cwtch.im
/
tapir
5
2
Fork 2
Code Issues 2 Pull Requests 0 Releases 24 Wiki Activity
Tapir provides a framework for building Anonymous / metadata resistant Services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
75 Commits
12 Branches
1.1 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
tapir/networks/tor/BaseOnionService.go

205 lines
6.5 KiB
Raw Permalink Blame History 

  1. package tor

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"encoding/base64"

  6. 	"errors"

  7. 	"git.openprivacy.ca/cwtch.im/tapir"

  8. 	"git.openprivacy.ca/cwtch.im/tapir/primitives"

  9. 	"git.openprivacy.ca/openprivacy/connectivity"

  10. 	"git.openprivacy.ca/openprivacy/log"

  11. 	"golang.org/x/crypto/ed25519"

  12. 	"sync"

  13. 	"time"

  14. )

  15. 

  16. // BaseOnionService is a concrete implementation of the service interface over Tor onion services.

  17. type BaseOnionService struct {

  18. 	connections sync.Map

  19. 	acn         connectivity.ACN

  20. 	id          *primitives.Identity

  21. 	privateKey  ed25519.PrivateKey

  22. 	ls          connectivity.ListenService

  23. 	lock        sync.Mutex

  24. 	port        int

  25. }

  26. 

  27. // Metrics provides a report of useful information about the status of the service e.g. the number of active

  28. // connections

  29. func (s *BaseOnionService) Metrics() tapir.ServiceMetrics {

  30. 	s.lock.Lock()

  31. 	defer s.lock.Unlock()

  32. 

  33. 	count := 0

  34. 	s.connections.Range(func(key, value interface{}) bool {

  35. 		connection := value.(tapir.Connection)

  36. 		if !connection.IsClosed() {

  37. 			count++

  38. 		}

  39. 		return true

  40. 	})

  41. 

  42. 	return tapir.ServiceMetrics{

  43. 		ConnectionCount: count,

  44. 	}

  45. }

  46. 

  47. // Init initializes a BaseOnionService with a given private key and identity

  48. // The private key is needed to initialize the Onion listen socket, ideally we could just pass an Identity in here.

  49. func (s *BaseOnionService) Init(acn connectivity.ACN, sk ed25519.PrivateKey, id *primitives.Identity) {

  50. 	// run add onion

  51. 	// get listen context

  52. 	s.acn = acn

  53. 	s.id = id

  54. 	s.privateKey = sk

  55. 	s.port = 9878

  56. }

  57. 

  58. // SetPort configures the port that the service uses.

  59. func (s *BaseOnionService) SetPort(port int) {

  60. 	s.port = port

  61. }

  62. 

  63. // WaitForCapabilityOrClose blocks until the connection has the given capability or the underlying connection is closed

  64. // (through error or user action)

  65. func (s *BaseOnionService) WaitForCapabilityOrClose(cid string, name tapir.Capability) (tapir.Connection, error) {

  66. 	conn, err := s.GetConnection(cid)

  67. 	// If there is at least one active connection, then check the one that is returned and use it

  68. 	for conn != nil {

  69. 		if conn.HasCapability(name) {

  70. 			return conn, nil

  71. 		}

  72. 		time.Sleep(time.Millisecond * 200)

  73. 		// If we received both a Connection and an Error from GetConnection that means we have multiple connections

  74. 		// If that was the case we refresh from the connection store as the likely case is one of them has been

  75. 		// closed and the other one has the capabilities we need.

  76. 		if err != nil {

  77. 			conn, err = s.GetConnection(cid)

  78. 		}

  79. 	}

  80. 	// There are no active connections with that hostname

  81. 	return nil, err

  82. }

  83. 

  84. // GetConnection returns a connection for a given hostname.

  85. func (s *BaseOnionService) GetConnection(hostname string) (tapir.Connection, error) {

  86. 	conn := make([]tapir.Connection, 0)

  87. 	s.connections.Range(func(key, value interface{}) bool {

  88. 		connection := value.(tapir.Connection)

  89. 		if connection.Hostname() == hostname {

  90. 			if !connection.IsClosed() {

  91. 				conn = append(conn, connection)

  92. 				return true

  93. 			}

  94. 		}

  95. 		return true

  96. 	})

  97. 	if len(conn) == 0 {

  98. 		return nil, errors.New("no connection found")

  99. 	}

  100. 	if len(conn) > 1 {

  101. 		// If there are multiple connections we return the first one but also notify the user (this should be a

  102. 		// temporary edgecase (see Connect))

  103. 		return conn[0], errors.New("multiple connections found")

  104. 	}

  105. 	return conn[0], nil

  106. }

  107. 

