@omindu/yaksha 1.0.0

package/src/features/traffic-obfuscation.js

@@ -0,0 +1,338 @@
+'use strict';
+
+/**
+ * Yaksha Traffic Obfuscation
+ * Make VPN traffic undetectable through pattern randomization
+ */
+
+const crypto = require('crypto');
+
+class TrafficObfuscation {
+  constructor(securityLevel = 'medium', options = {}) {
+    this.securityLevel = securityLevel;
+    this.mode = this._selectMode(securityLevel);
+    this.enabled = options.enabled !== false;
+    this.maxJitter = options.maxJitter || 50; // milliseconds
+    this.maxPadding = options.maxPadding || 255; // bytes
+  }
+
+  /**
+   * Select obfuscation mode based on security level
+   */
+  _selectMode(level) {
+    switch (level) {
+      case 'low':
+        return 'xor';
+      case 'medium':
+        return 'chacha20';
+      case 'high':
+        return 'aes-256-gcm';
+      default:
+        return 'chacha20';
+    }
+  }
+
+  /**
+   * Simple XOR obfuscation (low security, high speed)
+   */
+  _xorObfuscate(data, key) {
+    const result = Buffer.allocUnsafe(data.length);
+    
+    for (let i = 0; i < data.length; i++) {
+      result[i] = data[i] ^ key[i % key.length];
+    }
+
+    return result;
+  }
+
+  /**
+   * ChaCha20 stream cipher obfuscation
+   */
+  _chacha20Obfuscate(data, key, nonce) {
+    const cipher = crypto.createCipheriv('chacha20', key, nonce);
+    return Buffer.concat([cipher.update(data), cipher.final()]);
+  }
+
+  /**
+   * ChaCha20 stream cipher deobfuscation
+   */
+  _chacha20Deobfuscate(data, key, nonce) {
+    const decipher = crypto.createDecipheriv('chacha20', key, nonce);
+    return Buffer.concat([decipher.update(data), decipher.final()]);
+  }
+
+  /**
+   * AES-256-GCM obfuscation
+   */
+  _aesObfuscate(data, key, nonce) {
+    const cipher = crypto.createCipheriv('aes-256-gcm', key, nonce);
+    const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    
+    return { data: encrypted, authTag };
+  }
+
+  /**
+   * AES-256-GCM deobfuscation
+   */
+  _aesDeobfuscate(data, key, nonce, authTag) {
+    const decipher = crypto.createDecipheriv('aes-256-gcm', key, nonce);
+    decipher.setAuthTag(authTag);
+    return Buffer.concat([decipher.update(data), decipher.final()]);
+  }
+
+  /**
+   * Add random padding to data
+   */
+  addRandomPadding(data) {
+    const paddingSize = crypto.randomInt(0, this.maxPadding + 1);
+    
+    if (paddingSize === 0) {
+      return { data, paddingSize: 0 };
+    }
+
+    const padding = crypto.randomBytes(paddingSize);
+    const padded = Buffer.concat([data, padding]);
+
+    return { data: padded, paddingSize };
+  }
+
+  /**
+   * Remove padding from data
+   */
+  removePadding(data, paddingSize) {
+    if (paddingSize === 0 || paddingSize >= data.length) {
+      return data;
+    }
+
+    return data.slice(0, -paddingSize);
+  }
+
+  /**
+   * Add timing jitter (async delay)
+   */
+  async addTimingJitter() {
+    if (!this.enabled) {
+      return;
+    }
+
+    const jitter = crypto.randomInt(0, this.maxJitter + 1);
+    
+    if (jitter > 0) {
+      await new Promise(resolve => setTimeout(resolve, jitter));
+    }
+  }
+
+  /**
+   * Randomize packet size by splitting or combining
+   */
+  randomizePacketSize(data, targetSize = null) {
+    if (!targetSize) {
+      // Random target size between 500 and 1500 bytes
+      targetSize = crypto.randomInt(500, 1501);
+    }
+
+    if (data.length <= targetSize) {
+      // Add padding to reach target size
+      const paddingSize = targetSize - data.length;
+      if (paddingSize > 0) {
