[tor-commits] [obfsproxy/master] Make the server simply echo the client's epoch.
asn at torproject.org
asn at torproject.org
Tue Jul 15 12:23:07 UTC 2014
commit 37fb7903588171ce7b73b7eb973590aff2a76736
Author: Philipp Winter <phw at torproject.org>
Date: Tue Mar 4 20:34:16 2014 +0100
Make the server simply echo the client's epoch.
That's only relevant for UniformDH.
---
obfsproxy/transports/scramblesuit/uniformdh.py | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/obfsproxy/transports/scramblesuit/uniformdh.py b/obfsproxy/transports/scramblesuit/uniformdh.py
index b070b10..1b59575 100644
--- a/obfsproxy/transports/scramblesuit/uniformdh.py
+++ b/obfsproxy/transports/scramblesuit/uniformdh.py
@@ -46,6 +46,9 @@ class UniformDH( object ):
# Uniform Diffie-Hellman object (implemented in obfs3_dh.py).
self.udh = None
+ # Used by the server so it can simply echo the client's epoch.
+ self.echoEpoch = None
+
def getRemotePublicKey( self ):
"""
Return the cached remote UniformDH public key.
@@ -117,13 +120,15 @@ class UniformDH( object ):
if not index:
return False
+ self.echoEpoch = util.getEpoch()
+
# Now that we know where the authenticating HMAC is: verify it.
hmacStart = index + const.MARK_LENGTH
existingHMAC = handshake[hmacStart:
(hmacStart + const.HMAC_SHA256_128_LENGTH)]
myHMAC = mycrypto.HMAC_SHA256_128(self.sharedSecret,
handshake[0 : hmacStart] +
- util.getEpoch())
+ self.echoEpoch)
if not util.isValidHMAC(myHMAC, existingHMAC, self.sharedSecret):
log.warning("The HMAC is invalid: `%s' vs. `%s'." %
@@ -174,10 +179,15 @@ class UniformDH( object ):
# Add a mark which enables efficient location of the HMAC.
mark = mycrypto.HMAC_SHA256_128(self.sharedSecret, publicKey)
+ if self.echoEpoch is None:
+ epoch = util.getEpoch()
+ else:
+ epoch = self.echoEpoch
+ log.debug("Echoing epoch rather than recreating it.")
+
# Authenticate the handshake including the current approximate epoch.
mac = mycrypto.HMAC_SHA256_128(self.sharedSecret,
- publicKey + padding + mark +
- util.getEpoch())
+ publicKey + padding + mark + epoch)
return publicKey + padding + mark + mac
More information about the tor-commits
mailing list