[Pkg-privacy-commits] [obfs4proxy] 78/151: Allow randomly generating node-ids instead of requiring the fingerprint.

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:59:40 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository obfs4proxy.

commit b19b6de31f160b70f5d38d78d16c539a3b07c6fa
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Sat Jun 7 00:26:36 2014 +0000

    Allow randomly generating node-ids instead of requiring the fingerprint.
    
    To ease delopyment, "-genServerParams has changed".
    
     * "-genServerParams" is now a bool, and will by default generate a
       random node-id.
     * "-genServerParams -genServerParamsFP=<Base16 blob>" will convert the
       supplied bridge fingerprint to a node-id (the old behavior).
    
    Either way of deriving node-id is belived to be secure.
    
     * https://lists.torproject.org/pipermail/tor-dev/2014-May/006929.html
     * https://lists.torproject.org/pipermail/tor-dev/2014-June/006936.html
    
    The extra parameter was added because golang's flags library doesn't
    support distinguishing between "set but used the default value" and
    "not set, so you go the default value".
---
 obfs4proxy/obfs4proxy.go | 42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/obfs4proxy/obfs4proxy.go b/obfs4proxy/obfs4proxy.go
index e19841e..b456c30 100644
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -31,7 +31,7 @@
 //
 // Client usage (in torrc):
 //   UseBridges 1
-//   Bridge obfs4 X.X.X.X:YYYY <fingerprint> public-key=<Base64 Bridge public key> node-id=<Base64 Bridge Node ID>
+//   Bridge obfs4 X.X.X.X:YYYY <Fingerprint> public-key=<Base64 Bridge Public Key> node-id=<Base64 Bridge Node ID>
 //   ClientTransportPlugin obfs4 exec obfs4proxy
 //
 // Server usage (in torrc):
@@ -39,7 +39,7 @@
 //   ORPort 9001
 //   ExtORPort 6669
 //   ServerTransportPlugin obfs4 exec obfs4proxy
-//   ServerTransportOptions obfs4 private-key=<Base64 Bridge private key> node-id=<Base64 Node ID> drbg-seed=<Base64 DRBG seed>
+//   ServerTransportOptions obfs4 private-key=<Base64 Bridge Private Key> node-id=<Base64 Node ID> drbg-seed=<Base64 DRBG Seed>
 //
 // Because the pluggable transport requires arguments, obfs4proxy requires
 // tor-0.2.5.x to be useful.
@@ -357,12 +357,24 @@ func ptInitializeLogging(enable bool) error {
 }
 
 func generateServerParams(id string) {
-	rawID, err := hex.DecodeString(id)
-	if err != nil {
-		fmt.Println("Failed to hex decode id:", err)
-		return
-	}
+	idIsFP := id != ""
+	var rawID []byte
 
+	if idIsFP {
+		var err error
+		rawID, err = hex.DecodeString(id)
+		if err != nil {
+			fmt.Println("Failed to hex decode id:", err)
+			return
+		}
+	} else {
+		rawID = make([]byte, ntor.NodeIDLength)
+		err := csrand.Bytes(rawID)
+		if err != nil {
+			fmt.Println("Failed to generate random node-id:", err)
+			return
+		}
+	}
 	parsedID, err := ntor.NewNodeID(rawID)
 	if err != nil {
 		fmt.Println("Failed to parse id:", err)
@@ -390,8 +402,13 @@ func generateServerParams(id string) {
 	fmt.Println("Generated drbg-seed:", seedBase64)
 	fmt.Println()
 	fmt.Println("Client config: ")
-	fmt.Printf("  Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n",
-		id, parsedID.Base64(), keypair.Public().Base64())
+	if idIsFP {
+		fmt.Printf("  Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n",
+			id, parsedID.Base64(), keypair.Public().Base64())
+	} else {
+		fmt.Printf("  Bridge obfs4 <IP Address:Port> <Fingerprint> node-id=%s public-key=%s\n",
+			parsedID.Base64(), keypair.Public().Base64())
+	}
 	fmt.Println()
 	fmt.Println("Server config:")
 	fmt.Printf("  ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n",
@@ -400,13 +417,14 @@ func generateServerParams(id string) {
 
 func main() {
 	// Some command line args.
-	genParams := flag.String("genServerParams", "", "Generate server params given a bridge fingerprint.")
+	genParams := flag.Bool("genServerParams", false, "Generate Bridge operator torrc parameters")
+	genParamsFP := flag.String("genServerParamsFP", "", "Optional bridge fingerprint for genServerParams")
 	flag.BoolVar(&enableLogging, "enableLogging", false, "Log to TOR_PT_STATE_LOCATION/obfs4proxy.log")
 	flag.BoolVar(&iatObfuscation, "iatObfuscation", false, "Enable IAT obufscation (EXPENSIVE)")
 	flag.BoolVar(&unsafeLogging, "unsafeLogging", false, "Disable the address scrubber")
 	flag.Parse()
-	if *genParams != "" {
-		generateServerParams(*genParams)
+	if *genParams {
+		generateServerParams(*genParamsFP)
 		return
 	}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfs4proxy.git

More information about the Pkg-privacy-commits mailing list