summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-20Elide the error out from most logs unless unsafeLogging is set.Yawning Angel
The Golang runtime will happily splatter the remote IP address and port in the error's string representation for network related errors. While useful for debugging, this is unacceptable from a privacy standpoint.
2014-08-20Add a missing "continue" statement.Yawning Angel
Caught by asn, thanks.
2014-08-18Change the drbg seed field in the state file.Yawning Angel
Changing from "drbgSeed" to "drbg-seed" to be consistent with the ServerTransportOptions to allow for easier copy/paste.
2014-08-18Add support for enabling IAT obfuscation and biased WDist.Yawning Angel
Golang's command line parser is slightly cumbersome to use with subcommands, so the arguments are "obfs4-iatObufscation" and "obfs-distBias" instead of obfsproxy style subcommands.
2014-08-17Massive cleanup/code reorg.Yawning Angel
* Changed obfs4proxy to be more like obfsproxy in terms of design, including being an easy framework for developing new TCP/IP style pluggable transports. * Added support for also acting as an obfs2/obfs3 client or bridge as a transition measure (and because the code itself is trivial). * Massively cleaned up the obfs4 and related code to be easier to read, and more idiomatic Go-like in style. * To ease deployment, obfs4proxy will now autogenerate the node-id, curve25519 keypair, and drbg seed if none are specified, and save them to a JSON file in the pt_state directory (Fixes Tor bug #12605).
2014-06-25Change the import paths to point to the tp.o repository.Yawning Angel
2014-06-20Use delete to remove entries from the replay filter.Yawning Angel
2014-06-19Use Vose's Alias Method to sample the weighted distribution.Yawning Angel
The weight generation code also was cleaned up (and now can support generating distributions that look like what ScrambleSuit does as a compile time change). Per: http://www.keithschwarz.com/darts-dice-coins/
2014-06-07Document dependencies, add LICENSE (No functional changes).Yawning Angel
2014-06-07Allow randomly generating node-ids instead of requiring the fingerprint.Yawning Angel
To ease delopyment, "-genServerParams has changed". * "-genServerParams" is now a bool, and will by default generate a random node-id. * "-genServerParams -genServerParamsFP=<Base16 blob>" will convert the supplied bridge fingerprint to a node-id (the old behavior). Either way of deriving node-id is belived to be secure. * https://lists.torproject.org/pipermail/tor-dev/2014-May/006929.html * https://lists.torproject.org/pipermail/tor-dev/2014-June/006936.html The extra parameter was added because golang's flags library doesn't support distinguishing between "set but used the default value" and "not set, so you go the default value".
2014-06-02Use goptlib's MakeStateDir instead of the one in pt_extras.Yawning Angel
This requires changes in goptlib from last night, people may need to run "go get -u" to update dependencies before building.
2014-06-02Change how the length obfsucation mask is derived.Yawning Angel
Instead of using the nonce for the secret box, just use SipHash-2-4 in OFB mode instead. The IV is generated as part of the KDF. This simplifies the code a decent amount and also is better on the off chance that SipHash-2-4 does not avalanche as well as it is currently assumed. While here, also decouple the fact that *this implementation* of obfs4 uses a PRNG with 24 bytes of internal state for protocol polymorphism instead of 32 bytes (that the spec requires). THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY.
2014-06-02Move the SipHash DRBG off into it's own package.Yawning Angel
2014-06-01Move the server keypair generation to right after Accept().Yawning Angel
Instead of threading the code, move the keypair generation to right after Accept() is called. This should mask the timing differential due to the rejection sampling with the noise from the variablity in how long it takes for the server to get around to pulling a connection out of the backlog, and the time taken for the client to send it's portion of the handshake. The downside is that anyone connecting to the obfs4 port does force us to do a bunch of math, but the obfs4 math is relatively cheap compared to it's precursors. Fixes #9.
2014-06-01Generate client keypairs before connecting, instead of after.Yawning Angel
Part of issue #9.
2014-05-28Fix minor style issues pointed out by golint.Yawning Angel
2014-05-28Change the weighted distribution algorithm be uniform.Yawning Angel
The old way was biasted towards the earlier values. Thanks to asn for pointing this out and suggesting an alternative. As an additional tweak, do not reuse the drbg seed when calculating the IAT distribution, but instead run the seed through SHA256 first, for extra tinfoil goodness.
2014-05-26Fix import lines so other people using go get works.Yawning Angel
2014-05-26Use io.ReadFull in places where it is appropriate.Yawning Angel
2014-05-25Run go fmt on proxy_http.go (No functional changes).Yawning Angel
2014-05-25Add support for HTTP CONNECT proxies.Yawning Angel
Joining a SOCKS dialer on the list of things the Golang runtime really should have is a HTTP CONNECT dialer. There's a full fledged HTTP client and server there, but not this. Why? Who knows. This fixes issue #7.
2014-05-25Move the SOCKS4 code off into it's own little getto.Yawning Angel
Part of issue #7.
