commit 62057625eaba2a555967b9615039d43dda071360 Author: Yawning Angel <yawning@schwanenlied.me> Date: Mon Jul 11 00:51:28 2016 +0000 Use the correct epoch hour when crafting the obfs4 server ntor response. It's supposed to use the one derived from the client's handshake (assuming the clock skew is within acceptable limits), but it was using the one based off the current system time. --- ChangeLog | 2 ++ transports/obfs4/handshake_ntor.go | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92390b4..09655b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ Changes in version 0.0.7 - UNRELEASED: - Support configuring the obfs4 IAT parameter as the sole ServerTransportOption on bridges, and correctly checkpoint the argument to the state file. + - Correctly use the derived epoch hour when generating the server obfs4 + ntor handshake response to be more tollerant of clock skew. Changes in version 0.0.6 - 2016-01-25: - Delay transport factory initialization till after logging has been diff --git a/transports/obfs4/handshake_ntor.go b/transports/obfs4/handshake_ntor.go index 57de460..ee1bca8 100644 --- a/transports/obfs4/handshake_ntor.go +++ b/transports/obfs4/handshake_ntor.go @@ -356,8 +356,7 @@ func (hs *serverHandshake) generateHandshake() ([]byte, error) { // Calculate and write the MAC. hs.mac.Reset() hs.mac.Write(buf.Bytes()) - hs.epochHour = []byte(strconv.FormatInt(getEpochHour(), 10)) - hs.mac.Write(hs.epochHour) + hs.mac.Write(hs.epochHour) // Set in hs.parseClientHandshake() buf.Write(hs.mac.Sum(nil)[:macLength]) return buf.Bytes(), nil