From 36228437c43bf3fa67a4d5b8da8ddf123645e530 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Sun, 1 Jun 2014 05:22:07 +0000 Subject: Move the server keypair generation to right after Accept(). Instead of threading the code, move the keypair generation to right after Accept() is called. This should mask the timing differential due to the rejection sampling with the noise from the variablity in how long it takes for the server to get around to pulling a connection out of the backlog, and the time taken for the client to send it's portion of the handshake. The downside is that anyone connecting to the obfs4 port does force us to do a bunch of math, but the obfs4 math is relatively cheap compared to it's precursors. Fixes #9. --- handshake_ntor.go | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'handshake_ntor.go') diff --git a/handshake_ntor.go b/handshake_ntor.go index 92f00dc..46e2a13 100644 --- a/handshake_ntor.go +++ b/handshake_ntor.go @@ -121,7 +121,7 @@ type clientHandshake struct { serverMark []byte } -func newClientHandshake(nodeID *ntor.NodeID, serverIdentity *ntor.PublicKey, sessionKey *ntor.Keypair) (*clientHandshake, error) { +func newClientHandshake(nodeID *ntor.NodeID, serverIdentity *ntor.PublicKey, sessionKey *ntor.Keypair) *clientHandshake { hs := new(clientHandshake) hs.keypair = sessionKey hs.nodeID = nodeID @@ -129,7 +129,7 @@ func newClientHandshake(nodeID *ntor.NodeID, serverIdentity *ntor.PublicKey, ses hs.padLen = csrand.IntRange(clientMinPadLength, clientMaxPadLength) hs.mac = hmac.New(sha256.New, append(hs.serverIdentity.Bytes()[:], hs.nodeID.Bytes()[:]...)) - return hs, nil + return hs } func (hs *clientHandshake) generateHandshake() ([]byte, error) { @@ -236,8 +236,9 @@ type serverHandshake struct { clientMark []byte } -func newServerHandshake(nodeID *ntor.NodeID, serverIdentity *ntor.Keypair) *serverHandshake { +func newServerHandshake(nodeID *ntor.NodeID, serverIdentity *ntor.Keypair, sessionKey *ntor.Keypair) *serverHandshake { hs := new(serverHandshake) + hs.keypair = sessionKey hs.nodeID = nodeID hs.serverIdentity = serverIdentity hs.padLen = csrand.IntRange(serverMinPadLength, serverMaxPadLength) @@ -312,14 +313,6 @@ func (hs *serverHandshake) parseClientHandshake(filter *replayFilter, resp []byt return nil, ErrInvalidHandshake } - // At this point the client knows that we exist, so do the keypair - // generation and complete our side of the handshake. - var err error - hs.keypair, err = ntor.NewKeypair(true) - if err != nil { - return nil, err - } - clientPublic := hs.clientRepresentative.ToPublic() ok, seed, auth := ntor.ServerHandshake(clientPublic, hs.keypair, hs.serverIdentity, hs.nodeID) -- cgit v1.2.3