[Pkg-privacy-commits] [obfs4proxy] 37/151: Change the length field obfscation.

[Ximin Luo]

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository obfs4proxy.

commit 1fee9678c68238f6e77d44020f8ee38c711d89bb
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Fri May 16 02:54:17 2014 +0000

    Change the length field obfscation.
    
    Instead of including the previous secretbox in the input when
    calculating the  SipHash-2-4 digest used to generate the obfuscation
    mask, use only the nonce.  This is significantly faster, and if someone
    breaks obfs4 by exploiting the low amount of input entropy between each
    invocation (a counter incrementing by 1), I hope they publish the
    attack on the PRF.
    
    This breaks wire protocol compatibility.
---
 framing/framing.go | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/framing/framing.go b/framing/framing.go
index c57189d..5518b9f 100644
--- a/framing/framing.go
+++ b/framing/framing.go
@@ -29,21 +29,20 @@
 // Package framing implements the obfs4 link framing and cryptography.
 //
 // The Encoder/Decoder shared secret format is:
-//    uint8_t[32] NaCl SecretBox key
-//    uint8_t[24] NaCl Nonce prefix
+//    uint8_t[32] NaCl secretbox key
+//    uint8_t[16] NaCl Nonce prefix
 //    uint8_t[16] SipHash-2-4 key (used to obfsucate length)
 //
 // The frame format is:
 //   uint16_t length (obfsucated, big endian)
-//   NaCl SecretBox (Poly1305/XSalsa20) containing:
-//     uint8_t[16] tag (Part of the SecretBox construct)
+//   NaCl secretbox (Poly1305/XSalsa20) containing:
+//     uint8_t[16] tag (Part of the secretbox construct)
 //     uint8_t[]   payload
 //
-// The length field is length of the NaCl SecretBox XORed with the truncated
-// SipHash-2-4 digest of the previous SecretBox concatenated with the nonce
-// used to seal the current SecretBox.
+// The length field is length of the NaCl secretbox XORed with the truncated
+// SipHash-2-4 digest of the nonce used to seal/unseal the current secretbox.
 //
-// The NaCl SecretBox (Poly1305/XSalsa20) nonce format is:
+// The NaCl secretbox (Poly1305/XSalsa20) nonce format is:
 //     uint8_t[24] prefix (Fixed)
 //     uint64_t    counter (Big endian)
 //
@@ -101,7 +100,7 @@ var ErrAgain = errors.New("framing: More data needed to decode")
 // Error returned when Decoder.Decode() failes to authenticate a frame.
 var ErrTagMismatch = errors.New("framing: Poly1305 tag mismatch")
 
-// Error returned when the NaCl SecretBox nonce's counter wraps (FATAL).
+// Error returned when the NaCl secretbox nonce's counter wraps (FATAL).
 var ErrNonceCounterWrapped = errors.New("framing: Nonce counter wrapped")
 
 // InvalidPayloadLengthError is the error returned when Encoder.Encode()
@@ -203,9 +202,6 @@ func (encoder *Encoder) Encode(frame, payload []byte) (n int, err error) {
 	length ^= binary.BigEndian.Uint16(lengthMask)
 	binary.BigEndian.PutUint16(frame[:2], length)
 
-	// Prepare the next obfsucator.
-	encoder.sip.Write(box[lengthLength:])
-
 	// Return the frame.
 	return len(box), nil
 }
@@ -293,7 +289,6 @@ func (decoder *Decoder) Decode(data []byte, frames *bytes.Buffer) (int, error) {
 	if !ok {
 		return 0, ErrTagMismatch
 	}
-	decoder.sip.Write(box[:n])
 
 	// Clean up and prepare for the next frame.
 	decoder.nextLength = 0

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfs4proxy.git