cobweb 0.2.2

A Rust library for creating encrypted VPNs, focused on simplicity and security
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

#![feature(trivial_bounds)]
#![feature(unboxed_closures)]
#![feature(fn_traits)]

//!# Cobweb
//!Cobweb is a Rust library for creating fully asynchronous, encrypted VPNs, focused on simplicity and security. It supports both Mac and Linux - Windows support is a long-term goal but not planned.

//!Check out the documentation and examples for more info on how to use the library.

//!Cobweb is licensed under AGPLv3 to make sure that is free software and stays as free software. If you want a relicensed version for your project, email me and we (the contributers) will talk with you.

//!## Examples
//!Check the `examples` directory in the repository for example VPN client and server implementations.

//!## Next Release
//!Cobweb is currently in its `0.2.0` release - it provides enough features and documentation to be used powerfully, but lacks planned features, could use some better error handling and is not thoroughly tested. Use at your own risk.

//!`0.2.1` will see the first release of the optional `async-await-preview` feature to the crate. This flag will give access to code based on the upcoming `std::Future` and async/await APIs. Once those APIs become stable, the code based on the `futures` crate will be deprecated and moved under an optional `old-futures` flag, and Cobweb will see its `0.3.0` release.

mod en;

use crate::en::{En, De};
use std::io::Result;
use keybob::Key;
use tun_tap::{Iface, Mode};
use tun_tap::r#async::Async;
use std::process::Command;
use tokio_core::reactor::Handle;
use futures::prelude::*;
use futures::stream::{SplitSink, SplitStream};
use futures::sink::With;
use futures::stream::Map;
use std::result::Result as DualResult;

fn cmd(cmd: &str, args: &[&str]) {
    let ecode = Command::new("ip")
        .args(args)
        .spawn()
        .unwrap()
        .wait()
        .unwrap();
    assert!(ecode.success(), "Failed to execute {}", cmd);
}

/// A simple TUN interface.
///
/// # Examples
/// ```let tun = Tun::new(&handle).unwrap();
/// tun.send(vec![1, 3, 3, 7]).unwrap();
/// ```
pub struct Tun {
    
    sink: SplitSink<Async>,
    stream: SplitStream<Async>,
}

impl Tun {
    pub fn new(handle: &Handle) -> Result<Tun>
        {
        
        let tun = Iface::new("vpn%d", Mode::Tun);

        if tun.is_err() {
            eprintln!("ERROR: Permission denied. Try running as superuser");
            ::std::process::exit(1);
        }
       
        let tun_ok = tun.unwrap();
        cmd("ip", &["addr", "add", "dev", tun_ok.name(), "10.107.1.3/24"]);
        cmd("ip", &["link", "set", "up", "dev", tun_ok.name()]);
        let (sink, stream) = Async::new(tun_ok, handle)
            .unwrap()
            .split();
        
        Ok(Tun {
            sink: sink,
            stream: stream,
        })
    }
    
    /// Consumes the Tun and create an EncryptedTun.
    /// You can use all the same methods on an EncryptedTun as you can with a regular Tun.
    pub fn encrypt(self, key: &Key) -> Result<EncryptedTun> {
        
        let encryptor = En::new(&key);
        let decryptor = De::new(&key);
       
        Ok(EncryptedTun {
            sink: self.sink.with(decryptor),
            stream: self.stream.map(encryptor),
        })
    }

    /// Sends some bytes through the TUN device to whatever you have connected on the other end
    pub fn send(self, msg: Vec<u8>) -> Result<()> {
        
        match self.sink.send(msg).wait() {
            Ok(_res) => Ok(()),
            Err(err) => Err(err)
        }
    }

    /// Receives bytes from the TUN device
    pub fn recv(self, buf: &mut Vec<u8>) -> Result<()> {

        match self.stream.take(1).wait().last() {
            Some(res) => {
                buf.extend(res.unwrap().as_slice());
                Ok(())
                },
            None => Err(std::io::Error::new(std::io::ErrorKind::Other, "Sending failed"))
        }
    }

    pub fn split(self) -> (SplitSink<Async>, SplitStream<Async>) {
        (self.sink, self.stream)
    }
}

impl Sink for Tun {
    type SinkItem = Vec<u8>;
    type SinkError = std::io::Error;

    fn start_send(&mut self, item: Vec<u8>) -> DualResult<futures::AsyncSink<Vec<u8>>, std::io::Error> {
        self.sink.start_send(item)
    }

    fn poll_complete(&mut self) -> DualResult<futures::Async<()>, std::io::Error> {
        self.sink.poll_complete()
    }
}

impl Stream for Tun {
    type Item = Vec<u8>;
    type Error = std::io::Error;

    fn poll(&mut self) -> DualResult<futures::Async<Option<Vec<u8>>>, std::io::Error> {
        self.stream.poll()
    }
}

/// An interface to an encrypted TUN device.
///
/// # Examples
/// ```let tun = Tun::new(&handle).unwrap()
///              .encrypt(&Key::new(KeyType::Aes256))
///              .unwrap();
/// tun.send(vec![1, 3, 3, 7]).unwrap();
/// ```
pub struct EncryptedTun {
    
    sink: With<SplitSink<Async>, Vec<u8>, en::De, DualResult<Vec<u8>, std::io::Error>>,
    stream: Map<SplitStream<Async>, en::En>,
}

impl EncryptedTun {
    /// Sends some bytes through the TUN device to whatever you have connected on the other end
    pub fn send(self, msg: Vec<u8>) -> Result<()> {
        
        match self.sink.send(msg).wait() {
            Ok(_res) => Ok(()),
            Err(err) => Err(err)
        }
    }

    /// Receives bytes from the TUN device
    pub fn recv(self, buf: &mut Vec<u8>) -> Result<()> {
        
        match self.stream.take(1).wait().last() {
            Some(res) => {
                buf.extend(res.unwrap().as_slice());
                Ok(())
                },
            None => Err(std::io::Error::new(std::io::ErrorKind::Other, "Sending failed"))
        }
    }

    /// Split the interface into its Sink and Stream components.
    /// This is useful if you want to send and receive bytes from
    /// another interface (like a UDP socket for example) and send them to
    /// your TUN device.
    pub fn split(self) -> (With<SplitSink<Async>, Vec<u8>, en::De, DualResult<Vec<u8>, std::io::Error>>, Map<SplitStream<Async>, en::En>) {
        (self.sink, self.stream)
    }
}

impl Sink for EncryptedTun {
    type SinkItem = Vec<u8>;
    type SinkError = std::io::Error;

    fn start_send(&mut self, item: Vec<u8>) -> DualResult<futures::AsyncSink<Vec<u8>>, std::io::Error> {
        self.sink.start_send(item)
    }

    fn poll_complete(&mut self) -> DualResult<futures::Async<()>, std::io::Error> {
        self.sink.poll_complete()
    }
}

impl Stream for EncryptedTun {
    type Item = Vec<u8>;
    type Error = std::io::Error;

    fn poll(&mut self) -> DualResult<futures::Async<Option<Vec<u8>>>, std::io::Error> {
        self.stream.poll()
    }
}