.gitignore

-*.swp
-*~
-
-obfs4proxy/obfs4proxy

ChangeLog

+Changes in version 0.0.8 - 2019-01-20:
+ - Bug 24793: Send the correct authorization HTTP header for basic auth.
+ - (meek_lite) Explicitly set Content-Length to zero when there is no data
+   to send.
+ - Added optional support for building as a Go 1.11 module.  Patch by mvdan.
+ - Change the canonical upstream repo location to gitlab.
+
 Changes in version 0.0.7 - 2016-11-15:
  - Support configuring the obfs4 IAT parameter as the sole
    ServerTransportOption on bridges, and correctly checkpoint the argument

README.md

@@ -29,24 +29,24 @@ handshake variants without being obscenely slow is non-trivial.
 
 ### Dependencies
 
-Build time library dependencies are handled by go get automatically but are
-listed for clarity.
+Build time library dependencies are handled by the Go module automatically.
 
- * Go 1.2.0 or later.   Prior versions of Go (Eg: 1.0.2) are missing certain
-   important parts of the runtime library like a SHA256 implementation.
- * go.crypto (https://golang.org/x/crypto)
- * go.net (https://golang.org/x/net)
- * ed25519/extra25519 (https://github.com/agl/ed25519/extra25519)
- * SipHash-2-4 (https://github.com/dchest/siphash)
- * goptlib (https://git.torproject.org/pluggable-transports/goptlib.git)
+If you are on Go versions earlier than 1.11, you might need to run `go get -d
+./...` to download all the dependencies. Note however, that modules always use
+the same dependency versions, while `go get -d` always downloads master.
+
+ * Go 1.11.0 or later. Patches to support up to 2 prior major releases will
+   be accepted if they are not overly intrusive and well written.
+ * See `go.mod` for build time dependencies.
 
 ### Installation
 
 To build:
-`go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy`
 
-To install:
-Copy `$GOPATH/bin/obfs4proxy` to a permanent location (Eg: `/usr/local/bin`)
+	`go build -o obfs4proxy/obfs4proxy ./obfs4proxy`
+
+To install, copy `./obfs4proxy/obfsproxy` to a permanent location
+(Eg: `/usr/local/bin`)
 
