cebolla 0.3.0

A convenience layer over Arti for building and connecting to Tor hidden services
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284

use std::{
    ops::{Deref, DerefMut},
    sync::Arc,
};

pub use arti_client;
pub use safelog::DisplayRedacted;
pub use tor_cell;
pub use tor_hsservice;

use snafu::OptionExt;
use snafu::prelude::*;

use arti_client::{DataStream, TorClientConfig};
use futures_util::{Stream, StreamExt};
use tor_cell::relaycell::msg::Connected;
use tor_hsservice::{RendRequest, StreamRequest};

pub type TorClient = arti_client::TorClient<tor_rtcompat::PreferredRuntime>;
pub type TorClientBuilder = arti_client::TorClientBuilder<tor_rtcompat::PreferredRuntime>;

#[cfg(feature = "http-client")]
mod http_client;

#[cfg(feature = "http-client")]
pub use http_client::{HttpClient, HttpClientBuilder};

#[cfg(feature = "http-server")]
mod http_server;

#[cfg(feature = "http-server")]
pub use http_server::HttpServer;

mod error;
pub use error::*;

pub type Result<T, E = Error> = std::result::Result<T, E>;

/// Connection to the Tor network
#[derive(Clone)]
pub struct Tor {
    /// Arti Tor client
    pub client: TorClient,
}

impl Deref for Tor {
    type Target = TorClient;

    fn deref(&self) -> &Self::Target {
        &self.client
    }
}

impl DerefMut for Tor {
    fn deref_mut(&mut self) -> &mut Self::Target {
        &mut self.client
    }
}

/// Used to configure connections to the Tor network, in most cases you will want to bootstrap on startup,
/// but there are cases where you might want to delay bootrstrapping since it does take time.
#[derive(Debug, Clone)]
pub struct TorConfig {
    /// Boostrap Tor network connection, if set to false you will need to manually bootstrap at another point
    pub bootstrap: bool,

    // Tor client config
    pub client_config: Option<TorClientConfig>,
}

impl Default for TorConfig {
    fn default() -> Self {
        TorConfig {
            bootstrap: true,
            client_config: None,
        }
    }
}

impl TorConfig {
    /// Create a new config with default values, this sets `bootstrap=true`
    pub fn new() -> Self {
        Self::default()
    }

    /// Enable/disable bootstrapping
    pub fn with_bootstrap(mut self, bootstrap: bool) -> Self {
        self.bootstrap = bootstrap;
        self
    }

    /// Set orclear client config
    pub fn with_client_config(mut self, config: Option<TorClientConfig>) -> Self {
        self.client_config = config;
        self
    }
}

impl Tor {
    /// Create a new connection to the Tor network using the provided configuration options
    #[tracing::instrument(err, level = "info")]
    pub async fn new(config: TorConfig) -> Result<Self, Error> {
        let client = if config.bootstrap {
            Self::new_custom(async move |b| {
                b.config(config.client_config.unwrap_or_default())
                    .create_bootstrapped()
                    .await
                    .context(ArtiClientSnafu)
            })
            .await?
        } else {
            Self::new_custom(async move |b| {
                b.config(config.client_config.unwrap_or_default())
                    .create_unbootstrapped_async()
                    .await
                    .context(ArtiClientSnafu)
            })
            .await?
        };

        Ok(client)
    }

    /// Create a new connection to the Tor network using a callback to edit a `TorClientBuilder` instance
    #[tracing::instrument(err, skip(callback), level = "info")]
    pub async fn new_custom<
        T: Future<Output = Result<TorClient, Error>>,
        F: FnOnce(TorClientBuilder) -> T,
    >(
        callback: F,
    ) -> Result<Self, Error> {
        let builder = arti_client::TorClient::builder();
        let client = callback(builder).await?;
        Ok(Self { client })
    }

    /// Start a new Tor Hidden Service with the given identifier, this identifier is used to associate the service and its keys
    pub fn service(&self, name: &str) -> Result<HiddenService> {
        HiddenService::new(self, name)
    }
}

