[tor-commits] [obfsproxy/master] Make the server simply echo the client's epoch.

asn at torproject.org asn at torproject.org
Tue Jul 15 12:23:07 UTC 2014 

commit 37fb7903588171ce7b73b7eb973590aff2a76736
Author: Philipp Winter <phw at torproject.org>
Date:   Tue Mar 4 20:34:16 2014 +0100

    Make the server simply echo the client's epoch.
    
    That's only relevant for UniformDH.
---
 obfsproxy/transports/scramblesuit/uniformdh.py |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/obfsproxy/transports/scramblesuit/uniformdh.py b/obfsproxy/transports/scramblesuit/uniformdh.py
index b070b10..1b59575 100644
--- a/obfsproxy/transports/scramblesuit/uniformdh.py
+++ b/obfsproxy/transports/scramblesuit/uniformdh.py
@@ -46,6 +46,9 @@ class UniformDH( object ):
         # Uniform Diffie-Hellman object (implemented in obfs3_dh.py).
         self.udh = None
 
+        # Used by the server so it can simply echo the client's epoch.
+        self.echoEpoch = None
+
     def getRemotePublicKey( self ):
         """
         Return the cached remote UniformDH public key.
@@ -117,13 +120,15 @@ class UniformDH( object ):
         if not index:
             return False
 
+        self.echoEpoch = util.getEpoch()
+
         # Now that we know where the authenticating HMAC is: verify it.
         hmacStart = index + const.MARK_LENGTH
         existingHMAC = handshake[hmacStart:
                                  (hmacStart + const.HMAC_SHA256_128_LENGTH)]
         myHMAC = mycrypto.HMAC_SHA256_128(self.sharedSecret,
                                           handshake[0 : hmacStart] +
-                                          util.getEpoch())
+                                          self.echoEpoch)
 
         if not util.isValidHMAC(myHMAC, existingHMAC, self.sharedSecret):
             log.warning("The HMAC is invalid: `%s' vs. `%s'." %
@@ -174,10 +179,15 @@ class UniformDH( object ):
         # Add a mark which enables efficient location of the HMAC.
         mark = mycrypto.HMAC_SHA256_128(self.sharedSecret, publicKey)
 
+        if self.echoEpoch is None:
+            epoch = util.getEpoch()
+        else:
+            epoch = self.echoEpoch
+            log.debug("Echoing epoch rather than recreating it.")
+
         # Authenticate the handshake including the current approximate epoch.
         mac = mycrypto.HMAC_SHA256_128(self.sharedSecret,
-                                       publicKey + padding + mark +
-                                       util.getEpoch())
+                                       publicKey + padding + mark + epoch)
 
         return publicKey + padding + mark + mac

More information about the tor-commits mailing list