diff options
author | Yawning Angel <yawning@schwanenlied.me> | 2014-05-16 03:56:08 +0000 |
---|---|---|
committer | Yawning Angel <yawning@schwanenlied.me> | 2014-05-16 03:56:08 +0000 |
commit | 08439afd13ec47e20a2ea61763cfd6961a89b71d (patch) | |
tree | 2b7eef49a82b26c0645c66e75a678de8b0edfaae /handshake_ntor.go | |
parent | 8a431a64cb6eb05addc8d0373ebf7f4e5bc683e7 (diff) |
Treat the PrngSeed frame as part of the handshake.
Clients will now always add 87 bytes of padding to the clientRequest,
and Servers will always send the PRNG seed frame unpadded, and bundled
with the serverResponse.
Why 87 bytes? The amount of data that the server sends is 87.
This fixes #5.
Diffstat (limited to 'handshake_ntor.go')
-rw-r--r-- | handshake_ntor.go | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/handshake_ntor.go b/handshake_ntor.go index 80a9698..b8fd222 100644 --- a/handshake_ntor.go +++ b/handshake_ntor.go @@ -44,19 +44,23 @@ import ( ) const ( - clientMinPadLength = serverMinHandshakeLength - clientMinHandshakeLength + clientMinPadLength = (serverMinHandshakeLength + inlineSeedFrameLength) - + clientMinHandshakeLength clientMaxPadLength = framing.MaximumSegmentLength - clientMinHandshakeLength clientMinHandshakeLength = ntor.RepresentativeLength + markLength + macLength clientMaxHandshakeLength = framing.MaximumSegmentLength - serverMinPadLength = 0 - serverMaxPadLength = framing.MaximumSegmentLength - serverMinHandshakeLength + serverMinPadLength = 0 + serverMaxPadLength = framing.MaximumSegmentLength - (serverMinHandshakeLength + + inlineSeedFrameLength) serverMinHandshakeLength = ntor.RepresentativeLength + ntor.AuthLength + markLength + macLength serverMaxHandshakeLength = framing.MaximumSegmentLength markLength = sha256.Size / 2 macLength = sha256.Size / 2 + + inlineSeedFrameLength = framing.FrameOverhead + packetOverhead + seedPacketPayloadLength ) var ErrMarkNotFoundYet = errors.New("handshake: M_[C,S] not found yet") @@ -121,7 +125,7 @@ func (hs *clientHandshake) generateHandshake() ([]byte, error) { // The client handshake is X | P_C | M_C | MAC(X | P_C | M_C | E) where: // * X is the client's ephemeral Curve25519 public key representative. - // * P_C is [0,clientMaxPadLength] bytes of random padding. + // * P_C is [clientMinPadLength,clientMaxPadLength] bytes of random padding. // * M_C is HMAC-SHA256-128(serverIdentity | NodeID, X) // * MAC is HMAC-SHA256-128(serverIdentity | NodeID, X .... E) // * E is the string representation of the number of hours since the UNIX @@ -314,7 +318,7 @@ func (hs *serverHandshake) generateHandshake() ([]byte, error) { // The server handshake is Y | AUTH | P_S | M_S | MAC(Y | AUTH | P_S | M_S | E) where: // * Y is the server's ephemeral Curve25519 public key representative. // * AUTH is the ntor handshake AUTH value. - // * P_S is [0,serverMaxPadLength] bytes of random padding. + // * P_S is [serverMinPadLength,serverMaxPadLength] bytes of random padding. // * M_S is HMAC-SHA256-128(serverIdentity | NodeID, Y) // * MAC is HMAC-SHA256-128(serverIdentity | NodeID, Y .... E) // * E is the string representation of the number of hours since the UNIX |