Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T18:35:08Zhttps://gitlab.torproject.org/legacy/trac/-/issues/14038Fix ScrambleSuit's replay protection2020-06-13T18:35:08ZPhilipp Winterphw@torproject.orgFix ScrambleSuit's replay protectionScrambleSuit uses Uniform Diffie-Hellman as one of its authentication mechanisms. To defend against replay attacks, a sever caches the HMAC of a client's authentication message.
The attack works as follows. In the first step, an activ...ScrambleSuit uses Uniform Diffie-Hellman as one of its authentication mechanisms. To defend against replay attacks, a sever caches the HMAC of a client's authentication message.
The attack works as follows. In the first step, an active adversary (e.g., a censor trying to detect ScrambleSuit) observes a client authenticate successfully towards a ScrambleSuit server and captures the server's Uniform Diffie-Hellman response. In the second step, the adversary replays the captured response to the very same server. Since the server did not cache the HMAC of its own response, it will interpret the replayed data as legitimate authentication message of a new client and respond with an authentication response. The adversary now successfully tricked the server into responding despite not knowing the shared secret. This creates a noteworthy distinguisher which can help identifying ScrambleSuit.
Luckily, it's easy to fix this problem. Introducing message types would be one option but it would break backwards compatibility. The easiest fix which retains backwards compatibility is to make the server also cache its own HMACs which are part of the response to a client's authentication message. The downside is that it doubles the size of the replay table but that's tolerable.
Note that obfs4 is not affected by this problem because a client's and a server's authentication message are different.
A patch follows in a minute.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/13633obfs4proxy should support ScrambleSuit2020-06-13T18:35:07ZYawning Angelobfs4proxy should support ScrambleSuitI'm not entirely sure what the plan going forward for mobile is going to be re obfs4. At this point to get obfs4 on mobile, it would either require adding obfs4 to obfsclient (doable, but a decent amount of work), or adding ScrambleSuit...I'm not entirely sure what the plan going forward for mobile is going to be re obfs4. At this point to get obfs4 on mobile, it would either require adding obfs4 to obfsclient (doable, but a decent amount of work), or adding ScrambleSuit to obfs4client.
Assuming golang is easy to compile and run on mobile I'm inclined to do the latter since obfs4proxy is memory safe, fully supports #8402, and this would reduce obfsproxy in Tor Browser to "there so fte works".
In practical terms the work required for this isn't massive (at least for client support), due to how close obfs4 and ScrambleSuit are under the hood.Yawning AngelYawning Angelhttps://gitlab.torproject.org/legacy/trac/-/issues/13202Figure out a way to deal with bridges missing PT arguments.2020-06-13T16:49:28ZYawning AngelFigure out a way to deal with bridges missing PT arguments.From IRC, apparently approximately one in seven ScrambleSuit bridges do not have a password on the bridge line.
I am 99% certain this is due to people running ScrambleSuit on tor-0.2.4.x, as passing pluggable transport arguments via the...From IRC, apparently approximately one in seven ScrambleSuit bridges do not have a password on the bridge line.
I am 99% certain this is due to people running ScrambleSuit on tor-0.2.4.x, as passing pluggable transport arguments via the extrainfo document is not supported in that version, and `transports.c:parse_smethod_line()` does not sufficiently validate the `SMETHOD` line, so the arguments are silently dropped.
This leads to Bridges that publish extrainfo documents containing Bridge lines that are totally useless (No ScrambleSuit password etc), and will never get used.
This may be something that has to be worked around on the BridgeDB side (teach it about transports that require arguments, ignore bridges with malformed bridge lines), but that seems suboptimal (people thinking they are contributing bridges, when they realistically are not).https://gitlab.torproject.org/legacy/trac/-/issues/11489obfsclient integration for orbot2014-04-24T13:42:31ZYawning Angelobfsclient integration for orbotIn order to support more than obfs2, orbot should switch to using obfsclient from obfsproxy. I have attached a preliminary set of patches that accomplish this, based off `8d73be655e84879e56369546cdefa7c8d84fa4ac`.
To be done:
* obfspr...In order to support more than obfs2, orbot should switch to using obfsclient from obfsproxy. I have attached a preliminary set of patches that accomplish this, based off `8d73be655e84879e56369546cdefa7c8d84fa4ac`.
To be done:
* obfsproxy is still build and included as an asset.
* The obfsclient binary built with debugging information is gigantic, stripping after build is recommended.
* UI work for pluggable transport protocol selection.
