openprivacy
/
connectivity
3
0
Fork 2
Code Issues 1 Pull Requests 1 Releases 35 Wiki Activity

Compare commits

base: openprivacy:master
Branches Tags
openprivacy:master
openprivacy:whonix
openprivacy:tor-updates
openprivacy:tails
openprivacy:takeownpid
openprivacy:update_drone
openprivacy:circuitQueue
openprivacy:logging
openprivacy:updateDrone
openprivacy:verStatus
openprivacy:binefix
openprivacy:gets
openprivacy:versionCallback
openprivacy:regexp_static
openprivacy:regexp
openprivacy:goroutine-fixes
openprivacy:getinfo
openprivacy:custom_tor_config
openprivacy:validation
openprivacy:startLog
openprivacy:thread_safety
openprivacy:quality
openprivacy:fix-deadlock
openprivacy:restart
openprivacy:getVer
openprivacy:randDirLog
openprivacy:bine
openprivacy:trunk
openprivacy:notorrcerr
openprivacy:authenticator
openprivacy:locks2
openprivacy:networkStatus
openprivacy:v1.11.0
openprivacy:v1.10.1
openprivacy:v1.10.0
openprivacy:v1.9.0
openprivacy:v1.8.7
openprivacy:v1.8.6
openprivacy:v1.8.5
openprivacy:v1.8.4
openprivacy:v1.8.3
openprivacy:v1.8.2
openprivacy:v1.8.1
openprivacy:v1.8.0
openprivacy:v1.7.0
openprivacy:v1.6.0
openprivacy:v1.5.0
openprivacy:v1.4.5
openprivacy:v1.4.4
openprivacy:v1.4.3
openprivacy:v1.4.2
openprivacy:v1.4.1
openprivacy:v1.4.0
openprivacy:v1.3.3
openprivacy:v1.3.2
openprivacy:v1.3.1
openprivacy:v1.3.0
openprivacy:v1.2.2
openprivacy:v1.2.1
openprivacy:v1.2.0
openprivacy:v1.1.4
openprivacy:v1.1.3
openprivacy:v1.1.2
openprivacy:v1.1.1
openprivacy:v1.1.0
openprivacy:v1.0.1
openprivacy:v1.0.0
..
compare: openprivacy:authenticator
Branches Tags
openprivacy:master
openprivacy:whonix
openprivacy:tor-updates
openprivacy:tails
openprivacy:takeownpid
openprivacy:update_drone
openprivacy:circuitQueue
openprivacy:logging
openprivacy:updateDrone
openprivacy:verStatus
openprivacy:binefix
openprivacy:gets
openprivacy:versionCallback
openprivacy:regexp_static
openprivacy:regexp
openprivacy:goroutine-fixes
openprivacy:getinfo
openprivacy:custom_tor_config
openprivacy:validation
openprivacy:startLog
openprivacy:thread_safety
openprivacy:quality
openprivacy:fix-deadlock
openprivacy:restart
openprivacy:getVer
openprivacy:randDirLog
openprivacy:bine
openprivacy:trunk
openprivacy:notorrcerr
openprivacy:authenticator
openprivacy:locks2
openprivacy:networkStatus
openprivacy:v1.11.0
openprivacy:v1.10.1
openprivacy:v1.10.0
openprivacy:v1.9.0
openprivacy:v1.8.7
openprivacy:v1.8.6
openprivacy:v1.8.5
openprivacy:v1.8.4
openprivacy:v1.8.3
openprivacy:v1.8.2
openprivacy:v1.8.1
openprivacy:v1.8.0
openprivacy:v1.7.0
openprivacy:v1.6.0
openprivacy:v1.5.0
openprivacy:v1.4.5
openprivacy:v1.4.4
openprivacy:v1.4.3
openprivacy:v1.4.2
openprivacy:v1.4.1
openprivacy:v1.4.0
openprivacy:v1.3.3
openprivacy:v1.3.2
openprivacy:v1.3.1
openprivacy:v1.3.0
openprivacy:v1.2.2
openprivacy:v1.2.1
openprivacy:v1.2.0
openprivacy:v1.1.4
openprivacy:v1.1.3
openprivacy:v1.1.2
openprivacy:v1.1.1
openprivacy:v1.1.0
openprivacy:v1.0.1
openprivacy:v1.0.0

