cwtch.im
/
tapir
5
2
Fork 2
Code Issues 2 Pull Requests 0 Releases 20 Wiki Activity
Tapir provides a framework for building Anonymous / metadata resistant Services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69 Commits
12 Branches
881 KiB
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
tapir/networks/tor/BaseOnionService.go

198 lines
6.3 KiB
Raw Permalink Blame History 

  1. package tor

  2. 

  3. import (

  4. 	"crypto/rand"

  5. 	"cwtch.im/tapir"

  6. 	"cwtch.im/tapir/primitives"

  7. 	"encoding/base64"

  8. 	"errors"

  9. 	"git.openprivacy.ca/openprivacy/connectivity"

  10. 	"git.openprivacy.ca/openprivacy/log"

  11. 	"golang.org/x/crypto/ed25519"

  12. 	"sync"

  13. 	"time"

  14. )

  15. 

  16. // BaseOnionService is a concrete implementation of the service interface over Tor onion services.

  17. type BaseOnionService struct {

  18. 	connections sync.Map

  19. 	acn         connectivity.ACN

  20. 	id          *primitives.Identity

  21. 	privateKey  ed25519.PrivateKey

  22. 	ls          connectivity.ListenService

  23. 	lock        sync.Mutex

  24. }

  25. 

  26. // Metrics provides a report of useful information about the status of the service e.g. the number of active

  27. // connections

  28. func (s *BaseOnionService) Metrics() tapir.ServiceMetrics {

  29. 	s.lock.Lock()

  30. 	defer s.lock.Unlock()

  31. 

  32. 	count := 0

  33. 	s.connections.Range(func(key, value interface{}) bool {

  34. 		connection := value.(tapir.Connection)

  35. 		if !connection.IsClosed() {

  36. 			count++

  37. 		}

  38. 		return true

  39. 	})

  40. 

  41. 	return tapir.ServiceMetrics{

  42. 		ConnectionCount: count,

  43. 	}

  44. }

  45. 

  46. // Init initializes a BaseOnionService with a given private key and identity

  47. // The private key is needed to initialize the Onion listen socket, ideally we could just pass an Identity in here.

  48. func (s *BaseOnionService) Init(acn connectivity.ACN, sk ed25519.PrivateKey, id *primitives.Identity) {

  49. 	// run add onion

  50. 	// get listen context

  51. 	s.acn = acn

  52. 	s.id = id

  53. 	s.privateKey = sk

  54. }

  55. 

  56. // WaitForCapabilityOrClose blocks until the connection has the given capability or the underlying connection is closed

  57. // (through error or user action)

  58. func (s *BaseOnionService) WaitForCapabilityOrClose(cid string, name tapir.Capability) (tapir.Connection, error) {

  59. 	conn, err := s.GetConnection(cid)

  60. 	// If there is at least one active connection, then check the one that is returned and use it

  61. 	for conn != nil {

  62. 		if conn.HasCapability(name) {

  63. 			return conn, nil

  64. 		}

  65. 		time.Sleep(time.Millisecond * 200)

  66. 		// If we received both a Connection and an Error from GetConnection that means we have multiple connections

  67. 		// If that was the case we refresh from the connection store as the likely case is one of them has been

  68. 		// closed and the other one has the capabilities we need.

  69. 		if err != nil {

  70. 			conn, err = s.GetConnection(cid)

  71. 		}

  72. 	}

  73. 	// There are no active connections with that hostname

  74. 	return nil, err

  75. }

  76. 

  77. // GetConnection returns a connection for a given hostname.

  78. func (s *BaseOnionService) GetConnection(hostname string) (tapir.Connection, error) {

  79. 	conn := make([]tapir.Connection, 0)

  80. 	s.connections.Range(func(key, value interface{}) bool {

  81. 		connection := value.(tapir.Connection)

  82. 		if connection.Hostname() == hostname {

  83. 			if !connection.IsClosed() {

  84. 				conn = append(conn, connection)

  85. 				return true

  86. 			}

  87. 		}

  88. 		return true

  89. 	})

  90. 	if len(conn) == 0 {

  91. 		return nil, errors.New("no connection found")

  92. 	}

  93. 	if len(conn) > 1 {

  94. 		// If there are multiple connections we return the first one but also notify the user (this should be a

  95. 		// temporary edgecase (see Connect))

  96. 		return conn[0], errors.New("multiple connections found")

  97. 	}

  98. 	return conn[0], nil

  99. }

  100. 