Please let me know if there are any questions.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/11271ScrambleSuit and obfsproxy repositories should be merged2014-07-15T12:25:13ZPhilipp Winterphw@torproject.orgScrambleSuit and obfsproxy repositories should be mergedSo far, we copied ScrambleSuit's files to the obfsproxy repository. That's not very sustainable. Instead, we should merge both repositories so that all future development happens directly on obfsproxy. That way, we would also not lose...So far, we copied ScrambleSuit's files to the obfsproxy repository. That's not very sustainable. Instead, we should merge both repositories so that all future development happens directly on obfsproxy. That way, we would also not lose ScrambleSuit's git log.
Some pitfalls:
* ScrambleSuit has its own git tags for versioning. We must remove these.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/11269Misplaced comma in scramblesuit.py2014-03-22T11:49:36ZYawning AngelMisplaced comma in scramblesuit.pyA misplaced comma in a raise statement causes a ValuError instead of a helpful message to the user.
Reported on #tor by picuntu-ul.
Since it's totally trivial, I'll inline the fix as well:
```
diff --git a/obfsproxy/transports/scramble...A misplaced comma in a raise statement causes a ValuError instead of a helpful message to the user.
Reported on #tor by picuntu-ul.
Since it's totally trivial, I'll inline the fix as well:
```
diff --git a/obfsproxy/transports/scramblesuit/scramblesuit.py b/obfsproxy/transports/scramblesuit/scramblesuit.py
index 9262b34..bff0069 100644
--- a/obfsproxy/transports/scramblesuit/scramblesuit.py
+++ b/obfsproxy/transports/scramblesuit/scramblesuit.py
@@ -551,7 +551,7 @@ class ScrambleSuitTransport( base.BaseTransport ):
rawLength = len(uniformDHSecret)
if rawLength != const.SHARED_SECRET_LENGTH:
raise base.PluggableTransportError(
- "The UniformDH password must be %d bytes in length, ",
+ "The UniformDH password must be %d bytes in length, "
"but %d bytes are given."
% (const.SHARED_SECRET_LENGTH, rawLength))
else:
```George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/11159Document deploying a scramblesuit bridge on the website.2020-06-13T17:21:57ZMatt PaganDocument deploying a scramblesuit bridge on the website.https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en
https://www.torproject.org/projects/obfsproxy-instructions.html.en
These two pages have instructions for setting up an obfs2/obfs3 bridge. Is changing the ServerT...https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en
https://www.torproject.org/projects/obfsproxy-instructions.html.en
These two pages have instructions for setting up an obfs2/obfs3 bridge. Is changing the ServerTransportPlugin line and adding a note about using tor 0.2.5 enough to introduce bridge operators to scramblesuit? It might make sense for scramblesuit to get its own project page (#5192). Should scramblesuit get it's own installation page too? What other information should be included?Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/11143Error when starting Obfsproxy with Scramblesuit on Raspbian2014-03-09T00:02:36ZTracError when starting Obfsproxy with Scramblesuit on RaspbianHello,
I'm running an obfuscated bridge relay on a Raspberry Pi. I have tried to update obfsproxy to run scramblesuit, as requested on the blog, but I am running into a startup error. I have the latest Tor (compiled from source), and th...Hello,
I'm running an obfuscated bridge relay on a Raspberry Pi. I have tried to update obfsproxy to run scramblesuit, as requested on the blog, but I am running into a startup error. I have the latest Tor (compiled from source), and the latest obfsproxy. I have manually specified a password rather than have the system allocate one.
Everything is up to date.
Relevant info:
pi@raspberrypi ~/.tor $ uname -a
Linux raspberrypi 3.10.25+ #622 PREEMPT Fri Jan 3 18:41:00 GMT 2014
armv6l GNU/Linux
pi@raspberrypi ~/.tor $ tor --version
Tor version 0.2.5.2-alpha (git-745434d29a92da68).
pi@raspberrypi ~/.tor $ obfsproxy --version
0.2.6
pi@raspberrypi ~ $ python --version
Python 2.7.3
A sudo pip install obfsproxy --upgrade command will only update
setuptools to 2.2, but obfsproxy stays the same.
Obfsproxy logfile:
2014-02-18 19:08:54,757 [WARNING] Obfsproxy (version: 0.2.6) starting
up.
2014-02-18 19:08:54,770 [DEBUG] argv: ['/usr/local/bin/obfsproxy',
'--log-min-severity=debug', '--log-file=/home/pi/obfs.log', 'managed']
2014-02-18 19:08:54,772 [DEBUG] args: Namespace(data_dir=None,
log_file='/home/pi/obfs.log', log_min_severity='debug',
name='managed',
no_log=False, no_safe_logging=False)
2014-02-18 19:08:54,774 [INFO] Entering server managed-mode.
