cosmicdust

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2025 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MinPSKLen         = 64
	NonceLen          = 12
	TagLen            = 16
	AESKeyLen         = 32
	HMACKeyLen        = 32
	HMACSize          = 32
	SequenceNumLen    = 8
	CumulativeHashLen = 32

	SegmentIDLen             = 8
	SegmentIndexLen          = 2
	TotalSegmentsLen         = 2
	EncryptedPayloadLenBytes = 2
	SegmentMetadataLen       = SegmentIDLen + SegmentIndexLen + TotalSegmentsLen + EncryptedPayloadLenBytes
	SegmentStateTokenLen     = SegmentMetadataLen + HMACSize

	MaxSegmentPayloadSize = 1200
	MinSegmentPayloadSize = 100

	MaxDynamicPadding = 256
	MinDynamicPadding = 64

	DecoyFrequency = 5
)
View Source 
const (
	ModeTLSAppData   = 0
	ModeDNSQuery     = 1
	ModeHTTPFragment = 2
	ModeNTPRequest   = 3
	ModeDecoy        = 4
	NumDisguiseModes = 5
)

Variables

This section is empty.

Functions

func DeobfuscateModeDNSQuery 

func DeobfuscateModeDNSQuery(in []byte) ([]byte, []byte, []byte, int, error)

func DeobfuscateModeDecoy 

func DeobfuscateModeDecoy(psk []byte, cumulativeHash []byte, in []byte) (bool, error)

func DeobfuscateModeHTTPFragment 

func DeobfuscateModeHTTPFragment(in []byte) ([]byte, []byte, []byte, int, error)

func DeobfuscateModeNTPRequest 

func DeobfuscateModeNTPRequest(in []byte) ([]byte, []byte, []byte, int, error)

func DeobfuscateModeTLSAppData 

func DeobfuscateModeTLSAppData(in []byte) ([]byte, []byte, []byte, int, error)

func DeriveAESKey 

func DeriveAESKey(psk []byte, packetID uint64, segmentIndex uint16, cumulativeHash []byte) ([]byte, error)

DeriveAESKey derives the AES key for a specific segment. It incorporates PSK, cumulativeStateHash, PacketID, and SegmentIndex.

func DeriveHMACKey 

func DeriveHMACKey(psk []byte, packetID uint64, segmentIndex uint16, cumulativeHash []byte) ([]byte, error)

DeriveHMACKey derives the HMAC key for a specific segment's state token. It incorporates PSK, cumulativeStateHash, PacketID, and SegmentIndex.

func DeriveInitialCumulativeHash 

func DeriveInitialCumulativeHash(psk []byte) ([]byte, error)

DeriveInitialCumulativeHash computes the initial cumulative hash from the PSK. This ensures both client and server start with the same synchronized state.

func DeriveKey 

func DeriveKey(psk []byte, salt string, additionalContext []byte, keyLen int) ([]byte, error)

DeriveKey derives a fixed-size key from the PSK, a context-specific salt, and an additional context. The additional context allows for key diversity based on current state.

func ExtractSegmentMetadata 

func ExtractSegmentMetadata(segmentStateToken []byte) (uint64, uint16, uint16, uint16, error)

ExtractSegmentMetadata extracts PacketID, SegmentIndex, TotalSegments, and EncryptedPayloadLen from the SegmentStateToken.

func GenerateRandomBytes 

func GenerateRandomBytes(length int) ([]byte, error)

GenerateRandomBytes generates a slice of cryptographically secure random bytes of the given length.

func GenerateSegmentStateToken 

func GenerateSegmentStateToken(psk []byte, packetID uint64, segmentIndex uint16, totalSegments uint16, encryptedPayloadLen uint16, cumulativeHash []byte, encryptedSegmentPayload []byte) ([]byte, error)

GenerateSegmentStateToken creates the token for each segment. Token structure: [PacketID (8 bytes)] + [SegmentIndex (2 bytes)] + [TotalSegments (2 bytes)] + [EncryptedPayloadLen (2 bytes)] + [HMAC (32 bytes)] The HMAC covers: PacketID + SegmentIndex + TotalSegments + EncryptedPayloadLen + CumulativeHash + EncryptedSegmentPayload.

func ObfuscateModeDNSQuery 

func ObfuscateModeDNSQuery(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func ObfuscateModeDecoy 

func ObfuscateModeDecoy(randSrc *mrand.Rand, psk []byte, cumulativeHash []byte) ([]byte, error)

func ObfuscateModeHTTPFragment 

func ObfuscateModeHTTPFragment(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func ObfuscateModeNTPRequest 

func ObfuscateModeNTPRequest(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func ObfuscateModeTLSAppData 

func ObfuscateModeTLSAppData(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func UpdateCumulativeHash 

func UpdateCumulativeHash(psk []byte, oldHash []byte, packetID uint64, processedData []byte) ([]byte, error)

UpdateCumulativeHash updates the global cumulative state hash. It incorporates the old hash, PSK, current packet ID, and the processed data (e.g., original payload).

func VerifySegmentStateToken 

func VerifySegmentStateToken(psk []byte, packetID uint64, segmentIndex uint16, totalSegments uint16, encryptedPayloadLen uint16, expectedCumulativeHash []byte, receivedToken []byte, encryptedSegmentPayload []byte) (bool, error)

VerifySegmentStateToken verifies the HMAC of a received segment state token.

Types

type CosmicDustObfuscator 

type CosmicDustObfuscator struct {
	PSK []byte
	// contains filtered or unexported fields
}

func (*CosmicDustObfuscator) Deobfuscate 

func (o *CosmicDustObfuscator) Deobfuscate(in []byte, out []byte) int

func (*CosmicDustObfuscator) Obfuscate 

func (o *CosmicDustObfuscator) Obfuscate(in []byte, out []byte) int

type Obfuscator 

type Obfuscator interface {
	Obfuscate(in []byte, out []byte) int
	Deobfuscate(in []byte, out []byte) int
}

func NewCosmicDustObfuscator 

func NewCosmicDustObfuscator(psk []byte) (Obfuscator, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.