Allow randomly generating node-ids instead of requiring the fingerprint.

To ease delopyment, "-genServerParams has changed". * "-genServerParams" is now a bool, and will by default generate a random node-id. * "-genServerParams -genServerParamsFP=<Base16 blob>" will convert the supplied bridge fingerprint to a node-id (the old behavior). Either way of deriving node-id is belived to be secure. * https://lists.torproject.org/pipermail/tor-dev/2014-May/006929.html * https://lists.torproject.org/pipermail/tor-dev/2014-June/006936.html The extra parameter was added because golang's flags library doesn't support distinguishing between "set but used the default value" and "not set, so you go the default value".

Allow randomly generating node-ids instead of requiring the fingerprint.
b19b6de3 · Yawning Angel · d9c6ecbf · b19b6de3
Commit b19b6de3 authored 10 years ago by Yawning Angel
--- a/obfs4proxy/obfs4proxy.go
+++ b/obfs4proxy/obfs4proxy.go
@@ -31,7 +31,7 @@
 //
 // Client usage (in torrc):
 //   UseBridges 1
-//   Bridge obfs4 X.X.X.X:YYYY <fingerprint> public-key=<Base64 Bridge public key> node-id=<Base64 Bridge Node ID>
+//   Bridge obfs4 X.X.X.X:YYYY <Fingerprint> public-key=<Base64 Bridge Public Key> node-id=<Base64 Bridge Node ID>
 //   ClientTransportPlugin obfs4 exec obfs4proxy
 //
 // Server usage (in torrc):
@@ -39,7 +39,7 @@
 //   ORPort 9001
 //   ExtORPort 6669
 //   ServerTransportPlugin obfs4 exec obfs4proxy
-//   ServerTransportOptions obfs4 private-key=<Base64 Bridge private key> node-id=<Base64 Node ID> drbg-seed=<Base64 DRBG seed>
+//   ServerTransportOptions obfs4 private-key=<Base64 Bridge Private Key> node-id=<Base64 Node ID> drbg-seed=<Base64 DRBG Seed>
 //
 // Because the pluggable transport requires arguments, obfs4proxy requires
 // tor-0.2.5.x to be useful.
@@ -357,12 +357,24 @@ func ptInitializeLogging(enable bool) error {
 }
 func generateServerParams(id string) {
-	rawID, err := hex.DecodeString(id)
+	idIsFP := id != ""
-	if err != nil {
+	var rawID []byte
-		fmt.Println("Failed to hex decode id:", err)
-		return
-	}
+	if idIsFP {
+		var err error
+		rawID, err = hex.DecodeString(id)
+		if err != nil {
+			fmt.Println("Failed to hex decode id:", err)
+			return
+		}
+	} else {
+		rawID = make([]byte, ntor.NodeIDLength)
+		err := csrand.Bytes(rawID)
+		if err != nil {
+			fmt.Println("Failed to generate random node-id:", err)
+			return
+		}
+	}
 	parsedID, err := ntor.NewNodeID(rawID)
 	if err != nil {
 		fmt.Println("Failed to parse id:", err)
@@ -390,8 +402,13 @@ func generateServerParams(id string) {
 	fmt.Println("Generated drbg-seed:", seedBase64)
 	fmt.Println()
 	fmt.Println("Client config: ")
-	fmt.Printf("  Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n",
+	if idIsFP {
-		id, parsedID.Base64(), keypair.Public().Base64())
+		fmt.Printf("  Bridge obfs4 <IP Address:Port> %s node-id=%s public-key=%s\n",
+			id, parsedID.Base64(), keypair.Public().Base64())
+	} else {
+		fmt.Printf("  Bridge obfs4 <IP Address:Port> <Fingerprint> node-id=%s public-key=%s\n",
+			parsedID.Base64(), keypair.Public().Base64())
+	}
 	fmt.Println()
 	fmt.Println("Server config:")
 	fmt.Printf("  ServerTransportOptions obfs4 node-id=%s private-key=%s drbg-seed=%s\n",
@@ -400,13 +417,14 @@ func generateServerParams(id string) {
 func main() {
 	// Some command line args.
-	genParams := flag.String("genServerParams", "", "Generate server params given a bridge fingerprint.")
+	genParams := flag.Bool("genServerParams", false, "Generate Bridge operator torrc parameters")
+	genParamsFP := flag.String("genServerParamsFP", "", "Optional bridge fingerprint for genServerParams")
 	flag.BoolVar(&enableLogging, "enableLogging", false, "Log to TOR_PT_STATE_LOCATION/obfs4proxy.log")
 	flag.BoolVar(&iatObfuscation, "iatObfuscation", false, "Enable IAT obufscation (EXPENSIVE)")
 	flag.BoolVar(&unsafeLogging, "unsafeLogging", false, "Disable the address scrubber")
 	flag.Parse()
-	if *genParams != "" {
+	if *genParams {
-		generateServerParams(*genParams)
+		generateServerParams(*genParamsFP)
 		return
 	}