| Age | Commit message (Collapse) | Author |
|---|
|
With tor patched to support 8402, obfs4 bootstraps via a SOCKSv5 proxy
now. Other schemes will bail with a PROXY-ERROR, as the go.net/proxy
package does not support them, and I have not gotten around to writing
dialers for them yet (next on my TODO list).
Part of issue #7.
|
|
Part of issue #7.
|
|
Currently obfs4proxy is hardcoded to always PROXY-ERROR, despite a
valid proxy uri being passed in the env var. Once the dialer portion
of the code is done, this will be changed.
Part of issue #7.
|
|
|
|
|
|
This makes the length error and MAC error indistinguishable to an
external attacker.
|
|
All of the obfs4 code except unit tests now uses the csrand wrapper
routines.
|
|
When enabled, inter-packet delay will be randomized between 0 and 10
ms in 100 usec intervals. As experiences from ScrambleSuit (and back
of the envelope math based on how networks work) show, this is
extremely expensive and artificially limits the throughput of the link.
When enabled, bulk transfer throughput will be limited to an average of
278 KiB/s.
|
|
* handhake_ntor_test now is considerably more comprehensive.
* The padding related constants in the spec were clarified.
This breaks wireprotocol compatibility.
|
|
This is done by maintaining a map keyed off the SipHash-2-4 digest of
the MAC_C component of the handshake. Collisions, while possible are
unlikely in the extreme and are thus treated as replays.
In concept this is fairly similar to the ScrambleSuit `replay.py` code,
with a few modifications:
* There is a upper bound on how large the replay filter can grow.
Currently this is set to 102400 entries, though it is unlikely that
this limit will be hit.
* A doubly linked list is also maintained parallel to the map, so the
filter compaction process does not need to iterate over the entire
filter.
|
|
This reverts commit 8d61c6bcc67e7acc5604f87ca2a7c7ec43fc46de.
On second thought, don't do this. API not final, and some of the stuff
might not be a good idea after all.
|
|
|
|
As of `15b960d55905877a840fe605a41a8139bffb5329` goptlib supports
IsClient, IsServer, and handling the StateLocation.
Yes this means you need to use goptlib out of git.
|
|
This breaks wireprotocol compatibility.
|
|
This fixes #6.
|
|
|
|
Part of #6, still need to make logs nicer.
|
|
* Fixed where the code wasn't ensuring that the MAC_[C,S] was present.
* Optimized the server side to only look at the tail of the (possibly
incomplete handshakeRequest).
|
|
This makes it consistent across all incoming connections, for real this
time (oops).
|
|
It will vary per bridge as it is based off the DRBG, but ever attempt
at poking at any given bridge will exhibit consistent behavior.
|
|
This is more common than 15 seconds (It's what Firefox uses for the
request timeout).
|
|
|
|
|
|
This fixes #4.
|
|
Clients will now always add 87 bytes of padding to the clientRequest,
and Servers will always send the PRNG seed frame unpadded, and bundled
with the serverResponse.
Why 87 bytes? The amount of data that the server sends is 87.
This fixes #5.
|
|
|
|
Instead of including the previous secretbox in the input when
calculating the SipHash-2-4 digest used to generate the obfuscation
mask, use only the nonce. This is significantly faster, and if someone
breaks obfs4 by exploiting the low amount of input entropy between each
invocation (a counter incrementing by 1), I hope they publish the
attack on the PRF.
This breaks wire protocol compatibility.
|
|
* HMAC-SHA256 -> HMAC-SHA256-128.
* Mark/MAC are now both caluclated using Public Key | NodeID.
This breaks wire protocol compatibility.
|
|
This fixes #3, and brings the code to be on par with the delopyed
versions of ScrambleSuit in terms of features.
|
|
This also adds the drgb-seed option to the `-gen` obfs4proxy output.
|
|
This paves the way for having servers use the same seed for all
incoming connections, across multiple startup/shutdown cycles. As
opposed to the current situation where each Obfs4Listener will
randomly generate it's seed at creation time.
Additionally, use 256 bit seeds (128 bit SipHash-2-4 key + 16 bytes of
initial material).
|
|
|
|
|
|
|
|
|
|
|
|
In theory this is easier on the garbage collector. Probably could
reuse more of the intermediary buffers by stashing them in the
connection state, but that makes the code kind of messy. This should
be an improvement.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This should fix sockets getting stuck in CLOSE_WAIT.
|
|
|
|
The same algorithm as ScrambleSuit is used, except:
* SipHash-2-4 in OFB mode is used to create the distribution.
* The system CSPRNG is used when sampling the distribution.
This fixes most of #3, all that remains is generating and sending a
persistent distribution on the server side to the client.
|
|
On second thought instead of using log.Panicf(), panic() and do the
logging with recover(). This somewhat centralizes logging in
obfs4proxy, which will be easier to change when I invariably decide to
do logging differently in the future.
|
