ostp/ostp-core at a4d8da246094aa7f5276b083e02bb1fb02abf976 - ostp

History

ospab a4d8da2460 security: Kerckhoffs's principle — all secrets derived from access key via HKDF Applied Kerckhoffs's principle: the protocol's security and obfuscation now depend SOLELY on the access key. An adversary who reverse-engineers the binary cannot build a DPI filter without knowing the key. Changes: - Replaced hardcoded salt string ('-ostp-psk-salt') with HKDF-SHA256. The salt is now derived from the key hash itself — no protocol-specific strings remain in the binary. - Unified all secret derivation into derive_all_secrets() which produces PSK, obfuscation key, and handshake padding range from a single HKDF invocation. - Handshake padding range is now key-derived: different access keys produce different size distributions (min: 16-79, max: +48..+175). A universal size-based filter is impossible without the key. - HKDF-SHA256 (RFC 5869) implemented inline using existing hmac+sha2 dependencies — no new crate required. What remains identifiable in the binary: - 'Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s' — standard Noise pattern string, shared with many other projects, NOT OSTP-specific. - Generic HMAC/SHA-256/ChaCha20-Poly1305 code — standard crypto primitives used by millions of applications.	2026-05-17 15:32:07 +03:00
..
src	security: Kerckhoffs's principle — all secrets derived from access key via HKDF	2026-05-17 15:32:07 +03:00
Cargo.toml	security: fix obfuscation via HMAC per-packet mask and cap server sessions at 1024	2026-05-15 18:24:35 +03:00

ospab a4d8da2460 security: Kerckhoffs's principle — all secrets derived from access key via HKDF

Applied Kerckhoffs's principle: the protocol's security and obfuscation
now depend SOLELY on the access key. An adversary who reverse-engineers
the binary cannot build a DPI filter without knowing the key.

Changes:
- Replaced hardcoded salt string ('-ostp-psk-salt') with HKDF-SHA256.
  The salt is now derived from the key hash itself — no protocol-specific
  strings remain in the binary.
- Unified all secret derivation into derive_all_secrets() which produces
  PSK, obfuscation key, and handshake padding range from a single HKDF
  invocation.
- Handshake padding range is now key-derived: different access keys
  produce different size distributions (min: 16-79, max: +48..+175).
  A universal size-based filter is impossible without the key.
- HKDF-SHA256 (RFC 5869) implemented inline using existing hmac+sha2
  dependencies — no new crate required.

What remains identifiable in the binary:
- 'Noise_NNpsk0_25519_ChaChaPoly_BLAKE2s' — standard Noise pattern
  string, shared with many other projects, NOT OSTP-specific.
- Generic HMAC/SHA-256/ChaCha20-Poly1305 code — standard crypto
  primitives used by millions of applications.

2026-05-17 15:32:07 +03:00

src

security: Kerckhoffs's principle — all secrets derived from access key via HKDF

2026-05-17 15:32:07 +03:00

Cargo.toml

security: fix obfuscation via HMAC per-packet mask and cap server sessions at 1024

2026-05-15 18:24:35 +03:00