func newJSONServerState(stateDir string, js *jsonServerState) (err error) { // Generate everything a server needs, using the cryptographic PRNG. var st obfs4ServerState rawID := make([]byte, ntor.NodeIDLength) if err = csrand.Bytes(rawID); err != nil { return } if st.nodeID, err = ntor.NewNodeID(rawID); err != nil { return } if st.identityKey, err = ntor.NewKeypair(false); err != nil { return } if st.drbgSeed, err = drbg.NewSeed(); err != nil { return } st.iatMode = iatNone // Encode it into JSON format and write the state file. js.NodeID = st.nodeID.Hex() js.PrivateKey = st.identityKey.Private().Hex() js.PublicKey = st.identityKey.Public().Hex() js.DrbgSeed = st.drbgSeed.Hex() js.IATMode = st.iatMode return writeJSONServerState(stateDir, js) }
func (cert *obfs4ServerCert) unpack() (*ntor.NodeID, *ntor.PublicKey) { if len(cert.raw) != certLength { panic(fmt.Sprintf("cert length %d is invalid", len(cert.raw))) } nodeID, _ := ntor.NewNodeID(cert.raw[:ntor.NodeIDLength]) pubKey, _ := ntor.NewPublicKey(cert.raw[ntor.NodeIDLength:]) return nodeID, pubKey }
func TestHandshakeNtorClient(t *testing.T) { // Generate the server node id and id keypair, and ephemeral session keys. nodeID, _ := ntor.NewNodeID([]byte("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13")) idKeypair, _ := ntor.NewKeypair(false) serverFilter, _ := replayfilter.New(replayTTL) clientKeypair, err := ntor.NewKeypair(true) if err != nil { t.Fatalf("client: ntor.NewKeypair failed: %s", err) } serverKeypair, err := ntor.NewKeypair(true) if err != nil { t.Fatalf("server: ntor.NewKeypair failed: %s", err) } // Test client handshake padding. for l := clientMinPadLength; l <= clientMaxPadLength; l++ { // Generate the client state and override the pad length. clientHs := newClientHandshake(nodeID, idKeypair.Public(), clientKeypair) clientHs.padLen = l // Generate what the client will send to the server. clientBlob, err := clientHs.generateHandshake() if err != nil { t.Fatalf("[%d:0] clientHandshake.generateHandshake() failed: %s", l, err) } if len(clientBlob) > maxHandshakeLength { t.Fatalf("[%d:0] Generated client body is oversized: %d", l, len(clientBlob)) } if len(clientBlob) < clientMinHandshakeLength { t.Fatalf("[%d:0] Generated client body is undersized: %d", l, len(clientBlob)) } if len(clientBlob) != clientMinHandshakeLength+l { t.Fatalf("[%d:0] Generated client body incorrect size: %d", l, len(clientBlob)) } // Generate the server state and override the pad length. serverHs := newServerHandshake(nodeID, idKeypair, serverKeypair) serverHs.padLen = serverMinPadLength // Parse the client handshake message. serverSeed, err := serverHs.parseClientHandshake(serverFilter, clientBlob) if err != nil { t.Fatalf("[%d:0] serverHandshake.parseClientHandshake() failed: %s", l, err) } // Genrate what the server will send to the client. serverBlob, err := serverHs.generateHandshake() if err != nil { t.Fatalf("[%d:0]: serverHandshake.generateHandshake() failed: %s", l, err) } // Parse the server handshake message. clientHs.serverRepresentative = nil n, clientSeed, err := clientHs.parseServerHandshake(serverBlob) if err != nil { t.Fatalf("[%d:0] clientHandshake.parseServerHandshake() failed: %s", l, err) } if n != len(serverBlob) { t.Fatalf("[%d:0] clientHandshake.parseServerHandshake() has bytes remaining: %d", l, n) } // Ensure the derived shared secret is the same. if 0 != bytes.Compare(clientSeed, serverSeed) { t.Fatalf("[%d:0] client/server seed mismatch", l) } } // Test oversized client padding. clientHs := newClientHandshake(nodeID, idKeypair.Public(), clientKeypair) if err != nil { t.Fatalf("newClientHandshake failed: %s", err) } clientHs.padLen = clientMaxPadLength + 1 clientBlob, err := clientHs.generateHandshake() if err != nil { t.Fatalf("clientHandshake.generateHandshake() (forced oversize) failed: %s", err) } serverHs := newServerHandshake(nodeID, idKeypair, serverKeypair) _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err == nil { t.Fatalf("serverHandshake.parseClientHandshake() succeded (oversized)") } // Test undersized client padding. clientHs.padLen = clientMinPadLength - 1 clientBlob, err = clientHs.generateHandshake() if err != nil { t.Fatalf("clientHandshake.generateHandshake() (forced undersize) failed: %s", err) } serverHs = newServerHandshake(nodeID, idKeypair, serverKeypair) _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err == nil { t.Fatalf("serverHandshake.parseClientHandshake() succeded (undersized)") } }
