Crate allium[−][src]

Expand description

Allium is a implementation of onion routing written in Rust. It enables anonymous communication over encrypted tunnels.

Features

Asynchronous design
Periodic, seamless tunnel reconstruction
Fixed-size packets
Cover traffic

Getting started

Each peer in the onion network requires a RSA keypair to sign its messages. A suitable RSA keypair can be generated with OpenSSL:

$ genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out hostkey.pkcs8.pem
$ openssl rsa -in hostkey.pkcs8.pem -out hostkey.pem

Use RsaPrivateKey::from_pem_file to load the created key.

Furthermore, the public keys of other peers in the network must be supplied to verify their identities. A peer can export its public key like this:

$ openssl rsa -in hostkey.pem -outform DER -pubout -out hostkey_pub.der

A remote peer is represented by the Peer struct which stores the peers address, port and RsaPublicKey.

To continuously (re-) build tunnels, the onion router needs a stream of peers which can be used as intermediary nodes in a tunnel. This is requirement is met by the PeerProvider struct, which can be created from a asynchronous Stream<Item = Peer>. The PeerProvider is fully responsible for the peer sampling.

With a RsaPrivateKey and a PeerProvider ready, the actual onion router can be constructed. The onion router is split into two parts: a stream of incoming connections and a context allowing the building of new tunnels. Use the OnionBuilder type to configure the onion router and then call OnionBuilder::start to obtain a OnionIncoming stream and a OnionContext.

OnionContext implements Clone, Send and Sync allowing to have multiple handles to the same onion router instance. The async method OnionContext::build_tunnel blocks until a Tunnel was successfully created and is ready for communication. A Tunnel can be used similar to a normal socket by calling the Tunnel::read and Tunnel::write methods.

Daemon

In addition to being used as a Rust library, Allium can also be run as a stand-alone daemon, which can be controlled over a socket. Refer to the README for more information on how to use Allium as a daemon.