Lyrebird refactor (#14)

refactor towards lyrebird completion, including  args, tooling, and a working (simpler) forward proxy.

.github/codecov.yml

@@ -3,6 +3,6 @@ ignore:
   - doc/
   - internal/
   - target/
-  - crates/obfs4/src/bin/fwd_proxy/main.rs
-  - crates/obfs4/src/bin/lyrebird/main.rs
+  - crates/obfs4/src/bin/fwd/*
+  - crates/obfs4/src/test_utils/*
   - crates/lyrebird/*

Cargo.toml

@@ -5,6 +5,7 @@ members = [
     "crates/obfs4",
     "crates/ptrs",
     "crates/lyrebird",
+    "crates/o5",
 ]
 
 resolver = "2"

README.md

@@ -1,8 +1,32 @@
 # o7 Proxy
 
-things I would like to do:
-
-- [ ] elligator2 implementation using `dalek` ed25519 library.
+<p>
+  <a href="https://github.com/jmwample/o7/actions/workflows/rust.yml">
+    <img src="https://github.com/jmwample/o7/actions/workflows/rust.yml/badge.svg?branch=main" alt="Build Status">
+  <a href="https://codecov.io/gh/jmwample/o7" > 
+    <img src="https://codecov.io/gh/jmwample/o7/graph/badge.svg?token=0lMlrA32xd"/> 
+  </a>
+  <a href="https://deps.rs/repo/github/jmwample/o7">
+    <img src="https://deps.rs/repo/github/jmwample/o7/status.svg">
+  </a>
+  <a href="https://crates.io/crates/o7">
+    <img src="https://img.shields.io/crates/v/o7.svg">
+  </a>
+  <a href="https://docs.rs/o7">
+    <img src="https://docs.rs/o7/badge.svg">
+  </a>
+  <a href="https://doc.rust-lang.org/1.6.0/complement-project-faq.html#why-dual-mitasl2-license">
+    <img src="https://img.shields.io/badge/license-MIT%2FApache--2.0-blue" alt="License: MIT/Apache 2.0">
+  </a>
+</p>
+
+
+This repository contains multiple related crates implementing the lyrebird (obfs4) library,
+lyrebird binary, and Pluggable Transports in Rust (PTRS) library. 
+
+Things to keep an eye on:
+
+- [ ] PR implementating elligator2 for the `dalek` ed25519 library. [PR Here](https://github.com/dalek-cryptography/curve25519-dalek/pull/612)
 
 
 ## Examples

crates/lyrebird/Cargo.toml

@@ -2,70 +2,38 @@
 name = "lyrebird"
 version = "0.1.0"
 edition = "2021"
+authors = ["Jack Wampler"]
 
-[lib]
-name = "obfs"
-crate-type = ["cdylib", "rlib"]
 
-[dependencies]
-getrandom = "0.2.11"
-rand = { version="0.8.5", features=["getrandom"]}
-rand_core = "0.6.4"
-
-digest = { version = "0.10.7", features=["mac"]}
-siphasher = "1.0.0"
-sha2 = "0.10.8"
-hmac = { version="0.12.1", features=["reset"]}
-hkdf = "0.12.3"
-
-crypto_secretbox = { version="0.1.1", features=["salsa20"]}
-subtle = "2.5.0"
-x25519-dalek = { version = "2", features = ["static_secrets", "getrandom", "reusable_secrets", "elligator2"],  git = "https://github.com/jmwample/curve25519-dalek.git", branch = "elligator2-ntor"}
-group = "0.13.0"
-
-lazy_static = "0.1.4"
+[[bin]]
+name = "lyrebird"
+test = false
+bench = false
 
-hex = "0.4.3"
-tracing = "0.1.40"
-colored = "2.0.4"
 
-pin-project = "1.1.3"
-futures = "0.3.29"
-tokio = { version = "1.33", features = ["io-util", "rt-multi-thread", "net", "rt", "macros", "sync", "signal", "time", "fs"] }
-tokio-util = { version = "0.7.10", features = ["codec", "io"]}
-bytes = "1.5.0"
+[dependencies]
+obfs4 = { path="../obfs4"}
+ptrs = { path="../ptrs" }
 
