commit 2d3d1ebda05aa8324d9d24fbf41fb2466a83eac1 Author: David Fifield david@bamsoftware.com Date: Tue Nov 26 23:31:37 2013 -0800

Make compute{Server,Client}Hash take authCookie directly. --- pt.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pt.go b/pt.go index 1bbd911..2caac33 100644 --- a/pt.go +++ b/pt.go @@ -472,8 +472,8 @@ func ServerSetup(methodNames []string) (ServerInfo, error) { }

// See 217-ext-orport-auth.txt section 4.2.1.3. -func computeServerHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte { - h := hmac.New(sha256.New, info.AuthCookie) +func computeServerHash(authCookie, clientNonce, serverNonce []byte) []byte { + h := hmac.New(sha256.New, authCookie) io.WriteString(h, "ExtORPort authentication server-to-client hash") h.Write(clientNonce) h.Write(serverNonce) @@ -481,8 +481,8 @@ func computeServerHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte }

// See 217-ext-orport-auth.txt section 4.2.1.3. -func computeClientHash(info *ServerInfo, clientNonce, serverNonce []byte) []byte { - h := hmac.New(sha256.New, info.AuthCookie) +func computeClientHash(authCookie, clientNonce, serverNonce []byte) []byte { + h := hmac.New(sha256.New, authCookie) io.WriteString(h, "ExtORPort authentication client-to-server hash") h.Write(clientNonce) h.Write(serverNonce) @@ -541,12 +541,12 @@ func extOrPortAuthenticate(s io.ReadWriter, info *ServerInfo) error { return err }

- expectedServerHash := computeServerHash(info, clientNonce, serverNonce) + expectedServerHash := computeServerHash(info.AuthCookie, clientNonce, serverNonce) if subtle.ConstantTimeCompare(serverHash, expectedServerHash) != 1 { return errors.New(fmt.Sprintf("mismatch in server hash")) }

- clientHash = computeClientHash(info, clientNonce, serverNonce) + clientHash = computeClientHash(info.AuthCookie, clientNonce, serverNonce) _, err = s.Write(clientHash) if err != nil { return err