[tor-bugs] #17315 [Pluggable transport]: explain replay prevention in obfs4 spec
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 11 01:23:13 UTC 2015
#17315: explain replay prevention in obfs4 spec
-------------------------------------+-----------------
Reporter: arma | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: | Sponsor:
-------------------------------------+-----------------
Comment (by yawning):
I wasn't going to specify how it was implemented...
{{{
if hmac.Equal(macCmp, macRx) {
// Ensure that this handshake has not been seen
previously.
if filter.TestAndSet(time.Now(), macRx) {
// The client either happened to generate
exactly the same
// session key and padding, or someone is
replaying a previous
// handshake. In either case, fuck them.
return nil, ErrReplayedHandshake
}
macFound = true
hs.epochHour = epochHour
// We could break out here, but in the name of
reducing timing
// variation, evaluate all 3 MACs.
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17315#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list