No commits in common. "master" and "authenticator" have entirely different histories.
master ... authentica

18 changed files with 290 additions and 1090 deletions
Show Stats Expand all files Collapse all files

95
.drone.yml
View File

@ -1,76 +1,65 @@
---
kind: pipeline
type: docker
name: linux-test
workspace:
base: /go
path: src/git.openprivacy.ca/openprivacy/connectivity
steps:
- name: fetch
image: golang:1.19.1
volumes:
- name: deps
path: /go
pipeline:
fetch:
when:
repo: openprivacy/connectivity
branch: master
event: [ push, pull_request ]
image: golang
commands:
- go install honnef.co/go/tools/cmd/staticcheck@latest
- wget https://git.openprivacy.ca/openprivacy/buildfiles/raw/master/tor/tor -P tmp/
- chmod a+x tmp/tor
- go mod download
- name: quality
image: golang:1.19.1
volumes:
- name: deps
path: /go
- export GO111MODULE=on
- go mod vendor
- go get -u golang.org/x/lint/golint
quality:
when:
repo: openprivacy/connectivity
branch: master
event: [ push, pull_request ]
image: golang
commands:
- staticcheck ./...
- name: units-tests
image: golang:1.19.1
volumes:
- name: deps
path: /go
- go list ./... | xargs go vet
- go list ./... | xargs golint -set_exit_status
units-tests:
when:
repo: openprivacy/connectivity
branch: master
event: [ push, pull_request ]
image: golang
commands:
- export PATH=`pwd`:$PATH
- export PATH=$PATH:/go/src/git.openprivacy.ca/openprivacy/connectivity
- ./tmp/tor -f ./testing/torrc
- sleep 15
- sh testing/tests.sh
- pkill -9 tor
- name: integration-tests
image: golang:1.19.1
volumes:
- name: deps
path: /go
integration-tests:
when:
repo: openprivacy/connectivity
branch: master
event: [ push, pull_request ]
image: golang
commands:
- export PATH=`pwd`:$PATH
- go test -race -v ./testing/launch_tor_integration_test.go
- name: notify-email
notify-email:
image: drillster/drone-email
pull: if-not-exists
host: build.openprivacy.ca
port: 25
skip_verify: true
from: drone@openprivacy.ca
when:
repo: openprivacy/connectivity
branch: master
status: [ failure ]
- name: notify-gogs
notify-gogs:
image: openpriv/drone-gogs
pull: if-not-exists
when:
repo: openprivacy/connectivity
branch: master
event: pull_request
status: [ success, changed, failure ]
environment:
GOGS_ACCOUNT_TOKEN:
from_secret: gogs_account_token
settings:
gogs_url: https://git.openprivacy.ca
volumes:
# gopath where bin and pkg lives to persist across steps
- name: deps
temp: {}
trigger:
repo: openprivacy/connectivity
branch: master
event:
- push
- pull_request
- tag
secrets: [gogs_account_token]
gogs_url: https://git.openprivacy.ca

3
.gitignore vendored
View File

@ -4,6 +4,3 @@ tor/tor/
vendor/
*.cover.out
tmp/
testing/tor/*
tor/data-dir*
testing/data-dir*

8
README.md
View File

@ -7,12 +7,6 @@ A library providing an ACN (Anonymous Communication Network
* Tor v3 Onion Services
## Environment Variables
- `TOR_LD_LIBRARY_PATH` - override the library path given to the Tor process as different from the one given to the parent process.
- `CWTCH_RESTRICT_PORTS` - forces connectivity to bind to a subset of ports `15000-15378`
- `CWTCH_BIND_EXTERNAL_WHONIX` - forces connectivity to bind to external interfaces (only supported/recommended on certain Whonix-based setups. Please open an issue if you think this should be expanded.)
## Requirements for ACN Support
* Reference an EndPoint via a string / hostname
@ -56,4 +50,4 @@ service:
acn.Restart()
and
acn.Close()
acn.Close()