/// Tor Hidden Service
pub struct HiddenService {
    tor: Tor,
    service: Arc<tor_hsservice::RunningOnionService>,
    stream: std::pin::Pin<Box<dyn Send + Sync + futures_util::Stream<Item = RendRequest>>>,
}

impl HiddenService {
    /// Create a new Tor Hidden Service with the given identifier
    #[tracing::instrument(skip(tor), err)]
    pub fn new(tor: &Tor, name: &str) -> Result<Self> {
        let service = tor_hsservice::config::OnionServiceConfigBuilder::default()
            .nickname(name.parse().context(InvalidNicknameSnafu)?)
            .build()
            .context(ConfigBuildSnafu)?;

        let (service, stream) = tor
            .client
            .launch_onion_service(service)
            .context(ArtiClientSnafu)?
            .context(EmptyOnionServiceSnafu {
                name: name.to_owned(),
            })?;

        Ok(HiddenService {
            tor: tor.clone(),
            service,
            stream: Box::pin(stream),
        })
    }

    /// Access underlying tor connection
    pub fn tor(&self) -> &Tor {
        &self.tor
    }

    /// Accept an incoming Tor connection
    #[tracing::instrument(skip(self), err)]
    pub async fn accept(&mut self) -> Result<Option<TorConnection>> {
        if let Some(x) = self.stream.next().await {
            x.accept()
                .await
                .map_err(Box::new)
                .context(ClientSnafu)
                .map(|stream| {
                    Option::Some(TorConnection {
                        stream: Box::new(stream),
                    })
                })
        } else {
            Ok(None)
        }
    }

    /// Accept incoming tor connection and open incoming client
    #[tracing::instrument(skip(self), err)]
    pub async fn handle(&mut self) -> std::io::Result<Option<(Address, DataStream)>> {
        if let Some(x) = self.stream.next().await
            && let Some(mut conn) = x
                .accept()
                .await
                .map_err(|_| {
                    std::io::Error::new(
                        std::io::ErrorKind::NotConnected,
                        "unable to accept connection",
                    )
                })
                .map(|stream| {
                    Option::Some(TorConnection {
                        stream: Box::new(stream),
                    })
                })?
        {
            return conn.accept_next().await.map_err(|_| {
                std::io::Error::new(
                    std::io::ErrorKind::NotConnected,
                    "unable to open data stream",
                )
            });
        }
        Ok(None)
    }
}

impl Deref for HiddenService {
    type Target = tor_hsservice::RunningOnionService;

    fn deref(&self) -> &Self::Target {
        &self.service
    }
}

/// An incoming Tor connection stream, this is used to accept requests from incoming clients
pub struct TorConnection {
    stream: Box<dyn 'static + Send + Stream<Item = StreamRequest> + Unpin>,
}

impl TorConnection {
    /// Accept next incoming stream
    #[tracing::instrument(skip(self), err)]
    pub async fn accept_next(&mut self) -> Result<Option<(Address, DataStream)>> {
        if let Some(conn) = self.stream.next().await {
            let addr = match conn.request() {
                tor_proto::client::stream::IncomingStreamRequest::Begin(begin) => Address {
                    addr: begin.addr().to_vec(),
                    port: begin.port(),
                },
                _ => {
                    conn.shutdown_circuit().context(ArtiBugSnafu)?;
                    return Ok(None);
                }
            };

            let conn = conn
                .accept(Connected::new_empty())
                .await
                .map_err(Box::new)
                .context(ClientSnafu)?;
            return Ok(Some((addr, conn)));
        }

        Ok(None)
    }
}

/// IP address for Tor connections
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct Address {
    addr: Vec<u8>,
    port: u16,
}

impl Stream for TorConnection {
    type Item = StreamRequest;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> std::task::Poll<Option<Self::Item>> {
        self.stream.poll_next_unpin(cx)
    }
}