 Client side torrc configuration:
 ```

common/csrand/csrand.go

@@ -31,7 +31,7 @@
 // Not all of the convinience routines are replicated, only those that are
 // immediately useful.  The Rand variable provides access to the full math/rand
 // API.
-package csrand
+package csrand // import "gitlab.com/yawning/obfs4.git/common/csrand"
 
 import (
 	cryptRand "crypto/rand"

common/drbg/hash_drbg.go

@@ -27,7 +27,7 @@
 
 // Package drbg implements a minimalistic DRBG based off SipHash-2-4 in OFB
 // mode.
-package drbg
+package drbg // import "gitlab.com/yawning/obfs4.git/common/drbg"
 
 import (
 	"encoding/binary"
@@ -36,8 +36,7 @@ import (
 	"hash"
 
 	"github.com/dchest/siphash"
-
-	"git.torproject.org/pluggable-transports/obfs4.git/common/csrand"
+	"gitlab.com/yawning/obfs4.git/common/csrand"
 )
 
 // Size is the length of the HashDrbg output.
@@ -140,7 +139,7 @@ func (drbg *HashDrbg) Seed(seed int64) {
 
 // NextBlock returns the next 8 byte DRBG block.
 func (drbg *HashDrbg) NextBlock() []byte {
-	drbg.sip.Write(drbg.ofb[:])
+	_, _ = drbg.sip.Write(drbg.ofb[:])
 	copy(drbg.ofb[:], drbg.sip.Sum(nil))
 
 	ret := make([]byte, Size)

common/log/log.go

@@ -27,7 +27,7 @@
 
 // Package log implements a simple set of leveled logging wrappers around the
 // standard log package.
-package log
+package log // import "gitlab.com/yawning/obfs4.git/common/log"
 
 import (
 	"fmt"

common/ntor/ntor.go

@@ -32,7 +32,7 @@
 //
 // Before using this package, it is strongly recommended that the specification
 // is read and understood.
-package ntor
+package ntor // import "gitlab.com/yawning/obfs4.git/common/ntor"
 
 import (
 	"bytes"
@@ -43,12 +43,10 @@ import (
 	"fmt"
 	"io"
 
+	"github.com/agl/ed25519/extra25519"
+	"gitlab.com/yawning/obfs4.git/common/csrand"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/hkdf"
-
-	"github.com/agl/ed25519/extra25519"
-
-	"git.torproject.org/pluggable-transports/obfs4.git/common/csrand"
 )
 
 const (
@@ -387,21 +385,21 @@ func ntorCommon(secretInput bytes.Buffer, id *NodeID, b *PublicKey, x *PublicKey
 
 	// KEY_SEED = H(secret_input, t_key)
 	h := hmac.New(sha256.New, tKey)
-	h.Write(secretInput.Bytes())
+	_, _ = h.Write(secretInput.Bytes())
 	tmp := h.Sum(nil)
 	copy(keySeed[:], tmp)
 
 	// verify = H(secret_input, t_verify)
 	h = hmac.New(sha256.New, tVerify)
-	h.Write(secretInput.Bytes())
+	_, _ = h.Write(secretInput.Bytes())
 	verify := h.Sum(nil)
 
 	// auth_input = verify | ID | B | Y | X | PROTOID | "Server"
 	authInput := bytes.NewBuffer(verify)
-	authInput.Write(suffix.Bytes())
-	authInput.Write([]byte("Server"))
+	_, _ = authInput.Write(suffix.Bytes())
+	_, _ = authInput.Write([]byte("Server"))
 	h = hmac.New(sha256.New, tMac)
-	h.Write(authInput.Bytes())
+	_, _ = h.Write(authInput.Bytes())
 	tmp = h.Sum(nil)
 	copy(auth[:], tmp)
 

common/probdist/weighted_dist.go

@@ -28,7 +28,7 @@
 // Package probdist implements a weighted probability distribution suitable for
 // protocol parameterization.  To allow for easy reproduction of a given
 // distribution, the drbg package is used as the random number source.
-package probdist
+package probdist // import "gitlab.com/yawning/obfs4.git/common/probdist"
 
 import (
 	"bytes"
@@ -37,8 +37,8 @@ import (
 	"math/rand"
 	"sync"
 
-	"git.torproject.org/pluggable-transports/obfs4.git/common/csrand"
-	"git.torproject.org/pluggable-transports/obfs4.git/common/drbg"
+	"gitlab.com/yawning/obfs4.git/common/csrand"
+	"gitlab.com/yawning/obfs4.git/common/drbg"
 )
 
 const (

