Hi,
I noticed that because the obfsproxy api can sometimes buffer and resend smaller chunks of data. My simple use of Nacl stream_crypto to wrap each incoming data buffers will not work... that is because the client and server must keep synchronized nonce counters for the decrypt/encrypt to work... and in this case the client may send one large buffer and the server may receive many smaller buffers... trying to decrypt them with different nonces will of course fail.
https://github.com/david415/obfsproxy/tree/david-nacl-stream-withoutkeyexcha...
It seems like the solution is to write a super simple "framing protocol"... which is to say that I can first send a frame length; and on the receiving end simply read until frame length worth of data is consumed... and then apply the crypto_stream cipher on that frame with the correct corresponding nonce.
David