Add replay detection to handshakes.

This is done by maintaining a map keyed off the SipHash-2-4 digest of
the MAC_C component of the handshake.  Collisions, while possible are
unlikely in the extreme and are thus treated as replays.

In concept this is fairly similar to the ScrambleSuit `replay.py` code,
with a few modifications:

 * There is a upper bound on how large the replay filter can grow.
   Currently this is set to 102400 entries, though it is unlikely that
   this limit will be hit.

 * A doubly linked list is also maintained parallel to the map, so the
   filter compaction process does not need to iterate over the entire
   filter.

1 files changed, 2 insertions, 1 deletions

diff --git a/handshake_ntor_test.go b/handshake_ntor_test.go
index 41780e9..73b43bf 100644
--- a/handshake_ntor_test.go
+++ b/handshake_ntor_test.go
@@ -45,6 +45,7 @@ func TestHandshakeNtor(t *testing.T) {
 		t.Fatal("newClientHandshake failed:", err)
 	}
 	serverHs := newServerHandshake(nodeID, idKeypair)
+	serverFilter, _ := newReplayFilter()
 
 	// Generate what the client will send to the server.
 	cToS, err := clientHs.generateHandshake()
@@ -53,7 +54,7 @@ func TestHandshakeNtor(t *testing.T) {
 	}
 
 	// Parse the client handshake message.
-	serverSeed, err := serverHs.parseClientHandshake(cToS)
+	serverSeed, err := serverHs.parseClientHandshake(serverFilter, cToS)
 	if err != nil {
 		t.Fatal("serverHandshake.parseClientHandshake() failed", err)
 	}