From e594aad2f87aab39e99fccf9e021bc94e0bbf7d4 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 24 Mar 2017 14:25:37 +0100
Subject: dtls: Implement DTLS cookie secret generation

---
 lib/ssl/src/dtls_v1.erl | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src/dtls_v1.erl')

diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index dd0d35d404..4aaf8baa6c 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -22,7 +22,10 @@
 -include("ssl_cipher.hrl").
 
 -export([suites/1, all_suites/1, mac_hash/7, ecc_curves/1, 
-         corresponding_tls_version/1, corresponding_dtls_version/1]).
+         corresponding_tls_version/1, corresponding_dtls_version/1,
+         cookie_secret/0, cookie_timeout/0]).
+
+-define(COOKIE_BASE_TIMEOUT, 30000).
 
 -spec suites(Minor:: 253|255) -> [ssl_cipher:cipher_suite()].
 
@@ -47,6 +50,13 @@ ecc_curves({_Major, Minor}) ->
 corresponding_tls_version({254, Minor}) ->
     {3, corresponding_minor_tls_version(Minor)}.
 
+cookie_secret() ->
+    crypto:strong_rand_bytes(32).
+
+cookie_timeout() ->
+    %% Cookie will live for two timeouts periods
+    round(rand:uniform() * ?COOKIE_BASE_TIMEOUT/2).
+    
 corresponding_minor_tls_version(255) ->
     2;
 corresponding_minor_tls_version(253) ->
-- 
cgit v1.2.3