20
acn.go
View File

@ -21,6 +21,9 @@ type PrivateKey interface{}
// ListenService is an address that was opened with Listen() and can Accept() new connections
type ListenService interface {
// AddressIdentity is the core "identity" part of an address, ex: rsjeuxzlexy4fvo75vrdtj37nrvlmvbw57n5mhypcjpzv3xkka3l4yyd
AddressIdentity() string
// AddressFull is the full network address, ex: rsjeuxzlexy4fvo75vrdtj37nrvlmvbw57n5mhypcjpzv3xkka3l4yyd.onion:9878
AddressFull() string
@ -35,17 +38,10 @@ type ACN interface {
// On ACN error state it returns -2
GetBootstrapStatus() (int, string)
// WaitTillBootstrapped Blocks until underlying network is bootstrapped
WaitTillBootstrapped() error
WaitTillBootstrapped()
// Sets the callback function to be called when ACN status changes
SetStatusCallback(callback func(int, string))
GetStatusCallback() func(int, string)
// Sets the callback function to be called when ACN reboots to emit the version
SetVersionCallback(callback func(string))
GetVersionCallback() func(string)
// Restarts the underlying connection
Restart()
@ -56,13 +52,5 @@ type ACN interface {
// Listen takes a private key and a port and returns a ListenService for it
Listen(identity PrivateKey, port int) (ListenService, error)
// Get PID
GetPID() (int, error)
// GetVersion returns a string of what the ACN returns when asked for a version
GetVersion() string
GetInfo(onion string) (map[string]string, error)
Close()
}

72
error_acn.go
View File

@ -1,72 +0,0 @@
package connectivity
import (
"net"
)
// ErrorACN - a status-callback safe errored ACN. Use this when ACN construction goes wrong
// and you need a safe substitute that can later be replaced with a working ACN without impacting calling clients.
type ErrorACN struct {
acnError error
statusCallbackCache func(int, string)
versionCallbackCache func(string)
}
func NewErrorACN(err error) ErrorACN {
return ErrorACN{
acnError: err,
statusCallbackCache: func(int, string) {},
versionCallbackCache: func(string) {},
}
}
func (e *ErrorACN) GetStatusCallback() func(int, string) {
return e.statusCallbackCache
}
func (e *ErrorACN) GetVersionCallback() func(string) {
return e.versionCallbackCache
}
func (e *ErrorACN) GetInfo(addr string) (map[string]string, error) {
return nil, e.acnError
}
func (e *ErrorACN) GetBootstrapStatus() (int, string) {
return -1, e.acnError.Error()
}
func (e *ErrorACN) WaitTillBootstrapped() error {
return e.acnError
}
func (e *ErrorACN) SetStatusCallback(callback func(int, string)) {
e.statusCallbackCache = callback
}
func (e *ErrorACN) SetVersionCallback(callback func(string)) {
e.versionCallbackCache = callback
}
func (e *ErrorACN) Restart() {
}
func (e *ErrorACN) Open(hostname string) (net.Conn, string, error) {
return nil, "", e.acnError
}
func (e *ErrorACN) Listen(identity PrivateKey, port int) (ListenService, error) {
return nil, e.acnError
}
func (e *ErrorACN) GetPID() (int, error) {
return -1, e.acnError
}
func (e *ErrorACN) GetVersion() string {
return e.acnError.Error()
}
func (e *ErrorACN) Close() {
// nothing to do...
}

19
go.mod
View File

@ -1,15 +1,14 @@
module git.openprivacy.ca/openprivacy/connectivity
go 1.17
go 1.13
require (
filippo.io/edwards25519 v1.0.0
git.openprivacy.ca/openprivacy/bine v0.0.5
git.openprivacy.ca/openprivacy/log v1.0.3
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d
)
require (
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
git.openprivacy.ca/openprivacy/log v1.0.0
github.com/client9/misspell v0.3.4 // indirect
github.com/cretz/bine v0.1.1-0.20200124154328-f9f678b84cca
github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf // indirect
github.com/stretchr/testify v1.3.0 // indirect
golang.org/x/crypto v0.0.0-20200204104054-c9f3fb736b72
golang.org/x/lint v0.0.0-20200302205851-738671d3881b // indirect
golang.org/x/tools v0.0.0-20200625195345-7480c7b4547d // indirect
)

