ooni · ainghazal · Sep 8, 2022 · Nov 11, 2022 · Nov 15, 2022 · Nov 18, 2022
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,7 @@
 minivpn
-./obfs4vpn
+ndt7
 ./vpnping
 ./geturl
-ndt7
 *.swp
 *.swo
 *.pem

diff --git a/cmd/obfs4vpn/main.go b/cmd/obfs4vpn/main.go
diff --git a/go.mod b/go.mod
@@ -1,9 +1,9 @@
 module github.com/ooni/minivpn
 
-go 1.17
+go 1.18
 
 // pinning for backwards-incompatible change
-replace gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d => gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b
+// replace gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d => gitlab.com/yawning/obfs4.git v0.0.0-20210511220700-e330d1b7024b
 
 require (
 	git.torproject.org/pluggable-transports/goptlib.git v1.2.0
@@ -18,14 +18,14 @@ require (
 	github.com/ory/dockertest/v3 v3.9.1
 	github.com/pborman/getopt/v2 v2.1.0
 	github.com/refraction-networking/utls v1.1.0
-	gitlab.com/yawning/obfs4.git v0.0.0-20220204003609-77af0cba934d
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b
-	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
-	golang.zx2c4.com/wireguard v0.0.0-20220703234212-c31a7b1ab478
-	golang.zx2c4.com/wireguard/tun/netstack v0.0.0-20220703234212-c31a7b1ab478
+	gitlab.com/yawning/obfs4.git v0.0.0-20220904064028-336a71d6e4cf
+	golang.org/x/net v0.7.0
+	golang.org/x/sync v0.1.0
+	golang.zx2c4.com/wireguard v0.0.0-20230313165553-0ad14a89f5f9
 )
 
 require (
+	filippo.io/edwards25519 v1.0.0-rc.1.0.20210721174708-390f27c3be20 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
@@ -55,10 +55,11 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
-	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
+	gitlab.com/yawning/edwards25519-extra.git v0.0.0-20211229043746-2f91fcc9fbdb // indirect
+	golang.org/x/crypto v0.6.0 // indirect
+	golang.org/x/sys v0.5.1-0.20230222185716-a3b23cc77e89 // indirect
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
-	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
+	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
-	gvisor.dev/gvisor v0.0.0-20211020211948-f76a604701b6 // indirect
+	gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 // indirect
 )
diff --git a/go.sum b/go.sum
diff --git a/main.go b/main.go
@@ -39,16 +39,14 @@ func RunPinger(opt *vpn.Options, target string, count uint32) error {
 	defer cancel()
 
 	tunnel := vpn.NewClientFromOptions(opt)
-	err := tunnel.Start(ctx)
-	if err != nil {
+	if err := tunnel.Start(ctx); err != nil {
 		return err
 	}
 
 	pinger := ping.New(target, tunnel)
 	pinger.Count = c
 	pinger.Timeout = timeoutSecondsFromCount(c)
-	err = pinger.Run(ctx)
-	if err != nil {
+	if err := pinger.Run(ctx); err != nil {
 		return err
 	}
 	pinger.PrintStats()

diff --git a/obfs4/common.go b/obfs4/common.go
@@ -1,42 +1,53 @@
 package obfs4
 
 import (
+	"errors"
 	"fmt"
 	"log"
 	"net"
 	"net/url"
 )
 
-// Node is a proxy node, that can be used to construct a proxy chain.
-type Node struct {
-	Addr     string     // ag: I'm guessing this is used like ip:port
-	Host     string     // ... but then this is redundant
-	Protocol string     // obfs4 in this case
-	url      *url.URL   // url
+var (
+	// errBadProxyURI indicates a malformed URI for an obfs4 endpoint
+	errBadProxyURI = errors.New("bad obfs4 uri")
+)
+
+// ProxyNode is a proxy node, that can be used to construct a proxy chain.
+type ProxyNode struct {
+	Addr     string
+	Protocol string // obfs4 in this case
+	url      *url.URL
 	Values   url.Values // contains the cert and iat-mode parameters
-	//Transport string     // this only makes sense if/when we do use different transporters for obfs4. for the time being this can be removed, or perhaps denoted as "raw"
+	// base dialer to be passed to obfuscation dialer
+	UnderlyingDialer simpleDialer
 }
 
