obfsproxy: obfs2: Key derivation with shared-secret enabled does an extra hash iteration
digest_update(c, (uchar*)keytype, strlen(keytype));
if (seed_nonzero(state->initiator_seed))
digest_update(c, state->initiator_seed, OBFUSCATE_SEED_LENGTH);
if (seed_nonzero(state->responder_seed))
digest_update(c, state->responder_seed, OBFUSCATE_SEED_LENGTH);
if (shared_seed_nonzero(state->secret_seed))
digest_update(c, state->secret_seed, SHARED_SECRET_LENGTH);
digest_update(c, (uchar*)keytype, strlen(keytype));
digest_getdigest(c, buf, sizeof(buf));
if (shared_seed_nonzero(state->secret_seed)) {
digest_t *d;
int i;
for (i=0; i < OBFUSCATE_HASH_ITERATIONS; i++) {
d = digest_new();
digest_update(d, buf, sizeof(buf));
digest_getdigest(d, buf, sizeof(buf));
digest_free(d);
}
}
Spec says:
Optionally, if the client and server share a secret value SECRET,
they can replace the MAC function with:
MAC(s,x) = H^n(s | x | H(SECRET) | s)
where n = HASH_ITERATIONS.
but the above code actually does n+1
hash iterations.