@@ -171,6 +171,11 @@ var log :logging.Log = new logging.Log('churn');
171171 throw new Error ( 'no srflx or host candidate found' ) ;
172172 } ;
173173
174+ // Generates a key suitable for use with CaesarCipher, viz. 1-255.
175+ var generateCaesarKey_ = ( ) : number => {
176+ return ( random . randomUint32 ( ) % 254 ) + 1 ;
177+ }
178+
174179 /**
175180 * A uproxypeerconnection-like Freedom module which establishes obfuscated
176181 * connections.
@@ -182,6 +187,9 @@ var log :logging.Log = new logging.Log('churn');
182187 * This is mostly a thin wrapper over uproxypeerconnection except for the
183188 * magic required during setup.
184189 *
190+ * Right now, CaesarCipher is used with a key which is randomly generated
191+ * each time a new connection is negotiated.
192+ *
185193 * TODO: Give the uproxypeerconnections name, to help debugging.
186194 * TODO: Allow obfuscation parameters be configured.
187195 */
@@ -237,6 +245,12 @@ var log :logging.Log = new logging.Log('churn');
237245 this . haveForwardingSocketEndpoint_ = F ;
238246 } ) ;
239247
248+ // Fulfills once we know the obfuscation key for caesar cipher.
249+ private haveCaesarKey_ :( key :number ) => void ;
250+ private onceHaveCaesarKey_ = new Promise ( ( F , R ) => {
251+ this . haveCaesarKey_ = F ;
252+ } ) ;
253+
240254 private pipe_ :ChurnPipe ;
241255
242256 private static internalConnectionId_ = 0 ;
@@ -265,8 +279,9 @@ var log :logging.Log = new logging.Log('churn');
265279 this . configureProbeConnection_ ( probeRtcPc ) ;
266280 Promise . all ( [ this . onceHaveWebRtcEndpoint_ ,
267281 this . onceHaveRemoteEndpoint_ ,
268- this . onceProbingComplete_ ] ) . then ( ( answers :any [ ] ) => {
269- this . configurePipe_ ( answers [ 0 ] , answers [ 1 ] , answers [ 2 ] ) ;
282+ this . onceProbingComplete_ ,
283+ this . onceHaveCaesarKey_ ] ) . then ( ( answers :any [ ] ) => {
284+ this . configurePipe_ ( answers [ 0 ] , answers [ 1 ] , answers [ 2 ] , answers [ 3 ] ) ;
270285 } ) ;
271286
272287 // Handle |pcState| and related promises.
@@ -297,6 +312,9 @@ var log :logging.Log = new logging.Log('churn');
297312 this . peerName ,
298313 JSON . stringify ( endpoint ) ) ;
299314 } ) ;
315+ this . onceHaveCaesarKey_ . then ( ( key :number ) => {
316+ log . debug ( '%1: caesar key is %2' , this . peerName , key ) ;
317+ } ) ;
300318 }
301319
302320 private configureProbeConnection_ = (
@@ -320,11 +338,12 @@ var log :logging.Log = new logging.Log('churn');
320338 private configurePipe_ = (
321339 webRtcEndpoint :net . Endpoint ,
322340 remoteEndpoint :net . Endpoint ,
323- natEndpoints :NatPair ) : void => {
341+ natEndpoints :NatPair ,
342+ key :number ) : void => {
324343 log . debug ( '%1: configuring pipes...' , this . peerName ) ;
325344 this . pipe_ = freedom [ 'churnPipe' ] ( ) ;
326345 this . pipe_ . setTransformer ( 'caesar' ,
327- new Uint8Array ( [ 13 ] ) . buffer ,
346+ new Uint8Array ( [ key ] ) . buffer ,
328347 '{}' ) ;
329348 // TODO(ldixon): renable FTE support instead of caesar cipher.
330349 // 'fte',
@@ -407,6 +426,14 @@ var log :logging.Log = new logging.Log('churn');
407426 }
408427
409428 public negotiateConnection = ( ) : Promise < void > => {
429+ // Generate a key and send it to the remote party.
430+ // Once they've received it, they'll be able to establish
431+ // a matching pipe.
432+ var key = generateCaesarKey_ ( ) ;
433+ this . haveCaesarKey_ ( key ) ;
434+ this . signalForPeerQueue . handle ( {
435+ caesar : key
436+ } ) ;
410437 return this . obfuscatedConnection_ . negotiateConnection ( ) ;
411438 }
412439
@@ -418,6 +445,9 @@ var log :logging.Log = new logging.Log('churn');
418445 if ( churnMessage . publicEndpoint !== undefined ) {
419446 this . haveRemoteEndpoint_ ( churnMessage . publicEndpoint ) ;
420447 }
448+ if ( churnMessage . caesar !== undefined ) {
449+ this . haveCaesarKey_ ( churnMessage . caesar ) ;
450+ }
421451 if ( churnMessage . webrtcMessage ) {
422452 var message = churnMessage . webrtcMessage ;
423453 if ( message . type === signals . Type . CANDIDATE ) {
0 commit comments