[tor-bugs] #11611 [Obfsproxy]: obfs2/obfs3 AES counter initialization is incorrect.

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 26 08:35:44 UTC 2014


#11611: obfs2/obfs3 AES counter initialization is incorrect.
-----------------------+---------------------
 Reporter:  yawning    |          Owner:  asn
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:
Component:  Obfsproxy  |        Version:
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
-----------------------+---------------------
 From `obfsproxy/common/aes.py`:
 {{{
         self.ctr = Counter.new(128, initial_value=long(iv.encode('hex'),
 16))
 }}}

 From the `Crypto.Util.Counter` docstring:
 {{{
 allow_wraparound : boolean
 If *True*, the counter will automatically restart from zero after
 reaching the maximum value (``2**nbits-1``).
 If *False* (default), the object will raise an *OverflowError*.
 }}}

 The docs on the pycrypto web page are incorrect
 (https://github.com/dlitz/pycrypto/commit/f73d0a11697e2be0a3a1819fdb91a5dadc4e6af8)
 and haven't been regenerated yet.

 The obfs2/3 protocols uses a initial value derived from the UniformDH
 handshake, `allow_wraparound=True` should be passed to the constructor
 here to avoid mysterious (though extremely unlikely) connection failures.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11611>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list