| Age | Commit message (Collapse) | Author |
|---|
|
Implements feature #15576.
|
|
This allows obfs4proxy to be used as a ScrambleSuit client that is wire
compatible with the obfs4proxy implementation, including session ticket
support, and length obfuscation.
The current implementation has the following limitations:
* IAT obfuscation is not supported (and is disabled in all other
ScrambleSuit implementations by default).
* The length distribution and probabilites are different from those
generated by obfsproxy and obfsclient due to a different DRBG.
* Server support is missing and is unlikely to be implemented.
|
|
Forgot to include this in the spec, though it was documented as a
comment in the framing code.
|
|
Write an example client bridge line suitable for use with the running
obfs4 server instance to "obfs4_bridgeline.txt" for the convenience of
bridge operators.
|
|
|
|
|
|
This matches what the code actually sends. It's shorter than the
ScrambleSuit PRNG seed, but that's because the SipHash-2-4 based
Hash_DRBG has 24 bytes of internal state (key + initial output).
|
|
Instead of using the nonce for the secret box, just use SipHash-2-4 in
OFB mode instead. The IV is generated as part of the KDF. This
simplifies the code a decent amount and also is better on the off
chance that SipHash-2-4 does not avalanche as well as it is currently
assumed.
While here, also decouple the fact that *this implementation* of obfs4
uses a PRNG with 24 bytes of internal state for protocol polymorphism
instead of 32 bytes (that the spec requires).
THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY.
|
|
* handhake_ntor_test now is considerably more comprehensive.
* The padding related constants in the spec were clarified.
This breaks wireprotocol compatibility.
|
|
|
|
This breaks wireprotocol compatibility.
|
|
|
|
This fixes #4.
|
