From 5bdc376e2abaf5ac87816b763f5b26e314ee9536 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Mon, 2 Jun 2014 17:50:01 +0000 Subject: Change how the length obfsucation mask is derived. Instead of using the nonce for the secret box, just use SipHash-2-4 in OFB mode instead. The IV is generated as part of the KDF. This simplifies the code a decent amount and also is better on the off chance that SipHash-2-4 does not avalanche as well as it is currently assumed. While here, also decouple the fact that *this implementation* of obfs4 uses a PRNG with 24 bytes of internal state for protocol polymorphism instead of 32 bytes (that the spec requires). THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY. --- obfs4.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'obfs4.go') diff --git a/obfs4.go b/obfs4.go index ec33fb4..247583b 100644 --- a/obfs4.go +++ b/obfs4.go @@ -34,6 +34,7 @@ package obfs4 import ( "bytes" "crypto/sha256" + "encoding/base64" "fmt" "io" "math/rand" @@ -47,6 +48,8 @@ import ( ) const ( + // SeedLength is the length of the obfs4 polymorphism seed. + SeedLength = 32 headerLength = framing.FrameOverhead + packetOverhead connectionTimeout = time.Duration(30) * time.Second @@ -299,7 +302,7 @@ func (c *Obfs4Conn) serverHandshake(nodeID *ntor.NodeID, keypair *ntor.Keypair) c.state = stateEstablished // Send the PRNG seed as the first packet. - err = c.producePacket(&frameBuf, packetTypePrngSeed, c.listener.seed.Bytes()[:], 0) + err = c.producePacket(&frameBuf, packetTypePrngSeed, c.listener.rawSeed, 0) if err != nil { return } @@ -611,6 +614,7 @@ type Obfs4Listener struct { keyPair *ntor.Keypair nodeID *ntor.NodeID + rawSeed []byte seed *drbg.Seed iatSeed *drbg.Seed iatObfuscation bool @@ -716,7 +720,11 @@ func ListenObfs4(network, laddr, nodeID, privateKey, seed string, iatObfuscation if err != nil { return nil, err } - l.seed, err = drbg.SeedFromBase64(seed) + l.rawSeed, err = base64.StdEncoding.DecodeString(seed) + if err != nil { + return nil, err + } + l.seed, err = drbg.SeedFromBytes(l.rawSeed) if err != nil { return nil, err } -- cgit v1.2.3