Obfsy McObfsface

Yawning Angel 03f5f106d3 obfs4 padding changes, special case short writes as well. 3 years ago
basket2proxy db0ca0e1ce Allow specifying padding methods via cmd line, disable NULL. 3 years ago
crypto 0d23e1b74d Removed unused XChaCha20/Poly1305 secretbox implementation. 3 years ago
ext 374790b515 Consolidate the x25519 stuff living under ext/ to a single package. 3 years ago
framing 5a58b8ab51 Increase the tentp max framesize to 64 kib. 3 years ago
handshake 47c14b1cfc Allow overriding the KEX method(s) from the command line. 3 years ago
internal 03f5f106d3 obfs4 padding changes, special case short writes as well. 3 years ago
.gitignore 87c1e0ed50 Add a gitignore file. 3 years ago
CODE_OF_MERIT.md f71885fdfd Initial import. 3 years ago
LICENSE 9ca113c4af Add a LICENSE file, no functional changes. 3 years ago
README.md 933aba8359 Update README (no functional changes). 3 years ago
client.go 0a0b910989 Clamp the various read sizes to plausible/sensible values. 3 years ago
common.go db0ca0e1ce Allow specifying padding methods via cmd line, disable NULL. 3 years ago
padding_impl.go 0d4b23e5e8 Carve off the read side code into a common routine for reuse. 3 years ago
padding_null.go 0d4b23e5e8 Carve off the read side code into a common routine for reuse. 3 years ago
padding_obfs4.go 03f5f106d3 obfs4 padding changes, special case short writes as well. 3 years ago
server.go d22f2ed3fe Serialize/Deserialize padding parameters on the server side. 3 years ago
version_check.go bf0c8d0e2d Initial (incomplete) client implementation. 3 years ago
version_check_stub.go bf0c8d0e2d Initial (incomplete) client implementation. 3 years ago

README.md

basket2 - Obfsy McObfsface

Yawning Angel (yawning at schwanenlied dot me)

basket2 is the next transport in the obfs series. It derives inspiration primarily from obfs4 and predecessors, and incorporates ideas initially prototyped in the experimental basket transport.

Features:

  • Authentication, data integrity, and confidentiality.
  • Active probing resistance.
  • Passive fingerprinting resistance, improved over obfs4.
  • Client driven dynamic negotiation of runtime padding to better suit various adversary models.
  • Better separation between the handshake obfuscation and the authenticated key exchange mechanisms.
  • Significantly improved link layer framing.
  • (TODO) Optional user authentication.
  • Post-quantum forward secrecy.
  • License switch from 3BSD to AGPL for more Freedom.

Dependencies:

  • Go 1.6.x or later - (May work with older versions, don't care if they don't)
  • golang.org/x/crypto - SHA3, Curve25519, Ed25519, Poly1305
  • github.com/dchest/siphash - SipHash-2-4
  • git.schwanenlied.me/yawning/a2filter.git - Active-Active Bloom Filter
  • git.schwanenlied.me/yawning/chacha20.git - (X)ChaCha20
  • git.schwanenlied.me/yawning/newhope.git - New Hope
  • git.schwanenlied.me/yawning/x448.git - X448

Notes:

  • I am waiving the remote network interaction requirements specified in Section 13 ("Remote Network Interaction; Use with the GNU General Public License") of the AGPL, per the terms of Section 7 ("Additional Terms"), for users that:

    • Are using the software exclusively to operate a publically accessible Bridge to provide access to the public Tor network as a Tor Pluggable Transport server. This means:

      The Bridge publishes a descriptor to the Bridge Authority, and is available via BridgeDB OR is a default Bridge pre-configured and distributed with Tor Browser, and uses basket2 as a server side Pluggable Transport for said Bridge.

  • All other users MUST comply with the AGPL in it's entirety as a general rule, though other licensing arrangements may be possible on request. I will likely be fairly liberal here, so please contact me if the current licensing is unsuitable for your use case.

  • The post-quantum cryptography does not apply to active attackers in posession of a quantum computer, and only will protect pre-existing data from later decryption.

  • If your system has busted PMTUD, this probably won't work at all. Not my problem. Complain to your OS vendor.

  • This could have been based on Trevor Perin's noise protocol framework, with a decent amount of work and extensions, but certain properties and behavior I need aren't formally specified yet. This is something I will strongly consider if/when I design basket3.

TODO:

  • Write a formal specification.

  • Write an AVX2 optimized Poly1305 implementation.

  • Someone that's not me should write assembly optimized ChaCha20 for ARM and i386. I may do both if I feel bored enough, but no promises.

  • Write optimized assembler versions of things for gccgo (or C if that's easier). Low priority.

  • Define more padding primitives.