Expand description
Allium is a implementation of onion routing written in Rust. It enables anonymous communication over encrypted tunnels.
§Features
- Asynchronous design
- Periodic, seamless tunnel reconstruction
- Fixed-size packets
- Cover traffic
§Getting started
Each peer in the onion network requires a RSA keypair to sign its messages. A suitable RSA keypair can be generated with OpenSSL:
$ genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out hostkey.pkcs8.pem
$ openssl rsa -in hostkey.pkcs8.pem -out hostkey.pem
Use RsaPrivateKey::from_pem_file
to load the created key.
Furthermore, the public keys of other peers in the network must be supplied to verify their identities. A peer can export its public key like this:
$ openssl rsa -in hostkey.pem -outform DER -pubout -out hostkey_pub.der
A remote peer is represented by the Peer
struct which stores the peers address, port and RsaPublicKey
.
To continuously (re-) build tunnels, the onion router needs a stream of peers which can be used as intermediary nodes in a tunnel.
This is requirement is met by the PeerProvider
struct, which can be created from a asynchronous Stream<Item = Peer>
.
The PeerProvider
is fully responsible for the peer sampling.
With a RsaPrivateKey
and a PeerProvider
ready, the actual onion router can be constructed.
The onion router is split into two parts: a stream of incoming connections and a context
allowing the building of new tunnels.
Use the OnionBuilder
type to configure the onion router and then call OnionBuilder::start
to obtain a OnionIncoming
stream and a OnionContext
.
OnionContext
implements Clone
, Send
and Sync
allowing to have multiple handles to the
same onion router instance.
The async method OnionContext::build_tunnel
blocks until a Tunnel
was successfully created and is ready for communication.
A Tunnel
can be used similar to a normal socket by calling the Tunnel::read
and Tunnel::write
methods.
§Daemon
In addition to being used as a Rust library, Allium can also be run as a stand-alone daemon, which can be controlled over a socket. Refer to the README for more information on how to use Allium as a daemon.
Structs§
- Used for configuring and starting new onion router instances.
- A handle to the underlying onion router allowing the construction of new tunnels.
- A stream of incoming tunnel connections.
- A remote peer characterized by its address, the port on which it is listening for onion connections and its public key.
- A stream of
Peer
s used for constructing tunnels. - A RSA private key.
- A RSA public key.
- A tunnel endpoint. This type persists over tunnel reconstructions.
- A write handle to a
Tunnel
.
Type Aliases§
- The unique ID of a tunnel.