hypernova

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MinPSKLen         = 64                                            // Increased PSK length for more robust key derivation (e.g., for multiple HMACs/AES keys)
	NonceLen          = 12                                            // AES-GCM nonce length
	TagLen            = 16                                            // AES-GCM authentication tag length
	AESKeyLen         = 32                                            // AES-256 key length
	HMACKeyLen        = 32                                            // HMAC-SHA256 key length
	HMACSize          = 32                                            // SHA256 output size (32 bytes)
	SequenceNumLen    = 8                                             // Sequence number length (uint64)
	CumulativeHashLen = 32                                            // Length of cumulative hash (SHA256)
	StateTokenLen     = SequenceNumLen + CumulativeHashLen + HMACSize // Sequence Num + Cumulative Hash + HMAC for integrity

	// General dynamic padding limits
	MaxDynamicPadding = 256 // Max random padding bytes for various sections
	MinDynamicPadding = 64  // Min random padding bytes

)

Global constants for Hypernova protocol

View Source 
const (
	ModeTLSHandshake   = 0 // Mimics TLS ClientHello
	ModeDNSQuery       = 1 // Mimics DNS A record query
	ModeSSHKeyExchange = 2 // Mimics SSH_MSG_KEXINIT
	NumDisguiseModes   = 3 // Total number of disguise modes
)

Disguise mode identifiers

Variables

This section is empty.

Functions

func DeobfuscateModeDNSQuery 

func DeobfuscateModeDNSQuery(in []byte, expectedSequenceNumber uint64) ([]byte, []byte, []byte, error)

DeobfuscateModeDNSQuery parses a packet mimicking a DNS A record query.

func DeobfuscateModeSSHKeyExchange 

func DeobfuscateModeSSHKeyExchange(in []byte, expectedSequenceNumber uint64) ([]byte, []byte, []byte, error)

DeobfuscateModeSSHKeyExchange parses a packet mimicking an SSH_MSG_KEXINIT.

func DeobfuscateModeTLSHandshake 

func DeobfuscateModeTLSHandshake(in []byte, expectedSequenceNumber uint64) ([]byte, []byte, []byte, error)

DeobfuscateModeTLSHandshake parses a packet mimicking a TLS ClientHello. It extracts stateToken, nonce, and encryptedPayload.

func DeriveAESKey 

func DeriveAESKey(psk []byte, sequenceNumber uint64, cumulativeHash []byte) ([]byte, error)

DeriveAESKey derives the AES key for payload encryption. It incorporates the current sequence number and cumulative state hash into the key derivation.

func DeriveHMACKey 

func DeriveHMACKey(psk []byte, cumulativeHash []byte) ([]byte, error)

DeriveHMACKey derives the HMAC key for state token. It uses the cumulative state hash as additional context to make the HMAC key change over time.

func DeriveInitialCumulativeHash 

func DeriveInitialCumulativeHash(psk []byte) ([]byte, error)

DeriveInitialCumulativeHash computes the initial cumulative hash from the PSK. This ensures both client and server start with the same synchronized state.

func DeriveKey 

func DeriveKey(psk []byte, salt string, additionalContext []byte, keyLen int) ([]byte, error)

DeriveKey derives a fixed-size key from the PSK, a context-specific salt, and an additional context. The additional context allows for key diversity based on current state.

func GenerateRandomBytes 

func GenerateRandomBytes(length int) ([]byte, error)

GenerateRandomBytes generates a slice of cryptographically secure random bytes of the given length.

func GenerateStateToken 

func GenerateStateToken(psk []byte, sequenceNumber uint64, cumulativeHash []byte, encryptedPayloadWithTag []byte) ([]byte, error)

GenerateStateToken generates the state token which includes sequence number, cumulative hash, and an HMAC. The HMAC covers the sequence number, the *current* cumulative hash, and the encrypted payload.

func ObfuscateModeDNSQuery 

func ObfuscateModeDNSQuery(randSrc *mrand.Rand, stateToken, nonce, encryptedPayload []byte, sequenceNumber uint64, out []byte) int

ObfuscateModeDNSQuery crafts a packet that mimics a DNS A record query. It embeds stateToken, nonce, and encryptedPayload.

func ObfuscateModeSSHKeyExchange 

func ObfuscateModeSSHKeyExchange(randSrc *mrand.Rand, stateToken, nonce, encryptedPayload []byte, sequenceNumber uint64, out []byte) int

ObfuscateModeSSHKeyExchange crafts a packet that mimics an SSH_MSG_KEXINIT. It embeds stateToken, nonce, and encryptedPayload within the SSH structure.

func ObfuscateModeTLSHandshake 

func ObfuscateModeTLSHandshake(randSrc *mrand.Rand, stateToken, nonce, encryptedPayload []byte, sequenceNumber uint64, out []byte) int

ObfuscateModeTLSHandshake crafts a packet that mimics a TLS ClientHello. It embeds stateToken, nonce, and encryptedPayload within the TLS structure.

func UpdateCumulativeHash 

func UpdateCumulativeHash(psk []byte, oldHash []byte, sequenceNumber uint64, data []byte) ([]byte, error)

UpdateCumulativeHash updates the cumulative state hash based on the previous hash, sequence number, and data. This is critical for the history-dependent state machine.

func VerifyStateToken 

func VerifyStateToken(psk []byte, expectedSequenceNumber uint64, expectedCumulativeHash []byte, token, encryptedPayloadWithTag []byte) (bool, error)

VerifyStateToken verifies the received state token. It checks the sequence number, the embedded cumulative hash, and the HMAC.

Types

type HypernovaObfuscator 

type HypernovaObfuscator struct {
	PSK []byte // Pre-shared key for all key derivations
	// contains filtered or unexported fields
}

HypernovaObfuscator implements a highly complex, stateful obfuscation protocol. It uses multi-layered polymorphism, a history-dependent state machine, and dynamic traffic shaping elements.

func (*HypernovaObfuscator) Deobfuscate 

func (o *HypernovaObfuscator) Deobfuscate(in, out []byte) int

Deobfuscate reconstructs and decrypts the payload from a Hypernova packet, advancing the state machine upon successful decryption and validation. Returns the length of the decrypted data, or 0 if an error occurs.

func (*HypernovaObfuscator) Obfuscate 

func (o *HypernovaObfuscator) Obfuscate(in, out []byte) int

Obfuscate encrypts the input 'in' and embeds it into a state-dependent packet format. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.

type Obfuscator 

type Obfuscator interface {
	Obfuscate(in, out []byte) int
	Deobfuscate(in, out []byte) int
}

Obfuscator is the interface that wraps the Obfuscate and Deobfuscate methods. Both methods return the number of bytes written to out. If a packet is not valid, the methods should return 0.

func NewHypernovaObfuscator 

func NewHypernovaObfuscator(psk []byte) (Obfuscator, error)

NewHypernovaObfuscator creates a new HypernovaObfuscator instance. psk: The pre-shared key. Must be at least MinPSKLen bytes long.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.