Close connections that fail to authenticate after a while.

Like ScrambleSuit, a random interval between 1x and 5x of additional
data from the peer is read and immediately discarded before closing.

Additionally, obfs4 will close off invalid connections anywhere between
0 and 60 seconds after it determines that the incoming connection will
never complete the handshake successfully.

3 files changed, 82 insertions, 15 deletions

diff --git a/handshake_ntor.go b/handshake_ntor.go
index 44680aa..ea9de71 100644
--- a/handshake_ntor.go
+++ b/handshake_ntor.go
@@ -36,7 +36,6 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"math/big"
 	"strconv"
 	"time"
 
@@ -365,16 +364,11 @@ func findMark(mark, buf []byte, startPos, maxPos int) int {
 }
 
 func makePad(min, max int64) ([]byte, error) {
-	if max < min {
-		panic(fmt.Sprintf("makePad: min > max (%d, %d)", min, max))
-	}
-
-	padRange := int64((max + 1) - min)
-	padLen, err := rand.Int(rand.Reader, big.NewInt(padRange))
+	padLen, err := randRange(min, max)
 	if err != nil {
 		return nil, err
 	}
-	pad := make([]byte, padLen.Int64()+min)
+	pad := make([]byte, padLen)
 	_, err = rand.Read(pad)
 	if err != nil {
 		return nil, err
diff --git a/obfs4.go b/obfs4.go
index 31575db..0bcd82c 100644
--- a/obfs4.go
+++ b/obfs4.go
@@ -40,6 +40,11 @@ import (
 
 const (
 	defaultReadSize = framing.MaximumSegmentLength
+
+	minCloseThreshold = framing.MaximumSegmentLength
+	maxCloseThreshold = framing.MaximumSegmentLength * 5
+	minCloseInterval  = 0
+	maxCloseInterval  = 60
 )
 
 // Obfs4Conn is the implementation of the net.Conn interface for obfs4
@@ -53,7 +58,7 @@ type Obfs4Conn struct {
 	receiveBuffer        bytes.Buffer
 	receiveDecodedBuffer bytes.Buffer
 
-	isOk bool
+	isOk     bool
 	isServer bool
 
 	// Server side state.
@@ -61,12 +66,32 @@ type Obfs4Conn struct {
 }
 
 func (c *Obfs4Conn) closeAfterDelay() {
-	// I-it's not like I w-wanna handshake with or anything.  B-b-baka!
+	// I-it's not like I w-wanna handshake with you or anything.  B-b-baka!
+	defer c.conn.Close()
+
+	delaySecs, err := randRange(minCloseInterval, maxCloseInterval)
+	if err != nil {
+		return
+	}
+	toDiscard, err := randRange(minCloseThreshold, maxCloseThreshold)
+	if err != nil {
+		return
+	}
 
-	// XXX: Consume and immediately discard data of the network for a random
-	// period of time.
+	delay := time.Duration(delaySecs) * time.Second
+	err = c.conn.SetReadDeadline(time.Now().Add(delay))
 
-	c.conn.Close();
+	// Consume and discard data on this connection until either the specified
+	// interval passes or a certain size has been reached.
+	discarded := 0
+	buf := make([]byte, defaultReadSize)
+	for discarded < int(toDiscard) {
+		n, err := c.conn.Read(buf)
+		if err != nil {
+			return
+		}
+		discarded += n
+	}
 }
 
 func (c *Obfs4Conn) clientHandshake(nodeID *ntor.NodeID, publicKey *ntor.PublicKey) error {
@@ -175,7 +200,7 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair)
 func (c *Obfs4Conn) ServerHandshake() error {
 	// Handshakes when already established are a no-op.
 	if c.isOk {
-		return nil;
+		return nil
 	}
 
 	// Clients handshake as part of Dial.
@@ -291,7 +316,7 @@ func (c *Obfs4Conn) Close() error {
 		return syscall.EINVAL
 	}
 
-	c.isOk = false;
+	c.isOk = false
 
 	return c.conn.Close()
 }
diff --git a/utils.go b/utils.go
new file mode 100644
index 0000000..ae7bc41
--- /dev/null
+++ b/utils.go
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ *  * Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package obfs4
+
+import (
+	"crypto/rand"
+	"fmt"
+	"math/big"
+)
+
+func randRange(min, max int64) (int64, error) {
+	if max < min {
+		panic(fmt.Sprintf("randRange: min > max (%d, %d)", min, max))
+	}
+
+	r := (max + 1) - min
+	ret, err := rand.Int(rand.Reader, big.NewInt(r))
+	if err != nil {
+		return 0, err
+	}
+
+	return ret.Int64() + min, nil
+}