  101. // Connect initializes a new outbound connection to the given peer, using the defined Application

  102. func (s *BaseOnionService) Connect(hostname string, app tapir.Application) (bool, error) {

  103. 	_, err := s.GetConnection(hostname)

  104. 	if err == nil {

  105. 		// Note: This check is not 100% reliable. And we may end up with two connections between peers

  106. 		// This can happen when a client connects to a server as the server is connecting to the client

  107. 		// Because at the start of the connection the server cannot derive the true hostname of the client until it

  108. 		// has auth'd

  109. 		// We mitigate this by performing multiple checks when Connect'ing

  110. 		return true, errors.New("already connected to " + hostname)

  111. 	}

  112. 	// connects to a remote server

  113. 	// spins off to a connection struct

  114. 	log.Debugf("Connecting to %v", hostname)

  115. 	conn, _, err := s.acn.Open(hostname)

  116. 	if err == nil {

  117. 		connectionID := s.getNewConnectionID()

  118. 

  119. 		// Second check. If we didn't catch a double connection attempt before the Open we *should* catch it now because

  120. 		// the auth protocol is quick and Open over onion connections can take some time.

  121. 		// Again this isn't 100% reliable.

  122. 		_, err := s.GetConnection(hostname)

  123. 		if err == nil {

  124. 			conn.Close()

  125. 			return true, errors.New("already connected to " + hostname)

  126. 		}

  127. 

  128. 		log.Debugf("Connected to %v [%v]", hostname, connectionID)

  129. 		s.connections.Store(connectionID, tapir.NewConnection(s, s.id, hostname, true, conn, app.NewInstance()))

  130. 		return true, nil

  131. 	}

  132. 	log.Debugf("Error connecting to %v %v", hostname, err)

  133. 	return false, err

  134. }

  135. 

  136. func (s *BaseOnionService) getNewConnectionID() string {

  137. 	id := make([]byte, 10)

  138. 	rand.Read(id)

  139. 	connectionID := "connection-" + base64.StdEncoding.EncodeToString(id)

  140. 	return connectionID

  141. }

  142. 

  143. // Listen starts a blocking routine that waits for incoming connections and initializes connections with them based

  144. // on the given Application.

  145. func (s *BaseOnionService) Listen(app tapir.Application) error {

  146. 	// accepts a new connection

  147. 	// spins off to a connection struct

  148. 	s.lock.Lock()

  149. 	ls, err := s.acn.Listen(s.privateKey, 9878)

  150. 	s.ls = ls

  151. 	log.Debugf("Starting a service on %v ", ls.AddressFull())

  152. 	s.lock.Unlock()

  153. 

  154. 	if err == nil {

  155. 		for {

  156. 			conn, err := s.ls.Accept()

  157. 			if err == nil {

  158. 				tempHostname := s.getNewConnectionID()

  159. 				log.Debugf("Accepted connection from %v", tempHostname)

  160. 				s.connections.Store(tempHostname, tapir.NewConnection(s, s.id, tempHostname, false, conn, app.NewInstance()))

  161. 			} else {

  162. 				log.Debugf("Error accepting connection %v", err)

  163. 				return err

  164. 			}

  165. 		}

  166. 	}

  167. 	log.Debugf("Error listening to connection %v", err)

  168. 	return err

  169. }

  170. 

  171. // Shutdown closes the service and ensures that any connections are closed.

  172. func (s *BaseOnionService) Shutdown() {

  173. 	s.lock.Lock()

  174. 	defer s.lock.Unlock()

  175. 	if s.ls != nil {

  176. 		s.ls.Close()

  177. 	}

  178. 	s.connections.Range(func(key, value interface{}) bool {

  179. 		connection := value.(tapir.Connection)

  180. 		connection.Close()

  181. 		return true

  182. 	})

  183. }

  184. 

  185. // Broadcast sends a message to all connections who possess the given capability

  186. func (s *BaseOnionService) Broadcast(message []byte, capability tapir.Capability) error {

  187. 	s.lock.Lock()

  188. 	defer s.lock.Unlock()

  189. 	s.connections.Range(func(key, value interface{}) bool {

  190. 		connection := value.(tapir.Connection)

  191. 		if connection.HasCapability(capability) {

  192. 			connection.Send(message)

  193. 		}

  194. 		return true

  195. 	})

  196. 	return nil

  197. }