diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2014-06-02 17:50:01 +0000 |
|---|---|---|
| committer | Yawning Angel <yawning@schwanenlied.me> | 2014-06-02 17:50:01 +0000 |
| commit | 5bdc376e2abaf5ac87816b763f5b26e314ee9536 (patch) | |
| tree | 8746291873e187d7783116a2c9758bab23da5eb1 /obfs4proxy/obfs4proxy.go | |
| parent | 5cb3369e200c72aa23c3f86816cb854c35cc95cb (diff) | |
Change how the length obfsucation mask is derived.
Instead of using the nonce for the secret box, just use SipHash-2-4 in
OFB mode instead. The IV is generated as part of the KDF. This
simplifies the code a decent amount and also is better on the off
chance that SipHash-2-4 does not avalanche as well as it is currently
assumed.
While here, also decouple the fact that *this implementation* of obfs4
uses a PRNG with 24 bytes of internal state for protocol polymorphism
instead of 32 bytes (that the spec requires).
THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY.
Diffstat (limited to 'obfs4proxy/obfs4proxy.go')
| -rw-r--r-- | obfs4proxy/obfs4proxy.go | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go index b8a3f00..46e562e 100644 --- a/obfs4proxy/obfs4proxy.go +++ b/obfs4proxy/obfs4proxy.go @@ -46,6 +46,7 @@ package main import ( + "encoding/base64" "encoding/hex" "flag" "fmt" @@ -62,7 +63,7 @@ import ( "git.torproject.org/pluggable-transports/goptlib.git" "github.com/yawning/obfs4" - "github.com/yawning/obfs4/drbg" + "github.com/yawning/obfs4/csrand" "github.com/yawning/obfs4/ntor" ) @@ -390,15 +391,17 @@ func generateServerParams(id string) { return } - seed, err := drbg.NewSeed() + seed := make([]byte, obfs4.SeedLength) + err = csrand.Bytes(seed) if err != nil { fmt.Println("Failed to generate DRBG seed:", err) return } + seedBase64 := base64.StdEncoding.EncodeToString(seed) fmt.Println("Generated private-key:", keypair.Private().Base64()) fmt.Println("Generated public-key:", keypair.Public().Base64()) - fmt.Println("Generated drbg-seed:", seed.Base64()) + fmt.Println("Generated drbg-seed:", seedBase64) fmt.Println() fmt.Println("Client config: ") fmt.Printf(" Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n", @@ -406,7 +409,7 @@ func generateServerParams(id string) { fmt.Println() fmt.Println("Server config:") fmt.Printf(" ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n", - parsedID.Base64(), keypair.Private().Base64(), seed.Base64()) + parsedID.Base64(), keypair.Private().Base64(), seedBase64) } func main() { |