mtu = flag.Int("mtu", 1452, "MTU for outgoing packets")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
+ noisy = flag.Bool("noise", false, "Enable noise appending")
)
func main() {
govpn.MTU = *mtu
govpn.Timeout = timeout
govpn.Noncediff = *nonceDiff
+ govpn.NoiseEnable = *noisy
id := govpn.IDDecode(*IDRaw)
govpn.PeersInitDummy(id)
mtu = flag.Int("mtu", 1452, "MTU for outgoing packets")
nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference")
timeoutP = flag.Int("timeout", 60, "Timeout seconds")
+ noisy = flag.Bool("noise", false, "Enable noise appending")
)
type PeerReadyEvent struct {
govpn.MTU = *mtu
govpn.Timeout = *timeoutP
govpn.Noncediff = *nonceDiff
+ govpn.NoiseEnable = *noisy
govpn.PeersInit(*peersPath)
bind, err := net.ResolveUDPAddr("udp", *bindAddr)
)
var (
- MTU int
- Timeout int
- Noncediff int
- Version string
+ MTU int
+ Timeout int
+ Noncediff int
+ Version string
+ NoiseEnable bool = false
)
// Call external program/script.
@section Client part
Except for common @code{-mtu}, @code{-noncediff}, @code{-timeout},
-@code{-stats} options client has the following ones:
+@code{-stats}, @code{-noise} options client has the following ones:
@table @code
@item -remote
--- /dev/null
+@node Noise
+@section Noise
+
+You may turn on @code{-noise} option, that forces to fill up all
+outgoing packets to their maximum (MTU) size. Without that option GoVPN
+provides confidentiality and authenticity of payload, but it's size
+leaks to the observer.
+
+As it can be applied only to outgoing traffic, you should enable it on
+both sides in most cases.
+
+Pay attention that this can dramatically increase your traffic!
@url{https://www.gnu.org/, GNU}/Linux and
@url{http://www.freebsd.org/, FreeBSD} support
@item IPv6 compatible
-@item Encrypted and authenticated transport
+@item Encrypted and authenticated payload transport
@item Relatively fast handshake
@item
@url{https://en.wikipedia.org/wiki/Replay_attack, Replay attack} protection
the peers, not even it's hash value)
@item Built-in rehandshake and heartbeat features
@item Several simultaneous clients support
+@item Optional noise-appending for concealing underlying packet's length
@item Optional built-in HTTP-server for retrieving information about
known connected peers in @url{http://json.org/, JSON} format
@end itemize
@section Server part
Except for common @code{-mtu}, @code{-noncediff}, @code{-timeout},
-@code{-stats} options server has the following ones:
+@code{-stats}, @code{-noise} options server has the following ones:
@table @code
@item -bind
@section Transport protocol
@verbatim
-ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA) +
- AUTH(ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA))
+ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA+NOISE) +
+ AUTH(ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA+NOISE))
@end verbatim
All transport and handshake messages are indistinguishable from
session @code{KEY} and encrypted @code{SERIAL} used as a nonce.
@code{DATA_SIZE} is @emph{uint16} storing length of the @code{DATA}.
+@code{NOISE} is optional. It is just some junk data, intended to fill up
+packet to MTU size. This is useful for concealing payload packets length.
+
@code{AUTH} is Poly1305 authentication function. First 256 bits of
Salsa20 output are used as a one-time key for @code{AUTH}. Next 256 bits
of Salsa20 are ignored. All remaining output is XORed with the data,
* Client part::
* Server part::
* Stats::
+* Noise::
* Example usage::
@end menu
@include stats.texi
+@include noise.texi
+
@include example.texi
salsa20.XORKeyStream(p.buf, p.buf, p.nonce, p.Key)
copy(p.buf[S20BS-NonceSize:S20BS], p.nonce)
copy(p.keyAuth[:], p.buf[:KeySize])
- p.frame = p.buf[S20BS-NonceSize : S20BS+PktSizeSize+size]
+ if NoiseEnable {
+ p.frame = p.buf[S20BS-NonceSize : S20BS+MTU-NonceSize-poly1305.TagSize]
+ } else {
+ p.frame = p.buf[S20BS-NonceSize : S20BS+PktSizeSize+size]
+ }
poly1305.Sum(p.tag, p.frame, p.keyAuth)
p.FramesOut++