Add Complete XOR Patch Functionality #255
Conversation
|
Also, please note that this does change the |
|
@keeshux Just looking here again, should I add in a commit to update the README with the complete XOR functionality? |
Hey, yes you can go ahead with that. Sorry that I won't be able to review this until I release Passepartout 2.0 |
|
Okay, time has finally come to look into this. |
- XOR is OpenVPN-specific, remove from common packages - Convert method/mask pair to an associated enum - Encapsulate XOR algorithms into ad hoc C/Swift modules - Rename PacketStream methods to imply obfuscate in/out direction - Use inline C where appropriate
|
@tmthecoder sorry for the long delay! First of all, thanks again for your dedication, this is great work and I'm sincerely glad for your contribution. I could finally take some time to review this and I refactored your code to fit it better into the library. It's all about simplifying and moving things around, but the purpose and algorithms should be 100% unaffected. Since I understand you are using all these in your server, please do some stress tests with this updated code of mine. Meanwhile, I'll try to at least add some unit tests of the XOR processing routines, to make sure e.g. that packets are correctly reversible (p1 -> scramble -> p2 -> scramble -> p1). Cheers |
|
@keeshux Sounds good, I'll run some tests on my setups |
- Exclude non-tests or outdated - Lower job timeout to 5 minutes
keeshux
force-pushed
the
add-full-xor-patch
branch
from
007cba8 to
c08441b
Compare
|
@keeshux Couldn't find any issues in local tests against VPN servers |
Awesome. Have you also ensured continued operation in UDP/TCP without any XOR option enabled? |
|
Tested myself, and Passepartout beta will be another testbed. Merged! |
|
Wondering when this will be in TestFlight / Release? |
It's in TestFlight versions of Passepartout already. |
|
@tmthecoder your work is now part of Passepartout 2.1.0 on the App Store. Thanks again! @daaku FYI |
This PR adds complete XOR patch functionality (building on the existing single-byte
scramble xormaskstatement).This feature adds the following specifically:
scramble xormask [password]: Same as existing, but with added support for multibyte passwordsscramble xorptrpos: XORs the byte of each packet with its position in the arrayscramble reverse: Keeps the first byte but reverses the remaining ('abcde' becomes 'aedcb')scramble obfuscate [password]: Performs a combination of the three above with the given passphrase on the mask stage. For reading it goes in this order: xormask -> xorptrpos -> reverse -> xorptrpos. Writing is the oppositeAll of these implementations are done following Tunnelblick's XOR patch and their small article on it here (Header titled "Scramble Option Syntax")
I've found myself needed the full extent of this functionality, specifically the
scramble obfuscateoption with a multu-byte password, hence my decision to write an implementation for it. I believe I've followed the guidelines outlined as well as the code structure already defined. Looking forward to hearing your insight!