  108. // Connect initializes a new outbound connection to the given peer, using the defined Application

  109. func (s *BaseOnionService) Connect(hostname string, app tapir.Application) (bool, error) {

  110. 	_, err := s.GetConnection(hostname)

  111. 	if err == nil {

  112. 		// Note: This check is not 100% reliable. And we may end up with two connections between peers

  113. 		// This can happen when a client connects to a server as the server is connecting to the client

  114. 		// Because at the start of the connection the server cannot derive the true hostname of the client until it

  115. 		// has auth'd

  116. 		// We mitigate this by performing multiple checks when Connect'ing

  117. 		return true, errors.New("already connected to " + hostname)

  118. 	}

  119. 	// connects to a remote server

  120. 	// spins off to a connection struct

  121. 	log.Debugf("Connecting to %v", hostname)

  122. 	conn, _, err := s.acn.Open(hostname)

  123. 	if err == nil {

  124. 		connectionID := s.getNewConnectionID()

  125. 

  126. 		// Second check. If we didn't catch a double connection attempt before the Open we *should* catch it now because

  127. 		// the auth protocol is quick and Open over onion connections can take some time.

  128. 		// Again this isn't 100% reliable.

  129. 		_, err := s.GetConnection(hostname)

  130. 		if err == nil {

  131. 			conn.Close()

  132. 			return true, errors.New("already connected to " + hostname)

  133. 		}

  134. 

  135. 		log.Debugf("Connected to %v [%v]", hostname, connectionID)

  136. 		s.connections.Store(connectionID, tapir.NewConnection(s, s.id, hostname, true, conn, app.NewInstance()))

  137. 		return true, nil

  138. 	}

  139. 	log.Debugf("Error connecting to %v %v", hostname, err)

  140. 	return false, err

  141. }

  142. 

  143. func (s *BaseOnionService) getNewConnectionID() string {

  144. 	id := make([]byte, 10)

  145. 	rand.Read(id)

  146. 	connectionID := "connection-" + base64.StdEncoding.EncodeToString(id)

  147. 	return connectionID

  148. }

  149. 

  150. // Listen starts a blocking routine that waits for incoming connections and initializes connections with them based

  151. // on the given Application.

  152. func (s *BaseOnionService) Listen(app tapir.Application) error {

  153. 	// accepts a new connection

  154. 	// spins off to a connection struct

  155. 	s.lock.Lock()

  156. 	ls, err := s.acn.Listen(s.privateKey, s.port)

  157. 	s.ls = ls

  158. 	log.Debugf("Starting a service on %v ", ls.AddressFull())

  159. 	s.lock.Unlock()

  160. 

  161. 	if err == nil {

  162. 		for {

  163. 			conn, err := s.ls.Accept()

  164. 			if err == nil {

  165. 				tempHostname := s.getNewConnectionID()

  166. 				log.Debugf("Accepted connection from %v", tempHostname)

  167. 				s.connections.Store(tempHostname, tapir.NewConnection(s, s.id, tempHostname, false, conn, app.NewInstance()))

  168. 			} else {

  169. 				log.Debugf("Error accepting connection %v", err)

  170. 				return err

  171. 			}

  172. 		}

  173. 	}

  174. 	log.Debugf("Error listening to connection %v", err)

  175. 	return err

  176. }

  177. 

  178. // Shutdown closes the service and ensures that any connections are closed.

  179. func (s *BaseOnionService) Shutdown() {

  180. 	s.lock.Lock()

  181. 	defer s.lock.Unlock()

  182. 	if s.ls != nil {

  183. 		s.ls.Close()

  184. 	}

  185. 	s.connections.Range(func(key, value interface{}) bool {

  186. 		connection := value.(tapir.Connection)

  187. 		connection.Close()

  188. 		return true

  189. 	})

  190. }

  191. 

  192. // Broadcast sends a message to all connections who possess the given capability

  193. func (s *BaseOnionService) Broadcast(message []byte, capability tapir.Capability) error {

  194. 	s.lock.Lock()

  195. 	defer s.lock.Unlock()

  196. 	s.connections.Range(func(key, value interface{}) bool {

  197. 		connection := value.(tapir.Connection)

  198. 		if connection.HasCapability(capability) {

  199. 			connection.Send(message)

  200. 		}

  201. 		return true

  202. 	})

  203. 	return nil

  204. }