Expand description
Allium is a implementation of onion routing written in Rust. It enables anonymous communication over encrypted tunnels.
§Features
- Asynchronous design
- Periodic, seamless tunnel reconstruction
- Fixed-size packets
- Cover traffic
§Getting started
Each peer in the onion network requires a RSA keypair to sign its messages. A suitable RSA keypair can be generated with OpenSSL:
$ genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out hostkey.pkcs8.pem
$ openssl rsa -in hostkey.pkcs8.pem -out hostkey.pemUse RsaPrivateKey::from_pem_file to load the created key.
Furthermore, the public keys of other peers in the network must be supplied to verify their identities. A peer can export its public key like this:
$ openssl rsa -in hostkey.pem -outform DER -pubout -out hostkey_pub.derA remote peer is represented by the Peer struct which stores the peers address, port and RsaPublicKey.
To continuously (re-) build tunnels, the onion router needs a stream of peers which can be used as intermediary nodes in a tunnel.
This is requirement is met by the PeerProvider struct, which can be created from a asynchronous Stream<Item = Peer>.
The PeerProvider is fully responsible for the peer sampling.
With a RsaPrivateKey and a PeerProvider ready, the actual onion router can be constructed.
The onion router is split into two parts: a stream of incoming connections and a context
allowing the building of new tunnels.
Use the OnionBuilder type to configure the onion router and then call OnionBuilder::start
to obtain a OnionIncoming stream and a OnionContext.
OnionContext implements Clone, Send and Sync allowing to have multiple handles to the
same onion router instance.
The async method OnionContext::build_tunnel blocks until a Tunnel was successfully created and is ready for communication.
A Tunnel can be used similar to a normal socket by calling the Tunnel::read and Tunnel::write methods.
§Daemon
In addition to being used as a Rust library, Allium can also be run as a stand-alone daemon, which can be controlled over a socket. Refer to the README for more information on how to use Allium as a daemon.
Structs§
- Onion
Builder - Used for configuring and starting new onion router instances.
- Onion
Context - A handle to the underlying onion router allowing the construction of new tunnels.
- Onion
Incoming - A stream of incoming tunnel connections.
- Peer
- A remote peer characterized by its address, the port on which it is listening for onion connections and its public key.
- Peer
Provider - A stream of
Peers used for constructing tunnels. - RsaPrivate
Key - A RSA private key.
- RsaPublic
Key - A RSA public key.
- Tunnel
- A tunnel endpoint. This type persists over tunnel reconstructions.
- Tunnel
Writer - A write handle to a
Tunnel.