+        const padding = crypto.randomBytes(paddingSize);
+        return {
+          packets: [Buffer.concat([data, padding])],
+          paddingSizes: [paddingSize]
+        };
+      }
+      return { packets: [data], paddingSizes: [0] };
+    }
+
+    // Split into multiple packets
+    const packets = [];
+    const paddingSizes = [];
+    let offset = 0;
+
+    while (offset < data.length) {
+      const chunkSize = Math.min(
+        crypto.randomInt(Math.floor(targetSize * 0.7), targetSize + 1),
+        data.length - offset
+      );
+      
+      const chunk = data.slice(offset, offset + chunkSize);
+      
+      // Add random padding to each chunk
+      const paddingSize = crypto.randomInt(0, 100);
+      const padding = crypto.randomBytes(paddingSize);
+      const paddedChunk = Buffer.concat([chunk, padding]);
+      
+      packets.push(paddedChunk);
+      paddingSizes.push(paddingSize);
+      offset += chunkSize;
+    }
+
+    return { packets, paddingSizes };
+  }
+
+  /**
+   * Obfuscate data
+   */
+  obfuscate(data) {
+    if (!this.enabled) {
+      return {
+        data,
+        metadata: { mode: 'none' }
+      };
+    }
+
+    let result;
+    let metadata = { mode: this.mode };
+
+    switch (this.mode) {
+      case 'xor': {
+        const key = crypto.randomBytes(32);
+        result = this._xorObfuscate(data, key);
+        metadata.key = key;
+        break;
+      }
+
+      case 'chacha20': {
+        const key = crypto.randomBytes(32);
+        const nonce = crypto.randomBytes(12);
+        result = this._chacha20Obfuscate(data, key, nonce);
+        metadata.key = key;
+        metadata.nonce = nonce;
+        break;
+      }
+
+      case 'aes-256-gcm': {
+        const key = crypto.randomBytes(32);
+        const nonce = crypto.randomBytes(12);
+        const { data: encrypted, authTag } = this._aesObfuscate(data, key, nonce);
+        result = encrypted;
+        metadata.key = key;
+        metadata.nonce = nonce;
+        metadata.authTag = authTag;
+        break;
+      }
+
+      default:
+        result = data;
+    }
+
+    // Add random padding
+    const { data: padded, paddingSize } = this.addRandomPadding(result);
+    metadata.paddingSize = paddingSize;
+
+    return {
+      data: padded,
+      metadata
+    };
+  }
+
+  /**
+   * Deobfuscate data
+   */
+  deobfuscate(data, metadata) {
+    if (!this.enabled || metadata.mode === 'none') {
+      return data;
+    }
+
+    // Remove padding first
+    let unpadded = this.removePadding(data, metadata.paddingSize || 0);
+
+    let result;
+
+    switch (metadata.mode) {
+      case 'xor':
+        result = this._xorObfuscate(unpadded, metadata.key); // XOR is symmetric
+        break;
+
+      case 'chacha20':
+        result = this._chacha20Deobfuscate(unpadded, metadata.key, metadata.nonce);
+        break;
+
+      case 'aes-256-gcm':
+        result = this._aesDeobfuscate(unpadded, metadata.key, metadata.nonce, metadata.authTag);
+        break;
+
+      default:
+        result = unpadded;
+    }
+
+    return result;
+  }
+
+  /**
+   * Mimic HTTP/2 traffic pattern
+   */
+  mimicHTTP2Pattern(data) {
+    // Add HTTP/2 frame-like header (simplified)
+    const frameHeader = Buffer.allocUnsafe(9);
+    
+    // Length (3 bytes)
+    const length = Math.min(data.length, 16383); // Max frame size
+    frameHeader.writeUIntBE(length, 0, 3);
+    
+    // Type (1 byte) - DATA frame
+    frameHeader.writeUInt8(0x00, 3);
+    
+    // Flags (1 byte)
+    frameHeader.writeUInt8(0x00, 4);
+    