-# forward proxy binary only
 anyhow = "1.0"
-tracing-subscriber = "0.3.18"
 clap = { version = "4.4.7", features = ["derive"]}
-async-compat = "0.2.3"
-safelog = { version = "0.3.5" }
-tor-rtcompat = { version = "0.10.0", features = ["tokio", "rustls"]}
-tor-socksproto = { version = "0.10.0" }
-arti-client = { package = "arti-client", version = "0.14.0", default-features = false }
-# tor-config = { version = "0.9.6" }
-# tor-hsrproxy = { version = "0.2.0", optional = true }
-# tor-hsservice = { version = "0.4.0", optional = true }
-# tor-rpcbase = { version = "0.1.2", optional = true }
-
-# ntor_arti
-tor-cell = "0.16.0"
-tor-llcrypto = "0.7.0"
-tor-error = "0.6.1"
-tor-bytes = "0.10.0"
-tor-hscrypto = "0.6.0"
-cipher = "0.4.4"
-zeroize = "1.7.0"
+fast-socks5 = "0.9.1"
 thiserror = "1.0.56"
+tokio = { version = "1.33", features = ["io-util", "rt-multi-thread", "net", "rt", "macros", "sync", "signal", "time", "fs"] }
+tokio-stream = "0.1.14"
+tokio-util = { version = "0.7.10", features = ["codec", "io"]}
+tracing = "0.1.40"
+tracing-subscriber = "0.3.18"
+url = "2.5.0"
 
-# [build-dependencies]
-# cc = { version = "1.0.83", features = ["parallel"] }
+safelog = "0.3.5"
+# tor-linkspec = { version="0.11.1" }
+# tor-chanmgr = { version="0.14.1", features = ["pt-client"] }
+# tor-ptmgr = "0.11.0"
 
 [dev-dependencies]
 tracing-subscriber = "0.3.18"
 hex-literal = "0.4.1"
 tor-basic-utils = "0.8.0"
 
-# o5 pqc test
-pqc_kyber = {version="0.7.1", features=["kyber1024", "std"]}
+

crates/lyrebird/README.md

@@ -0,0 +1,66 @@
+# pt-proxy
+
+### What?
+
+This is a look-like nothing obfuscation protocol that incorporates ideas and
+concepts from Philipp Winter's ScrambleSuit protocol, as well as it's direct
+predecessor obfs4.
+
+### Installation
+
+To build:
+    `cargo build --release lyrebird`
+
+
+To install:
+    `cargo install lyrebird`
+This will install in the binary your local rust bin target (usually `$HOME/.cargo/bin/`),
+which can either be added to your `$PATH` or copied to a different permanent location
+such as `/usr/local/bin`.
+
+
+Client side torrc configuration:
+```
+# Use lyrebird to provide the obfs4 protocol.
+# (NOTE) binary is not installed in /usr/local/bin/ by default
+ClientTransportPlugin obfs4 exec /usr/local/bin/lyrebird
+```
+
+Bridge side torrc configuration:
+```
+# Act as a bridge relay.
+BridgeRelay 1
+
+# Enable the Extended ORPort
+ExtORPort auto
+
+# Use lyrebird to provide the obfs4 protocol.
+# (NOTE) binary is not installed in /usr/local/bin/ by default
+ServerTransportPlugin obfs4 exec /usr/local/bin/lyrebird
+
+# (Optional) Listen on the specified address/port for obfs4 connections as
+# opposed to picking a port automatically.
+# ServerTransportListenAddr obfs4 0.0.0.0:443
+```
+
+### Tips and tricks
+ * If the binary is installed but you are unsure where the install location is,
+   the binary path can be found using `which lyrebird`.
+
+ * On modern Linux systems it is possible to have lyrebird bind to reserved
+   ports (<=1024) even when not running as root by granting the
+   `CAP_NET_BIND_SERVICE` capability with setcap:
+
+   `# setcap 'cap_net_bind_service=+ep' $(which lyrebird)`
+
+ * lyrebird can also act as an obfs2 and obfs3 client or server.  Adjust the
+   `ClientTransportPlugin` and `ServerTransportPlugin` lines in the torrc as
+   appropriate.
+
+ * lyrebird can also act as a ScrambleSuit client.  Adjust the
+   `ClientTransportPlugin` line in the torrc as appropriate.
+
+ * The autogenerated obfs4 bridge parameters are placed in
+   `DataDir/pt_state/obfs4_state.json`.  To ease deployment, the client side
+   bridge line is written to `DataDir/pt_state/obfs4_bridgeline.txt`.
+