60
go.sum
View File

@ -1,37 +1,43 @@
filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
git.openprivacy.ca/openprivacy/bine v0.0.5 h1:DJs5gqw3SkvLSgRDvroqJxZ7F+YsbxbBRg5t0rU5gYE=
git.openprivacy.ca/openprivacy/bine v0.0.5/go.mod h1:fwdeq6RO08WDkV0k7HfArsjRvurVULoUQmT//iaABZM=
git.openprivacy.ca/openprivacy/log v1.0.3 h1:E/PMm4LY+Q9s3aDpfySfEDq/vYQontlvNj/scrPaga0=
git.openprivacy.ca/openprivacy/log v1.0.3/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
git.openprivacy.ca/openprivacy/log v1.0.0 h1:Rvqm1weUdR4AOnJ79b1upHCc9vC/QF1rhSD2Um7sr1Y=
git.openprivacy.ca/openprivacy/log v1.0.0/go.mod h1:gGYK8xHtndRLDymFtmjkG26GaMQNgyhioNS82m812Iw=
github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cretz/bine v0.1.1-0.20200124154328-f9f678b84cca h1:Q2r7AxHdJwWfLtBZwvW621M3sPqxPc6ITv2j1FGsYpw=
github.com/cretz/bine v0.1.1-0.20200124154328-f9f678b84cca/go.mod h1:6PF6fWAvYtwjRGkAuDEJeWNOv3a2hUouSP/yRYXmvHw=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf h1:vc7Dmrk4JwS0ZPS6WZvWlwDflgDTA26jItmbSj83nug=
github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d h1:3qF+Z8Hkrw9sOhrFHti9TlB1Hkac1x+DNRkv0XQiFjo=
golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200204104054-c9f3fb736b72 h1:+ELyKg6m8UBf0nPFSqD0mi7zUfwPyXo23HNjMnXPz7w=
golang.org/x/crypto v0.0.0-20200204104054-c9f3fb736b72/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7 h1:EBZoQjiKKPaLbPrbpssUfuHtwM6KV/vb4U85g/cigFY=
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200625195345-7480c7b4547d h1:V1BGE5ZHrUIYZYNEm0i7jrPwSo3ks0HSn1TrartSqME=
golang.org/x/tools v0.0.0-20200625195345-7480c7b4547d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

27
localProvider.go
View File

@ -18,14 +18,6 @@ func NewLocalACN() ACN {
return &localProvider{}
}
func (lp *localProvider) GetStatusCallback() func(int, string) {
return func(int, string) {}
}
func (lp *localProvider) GetVersionCallback() func(string) {
return func(string) {}
}
func (ls *localListenService) AddressFull() string {
return ls.l.Addr().String()
}
@ -42,10 +34,6 @@ func (ls *localListenService) Close() {
ls.l.Close()
}
func (lp *localProvider) GetInfo(addr string) (map[string]string, error) {
return nil, nil
}
// GetBootstrapStatus returns an int 0-100 on the percent the bootstrapping of the underlying network is at and an optional string message
func (lp *localProvider) GetBootstrapStatus() (int, string) {
return 100, "Done"
@ -55,21 +43,8 @@ func (lp *localProvider) SetStatusCallback(callback func(int, string)) {
// nop
}
func (lp *localProvider) SetVersionCallback(callback func(string)) {
// nop
}
func (lp *localProvider) GetPID() (int, error) {
return 0, nil
}
func (lp *localProvider) GetVersion() string {
return "0.1"
}
// WaitTillBootstrapped Blocks until underlying network is bootstrapped
func (lp *localProvider) WaitTillBootstrapped() error {
return nil
func (lp *localProvider) WaitTillBootstrapped() {
}
func (lp *localProvider) Listen(identity PrivateKey, port int) (ListenService, error) {