common/probdist/weighted_dist_test.go

@@ -31,7 +31,7 @@ import (
 	"fmt"
 	"testing"
 
-	"git.torproject.org/pluggable-transports/obfs4.git/common/drbg"
+	"gitlab.com/yawning/obfs4.git/common/drbg"
 )
 
 const debug = false

common/replayfilter/replay_filter.go

@@ -30,7 +30,7 @@
 // has been seen before based on the SipHash-2-4 digest of the sequence.
 // Collisions are treated as positive matches, though the probability of this
 // happening is negligible.
-package replayfilter
+package replayfilter // import "gitlab.com/yawning/obfs4.git/common/replayfilter"
 
 import (
 	"container/list"
@@ -39,8 +39,7 @@ import (
 	"time"
 
 	"github.com/dchest/siphash"
-
-	"git.torproject.org/pluggable-transports/obfs4.git/common/csrand"
+	"gitlab.com/yawning/obfs4.git/common/csrand"
 )
 
 // maxFilterSize is the maximum capacity of a replay filter.  This value is

common/socks5/rfc1929.go

@@ -39,8 +39,8 @@ func (req *Request) authRFC1929() (err error) {
 	sendErrResp := func() {
 		// Swallow write/flush errors, the auth failure is the relevant error.
 		resp := []byte{authRFC1929Ver, authRFC1929Fail}
-		req.rw.Write(resp[:])
-		req.flushBuffers()
+		_, _ = req.rw.Write(resp[:])
+		_ = req.flushBuffers()
 	}
 
 	// The client sends a Username/Password request.

common/socks5/socks5.go

@@ -35,7 +35,7 @@
 //  * The authentication provided by the client is always accepted as it is
 //    used as a channel to pass information rather than for authentication for
 //    pluggable transports.
-package socks5
+package socks5 // import "gitlab.com/yawning/obfs4.git/common/socks5"
 
 import (
 	"bufio"
@@ -257,15 +257,15 @@ func (req *Request) readCommand() error {
 
 	var err error
 	if err = req.readByteVerify("version", version); err != nil {
-		req.Reply(ReplyGeneralFailure)
+		_ = req.Reply(ReplyGeneralFailure)
 		return err
 	}
 	if err = req.readByteVerify("command", cmdConnect); err != nil {
-		req.Reply(ReplyCommandNotSupported)
+		_ = req.Reply(ReplyCommandNotSupported)
 		return err
 	}
 	if err = req.readByteVerify("reserved", rsv); err != nil {
-		req.Reply(ReplyGeneralFailure)
+		_ = req.Reply(ReplyGeneralFailure)
 		return err
 	}
 
@@ -273,49 +273,49 @@ func (req *Request) readCommand() error {
 	var atyp byte
 	var host string
 	if atyp, err = req.readByte(); err != nil {
-		req.Reply(ReplyGeneralFailure)
+		_ = req.Reply(ReplyGeneralFailure)
 		return err
 	}
 	switch atyp {
 	case atypIPv4:
 		var addr []byte
 		if addr, err = req.readBytes(net.IPv4len); err != nil {
-			req.Reply(ReplyGeneralFailure)
+			_ = req.Reply(ReplyGeneralFailure)
 			return err
 		}
 		host = net.IPv4(addr[0], addr[1], addr[2], addr[3]).String()
 	case atypDomainName:
 		var alen byte
 		if alen, err = req.readByte(); err != nil {
-			req.Reply(ReplyGeneralFailure)
+			_ = req.Reply(ReplyGeneralFailure)
 			return err
 		}
 		if alen == 0 {
-			req.Reply(ReplyGeneralFailure)
+			_ = req.Reply(ReplyGeneralFailure)
 			return fmt.Errorf("domain name with 0 length")
 		}
 		var addr []byte
 		if addr, err = req.readBytes(int(alen)); err != nil {
-			req.Reply(ReplyGeneralFailure)
+			_ = req.Reply(ReplyGeneralFailure)
 			return err
 		}
 		host = string(addr)
 	case atypIPv6:
 		var rawAddr []byte
 		if rawAddr, err = req.readBytes(net.IPv6len); err != nil {
-			req.Reply(ReplyGeneralFailure)
+			_ = req.Reply(ReplyGeneralFailure)
 			return err
 		}
 		addr := make(net.IP, net.IPv6len)
 		copy(addr[:], rawAddr[:])
 		host = fmt.Sprintf("[%s]", addr.String())
 	default:
-		req.Reply(ReplyAddressNotSupported)
