Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrPSKTooShort = fmt.Errorf("PSK must be at least %d bytes", smPSKMinLen)
Functions ¶
func WrapPacketConn ¶
func WrapPacketConn(conn net.PacketConn, obfs Obfuscator) net.PacketConn
WrapPacketConn enables obfuscation on a net.PacketConn. The obfuscation is transparent to the caller - the n bytes returned by ReadFrom and WriteTo are the number of original bytes, not after obfuscation/deobfuscation.
Types ¶
type ChameleonObfuscator ¶ added in v0.0.1
type ChameleonObfuscator struct {
PSK []byte // Pre-shared key. Used to derive the actual ChaCha20 key.
}
ChameleonObfuscator implements authenticated encryption using ChaCha20-Poly1305. It derives a unique key for each packet from a pre-shared key (PSK) and a per-packet random nonce. The nonce is prepended to the ciphertext. This provides strong confidentiality and integrity.
func NewChameleonObfuscator ¶ added in v0.0.1
func NewChameleonObfuscator(psk []byte) (*ChameleonObfuscator, error)
NewChameleonObfuscator creates a new ChameleonObfuscator instance. psk: The pre-shared key used to derive the ChaCha20 key. It must not be empty.
func (*ChameleonObfuscator) Deobfuscate ¶ added in v0.0.1
func (o *ChameleonObfuscator) Deobfuscate(in, out []byte) int
Deobfuscate decrypts the input byte slice 'in' and writes the result to 'out'. It extracts the nonce, derives the key, and attempts to decrypt the payload. If decryption fails (e.g., due to data corruption or tampering, indicated by authentication failure), it returns 0 to signal an invalid packet. Returns the number of bytes written to 'out'. If 'in' is invalid or 'out' is too small, returns 0.
func (*ChameleonObfuscator) Obfuscate ¶ added in v0.0.1
func (o *ChameleonObfuscator) Obfuscate(in, out []byte) int
Obfuscate encrypts the input byte slice 'in' and writes the result to 'out'. It generates a random nonce, derives a ChaCha20 key from the PSK, encrypts 'in' with the nonce, and prepends the nonce to the resulting ciphertext (which includes the auth tag). Returns the number of bytes written to 'out'. If 'out' is too small, returns 0.
type Obfuscator ¶
Obfuscator is the interface that wraps the Obfuscate and Deobfuscate methods. Both methods return the number of bytes written to out. If a packet is not valid, the methods should return 0.
func NewObfuscatorFromConfig ¶ added in v0.0.1
func NewObfuscatorFromConfig(cfg ObfuscatorConfig) (Obfuscator, error)
NewObfuscatorFromConfig is a factory function that creates and returns an Obfuscator interface instance based on the provided configuration. It centralizes the instantiation logic for different obfuscation protocols.
type ObfuscatorConfig ¶ added in v0.0.1
type ObfuscatorConfig struct {
Type string `mapstructure:"type"` // Type of the obfuscator (e.g., "salamander", "scramble", "chameleon")
Password string `mapstructure:"password"` // Pre-shared key/password used by the obfuscator
}
ObfuscatorConfig defines the common configuration structure for all obfuscators. This allows for unified configuration parsing.
type SalamanderObfuscator ¶
type SalamanderObfuscator struct {
PSK []byte
RandSrc *rand.Rand
// contains filtered or unexported fields
}
SalamanderObfuscator is an obfuscator that obfuscates each packet with the BLAKE2b-256 hash of a pre-shared key combined with a random salt. Packet format: [8-byte salt][payload]
func NewSalamanderObfuscator ¶
func NewSalamanderObfuscator(psk []byte) (*SalamanderObfuscator, error)
func (*SalamanderObfuscator) Deobfuscate ¶
func (o *SalamanderObfuscator) Deobfuscate(in, out []byte) int
func (*SalamanderObfuscator) Obfuscate ¶
func (o *SalamanderObfuscator) Obfuscate(in, out []byte) int
type ScrambleObfuscator ¶ added in v0.0.1
type ScrambleObfuscator struct {
PSK []byte // Pre-shared key for key derivation
}
ScrambleObfuscator implements a simple counter-based stream cipher obfuscation. It uses a per-packet random nonce and a pre-shared key (PSK) to derive an evolving key stream for each block of the packet.
func NewScrambleObfuscator ¶ added in v0.0.1
func NewScrambleObfuscator(psk []byte) (*ScrambleObfuscator, error)
NewScrambleObfuscator creates a new ScrambleObfuscator instance. psk: The pre-shared key used for obfuscation. It must not be empty.
func (*ScrambleObfuscator) Deobfuscate ¶ added in v0.0.1
func (o *ScrambleObfuscator) Deobfuscate(in, out []byte) int
Deobfuscate deobfuscates the input byte slice 'in' and writes the result to 'out'. It extracts the nonce, re-derives the same evolving key stream, and XORs the payload to restore the original data. Returns the number of bytes written to 'out'. If 'in' is invalid or 'out' is too small, returns 0.
func (*ScrambleObfuscator) Obfuscate ¶ added in v0.0.1
func (o *ScrambleObfuscator) Obfuscate(in, out []byte) int
Obfuscate obfuscates the input byte slice 'in' and writes the result to 'out'. It prepends a random nonce, then XORs payload blocks with an evolving key derived from the PSK and the current nonce counter. Returns the number of bytes written to 'out'. If 'out' is too small, returns 0.