87
proxy_acn.go
View File

@ -1,87 +0,0 @@
package connectivity
import (
"net"
"sync"
)
// ProxyACN because there is rarely a problem that can't be solved by another layer of indirection.
// ACN is a core resource that many parts of a system may need access too e.g. all clients and servers need an instance
// and a UI may also need status information and a configuration interface.
// We want to allow configuration and replacement of an ACN without impacting the API of all downstream systems - introducing
// ProxyACN - a wrapper around an ACN that allows safe replacement of a running ACN that is transparent to callers.
type ProxyACN struct {
acn ACN
// All operations on the underlying acn are assumed to be thread safe, however changing the actual
// acn in ReplaceACN will lock to force an ordering of Close and Callback
lock sync.Mutex
}
func NewProxyACN(acn ACN) ProxyACN {
return ProxyACN{
acn: acn,
}
}
// ReplaceACN closes down the current ACN and replaces it with a new ACN.
func (p *ProxyACN) ReplaceACN(acn ACN) {
p.lock.Lock()
defer p.lock.Unlock()
p.acn.Close()
acn.SetStatusCallback(p.acn.GetStatusCallback())
acn.SetVersionCallback(p.acn.GetVersionCallback())
p.acn = acn
}
func (p *ProxyACN) GetInfo(addr string) (map[string]string, error) {
return p.acn.GetInfo(addr)
}
func (p *ProxyACN) GetBootstrapStatus() (int, string) {
return p.acn.GetBootstrapStatus()
}
func (p *ProxyACN) WaitTillBootstrapped() error {
return p.acn.WaitTillBootstrapped()
}
func (p *ProxyACN) SetStatusCallback(callback func(int, string)) {
p.acn.SetStatusCallback(callback)
}
func (p *ProxyACN) SetVersionCallback(callback func(string)) {
p.acn.SetVersionCallback(callback)
}
func (p *ProxyACN) Restart() {
p.acn.Restart()
}
func (p *ProxyACN) Open(hostname string) (net.Conn, string, error) {
return p.acn.Open(hostname)
}
func (p *ProxyACN) Listen(identity PrivateKey, port int) (ListenService, error) {
return p.acn.Listen(identity, port)
}
func (p *ProxyACN) GetPID() (int, error) {
return p.acn.GetPID()
}
func (p *ProxyACN) GetVersion() string {
return p.acn.GetVersion()
}
func (p *ProxyACN) Close() {
p.acn.Close()
}
func (p *ProxyACN) GetStatusCallback() func(int, string) {
return p.acn.GetStatusCallback()
}
func (p *ProxyACN) GetVersionCallback() func(string) {
return p.acn.GetVersionCallback()
}

48
testing/launch_tor_integration_test.go
View File

@ -3,65 +3,29 @@ package testing
import (
"git.openprivacy.ca/openprivacy/connectivity/tor"
"git.openprivacy.ca/openprivacy/log"
"math/rand"
"os"
path "path/filepath"
"runtime"
"runtime/pprof"
"path"
"testing"
"time"
)
func TestLaunchTor(t *testing.T) {
goRoutineStart := runtime.NumGoroutine()
log.SetLevel(log.LevelDebug)
rand.Seed(int64(time.Now().Nanosecond()))
controlPort := rand.Intn(1000) + 9052
password := "examplehashedpassword"
// Create the tor data directory if it doesn't already exist..
os.MkdirAll("../tmp/data/tor", 0700)
err := tor.NewTorrc().WithControlPort(controlPort).WithHashedPassword(password).Build("../tmp/data/tor/torrc")
err := tor.GenerateTorrc("examplehashedpassword", "../tmp/data/tor/torrc")
if err != nil {
t.Fatalf("failed to create torrc file: %v", err)
}
dataDir := ""
if dataDir, err = os.MkdirTemp(path.Join("..", "testing"), "data-dir-"); err != nil {
t.Fatalf("could not create data dir")
}
// Get the current working director, clean the paths to remove relative references
wd, _ := os.Getwd()
t.Logf("Launching bundled tor at %v", path.Clean(wd+"/../tmp/tor"))
acn, err := tor.NewTorACNWithAuth(path.Clean(wd+"/../tmp/data"), path.Clean(wd+"/../tmp/tor"), dataDir, controlPort, tor.HashedPasswordAuthenticator{Password: password})
acn, err := tor.NewTorACNWithAuth(path.Clean(wd+"/../tmp/data"), path.Clean(wd+"/../tmp/tor"), 9051, tor.HashedPasswordAuthenticator{Password: "examplehashedpassword"})
if err != nil {
t.Fatalf("tor failed to start: %v", err)
} else {
err := acn.WaitTillBootstrapped()
if err != nil {
t.Fatalf("error bootstrapping tor %v", err)
}
if pid, err := acn.GetPID(); err == nil {
t.Logf("tor pid: %v", pid)
} else {
t.Fatalf("error fetching pid: %v", err)
}
t.Log("we have bootstrapped!")
acn.Close()
}
time.Sleep(time.Second * 5)
goRoutineEnd := runtime.NumGoroutine()
if goRoutineEnd != goRoutineStart {
pprof.Lookup("goroutine").WriteTo(os.Stdout, 1)
t.Fatalf("goroutine leak in ACN: %v %v", goRoutineStart, goRoutineEnd)
}
acn.WaitTillBootstrapped()
t.Log("we have bootstrapped!")
acn.Close()
}

