Opened 6 years ago

Closed 6 years ago

#8223 closed defect (wontfix)

obfsproxy: obfs2: Key derivation with shared-secret enabled does an extra hash iteration

Reported by: asn Owned by: asn
Priority: Medium Milestone:
Component: Obfuscation/Obfsproxy Version: Obfsproxy: 0.1.4
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

  digest_update(c, (uchar*)keytype, strlen(keytype));
  if (seed_nonzero(state->initiator_seed))
    digest_update(c, state->initiator_seed, OBFUSCATE_SEED_LENGTH);
  if (seed_nonzero(state->responder_seed))
    digest_update(c, state->responder_seed, OBFUSCATE_SEED_LENGTH);
  if (shared_seed_nonzero(state->secret_seed))
    digest_update(c, state->secret_seed, SHARED_SECRET_LENGTH);
  digest_update(c, (uchar*)keytype, strlen(keytype));
  digest_getdigest(c, buf, sizeof(buf));

  if (shared_seed_nonzero(state->secret_seed)) {
    digest_t *d;
    int i;
    for (i=0; i < OBFUSCATE_HASH_ITERATIONS; i++) {
      d = digest_new();
      digest_update(d, buf, sizeof(buf));
      digest_getdigest(d, buf, sizeof(buf));
      digest_free(d);
    }
  }

Spec says:

   Optionally, if the client and server share a secret value SECRET,
   they can replace the MAC function with:

      MAC(s,x) = H^n(s | x | H(SECRET) | s)

   where n = HASH_ITERATIONS.

but the above code actually does n+1 hash iterations.

Child Tickets

Change History (1)

comment:1 Changed 6 years ago by asn

Resolution: wontfix
Status: newclosed

This ticket is about the old C-based obfsproxy. Closing.

Note: See TracTickets for help on using tickets.