From 5bdc376e2abaf5ac87816b763f5b26e314ee9536 Mon Sep 17 00:00:00 2001
From: Yawning Angel <yawning@schwanenlied.me>
Date: Mon, 2 Jun 2014 17:50:01 +0000
Subject: Change how the length obfsucation mask is derived.

Instead of using the nonce for the secret box, just use SipHash-2-4 in
OFB mode instead.  The IV is generated as part of the KDF.  This
simplifies the code a decent amount and also is better on the off
chance that SipHash-2-4 does not avalanche as well as it is currently
assumed.

While here, also decouple the fact that *this implementation* of obfs4
uses a PRNG with 24 bytes of internal state for protocol polymorphism
instead of 32 bytes (that the spec requires).

THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY.
---
 packet.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'packet.go')

diff --git a/packet.go b/packet.go
index 3910604..dee5921 100644
--- a/packet.go
+++ b/packet.go
@@ -42,7 +42,7 @@ const (
 	packetOverhead          = 2 + 1
 	maxPacketPayloadLength  = framing.MaximumFramePayloadLength - packetOverhead
 	maxPacketPaddingLength  = maxPacketPayloadLength
-	seedPacketPayloadLength = drbg.SeedLength
+	seedPacketPayloadLength = SeedLength
 
 	consumeReadSize = framing.MaximumSegmentLength * 16
 )
-- 
cgit v1.2.3