-// NewNodeNewNodeFromURI returns a configured proxy node. It accepts a string with all the parameters
-// needed to establish a connection to the obfs4 proxy, in the form:
-// obfs4://<ip>:<port>?cert=<deadbeef>&iat-mode=<int>
-func NewNodeFromURI(uri string) (Node, error) {
+// NewProxyNodeFromURI returns a configured proxy node. It accepts a string
+// with all the parameters needed to establish a connection to the obfs4
+// proxy, in the form "obfs4://<ip>:<port>?cert=<deadbeef>&iat-mode=<int>"
+func NewProxyNodeFromURI(uri string) (*ProxyNode, error) {
 	u, err := url.Parse(uri)
 	if err != nil {
-		return Node{}, err
+		return &ProxyNode{}, fmt.Errorf("%w: %v", errBadProxyURI, err)
 	}
-	log.Printf("Using %s proxy at %s:%s", u.Scheme, u.Hostname(), u.Port())
-	// q, err := url.ParseQuery(u.RawQuery)
-	// log.Println("cert:", url.QueryEscape(q["cert"][0]))
-
 	if u.Scheme != "obfs4" {
-		return Node{}, fmt.Errorf("expected obfs4:// uri")
+		log.Println("Invalid URI for obfs4")
+		return &ProxyNode{}, fmt.Errorf("%w: %s", errBadProxyURI, "expected obfs4:// scheme")
 	}
+	if u.Port() == "" {
+		log.Println("Empty port for obfs4")
+		return &ProxyNode{}, fmt.Errorf("%w: %s", errBadProxyURI, "missing port")
+	}
+	if u.Hostname() == "" {
+		log.Println("Empty hostname for obfs4")
+		return &ProxyNode{}, fmt.Errorf("%w: %s", errBadProxyURI, "missing hostname")
+	}
+	log.Printf("Using %s proxy at %s:%s", u.Scheme, u.Hostname(), u.Port())
 
-	return Node{
+	return &ProxyNode{
 		Protocol: u.Scheme,
 		Addr:     net.JoinHostPort(u.Hostname(), u.Port()),
-		Host:     u.Hostname(),
 		url:      u,
 		Values:   u.Query(),
 	}, nil

diff --git a/obfs4/common_test.go b/obfs4/common_test.go
@@ -0,0 +1,80 @@
+package obfs4
+
+import (
+	"errors"
+	"net/url"
+	"reflect"
+	"testing"
+)
+
+func TestNewProxyNodeFromURI(t *testing.T) {
+	type args struct {
+		uri string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *ProxyNode
+		wantErr error
+	}{
+		{
+			name:    "empty uri returns error",
+			args:    args{""},
+			want:    &ProxyNode{},
+			wantErr: errBadProxyURI,
+		},
+		{
+			name:    "bad scheme returns error",
+			args:    args{"http://server/"},
+			want:    &ProxyNode{},
+			wantErr: errBadProxyURI,
+		},
+		{
+			name:    "file scheme returns error",
+			args:    args{"file://foo/bar/baz"},
+			want:    &ProxyNode{},
+			wantErr: errBadProxyURI,
+		},
+		{
+			name:    "empty port returns error",
+			args:    args{"obfs4://foo/bar/baz"},
+			want:    &ProxyNode{},
+			wantErr: errBadProxyURI,
+		},
+		{
+			name:    "empty hostname returns error",
+			args:    args{"obfs4://:222/bar/baz"},
+			want:    &ProxyNode{},
+			wantErr: errBadProxyURI,
+		},
+		{
+			name: "happy path does not return error",
+			args: args{"obfs4://proxy:4444?cert=deadbeef&iat-mode=0"},
+			want: &ProxyNode{
+				Addr:     "proxy:4444",
+				Protocol: "obfs4",
+				url: func() *url.URL {
+					u, _ := url.Parse("obfs4://proxy:4444?cert=deadbeef&iat-mode=0")
+					return u
+				}(),
+				Values: url.Values(map[string][]string{
+					"cert":     []string{"deadbeef"},
+					"iat-mode": []string{"0"},
+				}),
+			},
+			wantErr: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := NewProxyNodeFromURI(tt.args.uri)
+			if !errors.Is(err, tt.wantErr) {
+				t.Errorf("NewProxyNodeFromURI() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("NewProxyNodeFromURI() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}