- Mar 22, 2015
-
-
Yawning Angel authored
-
- Mar 21, 2015
-
-
Daniel Martí authored
-
- Mar 18, 2015
-
-
Daniel Martí authored
-
- Mar 16, 2015
-
-
Yawning Angel authored
-
Daniel Martí authored
-
Daniel Martí authored
-
- Feb 17, 2015
-
-
Yawning Angel authored
-
Yawning Angel authored
This allows obfs4proxy to be used as a ScrambleSuit client that is wire compatible with the obfs4proxy implementation, including session ticket support, and length obfuscation. The current implementation has the following limitations: * IAT obfuscation is not supported (and is disabled in all other ScrambleSuit implementations by default). * The length distribution and probabilites are different from those generated by obfsproxy and obfsclient due to a different DRBG. * Server support is missing and is unlikely to be implemented.
-
- Jan 14, 2015
-
-
Yawning Angel authored
Forgot to include this in the spec, though it was documented as a comment in the framing code.
-
Yawning Angel authored
The Go developers decided to move the go.crypto repository to golang.org/x/crypto, and also to transition from hg to git. The tip of tree code.google.com copy of the code is broken due to the import paths pointing at the new repository. While the change here is simple (just update the import location), this affects packagers as it now expects the updated package. Sorry for the inconveneince, I blame the Go people.
-
- Oct 24, 2014
-
-
Yawning Angel authored
-
- Oct 03, 2014
-
-
Yawning Angel authored
Exhaustively testing padding combinations is really slow, and was causing timeouts during the Debian ARM package build process. Attempt to improve the situation by: * Reusing the client and server keypair for all of the tests, to cut runtime down by ~50%. * Splitting the client side and server side tests up, as it appears the timeout is per-test case. If this doesn't fix things, the next thing to try would be to reduce the actual number of padding lengths tested, but that is a last resort at the moment.
-
- Oct 01, 2014
-
-
Yawning Angel authored
-
Yawning Angel authored
Instead of "node-id" and "public-key" that are Base16 encoded, use "cert" which contains the "node-id" and "public-key" in Base64 encoded form. This is more compact and cuts the length down by 49 characters.
-
- Sep 26, 2014
-
-
Yawning Angel authored
-
- Sep 24, 2014
-
-
Yawning Angel authored
Write an example client bridge line suitable for use with the running obfs4 server instance to "obfs4_bridgeline.txt" for the convenience of bridge operators.
-
- Sep 06, 2014
-
-
Yawning Angel authored
-
Yawning Angel authored
-
Yawning Angel authored
-
- Sep 03, 2014
-
-
Yawning Angel authored
-
Yawning Angel authored
Client side logs are less spammy than server side in general, so more messages should be visible at the default logLevel when running as a client. Server side logging will be spammy basically no matter what unless obfs4proxy gets into the (arguably dangerous) business of figuring out which errors are people being evil vs which ones are transient network issues, so most logging is suppressed by default, unless the admin choses to open the floodgates.
-
Yawning Angel authored
The prolog prints the version as soon as logging is enabled, but before the pluggable transport configuration is done. The epilog is printed as the code returns from main, as long as either client or server pt configuration succeded.
-
Yawning Angel authored
-
Yawning Angel authored
For consistency with the rest of the arguments.
-
Yawning Angel authored
By default logging will be done at the "WARN" level. Fatal initialization errors will always be logged as long as logging is enabled regardless of logLevel.
-
- Aug 31, 2014
-
-
Yawning Angel authored
Instead of omitting errors entirely when running with the log scrubber, filter common network errors through elideError() that can scrub the common net.Error types and remove sensitive information.
-
- Aug 27, 2014
-
-
Yawning Angel authored
* Unbreak inbound TYPE_PRNG_SEED processing. * IAT obfuscation is now a per-bridge argument (iat-mode). * 0 (default) = Disabled. * 1 = Enabled, ScrambleSuit-style with bulk throughput optimizations. * 2 = Paranoid, Each IAT write will send a length sampled from the length distribution. (EXPENSIVE). The "iat-mode" argument is mandatory on the Bridge lines, and as a ServerTransportOption. Old statefiles will continue to load and use the default value, edit it if your hat is made of tin foil.
-
Yawning Angel authored
This matches what the code actually sends. It's shorter than the ScrambleSuit PRNG seed, but that's because the SipHash-2-4 based Hash_DRBG has 24 bytes of internal state (key + initial output).
-
Yawning Angel authored
-
Yawning Angel authored
-
- Aug 23, 2014
-
-
Yawning Angel authored
WARNING: THIS BREAKS BACKWARD COMPATIBILITY. This is primarily to work around bug #12930. Base16 was chosen over unpadded Base64 because the go runtime Base64 decoder does not handle omitting the padding. May $deity have mercy on anyone who needs to hand-enter an obfs4 bridge line because I will not.
-
- Aug 20, 2014
-
-
Yawning Angel authored
The Golang runtime will happily splatter the remote IP address and port in the error's string representation for network related errors. While useful for debugging, this is unacceptable from a privacy standpoint.
-
Yawning Angel authored
Caught by asn, thanks.
-
- Aug 18, 2014
-
-
Yawning Angel authored
Changing from "drbgSeed" to "drbg-seed" to be consistent with the ServerTransportOptions to allow for easier copy/paste.
-
Yawning Angel authored
Golang's command line parser is slightly cumbersome to use with subcommands, so the arguments are "obfs4-iatObufscation" and "obfs-distBias" instead of obfsproxy style subcommands.
-
- Aug 17, 2014
-
-
Yawning Angel authored
* Changed obfs4proxy to be more like obfsproxy in terms of design, including being an easy framework for developing new TCP/IP style pluggable transports. * Added support for also acting as an obfs2/obfs3 client or bridge as a transition measure (and because the code itself is trivial). * Massively cleaned up the obfs4 and related code to be easier to read, and more idiomatic Go-like in style. * To ease deployment, obfs4proxy will now autogenerate the node-id, curve25519 keypair, and drbg seed if none are specified, and save them to a JSON file in the pt_state directory (Fixes Tor bug #12605).
-
- Jun 25, 2014
-
-
Yawning Angel authored
-
- Jun 20, 2014
-
-
Yawning Angel authored
-
- Jun 19, 2014
-
-
Yawning Angel authored
The weight generation code also was cleaned up (and now can support generating distributions that look like what ScrambleSuit does as a compile time change). Per: http://www.keithschwarz.com/darts-dice-coins/
-
- Jun 07, 2014
-
-
Yawning Angel authored
-