2014-02-18 19:08:54,896 [DEBUG] pyptlib gave us the following data:
'{'__class__': <class 'pyptlib.server.ServerTransportPlugin'>,
'config': {'ORPort': ('127.0.0.1', XXXXX),
'allTransportsEnabled': False,
'authCookieFile':
'/home/pi/.tor/extended_orport_auth_cookie',
'extendedORPort': ('127.0.0.1', XXXXX),
'managedTransportVer': ['1'],
'serverBindAddr': {'obfs3': ('0.0.0.0', XXXXX),
'scramblesuit': ('0.0.0.0', XXXXX)},
'serverTransportOptions': {'scramblesuit': {'password':
'XXXXXXXXXXXXXXXXX'}},
'stateLocation': '/home/pi/.tor/pt_state/',
'transports': ['obfs3', 'scramblesuit']},
'served_transports': ['obfs3', 'scramblesuit'],
'served_version': '1',
'stdout': <open file '<stdout>', mode 'w' at 0xb6cbe078>}'
2014-02-18 19:08:54,927 [INFO] ExtORPortServerFactory starting on
XXXXX
2014-02-18 19:08:54,950 [INFO] Starting factory
<obfsproxy.network.extended_orport.ExtORPortServerFactory instance at
0x1e156c0>
2014-02-18 19:08:54,952 [DEBUG] fact_ext_s_0x1e156c0: Starting up
Extended ORPort server factory.
2014-02-18 19:08:54,954 [DEBUG] Successfully launched 'obfs3' at
'[scrubbed]'
2014-02-18 19:08:54,957 [DEBUG] Setting the state location to
`/home/pi/.tor/pt_state/scramblesuit/'.
2014-02-18 19:08:54,969 [ERROR] Incorrect padding
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/dist-packages/obfsproxy/pyobfsproxy.py",
line
168, in run
pyobfsproxy()
File
"/usr/local/lib/python2.7/dist-packages/obfsproxy/pyobfsproxy.py",
line
140, in pyobfsproxy
do_managed_mode()
File
"/usr/local/lib/python2.7/dist-packages/obfsproxy/pyobfsproxy.py",
line
72, in do_managed_mode
managed_server.do_managed_server()
File
"/usr/local/lib/python2.7/dist-packages/obfsproxy/managed/server.py",
line 55, in do_managed_server
transport_class.setup(pt_config)
File
"/usr/local/lib/python2.7/dist-
packages/obfsproxy/transports/scramblesuit/scramblesuit.py",
line 121, in setup
cfg["password"]))
File "/usr/lib/python2.7/base64.py", line 198, in b32decode
raise TypeError('Incorrect padding')
TypeError: Incorrect padding
**Trac**:
**Username**: fishbonesGeorge KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/10893ScrambleSuit spec improvements2020-06-13T18:34:52ZYawning AngelScrambleSuit spec improvementsThings I've noticed when adding ScrambleSuit support to obfsclient:
* The spec lies about the contents of MAC for the UniformDH handshake.
Instead of "MAC(X | P_C | E)"/"MAC(X | P_S | E)" this should be "MAC(X | P_C | M_C | E)"/"MAC(...Things I've noticed when adding ScrambleSuit support to obfsclient:
* The spec lies about the contents of MAC for the UniformDH handshake.
Instead of "MAC(X | P_C | E)"/"MAC(X | P_S | E)" this should be "MAC(X | P_C | M_C | E)"/"MAC(Y | P_S | M_S | E)". The mark is part of the HMAC verifier, and for the server's MAC, the server's UniformDH key is used when computing the digest.
* Should the server echo the epoch received from the client? The server should attempt to verify the client's identifier with E - 1 or E + 1 and E, and it implicitly knows the E value the client sent, so it should echo it. Or the client could also verify more than 1 MAC.
* What happens when the random padding contains the mark? Should the client/server continue to scan for the MAC, or just fail the connection (The odds of this happening are *extremely unlikely* so failing it is probably fine).
Things that are totally missing:
* The Protocol Polymorphism PRNG needs to be documented.
Some of the things I discussed with phw already. I still haven't tackled Ticket Handshake yet, so I may end up adding more stuff to this.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/10887ScrambleSuit should make it easy for bridge admins to learn password2020-06-13T03:01:24ZPhilipp Winterphw@torproject.orgScrambleSuit should make it easy for bridge admins to learn passwordAt this point, the password is stored in `pt_state/scramblesuit/server_state.cpickle` in Python's string encoding. However, bridge operators might want to test their bridge and we should make that easier.
Ideally, we would have a file ...At this point, the password is stored in `pt_state/scramblesuit/server_state.cpickle` in Python's string encoding. However, bridge operators might want to test their bridge and we should make that easier.
