From: Sergey Matveev Date: Fri, 1 May 2015 17:01:52 +0000 (+0300) Subject: Ability to append noise to outgoing packets X-Git-Tag: 3.0^2~13 X-Git-Url: http://www.git.cypherpunks.ru/?p=govpn.git;a=commitdiff_plain;h=75a14e6594c7acfc9ac68d9ecf96ed0b0974bbb8 Ability to append noise to outgoing packets Signed-off-by: Sergey Matveev --- diff --git a/cmd/govpn-client/main.go b/cmd/govpn-client/main.go index 6b7fac1..495c22c 100644 --- a/cmd/govpn-client/main.go +++ b/cmd/govpn-client/main.go @@ -40,6 +40,7 @@ var ( mtu = flag.Int("mtu", 1452, "MTU for outgoing packets") nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference") timeoutP = flag.Int("timeout", 60, "Timeout seconds") + noisy = flag.Bool("noise", false, "Enable noise appending") ) func main() { @@ -51,6 +52,7 @@ func main() { govpn.MTU = *mtu govpn.Timeout = timeout govpn.Noncediff = *nonceDiff + govpn.NoiseEnable = *noisy id := govpn.IDDecode(*IDRaw) govpn.PeersInitDummy(id) diff --git a/cmd/govpn-server/main.go b/cmd/govpn-server/main.go index 43c2722..032de00 100644 --- a/cmd/govpn-server/main.go +++ b/cmd/govpn-server/main.go @@ -39,6 +39,7 @@ var ( mtu = flag.Int("mtu", 1452, "MTU for outgoing packets") nonceDiff = flag.Int("noncediff", 1, "Allow nonce difference") timeoutP = flag.Int("timeout", 60, "Timeout seconds") + noisy = flag.Bool("noise", false, "Enable noise appending") ) type PeerReadyEvent struct { @@ -85,6 +86,7 @@ func main() { govpn.MTU = *mtu govpn.Timeout = *timeoutP govpn.Noncediff = *nonceDiff + govpn.NoiseEnable = *noisy govpn.PeersInit(*peersPath) bind, err := net.ResolveUDPAddr("udp", *bindAddr) diff --git a/common.go b/common.go index 7eb4060..5be6db0 100644 --- a/common.go +++ b/common.go @@ -28,10 +28,11 @@ import ( ) var ( - MTU int - Timeout int - Noncediff int - Version string + MTU int + Timeout int + Noncediff int + Version string + NoiseEnable bool = false ) // Call external program/script. diff --git a/doc/client.texi b/doc/client.texi index 076937b..52f6429 100644 --- a/doc/client.texi +++ b/doc/client.texi @@ -2,7 +2,7 @@ @section Client part Except for common @code{-mtu}, @code{-noncediff}, @code{-timeout}, -@code{-stats} options client has the following ones: +@code{-stats}, @code{-noise} options client has the following ones: @table @code @item -remote diff --git a/doc/noise.texi b/doc/noise.texi new file mode 100644 index 0000000..9bb27c6 --- /dev/null +++ b/doc/noise.texi @@ -0,0 +1,12 @@ +@node Noise +@section Noise + +You may turn on @code{-noise} option, that forces to fill up all +outgoing packets to their maximum (MTU) size. Without that option GoVPN +provides confidentiality and authenticity of payload, but it's size +leaks to the observer. + +As it can be applied only to outgoing traffic, you should enable it on +both sides in most cases. + +Pay attention that this can dramatically increase your traffic! diff --git a/doc/overview.texi b/doc/overview.texi index 9dfd081..76fac71 100644 --- a/doc/overview.texi +++ b/doc/overview.texi @@ -48,7 +48,7 @@ network interfaces on top of UDP entirely @url{https://www.gnu.org/, GNU}/Linux and @url{http://www.freebsd.org/, FreeBSD} support @item IPv6 compatible -@item Encrypted and authenticated transport +@item Encrypted and authenticated payload transport @item Relatively fast handshake @item @url{https://en.wikipedia.org/wiki/Replay_attack, Replay attack} protection @@ -65,6 +65,7 @@ authentication (pre-shared key is not transmitted in any form between the peers, not even it's hash value) @item Built-in rehandshake and heartbeat features @item Several simultaneous clients support +@item Optional noise-appending for concealing underlying packet's length @item Optional built-in HTTP-server for retrieving information about known connected peers in @url{http://json.org/, JSON} format @end itemize diff --git a/doc/server.texi b/doc/server.texi index 7541d57..69fee73 100644 --- a/doc/server.texi +++ b/doc/server.texi @@ -2,7 +2,7 @@ @section Server part Except for common @code{-mtu}, @code{-noncediff}, @code{-timeout}, -@code{-stats} options server has the following ones: +@code{-stats}, @code{-noise} options server has the following ones: @table @code @item -bind diff --git a/doc/transport.texi b/doc/transport.texi index b12a308..b762861 100644 --- a/doc/transport.texi +++ b/doc/transport.texi @@ -2,8 +2,8 @@ @section Transport protocol @verbatim -ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA) + - AUTH(ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA)) +ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA+NOISE) + + AUTH(ENCn(SERIAL) + ENC(KEY, ENCn(SERIAL), DATA_SIZE+DATA+NOISE)) @end verbatim All transport and handshake messages are indistinguishable from @@ -26,6 +26,9 @@ is always used only once. @code{ENC} is Salsa20 cipher, with established session @code{KEY} and encrypted @code{SERIAL} used as a nonce. @code{DATA_SIZE} is @emph{uint16} storing length of the @code{DATA}. +@code{NOISE} is optional. It is just some junk data, intended to fill up +packet to MTU size. This is useful for concealing payload packets length. + @code{AUTH} is Poly1305 authentication function. First 256 bits of Salsa20 output are used as a one-time key for @code{AUTH}. Next 256 bits of Salsa20 are ignored. All remaining output is XORed with the data, diff --git a/doc/user.texi b/doc/user.texi index dfe9534..b5ebd8f 100644 --- a/doc/user.texi +++ b/doc/user.texi @@ -17,6 +17,7 @@ automate it using up and down shell scripts. * Client part:: * Server part:: * Stats:: +* Noise:: * Example usage:: @end menu @@ -32,4 +33,6 @@ automate it using up and down shell scripts. @include stats.texi +@include noise.texi + @include example.texi diff --git a/transport.go b/transport.go index 4277628..a595130 100644 --- a/transport.go +++ b/transport.go @@ -301,7 +301,11 @@ func (p *Peer) EthProcess(ethPkt []byte, conn WriteToer, ready chan struct{}) { salsa20.XORKeyStream(p.buf, p.buf, p.nonce, p.Key) copy(p.buf[S20BS-NonceSize:S20BS], p.nonce) copy(p.keyAuth[:], p.buf[:KeySize]) - p.frame = p.buf[S20BS-NonceSize : S20BS+PktSizeSize+size] + if NoiseEnable { + p.frame = p.buf[S20BS-NonceSize : S20BS+MTU-NonceSize-poly1305.TagSize] + } else { + p.frame = p.buf[S20BS-NonceSize : S20BS+PktSizeSize+size] + } poly1305.Sum(p.tag, p.frame, p.keyAuth) p.FramesOut++