summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Reset probdist.prng to None after generating the distributionctr_drbgYawning Angel2014-03-15
| | | | | | | Since ctr_drbg does not implement getstate/setstate, it would raise an exception. Resetting it and using the global CTR_DRBG instance for actual samples is fine since it is seeded from the OS CSPRNG, and the distribution is the only thing that should be saved.
* Use an AES based CTR_DRBG for the ScrambleSuit probdist.Yawning Angel2014-03-14
| | | | | | | | | This replaces Mersenne Twister with a simple CSPRNG based on CTR-AES-128, similar to the CTR_DRBG from NIST SP 800-90A. The way it is used in ScrambleSuit is to seed itself off of the PRNG seed per the ScrambleSuit protocol (either derived from the long term secret, or receive from the peer post handshake), generate the Probability Distribution and then immediately reseed from os.urandom.
* Add editor swap files to .gitignore.George Kadianakis2014-03-12
|
* Massage the ChangeLog a bit.George Kadianakis2014-03-11
|
* Fix the last issues asn foundYawning Angel2014-03-11
| | | | | | * ACCEPTABLE_CMDS now only contains CONNECT, since that is the only command used and actually implemented. * Removed trailing whitespace from the socks5 tests.
* Fix the test_socks.py unit testsYawning Angel2014-03-10
| | | | | | Not going to touch #10240 for now since the SOCKS args handler will eventually be totally rewritten (changed to return a dict containing the separated [k=v] pairs).
* Add unit tests for socks5.pyYawning Angel2014-03-10
|
* Minor changesYawning Angel2014-03-10
| | | | | | * Since the compat inet_ntop is used, no longer need to try/catch * Make _ByteBuffer.get(self, length) return a string and remove a ton of str() calls
* Use inet_ntop/inet_pton from twisted.python.compat instead of the socketYawning Angel2014-03-10
| | | | Apparently, these routines are missing on Windows.
* Incorporate feedback from hellais, and minor bug fixesYawning Angel2014-03-10
| | | | | | | | | | | | | | | | Changed based on feedback from hellias: * handleCmdConnectFailure now traps errors * sendReply no longer deals with parsing out the outgoing local address * logging uses the obfsproxy logger again * Fixed a bug where send_reply was used instead of sendReply * The obfsproxy specific SOCKSv5 classes were renamed to OBFSSOCKSv5Outgoing and OBFSSOCKSv5Protocol Bugs I found: * SOCKSv5Protocol.dataReceived() should actually work now (never called by obfsproxy since it's overridden) * _ByteBuffer.get_uint32() was always doing byte order conversion (method never used)
* Fix more things pointed out by asnYawning Angel2014-03-10
| | | | | | | | * Instead of using methodcaller, just store lambdas in the auth vtable * Add doc strings to _ByteBuffer * Do not use "len" as a variable name * Fix a bug in processEstablishedData() that pylint caught (obfsproxy would never have triggered it since the routine is overriden)
* More changes based on feedbackYawning Angel2014-03-10
| | | | | | * Use a wrapper class to isolate the scary struct.pack/unpack calls * Refactor the code to look like twisted.protocols.socks * Support DOMAINNAME, though it's untested
* CleanupsYawning Angel2014-03-10
| | | | | | | | * SOCKSv5Reply changed to a newstyle class * Move the pluggable transport specific auth code into it's own routine, with lots of comments. Thanks to isis for the help.
* Derp. IPv6 addresses are 16 bytes, and not 12. Heh.Yawning Angel2014-03-10
| | | | * It works over the loopback address at least, still haven't gotten a tunnel.
* Add SOCKSv5Reply that can be passed to SOCKSv5Protocol.send_reply()Yawning Angel2014-03-10
|
* More minor cleanupsYawning Angel2014-03-10
| | | | | | * Log a more useful error message when user sends payload data in _SOCKS_ST_CONNECTING * Explicitly log a specific error when rejecting ATYP DOMAINNAME * Connect can also fail with TimedOutError
* Send more appropriate SOCKS error codes on connect failuresYawning Angel2014-03-10
|
* Fix a search and replace errorYawning Angel2014-03-10
|
* Cleanups to the SOCKS5 codeYawning Angel2014-03-10
| | | | | | * Fixed redundant import * Added some more comments * Deal with the possibility that socket.inet_ntop may be missing
* Use SOCKS5 instead of SOCKS4Yawning Angel2014-03-10
| | | | | | | | | A straight forward SOCKS5 server implementation with the following caveats: * It is tightly coupled with the obfsproxy channel/GenericNetworkProtocol code * It's idea of RFC1929 is the ugly hack in pt-spec.txt * Only supports CONNECT * Only supports IPv4/IPv6 addresses, because DNS leaks make me sad
* Add UniformDH unit testsYawning Angel2014-03-08
| | | | | | | | | | | | | * Test against test vectors * Do 1000 generate/exchanges and validate the keys. Also acts as a quick and dirty benchmark (run with the Twisted trial to actually log). This required changing the UniformDH ctor to allow the user to specify the private key at run time. If a key that is not 192 bits is specified, it will raise a ValueError, but no one should use that feature apart from the test code. The key generation was also modified to no longer leak which public key is chosen via timing information.
