Fwd proxy working and compatible with golang obfs4

[jmwample]

The Forward proxy executable is working, with itself, and with the golang obfs4 implementation in configurations with 1) a golang client and a rust server, and 2) a rust client and a golang server.

Bugs found while working on this PR

• codec.framed(...) is NOT the same as Framed::new(..., codec) so we had been sending plaintext.
• there was a leftover code segement that was a part of an example use of tor_bytes that got copied in which was writing extra bytes at the end of the server handshake (after the drbg seed message). This caused the golang client to fail because it was trying to parse bytes as a message / packet that were not written as such. It didn't cause the rust client to fail before however because the rust client looks only for the prng seed in the handshake and then throws away anything after that.
  • this didn't cause an immediate fail in the handshake, it resulted in a packet of incorrect size which then threw off the nonce value for stream message / packet decryption. Allowing the client to attempt to read a random number of bytes before failing and shutting down - however this seems like intended behavior.

       // Per "Plaintext Recovery Attacks Against SSH" by
       // Martin R. Albrecht, Kenneth G. Paterson and Gaven J. Watson,
       // there are a class of attacks againt protocols that use similar
       // sorts of framing schemes.
       //
       // While obfs4 should not allow plaintext recovery (CBC mode is
       // not used), attempt to mitigate out of bound frame length errors            
       // by pretending that the length was a random valid range as per
       // the countermeasure suggested by Denis Bider in section 6 of the
       // paper.
    

  • the behavior of the rust client should match this in an equivalent situation
• My fork of the dalek25519 libraries does not clear the high order bits of the representative when converting to a public key value, which is a mis-match with the golang library. It does randomize the high order two bits when creating the representative, however.
  • this was causing the value of the public key that rust derived from 1) the golang client's handshake and 2) the golang server's handshake to be different from the values that we generated in reality, causing ntor auth / seed mismatches.

[codecov]

Codecov Report

Attention: Patch coverage is 62.72727% with 82 lines in your changes are missing coverage. Please review.

Project coverage is 76.95%. Comparing base (9b6451d) to head (7fed41c).

Files	Patch %	Lines
crates/obfs4/src/pt.rs	57.89%	16 Missing ⚠️
crates/obfs4/src/obfs4/framing/messages_v1/mod.rs	22.22%	11 Missing and 3 partials ⚠️
...ates/obfs4/src/obfs4/handshake/handshake_client.rs	53.84%	9 Missing and 3 partials ⚠️
crates/obfs4/src/obfs4/framing/codecs.rs	47.05%	8 Missing and 1 partial ⚠️
crates/ptrs/src/passthrough.rs	75.67%	9 Missing ⚠️
...ates/obfs4/src/obfs4/handshake/handshake_server.rs	61.11%	6 Missing and 1 partial ⚠️
crates/obfs4/src/obfs4/server.rs	12.50%	6 Missing and 1 partial ⚠️
crates/obfs4/src/obfs4/framing/handshake.rs	0.00%	0 Missing and 3 partials ⚠️
crates/obfs4/src/obfs4/proto.rs	25.00%	3 Missing ⚠️
crates/obfs4/src/lib.rs	95.23%	0 Missing and 1 partial ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #16      +/-   ##
==========================================
+ Coverage   75.97%   76.95%   +0.98%     
==========================================
  Files          39       38       -1     
  Lines        5739     5693      -46     
  Branches     5739     5693      -46     
==========================================
+ Hits         4360     4381      +21     
+ Misses        986      920      -66     
+ Partials      393      392       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.