diff options
| author | Nick Mathewson <nickm@torproject.org> | 2013-09-18 10:51:04 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-09-20 11:00:27 -0400 |
| commit | accadd8752bb26efeb31a5c866a16cc863963893 (patch) | |
| tree | 74e77186433563a7dba09276907b955627e026be /src | |
| parent | f8b44eedf725cadb15c3a0ad1bc5a0fa1dbbc21d (diff) | |
| download | tor-accadd8752bb26efeb31a5c866a16cc863963893.tar tor-accadd8752bb26efeb31a5c866a16cc863963893.tar.gz | |
Remove the timestamp from AUTHENTICATE cells; replace with random bytes
This isn't actually much of an issue, since only relays send
AUTHENTICATE cells, but while we're removing timestamps, we might as
well do this too.
Part of proposal 222. I didn't take the approach in the proposal of
using a time-based HMAC, since that was a bad-prng-mitigation hack
from SSL3, and in real life, if you don't have a good RNG, you're
hopeless as a Tor server.
Diffstat (limited to 'src')
| -rw-r--r-- | src/or/connection_or.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 95cb39ac8..39a5317cf 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2287,19 +2287,11 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, if (server) return V3_AUTH_FIXED_PART_LEN; // ptr-out - /* Time: 8 octets. */ - { - uint64_t now = time(NULL); - if ((time_t)now < 0) - return -1; - set_uint32(ptr, htonl((uint32_t)(now>>32))); - set_uint32(ptr+4, htonl((uint32_t)now)); - ptr += 8; - } - - /* Nonce: 16 octets. */ - crypto_rand((char*)ptr, 16); - ptr += 16; + /* 8 octets were reserved for the current time, but we're trying to get out + * of the habit of sending time around willynilly. Fortunately, nothing + * checks it. That's followed by 16 bytes of nonce. */ + crypto_rand((char*)ptr, 24); + ptr += 24; tor_assert(ptr - out == V3_AUTH_BODY_LEN); |