->
-    %% TODO: not hard code key
+									socket = Socket,
+                                                                        protocol_specific = #{current_cookie_secret := Secret}} = State0) ->
     {ok, {IP, Port}} = dtls_socket:peername(Transport, Socket),
-    Cookie = dtls_handshake:cookie(<<"secret">>, IP, Port, Hello),
+    Cookie = dtls_handshake:cookie(Secret, IP, Port, Hello),
     VerifyRequest = dtls_handshake:hello_verify_request(Cookie, Version),
     State1 = prepare_flight(State0#state{negotiated_version = Version}),
     {State2, Actions} = send_handshake(VerifyRequest, State1),
@@ -299,15 +304,21 @@ hello(internal, #client_hello{cookie = <<>>,
     next_event(hello, Record, State#state{tls_handshake_history = ssl_handshake:init_handshake_history()}, Actions);
 hello(internal, #client_hello{cookie = Cookie} = Hello, #state{role = server,
 							       transport_cb = Transport,
-							       socket = Socket} = State0) ->
+							       socket = Socket,
+                                                               protocol_specific = #{current_cookie_secret := Secret,
+                                                                                     previous_cookie_secret := PSecret}} = State0) ->
     {ok, {IP, Port}} = dtls_socket:peername(Transport, Socket),
-    %% TODO: not hard code key
-    case dtls_handshake:cookie(<<"secret">>, IP, Port, Hello) of
+    case dtls_handshake:cookie(Secret, IP, Port, Hello) of
 	Cookie ->
 	    handle_client_hello(Hello, State0);
 	_ ->
-	    %% Handle bad cookie as new cookie request RFC 6347 4.1.2
-	    hello(internal, Hello#client_hello{cookie = <<>>}, State0) 
+            case dtls_handshake:cookie(PSecret, IP, Port, Hello) of
+               	Cookie -> 
+                    handle_client_hello(Hello, State0);
+                _ ->
+                    %% Handle bad cookie as new cookie request RFC 6347 4.1.2
+                    hello(internal, Hello#client_hello{cookie = <<>>}, State0) 
+            end
     end;
 hello(internal, #hello_verify_request{cookie = Cookie}, #state{role = client,
 							       host = Host, port = Port, 
@@ -471,9 +482,14 @@ handle_info({CloseTag, Socket}, StateName,
     end,
     ssl_connection:handle_normal_shutdown(?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), StateName, State),
     {stop, {shutdown, transport_closed}};
+handle_info(new_cookie_secret, StateName, #state{protocol_specific = #{cookie_secret := Secret} = CookieInfo} = State) ->
+    erlang:send_after(dtls_v1:cookie_timeout(), self(), new_cookie_secret),
+    {next_state, StateName, State#state{protocol_specific = CookieInfo#{cookie_secret => dtls_v1:cookie_secret(),
+                                                                        previous_cookie_secret => Secret}}};
 handle_info(Msg, StateName, State) ->
     ssl_connection:handle_info(Msg, StateName, State).
 
+
 handle_call(Event, From, StateName, State) ->
     ssl_connection:handle_call(Event, From, StateName, State, ?MODULE).
 
diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
index 4c525fae1b..d3ba90a226 100644
--- a/lib/ssl/src/dtls_handshake.erl
+++ b/lib/ssl/src/dtls_handshake.erl
@@ -474,14 +474,12 @@ merge_fragments(#handshake_fragment{
       fragment = <<PreviousData/binary, Data/binary>>};
 %% already fully contained fragment
 merge_fragments(#handshake_fragment{
-                  fragment_offset = PreviousOffSet, 
-                  fragment_length = PreviousLen,
-                  fragment = PreviousData
-                 } = Previous, 
-               #handshake_fragment{
-                  fragment_offset = CurrentOffSet,
-                  fragment_length = CurrentLen,
-                  fragment = CurrentData})
+                   fragment_offset = PreviousOffSet, 
+                   fragment_length = PreviousLen
+                  } = Previous, 
+                #handshake_fragment{
+                   fragment_offset = CurrentOffSet,
+                   fragment_length = CurrentLen})
   when PreviousOffSet + PreviousLen >= CurrentOffSet andalso
        PreviousOffSet + PreviousLen >= CurrentOffSet + CurrentLen ->
     Previous;
diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index dd0d35d404..4aaf8baa6c 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -22,7 +22,10 @@
 -include("ssl_cipher.hrl").
 
 -export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
-         corresponding_tls_version/1, corresponding_dtls_version/1]).
+         corresponding_tls_version/1, corresponding_dtls_version/1,
+         cookie_secret/0, cookie_timeout/0]).
+
+-define(COOKIE_BASE_TIMEOUT, 30000).
 
 -spec suites(Minor:: 253|255) -> [ssl_cipher:cipher_suite()].
 
@@ -47,6 +50,13 @@ ecc_curves({_Major, Minor}) ->
 corresponding_tls_version({254, Minor}) ->
     {3, corresponding_minor_tls_version(Minor)}.
 
+cookie_secret() ->
+    crypto:strong_rand_bytes(32).
+
+cookie_timeout() ->
+    %% Cookie will live for two timeouts periods
+    round(rand:uniform() * ?COOKIE_BASE_TIMEOUT/2).
+    
 corresponding_minor_tls_version(255) ->
     2;
 corresponding_minor_tls_version(253) ->
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index b597c059af..368eaf6090 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -91,7 +91,8 @@
 				   %% underlaying packet format. Introduced by DTLS - RFC 4347.
 				   %% The mecahnism is also usefull in TLS although we do not
 				   %% need to worry about packet loss in TLS. In DTLS we need to track DTLS handshake seqnr
-	 flight_state = reliable  %% reliable | {retransmit, integer()}| {waiting, ref(), integer()} - last two is used in DTLS over udp.   
+	 flight_state = reliable,  %% reliable | {retransmit, integer()}| {waiting, ref(), integer()} - last two is used in DTLS over udp.   
+          protocol_specific = #{}      :: map()                    
 	 }).
 -define(DEFAULT_DIFFIE_HELLMAN_PARAMS,
 	#'DHParameter'{prime = ?DEFAULT_DIFFIE_HELLMAN_PRIME,
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index c10ec3a2d6..0fbaa82b6a 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -144,7 +144,7 @@
 	  honor_ecc_order            :: boolean(),
 	  v2_hello_compatible        :: boolean(),
           max_handshake_size         :: integer()
-	  }).
+         }).
 
 -record(socket_options,
 	{