def setup(cls, transportConfig):
"""
Called once when obfsproxy starts.
"""
log.error(
"\n\n################################################\n"
"Do NOT rely on ScrambleSuit for strong security!\n"
"################################################\n"
)
util.setStateLocation(transportConfig.getStateLocation())
cls.weAreClient = transportConfig.weAreClient
cls.weAreServer = not cls.weAreClient
cls.weAreExternal = transportConfig.weAreExternal
# If we are server and in managed mode, we should get the
# shared secret from the server transport options.
if cls.weAreServer and not cls.weAreExternal:
cfg = transportConfig.getServerTransportOptions()
if cfg and "password" in cfg:
try:
cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32(cfg["password"]))
except (TypeError, AttributeError) as error:
raise base.TransportSetupFailed("Password could not be base32 decoded (%s)" % error)
cls.uniformDHSecret = cls.uniformDHSecret.strip()
if cls.weAreServer:
if not hasattr(cls, "uniformDHSecret"):
log.debug("Using fallback password for descriptor file.")
srv = state.load()
cls.uniformDHSecret = srv.fallbackPassword
if len(cls.uniformDHSecret) != const.SHARED_SECRET_LENGTH:
raise base.TransportSetupFailed(
"Wrong password length (%d instead of %d)" % len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH
)
if not const.STATE_LOCATION:
raise base.TransportSetupFailed(
"No state location set. If you are using external mode, "
"please set it using the --data-dir switch."
)
state.writeServerPassword(cls.uniformDHSecret)
def setup(cls, transportConfig):
"""
Called once when obfsproxy starts.
"""
log.error("\n\n################################################\n"
"Do NOT rely on ScrambleSuit for strong security!\n"
"################################################\n")
util.setStateLocation(transportConfig.getStateLocation())
cls.weAreClient = transportConfig.weAreClient
cls.weAreServer = not cls.weAreClient
cls.weAreExternal = transportConfig.weAreExternal
# If we are server and in managed mode, we should get the
# shared secret from the server transport options.
if cls.weAreServer and not cls.weAreExternal:
cfg = transportConfig.getServerTransportOptions()
if cfg and "password" in cfg:
try:
cls.uniformDHSecret = base64.b32decode(
util.sanitiseBase32(cfg["password"]))
except (TypeError, AttributeError) as error:
raise base.TransportSetupFailed(
"Password could not be base32 decoded (%s)" % error)
cls.uniformDHSecret = cls.uniformDHSecret.strip()
if cls.weAreServer:
if not hasattr(cls, "uniformDHSecret"):
log.debug("Using fallback password for descriptor file.")
srv = state.load()
cls.uniformDHSecret = srv.fallbackPassword
if len(cls.uniformDHSecret) != const.SHARED_SECRET_LENGTH:
raise base.TransportSetupFailed(
"Wrong password length (%d instead of %d)" %
len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH)
if not const.STATE_LOCATION:
raise base.TransportSetupFailed(
"No state location set. If you are using external mode, " \
"please set it using the --data-dir switch.")
state.writeServerPassword(cls.uniformDHSecret)
def setup( cls, transportConfig ):
"""
Called once when obfsproxy starts.
"""
util.setStateLocation(transportConfig.getStateLocation())
cls.weAreClient = transportConfig.weAreClient
cls.weAreServer = not cls.weAreClient
cls.weAreExternal = transportConfig.weAreExternal
# If we are server and in managed mode, we should get the
# shared secret from the server transport options.
if cls.weAreServer and not cls.weAreExternal:
cfg = transportConfig.getServerTransportOptions()
if cfg and "password" in cfg:
cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32(
cfg["password"]))
cls.uniformDHSecret = cls.uniformDHSecret.strip()
def setup( cls, transportConfig ):
"""
Called once when obfsproxy starts.
"""
util.setStateLocation(transportConfig.getStateLocation())
cls.weAreClient = transportConfig.weAreClient
cls.weAreServer = not cls.weAreClient
cls.weAreExternal = transportConfig.weAreExternal
# If we are server and in managed mode, we should get the
# shared secret from the server transport options.
if cls.weAreServer and not cls.weAreExternal:
cfg = transportConfig.getServerTransportOptions()
if cfg and "password" in cfg:
try:
cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32(
cfg["password"]))
except TypeError as error:
log.error(error.message)
raise base.PluggableTransportError("Given password '%s' " \
"is not valid Base32! Run " \
"'generate_password.py' to generate a good " \
"password." % cfg["password"])
cls.uniformDHSecret = cls.uniformDHSecret.strip()
if cls.weAreServer:
if not hasattr(cls, "uniformDHSecret"):
log.debug("Using fallback password for descriptor file.")
srv = state.load()
cls.uniformDHSecret = srv.fallbackPassword
state.writeServerDescriptor(cls.uniformDHSecret,
transportConfig.getBindAddr(),
cls.weAreExternal)
def test4_setStateLocation( self ):
name = (const.TRANSPORT_NAME).lower()
util.setStateLocation("/tmp")
self.failUnless(const.STATE_LOCATION == "/tmp/%s/" % name)
# Nothing should change if we pass "None".
util.setStateLocation(None)
self.failUnless(const.STATE_LOCATION == "/tmp/%s/" % name)
# Check if function creates non-existant directories.
d = tempfile.mkdtemp()
util.setStateLocation(d)
self.failUnless(const.STATE_LOCATION == "%s/%s/" % (d, name))
self.failUnless(os.path.exists("%s/%s/" % (d, name)))
shutil.rmtree(d)
def __init__( self, transportConfig ):
"""
Initialise a ScrambleSuitTransport object.
"""
log.error("\n\n################################################\n"
"Do NOT rely on ScrambleSuit for strong security!\n"
"################################################\n")
log.debug("Initialising %s." % const.TRANSPORT_NAME)
util.setStateLocation(transportConfig.getStateLocation())
# Load the server's persistent state from file.
if self.weAreServer:
self.srvState = state.load()
# Initialise the protocol's state machine.
log.debug("Switching to state ST_WAIT_FOR_AUTH.")
self.protoState = const.ST_WAIT_FOR_AUTH
# Buffers for incoming and outgoing data.
self.sendBuf = self.recvBuf = ""
# Buffer for inter-arrival time obfuscation.
self.choppingBuf = ""
# AES instances to decrypt incoming and encrypt outgoing data.
self.sendCrypter = mycrypto.PayloadCrypter()
self.recvCrypter = mycrypto.PayloadCrypter()
# Packet morpher to modify the protocol's packet length distribution.
self.pktMorpher = packetmorpher.new(self.srvState.pktDist
if self.weAreServer else None)
# Inter-arrival time morpher to obfuscate inter arrival times.
self.iatMorpher = self.srvState.iatDist if self.weAreServer else \
probdist.new(lambda: random.random() %
const.MAX_PACKET_DELAY)
if self.weAreServer:
# `True' if the ticket is already decrypted but not yet
# authenticated.
self.decryptedTicket = False
if not hasattr(self, 'uniformDHSecret'):
# As the server, we get the shared secret from the constructor.
cfg = transportConfig.getServerTransportOptions()
self.uniformDHSecret = base64.b32decode(cfg["password"])
self.uniformDHSecret = self.uniformDHSecret.strip()
else:
# As the client, we get the shared secret from obfsproxy calling
# `handle_socks_args()'.
if not hasattr(self, 'uniformDHSecret'):
self.uniformDHSecret = None
self.uniformdh = uniformdh.new(self.uniformDHSecret, self.weAreServer)
# Variables used to unpack protocol messages.
self.totalLen = self.payloadLen = self.flags = None