cosmicdust

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2025 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MinPSKLen         = 64
	NonceLen          = 12
	TagLen            = 16
	AESKeyLen         = 32
	HMACKeyLen        = 32
	HMACSize          = 32
	SequenceNumLen    = 8
	CumulativeHashLen = 32

	SegmentIDLen             = 8
	SegmentIndexLen          = 2
	TotalSegmentsLen         = 2
	EncryptedPayloadLenBytes = 2
	SegmentMetadataLen       = SegmentIDLen + SegmentIndexLen + TotalSegmentsLen + EncryptedPayloadLenBytes
	SegmentStateTokenLen     = SegmentMetadataLen + HMACSize

	MaxSegmentPayloadSize = 1200
	MinSegmentPayloadSize = 100

	MaxDynamicPadding = 256
	MinDynamicPadding = 64

	DecoyFrequency = 5
)
View Source 
const (
	// 定义新的模式常量
	ModeDTLSHandshake = 0 // Previously ModeTLSAppData, now mimicking DTLS
	ModeDNSQuery      = 1
	ModeNTPRequest    = 2
	ModeDecoy         = 3

	NumDisguiseModes = 4 // Total number of active disguise modes
)

Variables

This section is empty.

Functions

func DeobfuscateModeDNSQuery 

func DeobfuscateModeDNSQuery(in []byte) ([]byte, []byte, []byte, int, error)

func DeobfuscateModeDTLSHandshake added in v0.3.2 

func DeobfuscateModeDTLSHandshake(in []byte) ([]byte, []byte, []byte, int, error)

DeobfuscateModeDTLSHandshake 从模仿的 DTLS 握手包中提取嵌入数据

func DeobfuscateModeDecoy 

func DeobfuscateModeDecoy(psk []byte, cumulativeHash []byte, in []byte) (bool, error)

func DeobfuscateModeNTPRequest 

func DeobfuscateModeNTPRequest(in []byte) ([]byte, []byte, []byte, int, error)

func DeriveAESKey 

func DeriveAESKey(psk []byte, packetID uint64, segmentIndex uint16, cumulativeHash []byte) ([]byte, error)

DeriveAESKey derives the AES key for a specific segment. It incorporates PSK, cumulativeStateHash, PacketID, and SegmentIndex.

func DeriveHMACKey 

func DeriveHMACKey(psk []byte, packetID uint64, segmentIndex uint16, cumulativeHash []byte) ([]byte, error)

DeriveHMACKey derives the HMAC key for a specific segment's state token. It incorporates PSK, cumulativeStateHash, PacketID, and SegmentIndex.

func DeriveInitialCumulativeHash 

func DeriveInitialCumulativeHash(psk []byte) ([]byte, error)

DeriveInitialCumulativeHash computes the initial cumulative hash from the PSK. This ensures both client and server start with the same synchronized state.

func DeriveKey 

func DeriveKey(psk []byte, salt string, additionalContext []byte, keyLen int) ([]byte, error)

DeriveKey derives a fixed-size key from the PSK, a context-specific salt, and an additional context. The additional context allows for key diversity based on current state.

func ExtractSegmentMetadata 

func ExtractSegmentMetadata(segmentStateToken []byte) (uint64, uint16, uint16, uint16, error)

ExtractSegmentMetadata extracts PacketID, SegmentIndex, TotalSegments, and EncryptedPayloadLen from the SegmentStateToken.

func GenerateRandomBytes 

func GenerateRandomBytes(length int) ([]byte, error)

GenerateRandomBytes generates a slice of cryptographically secure random bytes of the given length.

func GenerateSegmentStateToken 

func GenerateSegmentStateToken(psk []byte, packetID uint64, segmentIndex uint16, totalSegments uint16, encryptedPayloadLen uint16, cumulativeHash []byte, encryptedSegmentPayload []byte) ([]byte, error)

GenerateSegmentStateToken creates the token for each segment. Token structure: [PacketID (8 bytes)] + [SegmentIndex (2 bytes)] + [TotalSegments (2 bytes)] + [EncryptedPayloadLen (2 bytes)] + [HMAC (32 bytes)] The HMAC covers: PacketID + SegmentIndex + TotalSegments + EncryptedPayloadLen + CumulativeHash + EncryptedSegmentPayload.

func ObfuscateModeDNSQuery 

func ObfuscateModeDNSQuery(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func ObfuscateModeDTLSHandshake added in v0.3.2 

func ObfuscateModeDTLSHandshake(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

ObfuscateModeDTLSHandshake 模仿 DTLS 1.2 ClientHello 握手包结构

func ObfuscateModeDecoy 

func ObfuscateModeDecoy(randSrc *mrand.Rand, psk []byte, cumulativeHash []byte) ([]byte, error)

func ObfuscateModeNTPRequest 

func ObfuscateModeNTPRequest(randSrc *mrand.Rand, segmentStateToken, nonce, encryptedSegmentPayload []byte) ([]byte, error)

func UpdateCumulativeHash 

func UpdateCumulativeHash(psk []byte, oldHash []byte, packetID uint64, processedData []byte) ([]byte, error)

UpdateCumulativeHash updates the global cumulative state hash. It incorporates the old hash, PSK, current packet ID, and the processed data (e.g., original payload).

func VerifySegmentStateToken 

func VerifySegmentStateToken(psk []byte, packetID uint64, segmentIndex uint16, totalSegments uint16, encryptedPayloadLen uint16, expectedCumulativeHash []byte, receivedToken []byte, encryptedSegmentPayload []byte) (bool, error)

VerifySegmentStateToken verifies the HMAC of a received segment state token.

Types

type CosmicDustObfuscator 

type CosmicDustObfuscator struct {
	PSK []byte
	// contains filtered or unexported fields
}

func (*CosmicDustObfuscator) Deobfuscate 

func (o *CosmicDustObfuscator) Deobfuscate(in []byte, out []byte) int

func (*CosmicDustObfuscator) Obfuscate 

func (o *CosmicDustObfuscator) Obfuscate(in []byte, out []byte) int

type Obfuscator 

type Obfuscator interface {
	Obfuscate(in []byte, out []byte) int
	Deobfuscate(in []byte, out []byte) int
}

func NewCosmicDustObfuscator 

func NewCosmicDustObfuscator(psk []byte) (Obfuscator, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.