Crate allium

Source
Expand description

Allium is a implementation of onion routing written in Rust. It enables anonymous communication over encrypted tunnels.

§Features

  • Asynchronous design
  • Periodic, seamless tunnel reconstruction
  • Fixed-size packets
  • Cover traffic

§Getting started

Each peer in the onion network requires a RSA keypair to sign its messages. A suitable RSA keypair can be generated with OpenSSL:

$ genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out hostkey.pkcs8.pem
$ openssl rsa -in hostkey.pkcs8.pem -out hostkey.pem

Use RsaPrivateKey::from_pem_file to load the created key.

Furthermore, the public keys of other peers in the network must be supplied to verify their identities. A peer can export its public key like this:

$ openssl rsa -in hostkey.pem -outform DER -pubout -out hostkey_pub.der

A remote peer is represented by the Peer struct which stores the peers address, port and RsaPublicKey.

To continuously (re-) build tunnels, the onion router needs a stream of peers which can be used as intermediary nodes in a tunnel. This is requirement is met by the PeerProvider struct, which can be created from a asynchronous Stream<Item = Peer>. The PeerProvider is fully responsible for the peer sampling.

With a RsaPrivateKey and a PeerProvider ready, the actual onion router can be constructed. The onion router is split into two parts: a stream of incoming connections and a context allowing the building of new tunnels. Use the OnionBuilder type to configure the onion router and then call OnionBuilder::start to obtain a OnionIncoming stream and a OnionContext.

OnionContext implements Clone, Send and Sync allowing to have multiple handles to the same onion router instance. The async method OnionContext::build_tunnel blocks until a Tunnel was successfully created and is ready for communication. A Tunnel can be used similar to a normal socket by calling the Tunnel::read and Tunnel::write methods.

§Daemon

In addition to being used as a Rust library, Allium can also be run as a stand-alone daemon, which can be controlled over a socket. Refer to the README for more information on how to use Allium as a daemon.

Structs§

  • Used for configuring and starting new onion router instances.
  • A handle to the underlying onion router allowing the construction of new tunnels.
  • A stream of incoming tunnel connections.
  • A remote peer characterized by its address, the port on which it is listening for onion connections and its public key.
  • A stream of Peers used for constructing tunnels.
  • A RSA private key.
  • A RSA public key.
  • A tunnel endpoint. This type persists over tunnel reconstructions.
  • A write handle to a Tunnel.

Type Aliases§