* Slightly edit scramblesuit unittests so that they run in obfsproxy.George Kadianakis2014-03-02
|
* Import Philipp's scramblesuit unittests.George Kadianakis2014-03-02
|
* Add a __init__.py in the transport-specific unittest directory.George Kadianakis2014-03-02
|
* Merge branch 'yawning_gmpy2'George Kadianakis2014-03-02
|\ | | | | | | | | Conflicts: ChangeLog
| * Also support gmpy2 for doing modular exponentiation.Yawning Angel2014-02-24
| | | | | | | | There is no performance difference between gmpy1 and gmpy2 for obfsproxy, but according to the gmpy authors "gmpy2 is now the recommended version, especially if you use the pre-compiled versions for Windows.".
* | Use twisted.internet.threads.deferToThread in the obfs3 handshake.Yawning Angel2014-02-28
|/ | | | | | | | | | | | | | | | | | This cuts the amount of time that is spent doing UniformDH related work in the context of the main event loop in half. It is impossible to eliminate it entirely as the client and server both send the public keys immediately on connection when doing an obfs3 handshake. Notable changes: * self.dh.get_secret() is processed in a Twisted worker thread. * Another state is added as part of the handshake process for when the thread is running. * At each step of the handshake process, if there is data remaining unprocessed the next stage is direcly invoked at the tail of each routine. * After the handshake is done, if data is pending, self._scan_for_magic() is called. * After the magic is found, if data is pending, we relay the remaining data immediately.
* Improve the error message if we can't set up a listener.George Kadianakis2014-02-13
|
* Do the release ritual for obfsproxy-0.2.6.obfsproxy-0.2.6George Kadianakis2014-02-03
|
* Remove gmpy from the requirements of setup.py.George Kadianakis2014-02-03
|
* Do the release ritual for obfsproxy-0.2.5.obfsproxy-0.2.5George Kadianakis2014-02-03
|
* Update ChangeLog with ScrambleSuit.Philipp Winter2014-02-04
|
* Add an integration test for ScrambleSuit.Philipp Winter2014-02-04
|
* Add "pyyaml" because it is used by ScrambleSuit.Philipp Winter2014-02-04
|
* Add ScrambleSuit's ChangeLog and specification.Philipp Winter2014-02-04
|
* Import the ScrambleSuit transport protocol.Philipp Winter2014-02-04
| | | | | | | | ScrambleSuit implements a superset of the obfs3 protocol. Its original repository is available here: <https://gitweb.torproject.org/user/phw/scramblesuit.git> The project web site is available here: <http://www.cs.kau.se/philwint/scramblesuit/>
* Don't pass TransportConfig to the transport __init__().George Kadianakis2014-01-29
| | | | | Passing it to setup() is enough. Transports that need it on __init__() can keep it on their state.
* Add some more flags to TransportConfig.George Kadianakis2014-01-29
| | | | | | | Specifically a flag to tell us whether we are in external/managed mode, and a flag to tell us whether we are client or server. These will be useful so that transports can configure themselves during setup().
* Remove the PITS code.George Kadianakis2014-01-20
| | | | | | | | The code was not functioning properly and I don't even remember how it worked anymore. I will leave the spec file around in case a poor soul encounters it and decides to build it properly.
* Trivial doc tweaks and ChangeLog entries for #10342.George Kadianakis2013-12-12
|
* Fix bug when calling the __init__ of the base transport.George Kadianakis2013-12-12
|
* rename handshake to circuitConnected, since it is just a callback and you ↵Ximin Luo2013-12-11
| | | | don't *need* to do any sort of handshake
* fix #10342: make circuit an attribute of transport, rather than passing it ↵Ximin Luo2013-12-11
| | | | | | in as method params - also rm redundant "pass" statements, python doesn't need it if you have a docstring
* Another trivial ChangeLog edit.George Kadianakis2013-11-28
|
* Trivial edits and ChangeLog entry for #10243.George Kadianakis2013-11-28
|
* Add code examples to get_public_options doc strDavid Stainton2013-11-28
| | | | | Further document BaseTransport's get_public_options using a simple example torrc and code sample.
* Clean up code to filter server transport optionsDavid Stainton2013-11-28
|
* Add get_public_options method to BaseTransportDavid Stainton2013-11-28
| | | | | | | If the transport server wishes to prevent some server transport options from being added to the BridgeDB then the transport may override this method and return a transport_options dict with the keys to be distributed.
* Only use gmpy if it is installed.Philipp Winter2013-11-28
| | | | | If the library is not installed, the built-in (and slower) modular exponentiation is used.
* Fix a bug and add some docs on the setup() method.George Kadianakis2013-11-13
| | | | | | pt_configs are per-transport (since on the server-side they contain transport-specific parameters), so we should initialize one for each transport.
generated by cgit v1.2.1 (git 2.18.0) at 2024-02-02 10:38:44 +0000