framing

package

v0.0.0-...-1add468 Latest Latest Go to latest Published: Feb 17, 2023 License: BSD-2-Clause, BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/RACECAR-GU/obfsX

Links

Open Source Insights

Documentation ¶

Overview ¶

Package framing implements the obfs4 link framing and cryptography.

The ObfsEncoder/ObfsDecoder shared secret format is:

uint8_t[32] NaCl secretbox key
uint8_t[16] NaCl Nonce prefix
uint8_t[16] SipHash-2-4 key (used to obfsucate length)
uint8_t[8]  SipHash-2-4 IV

The frame format is:

uint16_t length (obfsucated, big endian)
NaCl secretbox (Poly1305/XSalsa20) containing:
  uint8_t[16] tag (Part of the secretbox construct)
  uint8_t[]   payload

The length field is length of the NaCl secretbox XORed with the truncated SipHash-2-4 digest ran in OFB mode.

Initialize K, IV[0] with values from the shared secret.
On each packet, IV[n] = H(K, IV[n - 1])
mask[n] = IV[n][0:2]
obfsLen = length ^ mask[n]

The NaCl secretbox (Poly1305/XSalsa20) nonce format is:

uint8_t[24] prefix (Fixed)
uint64_t    counter (Big endian)

The counter is initialized to 1, and is incremented on each frame. Since the protocol is designed to be used over a reliable medium, the nonce is not transmitted over the wire as both sides of the conversation know the prefix and the initial counter value. It is imperative that the counter does not wrap, and sessions MUST terminate before 2^64 frames are sent.

Index ¶

Constants
Variables
type ObfsDecoder
- func NewObfsDecoder(key []byte) *ObfsDecoder
type ObfsEncoder
- func NewObfsEncoder(key []byte) *ObfsEncoder

Constants ¶

View Source

const (

	// FrameOverhead is the length of the framing overhead.
	FrameOverhead = f.LengthLength + secretbox.Overhead

	// MaximumFramePayloadLength is the length of the maximum allowed payload
	// per frame.
	MaximumFramePayloadLength = f.MaximumSegmentLength - FrameOverhead

	// KeyLength is the length of the ObfsEncoder/ObfsDecoder secret key.
	KeyLength = keyLength + noncePrefixLength + drbg.SeedLength
)

View Source

const (
	PacketTypePayload = iota
	PacketTypePrngSeed
)

Variables ¶

View Source

var ErrNonceCounterWrapped = errors.New("framing: Nonce counter wrapped")

Error returned when the NaCl secretbox nonce's counter wraps (FATAL).

Functions ¶

This section is empty.

Types ¶

type ObfsDecoder ¶

type ObfsDecoder struct {
	f.BaseDecoder

	PacketOverhead int
	PrngRegen      prngRegenFunc
	// contains filtered or unexported fields
}

ObfsDecoder is a BaseDecoder instance.

func NewObfsDecoder ¶

func NewObfsDecoder(key []byte) *ObfsDecoder

NewObfsDecoder creates a new ObfsDecoder instance. It must be supplied a slice containing exactly KeyLength bytes of keying material.

type ObfsEncoder ¶

type ObfsEncoder struct {
	f.BaseEncoder

	PacketOverhead int
	// contains filtered or unexported fields
}

ObfsEncoder is a frame encoder instance.

func NewObfsEncoder ¶

func NewObfsEncoder(key []byte) *ObfsEncoder

NewObfsEncoder creates a new ObfsEncoder instance. It must be supplied a slice containing exactly KeyLength bytes of keying material.

Source Files ¶

View all Source files

framing.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL