def validate_external_mode_cli(cls, args): """ Assign the given command line arguments to local variables. """ uniformDHSecret = None try: uniformDHSecret = base64.b32decode( util.sanitiseBase32(args.uniformDHSecret)) except (TypeError, AttributeError) as error: log.error(error.message) raise base.PluggableTransportError("Given password '%s' is not " \ "valid Base32! Run 'generate_password.py' to generate " \ "a good password." % args.uniformDHSecret) parentalApproval = super(ScrambleSuitTransport, cls).validate_external_mode_cli(args) if not parentalApproval: # XXX not very descriptive nor helpful, but the parent class only # returns a boolean without telling us what's wrong. raise base.PluggableTransportError( "Pluggable Transport args invalid: %s" % args) if uniformDHSecret: rawLength = len(uniformDHSecret) if rawLength != const.SHARED_SECRET_LENGTH: raise base.PluggableTransportError( "The UniformDH password must be %d bytes in length, ", "but %d bytes are given." % (const.SHARED_SECRET_LENGTH, rawLength)) else: cls.uniformDHSecret = uniformDHSecret
def validate_external_mode_cli( cls, args ): """ Assign the given command line arguments to local variables. """ uniformDHSecret = None try: uniformDHSecret = base64.b32decode(util.sanitiseBase32( args.uniformDHSecret)) except (TypeError, AttributeError) as error: log.error(error.message) raise base.PluggableTransportError("Given password '%s' is not " \ "valid Base32! Run 'generate_password.py' to generate " \ "a good password." % args.uniformDHSecret) parentalApproval = super( ScrambleSuitTransport, cls).validate_external_mode_cli(args) if not parentalApproval: # XXX not very descriptive nor helpful, but the parent class only # returns a boolean without telling us what's wrong. raise base.PluggableTransportError( "Pluggable Transport args invalid: %s" % args ) if uniformDHSecret: rawLength = len(uniformDHSecret) if rawLength != const.SHARED_SECRET_LENGTH: raise base.PluggableTransportError( "The UniformDH password must be %d bytes in length, ", "but %d bytes are given." % (const.SHARED_SECRET_LENGTH, rawLength)) else: cls.uniformDHSecret = uniformDHSecret
def setup(cls, transportConfig): """ Called once when obfsproxy starts. """ log.error( "\n\n################################################\n" "Do NOT rely on ScrambleSuit for strong security!\n" "################################################\n" ) util.setStateLocation(transportConfig.getStateLocation()) cls.weAreClient = transportConfig.weAreClient cls.weAreServer = not cls.weAreClient cls.weAreExternal = transportConfig.weAreExternal # If we are server and in managed mode, we should get the # shared secret from the server transport options. if cls.weAreServer and not cls.weAreExternal: cfg = transportConfig.getServerTransportOptions() if cfg and "password" in cfg: try: cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32(cfg["password"])) except (TypeError, AttributeError) as error: raise base.TransportSetupFailed("Password could not be base32 decoded (%s)" % error) cls.uniformDHSecret = cls.uniformDHSecret.strip() if cls.weAreServer: if not hasattr(cls, "uniformDHSecret"): log.debug("Using fallback password for descriptor file.") srv = state.load() cls.uniformDHSecret = srv.fallbackPassword if len(cls.uniformDHSecret) != const.SHARED_SECRET_LENGTH: raise base.TransportSetupFailed( "Wrong password length (%d instead of %d)" % len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH ) if not const.STATE_LOCATION: raise base.TransportSetupFailed( "No state location set. If you are using external mode, " "please set it using the --data-dir switch." ) state.writeServerPassword(cls.uniformDHSecret)
def setup(cls, transportConfig): """ Called once when obfsproxy starts. """ log.error("\n\n################################################\n" "Do NOT rely on ScrambleSuit for strong security!\n" "################################################\n") util.setStateLocation(transportConfig.getStateLocation()) cls.weAreClient = transportConfig.weAreClient cls.weAreServer = not cls.weAreClient cls.weAreExternal = transportConfig.weAreExternal # If we are server and in managed mode, we should get the # shared secret from the server transport options. if cls.weAreServer and not cls.weAreExternal: cfg = transportConfig.getServerTransportOptions() if cfg and "password" in cfg: try: cls.uniformDHSecret = base64.b32decode( util.sanitiseBase32(cfg["password"])) except (TypeError, AttributeError) as error: raise base.TransportSetupFailed( "Password could not be base32 decoded (%s)" % error) cls.uniformDHSecret = cls.uniformDHSecret.strip() if cls.weAreServer: if not hasattr(cls, "uniformDHSecret"): log.debug("Using fallback password for descriptor file.") srv = state.load() cls.uniformDHSecret = srv.fallbackPassword if len(cls.uniformDHSecret) != const.SHARED_SECRET_LENGTH: raise base.TransportSetupFailed( "Wrong password length (%d instead of %d)" % len(cls.uniformDHSecret), const.SHARED_SECRET_LENGTH) if not const.STATE_LOCATION: raise base.TransportSetupFailed( "No state location set. If you are using external mode, " \ "please set it using the --data-dir switch.") state.writeServerPassword(cls.uniformDHSecret)
