Change all the arguments to use base16 from base64.

WARNING: THIS BREAKS BACKWARD COMPATIBILITY.

This is primarily to work around bug #12930.  Base16 was chosen over
unpadded Base64 because the go runtime Base64 decoder does not handle
omitting the padding.

May $deity have mercy on anyone who needs to hand-enter an obfs4 bridge
line because I will not.

common/drbg/hash_drbg.go

@@ -30,7 +30,7 @@
 package drbg
 
 import (
-	"encoding/base64"
+	"encoding/hex"
 	"encoding/binary"
 	"fmt"
 	"hash"
@@ -55,9 +55,9 @@ func (seed *Seed) Bytes() *[SeedLength]byte {
 	return (*[SeedLength]byte)(seed)
 }
 
-// Base64 returns the Base64 representation of the seed.
-func (seed *Seed) Base64() string {
-	return base64.StdEncoding.EncodeToString(seed.Bytes()[:])
+// Hex returns the hexdecimal representation of the seed.
+func (seed *Seed) Hex() string {
+	return hex.EncodeToString(seed.Bytes()[:])
 }
 
 // NewSeed returns a Seed initialized with the runtime CSPRNG.
@@ -83,11 +83,11 @@ func SeedFromBytes(src []byte) (seed *Seed, err error) {
 	return
 }
 
-// SeedFromBase64 creates a Seed from the Base64 representation, truncating to
+// SeedFromHex creates a Seed from the hexdecimal representation, truncating to
 // SeedLength as appropriate.
-func SeedFromBase64(encoded string) (seed *Seed, err error) {
+func SeedFromHex(encoded string) (seed *Seed, err error) {
 	var raw []byte
-	if raw, err = base64.StdEncoding.DecodeString(encoded); err != nil {
+	if raw, err = hex.DecodeString(encoded); err != nil {
 		return nil, err
 	}
 

common/ntor/ntor.go

@@ -39,7 +39,7 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"crypto/subtle"
-	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"io"
 
@@ -137,9 +137,9 @@ func NewNodeID(raw []byte) (*NodeID, error) {
 	return nodeID, nil
 }
 
-// NodeIDFromBase64 creates a new NodeID from the Base64 encoded representation.
-func NodeIDFromBase64(encoded string) (*NodeID, error) {
-	raw, err := base64.StdEncoding.DecodeString(encoded)
+// NodeIDFromHex creates a new NodeID from the hexdecimal representation.
+func NodeIDFromHex(encoded string) (*NodeID, error) {
+	raw, err := hex.DecodeString(encoded)
 	if err != nil {
 		return nil, err
 	}
@@ -151,9 +151,9 @@ func (id *NodeID) Bytes() *[NodeIDLength]byte {
 	return (*[NodeIDLength]byte)(id)
 }
 
-// Base64 returns the Base64 representation of the NodeID.
-func (id *NodeID) Base64() string {
-	return base64.StdEncoding.EncodeToString(id[:])
+// Hex returns the hexdecimal representation of the NodeID.
+func (id *NodeID) Hex() string {
+	return hex.EncodeToString(id[:])
 }
 
 // PublicKey is a Curve25519 public key in little-endian byte order.
@@ -164,9 +164,9 @@ func (public *PublicKey) Bytes() *[PublicKeyLength]byte {
 	return (*[PublicKeyLength]byte)(public)
 }
 
-// Base64 returns the Base64 representation of the Curve25519 public key.
-func (public *PublicKey) Base64() string {
-	return base64.StdEncoding.EncodeToString(public.Bytes()[:])
+// Hex returns the hexdecimal representation of the Curve25519 public key.
+func (public *PublicKey) Hex() string {
+	return hex.EncodeToString(public.Bytes()[:])
 }
 
 // NewPublicKey creates a PublicKey from the raw bytes.
@@ -181,9 +181,9 @@ func NewPublicKey(raw []byte) (*PublicKey, error) {
 	return pubKey, nil
 }
 
-// PublicKeyFromBase64 returns a PublicKey from a Base64 representation.
-func PublicKeyFromBase64(encoded string) (*PublicKey, error) {
-	raw, err := base64.StdEncoding.DecodeString(encoded)
+// PublicKeyFromHex returns a PublicKey from the hexdecimal representation.
+func PublicKeyFromHex(encoded string) (*PublicKey, error) {
+	raw, err := hex.DecodeString(encoded)
 	if err != nil {
 		return nil, err
 	}
@@ -216,9 +216,9 @@ func (private *PrivateKey) Bytes() *[PrivateKeyLength]byte {
 	return (*[PrivateKeyLength]byte)(private)
 }
 
