From b19b6de31f160b70f5d38d78d16c539a3b07c6fa Mon Sep 17 00:00:00 2001 From: Yawning Angel Date: Sat, 7 Jun 2014 00:26:36 +0000 Subject: Allow randomly generating node-ids instead of requiring the fingerprint. To ease delopyment, "-genServerParams has changed". * "-genServerParams" is now a bool, and will by default generate a random node-id. * "-genServerParams -genServerParamsFP=" will convert the supplied bridge fingerprint to a node-id (the old behavior). Either way of deriving node-id is belived to be secure. * https://lists.torproject.org/pipermail/tor-dev/2014-May/006929.html * https://lists.torproject.org/pipermail/tor-dev/2014-June/006936.html The extra parameter was added because golang's flags library doesn't support distinguishing between "set but used the default value" and "not set, so you go the default value". --- obfs4proxy/obfs4proxy.go | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) (limited to 'obfs4proxy') diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go index e19841e..b456c30 100644 --- a/obfs4proxy/obfs4proxy.go +++ b/obfs4proxy/obfs4proxy.go @@ -31,7 +31,7 @@ // // Client usage (in torrc): // UseBridges 1 -// Bridge obfs4 X.X.X.X:YYYY public-key= node-id= +// Bridge obfs4 X.X.X.X:YYYY public-key= node-id= // ClientTransportPlugin obfs4 exec obfs4proxy // // Server usage (in torrc): @@ -39,7 +39,7 @@ // ORPort 9001 // ExtORPort 6669 // ServerTransportPlugin obfs4 exec obfs4proxy -// ServerTransportOptions obfs4 private-key= node-id= drbg-seed= +// ServerTransportOptions obfs4 private-key= node-id= drbg-seed= // // Because the pluggable transport requires arguments, obfs4proxy requires // tor-0.2.5.x to be useful. @@ -357,12 +357,24 @@ func ptInitializeLogging(enable bool) error { } func generateServerParams(id string) { - rawID, err := hex.DecodeString(id) - if err != nil { - fmt.Println("Failed to hex decode id:", err) - return - } + idIsFP := id != "" + var rawID []byte + if idIsFP { + var err error + rawID, err = hex.DecodeString(id) + if err != nil { + fmt.Println("Failed to hex decode id:", err) + return + } + } else { + rawID = make([]byte, ntor.NodeIDLength) + err := csrand.Bytes(rawID) + if err != nil { + fmt.Println("Failed to generate random node-id:", err) + return + } + } parsedID, err := ntor.NewNodeID(rawID) if err != nil { fmt.Println("Failed to parse id:", err) @@ -390,8 +402,13 @@ func generateServerParams(id string) { fmt.Println("Generated drbg-seed:", seedBase64) fmt.Println() fmt.Println("Client config: ") - fmt.Printf(" Bridge obfs4 %s node-id=%s public-key=%s\n", - id, parsedID.Base64(), keypair.Public().Base64()) + if idIsFP { + fmt.Printf(" Bridge obfs4 %s node-id=%s public-key=%s\n", + id, parsedID.Base64(), keypair.Public().Base64()) + } else { + fmt.Printf(" Bridge obfs4 node-id=%s public-key=%s\n", + parsedID.Base64(), keypair.Public().Base64()) + } fmt.Println() fmt.Println("Server config:") fmt.Printf(" ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n", @@ -400,13 +417,14 @@ func generateServerParams(id string) { func main() { // Some command line args. - genParams := flag.String("genServerParams", "", "Generate server params given a bridge fingerprint.") + genParams := flag.Bool("genServerParams", false, "Generate Bridge operator torrc parameters") + genParamsFP := flag.String("genServerParamsFP", "", "Optional bridge fingerprint for genServerParams") flag.BoolVar(&enableLogging, "enableLogging", false, "Log to TOR_PT_STATE_LOCATION/obfs4proxy.log") flag.BoolVar(&iatObfuscation, "iatObfuscation", false, "Enable IAT obufscation (EXPENSIVE)") flag.BoolVar(&unsafeLogging, "unsafeLogging", false, "Disable the address scrubber") flag.Parse() - if *genParams != "" { - generateServerParams(*genParams) + if *genParams { + generateServerParams(*genParamsFP) return } -- cgit v1.2.3