diff options
author | Yawning Angel <yawning@schwanenlied.me> | 2014-05-12 01:13:49 +0000 |
---|---|---|
committer | Yawning Angel <yawning@schwanenlied.me> | 2014-05-12 01:13:49 +0000 |
commit | 9b6b3f825b47a5912ce03f85ab49da95323a1d7d (patch) | |
tree | 1097785ec5af9f7f1bf07a1fe7bc065460dceb27 | |
parent | 06a95ff1e013d4b7694254613a48d423bff8126f (diff) |
Reject clients that do not authenticate quickly enough.
The current timeout value before the server fails the handshake is
15 s. This may need to be increased for clients over slow links.
-rw-r--r-- | obfs4.go | 29 |
1 files changed, 23 insertions, 6 deletions
@@ -39,7 +39,8 @@ import ( ) const ( - defaultReadSize = framing.MaximumSegmentLength + defaultReadSize = framing.MaximumSegmentLength + connectionTimeout = time.Duration(15) * time.Second minCloseThreshold = framing.MaximumSegmentLength maxCloseThreshold = framing.MaximumSegmentLength * 5 @@ -150,8 +151,10 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair) } hs := newServerHandshake(nodeID, keypair) - - // XXX: Set the request timer. + err := c.conn.SetReadDeadline(time.Now().Add(connectionTimeout)) + if err != nil { + return err + } // Consume the client handshake. hsBuf := make([]byte, clientMaxHandshakeLength) @@ -169,17 +172,25 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair) return err } c.receiveBuffer.Reset() + err = c.conn.SetReadDeadline(time.Time{}) + if err != nil { + return err + } // Use the derived key material to intialize the link crypto. okm := ntor.Kdf(seed, framing.KeyLength*2) c.encoder = framing.NewEncoder(okm[framing.KeyLength:]) c.decoder = framing.NewDecoder(okm[:framing.KeyLength]) - // XXX: Kill the request timer. - break } + // Ensure that writing the response completes quickly. + err = c.conn.SetWriteDeadline(time.Now().Add(connectionTimeout)) + if err != nil { + return err + } + // Generate/send the response. blob, err := hs.generateHandshake() if err != nil { @@ -190,7 +201,13 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair) return err } - // XXX: Generate/send the PRNG seed. + // TODO: Generate/send the PRNG seed. + + // Disarm the write timer. + err = c.conn.SetWriteDeadline(time.Time{}) + if err != nil { + return err + } c.isOk = true |