-// Base64 returns the Base64 representation of the Curve25519 private key.
-func (private *PrivateKey) Base64() string {
-	return base64.StdEncoding.EncodeToString(private.Bytes()[:])
+// Hex returns the hexdecimal representation of the Curve25519 private key.
+func (private *PrivateKey) Hex() string {
+	return hex.EncodeToString(private.Bytes()[:])
 }
 
 // Keypair is a Curve25519 keypair with an optional Elligator representative.
@@ -291,10 +291,10 @@ func NewKeypair(elligator bool) (*Keypair, error) {
 	}
 }
 
-// KeypairFromBase64 returns a Keypair from a Base64 representation of the
+// KeypairFromHex returns a Keypair from the hexdecimal representation of the
 // private key.
-func KeypairFromBase64(encoded string) (*Keypair, error) {
-	raw, err := base64.StdEncoding.DecodeString(encoded)
+func KeypairFromHex(encoded string) (*Keypair, error) {
+	raw, err := hex.DecodeString(encoded)
 	if err != nil {
 		return nil, err
 	}

transports/obfs4/obfs4.go

@@ -117,8 +117,8 @@ func (t *Transport) ServerFactory(stateDir string, args *pt.Args) (base.ServerFa
 
 	// Store the arguments that should appear in our descriptor for the clients.
 	ptArgs := pt.Args{}
-	ptArgs.Add(nodeIDArg, st.nodeID.Base64())
-	ptArgs.Add(publicKeyArg, st.identityKey.Public().Base64())
+	ptArgs.Add(nodeIDArg, st.nodeID.Hex())
+	ptArgs.Add(publicKeyArg, st.identityKey.Public().Hex())
 
 	// Initialize the replay filter.
 	filter, err := replayfilter.New(replayTTL)
@@ -154,7 +154,7 @@ func (cf *obfs4ClientFactory) ParseArgs(args *pt.Args) (interface{}, error) {
 		return nil, fmt.Errorf("missing argument '%s'", nodeIDArg)
 	}
 	var nodeID *ntor.NodeID
-	if nodeID, err = ntor.NodeIDFromBase64(nodeIDStr); err != nil {
+	if nodeID, err = ntor.NodeIDFromHex(nodeIDStr); err != nil {
 		return nil, err
 	}
 
@@ -163,7 +163,7 @@ func (cf *obfs4ClientFactory) ParseArgs(args *pt.Args) (interface{}, error) {
 		return nil, fmt.Errorf("missing argument '%s'", publicKeyArg)
 	}
 	var publicKey *ntor.PublicKey
-	if publicKey, err = ntor.PublicKeyFromBase64(publicKeyStr); err != nil {
+	if publicKey, err = ntor.PublicKeyFromHex(publicKeyStr); err != nil {
 		return nil, err
 	}
 

transports/obfs4/statefile.go

@@ -28,7 +28,6 @@
 package obfs4
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -85,17 +84,13 @@ func serverStateFromJSONServerState(js *jsonServerState) (*obfs4ServerState, err
 	var err error
 
 	st := new(obfs4ServerState)
-	if st.nodeID, err = ntor.NodeIDFromBase64(js.NodeID); err != nil {
+	if st.nodeID, err = ntor.NodeIDFromHex(js.NodeID); err != nil {
 		return nil, err
 	}
-	if st.identityKey, err = ntor.KeypairFromBase64(js.PrivateKey); err != nil {
+	if st.identityKey, err = ntor.KeypairFromHex(js.PrivateKey); err != nil {
 		return nil, err
 	}
-	var rawSeed []byte
-	if rawSeed, err = base64.StdEncoding.DecodeString(js.DrbgSeed); err != nil {
-		return nil, err
-	}
-	if st.drbgSeed, err = drbg.SeedFromBytes(rawSeed); err != nil {
+	if st.drbgSeed, err = drbg.SeedFromHex(js.DrbgSeed); err != nil {
 		return nil, err
 	}
 
@@ -138,10 +133,10 @@ func newJSONServerState(stateDir string, js *jsonServerState) (err error) {
 	}
 
 	// Encode it into JSON format and write the state file.
-	js.NodeID = st.nodeID.Base64()
-	js.PrivateKey = st.identityKey.Private().Base64()
-	js.PublicKey = st.identityKey.Public().Base64()
-	js.DrbgSeed = st.drbgSeed.Base64()
+	js.NodeID = st.nodeID.Hex()
+	js.PrivateKey = st.identityKey.Private().Hex()
+	js.PublicKey = st.identityKey.Public().Hex()
+	js.DrbgSeed = st.drbgSeed.Hex()
 
 	var encoded []byte
 	if encoded, err = json.Marshal(js); err != nil {