def handle_socks_args(self, args): """ Receive arguments `args' passed over a SOCKS connection. The SOCKS authentication mechanism is (ab)used to pass arguments to pluggable transports. This method receives these arguments and parses them. As argument, we only expect a UniformDH shared secret. """ log.debug("Received the following arguments over SOCKS: %s." % args) if len(args) != 1: raise base.SOCKSArgsError("Too many SOCKS arguments " "(expected 1 but got %d)." % len(args)) # The ScrambleSuit specification defines that the shared secret is # called "password". if not args[0].startswith("password="******"The SOCKS argument must start with " "`password='******'=')[1].strip())) except TypeError as error: log.error(error.message) raise base.PluggableTransportError("Given password '%s' is not " \ "valid Base32! Run 'generate_password.py' to generate " \ "a good password." % args[0].split('=')[1].strip()) rawLength = len(self.uniformDHSecret) if rawLength != const.SHARED_SECRET_LENGTH: raise base.PluggableTransportError( "The UniformDH password " "must be %d bytes in length but %d bytes are given." % (const.SHARED_SECRET_LENGTH, rawLength)) self.uniformdh = uniformdh.new(self.uniformDHSecret, self.weAreServer)
def handle_socks_args(self, args): """ Receive arguments `args' passed over a SOCKS connection. The SOCKS authentication mechanism is (ab)used to pass arguments to pluggable transports. This method receives these arguments and parses them. As argument, we only expect a UniformDH shared secret. """ log.debug("Received the following arguments over SOCKS: %s." % args) if len(args) != 1: raise base.SOCKSArgsError("Too many SOCKS arguments " "(expected 1 but got %d)." % len(args)) # The ScrambleSuit specification defines that the shared secret is # called "password". if not args[0].startswith("password="******"The SOCKS argument must start with " "`password='******'%s' is not " "valid Base32! Run 'generate_password.py' to generate " "a good password." % args[0].split("=")[1].strip() ) rawLength = len(self.uniformDHSecret) if rawLength != const.SHARED_SECRET_LENGTH: raise base.PluggableTransportError( "The UniformDH password " "must be %d bytes in length but %d bytes are given." % (const.SHARED_SECRET_LENGTH, rawLength) ) self.uniformdh = uniformdh.new(self.uniformDHSecret, self.weAreServer)
def setup( cls, transportConfig ): """ Called once when obfsproxy starts. """ util.setStateLocation(transportConfig.getStateLocation()) cls.weAreClient = transportConfig.weAreClient cls.weAreServer = not cls.weAreClient cls.weAreExternal = transportConfig.weAreExternal # If we are server and in managed mode, we should get the # shared secret from the server transport options. if cls.weAreServer and not cls.weAreExternal: cfg = transportConfig.getServerTransportOptions() if cfg and "password" in cfg: cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32( cfg["password"])) cls.uniformDHSecret = cls.uniformDHSecret.strip()
def setup( cls, transportConfig ): """ Called once when obfsproxy starts. """ util.setStateLocation(transportConfig.getStateLocation()) cls.weAreClient = transportConfig.weAreClient cls.weAreServer = not cls.weAreClient cls.weAreExternal = transportConfig.weAreExternal # If we are server and in managed mode, we should get the # shared secret from the server transport options. if cls.weAreServer and not cls.weAreExternal: cfg = transportConfig.getServerTransportOptions() if cfg and "password" in cfg: try: cls.uniformDHSecret = base64.b32decode(util.sanitiseBase32( cfg["password"])) except TypeError as error: log.error(error.message) raise base.PluggableTransportError("Given password '%s' " \ "is not valid Base32! Run " \ "'generate_password.py' to generate a good " \ "password." % cfg["password"]) cls.uniformDHSecret = cls.uniformDHSecret.strip() if cls.weAreServer: if not hasattr(cls, "uniformDHSecret"): log.debug("Using fallback password for descriptor file.") srv = state.load() cls.uniformDHSecret = srv.fallbackPassword state.writeServerDescriptor(cls.uniformDHSecret, transportConfig.getBindAddr(), cls.weAreExternal)
def test3_sanitiseBase32( self ): self.failUnless(util.sanitiseBase32("abc") == "ABC") self.failUnless(util.sanitiseBase32("ABC1XYZ") == "ABCIXYZ") self.failUnless(util.sanitiseBase32("ABC1XYZ0") == "ABCIXYZO")