Ideally, we would have a file `descriptor.txt` which contains a copy&pastable bridge descriptor including the password. That would also be consistent with how users learn about their hidden service descriptor.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/10598Merge ScrambleSuit v2014.01.a.2014-02-03T23:40:03ZPhilipp Winterphw@torproject.orgMerge ScrambleSuit v2014.01.a.I just published version 2014.01.a of ScrambleSuit. The API is now up-to-date (it uses `self.circuit` and `circuitCreated()` instead of `handshake()`) and it works for me in external and managed mode on Linux.
A patch is available here...I just published version 2014.01.a of ScrambleSuit. The API is now up-to-date (it uses `self.circuit` and `circuitCreated()` instead of `handshake()`) and it works for me in external and managed mode on Linux.
A patch is available here: https://gitweb.torproject.org/user/phw/obfsproxy.git/shortlog/refs/heads/scramblesuit_integration. It simply creates a module named `scramblesuit` and updates `transports.py`.
The branch can be tested with our public ScrambleSuit bridge:
```
Bridge scramblesuit 193.10.227.195:9002 password=5TYVADJINHBB67PJSBPSWVR5IO742PVO
ClientTransportPlugin scramblesuit exec /path/to/obfsproxy managed
```
Is there anything else to consider? George, are you able to conveniently test this on Windows? If not, I'll have to play around with my VM.George KadianakisGeorge Kadianakishttps://gitlab.torproject.org/legacy/trac/-/issues/10148Scramblesuit doesn't handle base32 decoded shared secrets properly2014-01-09T18:31:28ZIsis LovecruftScramblesuit doesn't handle base32 decoded shared secrets properlyUsing a uniform DH shared secret passphrase of `93edd2b39b06115b38778e5447be6171d34cf63cc0e083db91fca9ce7fe920fa`, I get the following unhandled exception in my scramblesuit logfile:
```
Traceback (most recent call last):
File "/usr/l...Using a uniform DH shared secret passphrase of `93edd2b39b06115b38778e5447be6171d34cf63cc0e083db91fca9ce7fe920fa`, I get the following unhandled exception in my scramblesuit logfile:
```
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 158, in run
pyobfsproxy()
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/pyobfsproxy.py", line 137, in pyobfsproxy
if (args.validation_function(args) == False):
File "/usr/local/lib/python2.7/dist-packages/obfsproxy-0.2.3_14_g4acf4da-py2.7.egg/obfsproxy/transports/scramblesuit/scramblesuit.py", line 534, in validate_external_mode_cli
rawLength = len(base64.b32decode(args.uniformDHSecret))
File "/usr/lib/python2.7/base64.py", line 196, in b32decode
quanta, leftover = divmod(len(s), 8)
TypeError: object of type 'NoneType' has no len()
```
Scramblesuit should probably at least catch the case where `base64.b32decode` returns None, and the case where it raises `TypeError`s due to "invalid padding".Isis LovecruftIsis Lovecrufthttps://gitlab.torproject.org/legacy/trac/-/issues/9406Deploy ScrambleSuit2014-02-03T23:45:32ZPhilipp Winterphw@torproject.orgDeploy ScrambleSuitThis ticket should document what remains to be done to deploy the [ScrambleSuit](http://www.cs.kau.se/philwint/scramblesuit/) pluggable transport protocol.
* ~~Obtain the shared secret as the server~~ (#8979)
* ~~ScrambleSuit needs to...This ticket should document what remains to be done to deploy the [ScrambleSuit](http://www.cs.kau.se/philwint/scramblesuit/) pluggable transport protocol.
* ~~Obtain the shared secret as the server~~ (#8979)
* ~~ScrambleSuit needs to learn Tor's data directory since it writes persistent data to disk. This boils down to slightly modifying pyptlib and obfsproxy.~~ (#9815)
* ~~BridgeDB must support shared secrets~~ (#9013)
* ~~Somebody needs to have a look at the source code. So far, I'm the only one familiar with it.~~ (asn had a look at it)
* The implementation must be tested on Windows and Mac.
* If all of the above is done, we can create a pluggable TBB with a hard-coded ScrambleSuit bridge for testing.Philipp Winterphw@torproject.orgPhilipp Winterphw@torproject.orghttps://gitlab.torproject.org/legacy/trac/-/issues/8040hiding command line arguments2014-07-15T12:32:34ZTrachiding command line argumentsThere is sensitive command line argument for example obfs2 "--shared-secret" that should not be shown in ps(1)
**Trac**:
**Username**: roytam1There is sensitive command line argument for example obfs2 "--shared-secret" that should not be shown in ps(1)
**Trac**:
**Username**: roytam1George KadianakisGeorge Kadianakis