| 1 | #include "cookie.h" |
| 2 | #include "str.h" |
| 3 | #include "uint32.h" |
| 4 | #include "surfpcs.h" |
| 5 | |
| 6 | void cookie(hash,key,keylen,date,addr,action) |
| 7 | char *hash; |
| 8 | char *key; |
| 9 | unsigned int keylen; |
| 10 | char *date; |
| 11 | char *addr; |
| 12 | char *action; |
| 13 | { |
| 14 | surfpcs s; |
| 15 | uint32 seed[32]; |
| 16 | unsigned char out[32]; |
| 17 | int i; |
| 18 | int j; |
| 19 | |
| 20 | /* |
| 21 | step 1: create seed from key. note that this doesn't have to be |
| 22 | cryptographic; it simply has to avoid destroying the user's entropy. |
| 23 | if speed turns out to be a problem, switch to a CRC. |
| 24 | */ |
| 25 | for (i = 0;i < 32;++i) seed[i] = 0; |
| 26 | for (j = 0;j < 4;++j) { |
| 27 | surfpcs_init(&s,seed); |
| 28 | surfpcs_add(&s,key,keylen); |
| 29 | surfpcs_out(&s,out); |
| 30 | for (i = 0;i < 32;++i) seed[i] = (seed[i] << 8) + out[i]; |
| 31 | } |
| 32 | |
| 33 | /* |
| 34 | step 2: apply SURF. |
| 35 | */ |
| 36 | surfpcs_init(&s,seed); |
| 37 | surfpcs_add(&s,date,str_len(date) + 1); |
| 38 | surfpcs_add(&s,addr,str_len(addr) + 1); |
| 39 | surfpcs_add(&s,action,1); |
| 40 | surfpcs_out(&s,out); |
| 41 | |
| 42 | /* |
| 43 | step 3: extract a readable cookie from the SURF output. |
| 44 | */ |
| 45 | for (i = 0;i < 20;++i) |
| 46 | hash[i] = 'a' + (out[i] & 15); |
| 47 | } |