+		_ = req.Reply(ReplyAddressNotSupported)
 		return fmt.Errorf("unsupported address type 0x%02x", atyp)
 	}
 	var rawPort []byte
 	if rawPort, err = req.readBytes(2); err != nil {
-		req.Reply(ReplyGeneralFailure)
+		_ = req.Reply(ReplyGeneralFailure)
 		return err
 	}
 	port := int(rawPort[0])<<8 | int(rawPort[1])

common/socks5/socks_test.go

@@ -56,12 +56,16 @@ func (c *testReadWriter) Write(buf []byte) (n int, err error) {
 	return c.writeBuf.Write(buf)
 }
 
-func (c *testReadWriter) writeHex(str string) (n int, err error) {
+func (c *testReadWriter) writeHex(str string) {
 	var buf []byte
+	var err error
+
 	if buf, err = hex.DecodeString(str); err != nil {
-		return
+		panic("writeHex: malformed hex: " + err.Error())
+	}
+	if _, err = c.readBuf.Write(buf); err != nil {
+		panic("writeHex: buffered write failed: " + err.Error())
 	}
-	return c.readBuf.Write(buf)
 }
 
 func (c *testReadWriter) readHex() string {

common/uniformdh/uniformdh.go

@@ -29,7 +29,7 @@
 // mechanism as defined in the obfs3 protocol specification.  This
 // implementation is suitable for obfuscation but MUST NOT BE USED when strong
 // security is required as it is not constant time.
-package uniformdh
+package uniformdh // import "gitlab.com/yawning/obfs4.git/common/uniformdh"
 
 import (
 	"fmt"

debian/changelog

+obfs4proxy (0.0.8-1) UNRELEASED; urgency=medium
+
+  [ Chris Lamb ]
+  * wrap-and-sort -sa.
+  * Bump Standards-Version to 4.4.0.
+  * Move to debian-compat virtual package, level 12.
+
+  [ Ana Custura ]
+  * Deletes unecessary vcs tagging from gbp.conf
+  * New upstream version 0.0.8
+  * Matches location change of the go repository
+  * Fixes insecure copyright format uri
+  * Adds myself to uploaders
+  * Adds homepage field
+  * Enables verbose build as per S-V 4.2.0
+
+ -- Ana Custura <ana@netstat.org.uk>  Tue, 13 Aug 2019 16:53:17 +0100
+
 obfs4proxy (0.0.7-4) unstable; urgency=medium
 
   * Team upload.

debian/control

@@ -3,6 +3,7 @@ Maintainer: Debian Privacy Tools Maintainers <pkg-privacy-maintainers@lists.alio
 Uploaders:
  Jérémy Bobbio <lunar@debian.org>,
  Ximin Luo <infinity0@debian.org>,
+ Ana Custura <ana@netstat.org.uk>
 Section: net
 Priority: optional
 Build-Depends:
@@ -17,7 +18,8 @@ Build-Depends:
 Standards-Version: 4.4.0
 Vcs-Git: https://salsa.debian.org/pkg-privacy-team/obfs4proxy.git
 Vcs-Browser: https://salsa.debian.org/pkg-privacy-team/obfs4proxy
-XS-Go-Import-Path: git.torproject.org/pluggable-transports/obfs4.git
+XS-Go-Import-Path: gitlab.com/yawning/obfs4.git
+Homepage: https://gitlab.com/yawning/obfs4
 
 Package: obfs4proxy
 Architecture: any

debian/copyright

-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: obfs4proxy
 Upstream-Contact: Yawning Angel <yawning@torproject.org>
 Source: https://git.torproject.org/pluggable-transports/obfs4.git

debian/gbp.conf

 [DEFAULT]
 pristine-tar = True
 sign-tags = True
-
-[import-orig]
-upstream-vcs-tag = obfs4proxy-%(version)s

debian/rules

 #!/usr/bin/make -f
-
+export DH_VERBOSE = 1
 
 %:
 	dh $@ --buildsystem=golang --with=golang

doc/obfs4-spec.txt

@@ -230,7 +230,7 @@
      Bytes 064:071 - Server to Client 64 bit SipHash-2-4 OFB IV.
 
      Bytes 072:103 - Client to Server 256 bit NaCl secretbox key.
-     Bytes 104:119 - Client to Server NaCl secretbox nonce prefix.
+     Bytes 104:119 - Client to Server 128 bit NaCl secretbox nonce prefix.
      Bytes 120:135 - Client to Server 128 bit SipHash-2-4 key.
      Bytes 136:143 - Client to Server 64 bit SipHash-2-4 OFB IV.