From 5bdc376e2abaf5ac87816b763f5b26e314ee9536 Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Mon, 2 Jun 2014 17:50:01 +0000 Subject: Change how the length obfsucation mask is derived. Instead of using the nonce for the secret box, just use SipHash-2-4 in OFB mode instead. The IV is generated as part of the KDF. This simplifies the code a decent amount and also is better on the off chance that SipHash-2-4 does not avalanche as well as it is currently assumed. While here, also decouple the fact that *this implementation* of obfs4 uses a PRNG with 24 bytes of internal state for protocol polymorphism instead of 32 bytes (that the spec requires). THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY. --- obfs4proxy/obfs4proxy.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'obfs4proxy/obfs4proxy.go') diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go index b8a3f00..46e562e 100644 --- a/obfs4proxy/obfs4proxy.go +++ b/obfs4proxy/obfs4proxy.go @@ -46,6 +46,7 @@ package main import ( + "encoding/base64" "encoding/hex" "flag" "fmt" @@ -62,7 +63,7 @@ import ( "git.torproject.org/pluggable-transports/goptlib.git" "github.com/yawning/obfs4" - "github.com/yawning/obfs4/drbg" + "github.com/yawning/obfs4/csrand" "github.com/yawning/obfs4/ntor" ) @@ -390,15 +391,17 @@ func generateServerParams(id string) { return } - seed, err := drbg.NewSeed() + seed := make([]byte, obfs4.SeedLength) + err = csrand.Bytes(seed) if err != nil { fmt.Println("Failed to generate DRBG seed:", err) return } + seedBase64 := base64.StdEncoding.EncodeToString(seed) fmt.Println("Generated private-key:", keypair.Private().Base64()) fmt.Println("Generated public-key:", keypair.Public().Base64()) - fmt.Println("Generated drbg-seed:", seed.Base64()) + fmt.Println("Generated drbg-seed:", seedBase64) fmt.Println() fmt.Println("Client config: ") fmt.Printf(" Bridge obfs4 %s node-id=%s public-key=%s\n", @@ -406,7 +409,7 @@ func generateServerParams(id string) { fmt.Println() fmt.Println("Server config:") fmt.Printf(" ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n", - parsedID.Base64(), keypair.Private().Base64(), seed.Base64()) + parsedID.Base64(), keypair.Private().Base64(), seedBase64) } func main() { -- cgit v1.2.3