func TestHandshakeNtorServer(t *testing.T) { // Generate the server node id and id keypair, and ephemeral session keys. nodeID, _ := ntor.NewNodeID([]byte("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13")) idKeypair, _ := ntor.NewKeypair(false) serverFilter, _ := replayfilter.New(replayTTL) clientKeypair, err := ntor.NewKeypair(true) if err != nil { t.Fatalf("client: ntor.NewKeypair failed: %s", err) } serverKeypair, err := ntor.NewKeypair(true) if err != nil { t.Fatalf("server: ntor.NewKeypair failed: %s", err) } // Test server handshake padding. for l := serverMinPadLength; l <= serverMaxPadLength+inlineSeedFrameLength; l++ { // Generate the client state and override the pad length. clientHs := newClientHandshake(nodeID, idKeypair.Public(), clientKeypair) clientHs.padLen = clientMinPadLength // Generate what the client will send to the server. clientBlob, err := clientHs.generateHandshake() if err != nil { t.Fatalf("[%d:1] clientHandshake.generateHandshake() failed: %s", l, err) } if len(clientBlob) > maxHandshakeLength { t.Fatalf("[%d:1] Generated client body is oversized: %d", l, len(clientBlob)) } // Generate the server state and override the pad length. serverHs := newServerHandshake(nodeID, idKeypair, serverKeypair) serverHs.padLen = l // Parse the client handshake message. serverSeed, err := serverHs.parseClientHandshake(serverFilter, clientBlob) if err != nil { t.Fatalf("[%d:1] serverHandshake.parseClientHandshake() failed: %s", l, err) } // Genrate what the server will send to the client. serverBlob, err := serverHs.generateHandshake() if err != nil { t.Fatalf("[%d:1]: serverHandshake.generateHandshake() failed: %s", l, err) } // Parse the server handshake message. n, clientSeed, err := clientHs.parseServerHandshake(serverBlob) if err != nil { t.Fatalf("[%d:1] clientHandshake.parseServerHandshake() failed: %s", l, err) } if n != len(serverBlob) { t.Fatalf("[%d:1] clientHandshake.parseServerHandshake() has bytes remaining: %d", l, n) } // Ensure the derived shared secret is the same. if 0 != bytes.Compare(clientSeed, serverSeed) { t.Fatalf("[%d:1] client/server seed mismatch", l) } } // Test oversized client padding. clientHs := newClientHandshake(nodeID, idKeypair.Public(), clientKeypair) if err != nil { t.Fatalf("newClientHandshake failed: %s", err) } clientHs.padLen = clientMaxPadLength + 1 clientBlob, err := clientHs.generateHandshake() if err != nil { t.Fatalf("clientHandshake.generateHandshake() (forced oversize) failed: %s", err) } serverHs := newServerHandshake(nodeID, idKeypair, serverKeypair) _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err == nil { t.Fatalf("serverHandshake.parseClientHandshake() succeded (oversized)") } // Test undersized client padding. clientHs.padLen = clientMinPadLength - 1 clientBlob, err = clientHs.generateHandshake() if err != nil { t.Fatalf("clientHandshake.generateHandshake() (forced undersize) failed: %s", err) } serverHs = newServerHandshake(nodeID, idKeypair, serverKeypair) _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err == nil { t.Fatalf("serverHandshake.parseClientHandshake() succeded (undersized)") } // Test oversized server padding. // // NB: serverMaxPadLength isn't the real maxPadLength that triggers client // rejection, because the implementation is written with the asusmption // that the PRNG_SEED is also inlined with the response. Thus the client // actually accepts longer padding. The server handshake test and this // test adjust around that. clientHs.padLen = clientMinPadLength clientBlob, err = clientHs.generateHandshake() if err != nil { t.Fatalf("clientHandshake.generateHandshake() failed: %s", err) } serverHs = newServerHandshake(nodeID, idKeypair, serverKeypair) serverHs.padLen = serverMaxPadLength + inlineSeedFrameLength + 1 _, err = serverHs.parseClientHandshake(serverFilter, clientBlob) if err != nil { t.Fatalf("serverHandshake.parseClientHandshake() failed: %s", err) } serverBlob, err := serverHs.generateHandshake() if err != nil { t.Fatalf("serverHandshake.generateHandshake() (forced oversize) failed: %s", err) } _, _, err = clientHs.parseServerHandshake(serverBlob) if err == nil { t.Fatalf("clientHandshake.parseServerHandshake() succeded (oversized)") } }