[tor-dev] obfsproxy buffering
David Stainton
dstainton415 at gmail.com
Mon Nov 18 03:33:12 UTC 2013
Hi,
I noticed that because the obfsproxy api can sometimes buffer and
resend smaller chunks of data. My simple use of Nacl stream_crypto to
wrap each incoming data buffers will not work... that is because the
client and server must keep synchronized nonce counters for the
decrypt/encrypt to work... and in this case the client may send one
large buffer and the server may receive many smaller buffers... trying
to decrypt them with different nonces will of course fail.
https://github.com/david415/obfsproxy/tree/david-nacl-stream-withoutkeyexchange
It seems like the solution is to write a super simple "framing
protocol"... which is to say that I can first send a frame length; and
on the receiving end simply read until frame length worth of data is
consumed... and then apply the crypto_stream cipher on that frame with
the correct corresponding nonce.
David
More information about the tor-dev
mailing list