Documentation
¶
Index ¶
- Constants
- func DeriveAESKey(psk []byte, sequenceNumber uint64) ([]byte, error)
- func DeriveHMACKey(psk []byte) ([]byte, error)
- func DeriveKey(psk []byte, salt string, keyLen int) ([]byte, error)
- func GenerateRandomBytes(length int) ([]byte, error)
- func GenerateStateToken(psk []byte, sequenceNumber uint64, encryptedPayloadWithTag []byte) ([]byte, error)
- func VerifyStateToken(psk []byte, expectedSequenceNumber uint64, ...) (bool, error)
- type CosmosObfuscator
- type Obfuscator
Constants ¶
const ( MinPSKLen = 32 // Increased PSK length for better security (HMAC-SHA256 needs 32-byte key) NonceLen = 12 // AES-GCM nonce length TagLen = 16 // AES-GCM authentication tag length AESKeyLen = 32 // AES-256 key length (from BLAKE2b-256 hash) HMACKeyLen = 32 // HMAC-SHA256 key length HMACSize = 32 // SHA256 output size (32 bytes) SequenceNumLen = 8 // Sequence number length (uint64) StateTokenLen = SequenceNumLen + HMACSize // Total state token length // Dynamic padding/header limits MaxDynamicPadding = 128 // Max random padding bytes for various sections MinDynamicPadding = 32 // Min random padding bytes // Mode A (HTTP GET Mimicry) constants HTTPLikeMinLen = 100 // Minimum length for a believable HTTP header part MaxContentLen = 8192 // Max content length for embedded payload // Mode B (Generic Binary) constants BinaryMagicLen = 4 // Length of magic bytes BinaryMagic = 0x434F534D // "COSM" in ASCII )
Constants for Cosmos protocol (moved from main obfs/cosmos.go)
Variables ¶
This section is empty.
Functions ¶
func DeriveAESKey ¶
DeriveAESKey derives the AES key for payload encryption. It incorporates the current state (sequence number) into the key derivation.
func DeriveHMACKey ¶
DeriveHMACKey derives the HMAC key for state token.
func GenerateRandomBytes ¶
GenerateRandomBytes generates a slice of cryptographically secure random bytes of the given length.
Types ¶
type CosmosObfuscator ¶
type CosmosObfuscator struct {
PSK []byte // Pre-shared key for all key derivations
// contains filtered or unexported fields
}
CosmosObfuscator implements an encrypted state machine where packet format and encryption parameters change based on a synchronized state (sequence number).
func (*CosmosObfuscator) Deobfuscate ¶
func (o *CosmosObfuscator) Deobfuscate(in, out []byte) int
Deobfuscate reconstructs and decrypts the payload from a Cosmos packet, advancing the state machine upon successful decryption and validation. Returns the length of the decrypted data, or 0 if an error occurs (e.g., state mismatch, decryption failure).
func (*CosmosObfuscator) Obfuscate ¶
func (o *CosmosObfuscator) Obfuscate(in, out []byte) int
Obfuscate encrypts the input 'in' and embeds it into a state-dependent packet format. Returns the total length of the obfuscated packet, or 0 if an error occurs or 'out' is too small.
type Obfuscator ¶
Obfuscator is the interface that wraps the Obfuscate and Deobfuscate methods. Both methods return the number of bytes written to out. If a packet is not valid, the methods should return 0.
func NewCosmosObfuscator ¶
func NewCosmosObfuscator(psk []byte) (Obfuscator, error)
NewCosmosObfuscator creates a new CosmosObfuscator instance. psk: The pre-shared key. Must be at least MinPSKLen bytes long.
Source Files