[tor-commits] [obfsproxy/master] Improve obfs2 doc/protocol-spec.txt.

nickm at torproject.org nickm at torproject.org
Mon Dec 19 17:18:36 UTC 2011 

commit f439d980caef07a834771fde90a726dcf156e31d
Author: George Kadianakis <desnacked at gmail.com>
Date:   Mon Dec 19 13:42:03 2011 +0100

    Improve obfs2 doc/protocol-spec.txt.
    
    * Change E_K(s) notation to E(K,s) to improve readability.
    * Mention that the connection should be closed immediately in the case
      of wrong plength/magic (#3291).
    * Mention that the shared secret is hashed before using it in MAC().
---
 doc/protocol-spec.txt |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/doc/protocol-spec.txt b/doc/protocol-spec.txt
index c11f653..4035b23 100644
--- a/doc/protocol-spec.txt
+++ b/doc/protocol-spec.txt
@@ -1,4 +1,4 @@
-The Twobfuscator
+        obfs2 (The Twobfuscator)
 
 0. Protocol overview
 
@@ -17,9 +17,9 @@ The Twobfuscator
 1. Primitives, notation, and constants.
 
     H(x) is SHA256 of x.
-    H^n(x) is H(x) called iteratively n times. 
+    H^n(x) is H(x) called iteratively n times.
 
-    E_K(s) is the AES-CTR-128 encryption of s using K as key.
+    E(K,s) is the AES-CTR-128 encryption of s using K as key.
 
     x | y is the concatenation of x and y.
     UINT32(n) is the 4 byte value of n in big-endian (network) order.
@@ -34,8 +34,8 @@ The Twobfuscator
     MAX_PADDING      is  8192
     HASH_ITERATIONS  is  100000
 
-    KEYLEN is the length of the key used by E_K(s) -- that is, 16.
-    IVLEN is the length of the IV used by E_K(s) -- that is, 16
+    KEYLEN is the length of the key used by E(K,s) -- that is, 16.
+    IVLEN is the length of the IV used by E(K,s) -- that is, 16.
 
     HASHLEN is the length of the output of H() -- that is, 32.
 
@@ -64,18 +64,17 @@ The Twobfuscator
 
    The initiator then sends:
 
-    SEED | INIT_PAD_KEY( UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN) )
+    INIT_SEED | E(INIT_PAD_KEY, UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN))
 
    and the responder replies with:
 
-    SEED | RESP_PAD_KEY( UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN) )
+    RESP_SEED | E(RESP_PAD_KEY, UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN))
 
    Upon receiving the SEED from the other party, each party derives
    the other party's padding key value as above, and decrypts the next
    8 bytes of the key establishment message.  If the MAGIC_VALUE does
    not match, or the PADLEN value is greater than MAX_PADDING, the
-   party receiving it should wait for a random amount of time (with
-   maximum wait time being 4 seconds) then close the connection.
+   party receiving it should close the connection immediately.
    Otherwise, it should read the remaining PADLEN bytes of padding data
    and discard them.
 
@@ -99,6 +98,6 @@ The Twobfuscator
    Optionally, if the client and server share a secret value SECRET,
    they can replace the MAC function with:
 
-      MAC(s,x) = H^n(s | x | SECRET | s)
+      MAC(s,x) = H^n(s | x | H(SECRET) | s)
 
    where n = HASH_ITERATIONS.

More information about the tor-commits mailing list