2014-05-25Add support for SOCKS4.Yawning Angel
Despite the unfortunate scheme name, this really is SOCKS4, and not 4a, as the torrc Socks4Proxy option only supports addresses and not FQDNs. Part of issue #7.
2014-05-25Rename to be consistent.Yawning Angel
2014-05-25Wire in go.net/proxy, enabling SOCKS5 via TOR_PT_PROXY.Yawning Angel
With tor patched to support 8402, obfs4 bootstraps via a SOCKSv5 proxy now. Other schemes will bail with a PROXY-ERROR, as the go.net/proxy package does not support them, and I have not gotten around to writing dialers for them yet (next on my TODO list). Part of issue #7.
2014-05-25Validate the host component of the proxy URI.Yawning Angel
Part of issue #7.
2014-05-25Parse TOR_PT_PROXY and support sending DONE/PROXY-ERROR.Yawning Angel
Currently obfs4proxy is hardcoded to always PROXY-ERROR, despite a valid proxy uri being passed in the env var. Once the dialer portion of the code is done, this will be changed. Part of issue #7.
2014-05-25Move the supplemental pt config routines to pt_extra.goYawning Angel
2014-05-24Don't use math/big when generating random numbers.Yawning Angel
2014-05-24Randomize length when the decoder receives an out-of-bound value.Yawning Angel
This makes the length error and MAC error indistinguishable to an external attacker.
2014-05-24Move utils.go to csrand/csrand.go, and clean up the interface.Yawning Angel
All of the obfs4 code except unit tests now uses the csrand wrapper routines.
2014-05-23Add support for IAT obfuscation (disabled by default).Yawning Angel
When enabled, inter-packet delay will be randomized between 0 and 10 ms in 100 usec intervals. As experiences from ScrambleSuit (and back of the envelope math based on how networks work) show, this is extremely expensive and artificially limits the throughput of the link. When enabled, bulk transfer throughput will be limited to an average of 278 KiB/s.
2014-05-23Change the maximm handshake length to 8192 bytes.Yawning Angel
* handhake_ntor_test now is considerably more comprehensive. * The padding related constants in the spec were clarified. This breaks wireprotocol compatibility.
2014-05-22Add replay detection to handshakes.Yawning Angel
This is done by maintaining a map keyed off the SipHash-2-4 digest of the MAC_C component of the handshake. Collisions, while possible are unlikely in the extreme and are thus treated as replays. In concept this is fairly similar to the ScrambleSuit `replay.py` code, with a few modifications: * There is a upper bound on how large the replay filter can grow. Currently this is set to 102400 entries, though it is unlikely that this limit will be hit. * A doubly linked list is also maintained parallel to the map, so the filter compaction process does not need to iterate over the entire filter.
2014-05-21Revert "Use the new goptlib goodies."Yawning Angel
This reverts commit 8d61c6bcc67e7acc5604f87ca2a7c7ec43fc46de. On second thought, don't do this. API not final, and some of the stuff might not be a good idea after all.
2014-05-21Fix constants in the spec to reflect the code.Yawning Angel
2014-05-21Use the new goptlib goodies.Yawning Angel
As of `15b960d55905877a840fe605a41a8139bffb5329` goptlib supports IsClient, IsServer, and handling the StateLocation. Yes this means you need to use goptlib out of git.
2014-05-21Change the MSS to 1448 bytes, because timestamps are a thing.Yawning Angel
This breaks wireprotocol compatibility.
2014-05-21Add support for a log scrubber and log a session id.Yawning Angel
This fixes #6.
2014-05-21Finish adding godoc comments to all public interfaces.Yawning Angel
2014-05-20Allow logging to be disabled (default).Yawning Angel
Part of #6, still need to make logs nicer.
2014-05-20Tweak the obfs4 handshake code.Yawning Angel
* Fixed where the code wasn't ensuring that the MAC_[C,S] was present. * Optimized the server side to only look at the tail of the (possibly incomplete handshakeRequest).
2014-05-18Actually keep the delay/threshold in the listener struct.Yawning Angel
This makes it consistent across all incoming connections, for real this time (oops).
2014-05-18Change the server failure close delay/discard length to be consistent.Yawning Angel
It will vary per bridge as it is based off the DRBG, but ever attempt at poking at any given bridge will exhibit consistent behavior.
2014-05-17Change the client connection timeout to 30 sec.Yawning Angel
This is more common than 15 seconds (It's what Firefox uses for the request timeout).
2014-05-17Update the spec with feedback from arma (No functional changes).Yawning Angel
2014-05-16Update README (No functional changes).Yawning Angel
2014-05-16Add a protocol specification.Yawning Angel
This fixes #4.
2014-05-16Treat the PrngSeed frame as part of the handshake.Yawning Angel
Clients will now always add 87 bytes of padding to the clientRequest, and Servers will always send the PRNG seed frame unpadded, and bundled with the serverResponse. Why 87 bytes? The amount of data that the server sends is 87. This fixes #5.
2014-05-16Validate that the padding length is greater than the minimum.Yawning Angel