+    // Stream ID (4 bytes)
+    frameHeader.writeUInt32BE(crypto.randomInt(1, 1000), 5);
+    
+    return Buffer.concat([frameHeader, data.slice(0, length)]);
+  }
+
+  /**
+   * Simulate burst traffic (like video streaming)
+   */
+  async simulateBurstTraffic(dataChunks, callback) {
+    if (!this.enabled) {
+      for (const chunk of dataChunks) {
+        await callback(chunk);
+      }
+      return;
+    }
+
+    // Send in bursts with pauses
+    const burstSize = crypto.randomInt(2, 6);
+    
+    for (let i = 0; i < dataChunks.length; i++) {
+      await callback(dataChunks[i]);
+      
+      // Add pause after burst
+      if ((i + 1) % burstSize === 0) {
+        const pauseDuration = crypto.randomInt(50, 200);
+        await new Promise(resolve => setTimeout(resolve, pauseDuration));
+      }
+    }
+  }
+
+  /**
+   * Enable obfuscation
+   */
+  enable() {
+    this.enabled = true;
+  }
+
+  /**
+   * Disable obfuscation
+   */
+  disable() {
+    this.enabled = false;
+  }
+
+  /**
+   * Get statistics
+   */
+  getStats() {
+    return {
+      enabled: this.enabled,
+      mode: this.mode,
+      maxJitter: this.maxJitter,
+      maxPadding: this.maxPadding
+    };
+  }
+}
+
+module.exports = TrafficObfuscation;

package/src/index.js

@@ -0,0 +1,106 @@
+'use strict';
+
+/**
+ * Yaksha VPN Protocol Library
+ * Main entry point and exports
+ * 
+ * @author Omindu Dissanayaka (SE U. G)
+ * @version 1.1.0
+ * @license MIT
+ */
+
+// Core modules
+const Protocol = require('./core/protocol');
+const Encryption = require('./core/encryption');
+const Connection = require('./core/connection');
+
+// Security modules
+const Authentication = require('./security/auth');
+const SecurityLevels = require('./security/levels');
+
+// Feature modules
+const SNISpoofing = require('./features/sni-spoof');
+const TrafficObfuscation = require('./features/traffic-obfuscation');
+const MultiPath = require('./features/multi-path');
+const DNSOverride = require('./features/dns-override');
+const TLSCamouflage = require('./features/tls-camouflage');
+
+// Bypass modules
+const FirewallEvasion = require('./bypass/firewall-evasion');
+
+// Server and Client
+const YakshaServer = require('./server');
+const YakshaClient = require('./client');
+
+// Utilities
+const Logger = require('./utils/logger');
+const Config = require('./utils/config');
+const BufferPool = require('./utils/buffer-pool');
+
+/**
+ * Create a new Yaksha VPN server
+ * @param {Object} options - Server configuration options
+ * @returns {YakshaServer}
+ */
+function createServer(options = {}) {
+  return new YakshaServer(options);
+}
+
+/**
+ * Create a new Yaksha VPN client
+ * @param {Object} options - Client configuration options
+ * @returns {YakshaClient}
+ */
+function createClient(options = {}) {
+  return new YakshaClient(options);
+}
+
+/**
+ * Get version information
+ * @returns {string}
+ */
+function getVersion() {
+  return '1.1.0';
+}
+
+// Main exports
+module.exports = {
+  // Factory functions
+  createServer,
+  createClient,
+  
+  // Server and Client classes
+  YakshaServer,
+  YakshaClient,
+  
+  // Core
+  Protocol,
+  Encryption,
+  Connection,
+  
+  // Security
+  Authentication,
+  SecurityLevels,
+  
+  // Features
+  SNISpoofing,
+  TrafficObfuscation,
+  MultiPath,
+  DNSOverride,
+  TLSCamouflage,
+  
+  // Bypass
+  FirewallEvasion,
+  
+  // Utilities
+  Logger,
+  Config,
+  BufferPool,
+  
+  // Info
+  version: getVersion(),
+  getVersion
+};
+
+// Default export
+module.exports.default = module.exports;