Use the correct epoch hour when crafting the obfs4 server ntor response.

It's supposed to use the one derived from the client's handshake (assuming the clock skew is within acceptable limits), but it was using the one based off the current system time.
8 years ago · 62057625ea
parent a7a2575cab
commit 62057625ea
2 changed files with 3 additions and 2 deletions
--- a/2
+++ b/2
@ -2,6 +2,8 @@ Changes in version 0.0.7 - UNRELEASED:
 - Support configuring the obfs4 IAT parameter as the sole
   ServerTransportOption on bridges, and correctly checkpoint the argument
   to the state file.
+ - Correctly use the derived epoch hour when generating the server obfs4
+   ntor handshake response to be more tollerant of clock skew.

 Changes in version 0.0.6 - 2016-01-25:
 - Delay transport factory initialization till after logging has been
--- a/transports/obfs4/handshake_ntor.go
+++ b/transports/obfs4/handshake_ntor.go
@ -356,8 +356,7 @@ func (hs *serverHandshake) generateHandshake() ([]byte, error) {
 	// Calculate and write the MAC.
 	hs.mac.Reset()
 	hs.mac.Write(buf.Bytes())
-	hs.epochHour = []byte(strconv.FormatInt(getEpochHour(), 10))
-	hs.mac.Write(hs.epochHour)
+	hs.mac.Write(hs.epochHour) // Set in hs.parseClientHandshake()
 	buf.Write(hs.mac.Sum(nil)[:macLength])

 	return buf.Bytes(), nil