Change the stream header format and reduce overhead

cmd/ck-client/ck-client.go

@@ -23,7 +23,7 @@ import (
 var version string
 
 func pipe(dst io.ReadWriteCloser, src io.ReadWriteCloser) {
-	// The maximum size of TLS message will be 16396+16. 16 because of the stream header
+	// The maximum size of TLS message will be 16396+12. 12 because of the stream header
 	// 16408 is the max TLS message size on Firefox
 	buf := make([]byte, 16396)
 	for {

cmd/ck-server/ck-server.go

@@ -24,7 +24,7 @@ import (
 var version string
 
 func pipe(dst io.ReadWriteCloser, src io.ReadWriteCloser) {
-	// The maximum size of TLS message will be 16396+16. 16 because of the stream header
+	// The maximum size of TLS message will be 16396+12. 12 because of the stream header
 	// 16408 is the max TLS message size on Firefox
 	buf := make([]byte, 16396)
 	for {

internal/multiplex/frame.go

@@ -5,6 +5,6 @@ import ()
 type Frame struct {
 	StreamID uint32
 	Seq      uint32
-	Closing  uint32
+	Closing  uint8
 	Payload  []byte
 }

internal/multiplex/obfs.go

@@ -13,34 +13,36 @@ type Deobfser func([]byte) (*Frame, error)
 
 var u32 = binary.BigEndian.Uint32
 
+const headerLen = 12
+
 // For each frame, the three parts of the header is xored with three keys.
 // The keys are generated from the SID and the payload of the frame.
-func genXorKeys(key, nonce []byte) (i uint32, ii uint32, iii uint32) {
+func genXorKeys(key, nonce []byte) (i uint32, ii uint32, iii uint8) {
 	h := sha1.New()
 	hashed := h.Sum(append(key, nonce...))
-	return u32(hashed[0:4]), u32(hashed[4:8]), u32(hashed[8:12])
+	return u32(hashed[0:4]), u32(hashed[4:8]), hashed[8]
 }
 
 func MakeObfs(key []byte) Obfser {
 	obfs := func(f *Frame) ([]byte, error) {
-		obfsedHeader := make([]byte, 16)
+		obfsedHeader := make([]byte, headerLen)
-		// header: [StreamID 4 bytes][Seq 4 bytes][Closing 4 bytes][Nonce 4 bytes]
+		// header: [StreamID 4 bytes][Seq 4 bytes][Closing 1 byte][Nonce 3 bytes]
-		io.ReadFull(rand.Reader, obfsedHeader[12:16])
+		io.ReadFull(rand.Reader, obfsedHeader[9:12])
-		i, ii, iii := genXorKeys(key, obfsedHeader[12:16])
+		i, ii, iii := genXorKeys(key, obfsedHeader[9:12])
 		binary.BigEndian.PutUint32(obfsedHeader[0:4], f.StreamID^i)
 		binary.BigEndian.PutUint32(obfsedHeader[4:8], f.Seq^ii)
-		binary.BigEndian.PutUint32(obfsedHeader[8:12], f.Closing^iii)
+		obfsedHeader[8] = f.Closing ^ iii
 
 		// Composing final obfsed message
 		// We don't use util.AddRecordLayer here to avoid unnecessary malloc
-		obfsed := make([]byte, 5+16+len(f.Payload))
+		obfsed := make([]byte, 5+headerLen+len(f.Payload))
 		obfsed[0] = 0x17
 		obfsed[1] = 0x03
 		obfsed[2] = 0x03
-		binary.BigEndian.PutUint16(obfsed[3:5], uint16(16+len(f.Payload)))
+		binary.BigEndian.PutUint16(obfsed[3:5], uint16(headerLen+len(f.Payload)))
-		copy(obfsed[5:21], obfsedHeader)
+		copy(obfsed[5:5+headerLen], obfsedHeader)
-		copy(obfsed[21:], f.Payload)
+		copy(obfsed[5+headerLen:], f.Payload)
-		// obfsed: [record layer 5 bytes][cipherheader 16 bytes][payload]
+		// obfsed: [record layer 5 bytes][cipherheader 12 bytes][payload]
 		return obfsed, nil
 	}
 	return obfs
@@ -48,16 +50,16 @@ func MakeObfs(key []byte) Obfser {
 
 func MakeDeobfs(key []byte) Deobfser {
 	deobfs := func(in []byte) (*Frame, error) {
-		if len(in) < 21 {
+		if len(in) < 5+headerLen {
-			return nil, errors.New("Input cannot be shorter than 21 bytes")
+			return nil, errors.New("Input cannot be shorter than 17 bytes")
 		}
 		peeled := in[5:]
-		i, ii, iii := genXorKeys(key, peeled[12:16])
+		i, ii, iii := genXorKeys(key, peeled[9:12])
 		streamID := u32(peeled[0:4]) ^ i
 		seq := u32(peeled[4:8]) ^ ii
-		closing := u32(peeled[8:12]) ^ iii
+		closing := peeled[8] ^ iii
-		payload := make([]byte, len(peeled)-16)
+		payload := make([]byte, len(peeled)-headerLen)
-		copy(payload, peeled[16:])
+		copy(payload, peeled[headerLen:])
 		ret := &Frame{
 			StreamID: streamID,
 			Seq:      seq,