The obfourscator (obfs4proxy)
Go to file
2014-05-24 16:46:59 +00:00
csrand Don't use math/big when generating random numbers. 2014-05-24 16:46:59 +00:00
doc Change the maximm handshake length to 8192 bytes. 2014-05-23 04:04:31 +00:00
framing Randomize length when the decoder receives an out-of-bound value. 2014-05-24 05:06:34 +00:00
ntor Move utils.go to csrand/csrand.go, and clean up the interface. 2014-05-24 04:47:10 +00:00
obfs4proxy Add support for IAT obfuscation (disabled by default). 2014-05-23 05:23:36 +00:00
.gitignore Move to a unified client/server binary, and fix bugs. 2014-05-12 00:02:24 +00:00
handshake_ntor_test.go Change the maximm handshake length to 8192 bytes. 2014-05-23 04:04:31 +00:00
handshake_ntor.go Move utils.go to csrand/csrand.go, and clean up the interface. 2014-05-24 04:47:10 +00:00
obfs4.go Move utils.go to csrand/csrand.go, and clean up the interface. 2014-05-24 04:47:10 +00:00
packet.go Add support for IAT obfuscation (disabled by default). 2014-05-23 05:23:36 +00:00
README.md Update README (No functional changes). 2014-05-16 05:06:38 +00:00
replay_filter_test.go Add replay detection to handshakes. 2014-05-22 18:42:16 +00:00
replay_filter.go Move utils.go to csrand/csrand.go, and clean up the interface. 2014-05-24 04:47:10 +00:00
weighted_dist.go Move utils.go to csrand/csrand.go, and clean up the interface. 2014-05-24 04:47:10 +00:00

obfs4 - The obfourscator

Yawning Angel (yawning at torproject dot org)

WARNING

This is pre-alpha. Don't expect any security or wire protocol stability yet. If you want to use something like this, you should currently probably be looking at ScrambleSuit.

What?

This is a look-like nothing obfuscation protocol that incorporates ideas and concepts from Philipp Winter's ScrambleSuit protocol. The obfs naming was chosen primarily because it was shorter, in terms of protocol ancestery obfs4 is much closer to ScrambleSuit than obfs2/obfs3.

The notable differences between ScrambleSuit and obfs4:

  • The handshake always does a full key exchange (no such thing as a Session Ticket Handshake).
  • The handshake uses the Tor Project's ntor handshake with public keys obfuscated via the Elligator 2 mapping.
  • The link layer encryption uses NaCl secret boxes (Poly1305/XSalsa20).

Why not extend ScrambleSuit?

It's my protocol and I'll obfuscate if I want to.

Since a lot of the changes are to the handshaking process, it didn't make sense to extend ScrambleSuit as writing a server implementation that supported both handshake variants without being obscenely slow is non-trivial.

TODO

  • Code cleanups.
  • Write more unit tests.
  • Optimize further.

WON'T DO

  • I do not care that much about standalone mode. Patches MAY be accepted, especially if they are clean and are useful to Tor users.
  • Yes, I use a bunch of code from the borg^w^wGoogle. If that bothers you feel free to write your own implementation.
  • I do not care about older versions of the go runtime.

Thanks

  • David Fifield for goptlib.
  • Adam Langley for his Elligator implementation.
  • Philipp Winter for the ScrambleSuit protocol which provided much of the design.