14
testing/quality.sh
View File

@ -1,7 +1,9 @@
#!/bin/sh
echo "Checking code quality (you want to see no output here)"
echo ""
echo "Formatting:"
gofmt -s -w -l .
echo "Vetting:"
go list ./... | xargs go vet
@ -9,16 +11,12 @@ go list ./... | xargs go vet
echo ""
echo "Linting:"
staticcheck ./...
echo "Time to format"
gofmt -l -s -w .
go list ./... | xargs golint
# ineffassign (https://github.com/gordonklaus/ineffassign)
echo "Checking for ineffectual assignment of errors (unchecked errors...)"
ineffassign .
# misspell (https://github.com/client9/misspell/cmd/misspell)
# misspell (https://github.com/client9/misspell)
echo "Checking for misspelled words..."
misspell . | grep -v "testing/" | grep -v "vendor/" | grep -v "go.sum" | grep -v ".idea"
go list ./... | xargs misspell

1
tor/sysProcAttr_rest.go
View File

@ -1,4 +1,3 @@
//go:build !windows
// +build !windows
package tor

1
tor/sysProcAttr_win.go
View File

@ -1,4 +1,3 @@
//go:build windows
// +build windows
package tor

538
tor/torProvider.go
View File

@ -1,23 +1,22 @@
package tor
import (
"bytes"
"context"
"errors"
"fmt"
"git.openprivacy.ca/openprivacy/bine/control"
"git.openprivacy.ca/openprivacy/bine/process"
"git.openprivacy.ca/openprivacy/bine/tor"
bineed255192 "git.openprivacy.ca/openprivacy/bine/torutil/ed25519"
"git.openprivacy.ca/openprivacy/connectivity"
"git.openprivacy.ca/openprivacy/log"
"github.com/cretz/bine/control"
"github.com/cretz/bine/process"
"github.com/cretz/bine/tor"
bineed255192 "github.com/cretz/bine/torutil/ed25519"
"golang.org/x/crypto/ed25519"
"golang.org/x/crypto/sha3"
"net"
"net/textproto"
"os"
"os/exec"
path "path/filepath"
"path"
"regexp"
"strconv"
"strings"
@ -31,6 +30,11 @@ const (
restartCooldown = time.Second * 30
)
const (
// CannotDialRicochetAddressError is thrown when a connection to a ricochet address fails.
CannotDialRicochetAddressError = connectivity.Error("CannotDialRicochetAddressError")
)
const (
networkUnknown = -3
torDown = -2
@ -38,26 +42,9 @@ const (
networkUp = 0
)
// NoTorrcError is a typed error thrown to indicate start could not complete due to lack of a torrc file
type NoTorrcError struct {
path string
}
func (e *NoTorrcError) Error() string { return fmt.Sprintf("torrc file does not exist at %v", e.path) }
type logWriter struct {
level log.Level
}
func (l *logWriter) Write(p []byte) (int, error) {
log.Printf(l.level, "tor: %v", string(p))
return len(p), nil
}
type onionListenService struct {
lock sync.Mutex
os *tor.OnionService
tp *torProvider
os *tor.OnionService
tp *torProvider
}
type torProvider struct {
@ -70,109 +57,30 @@ type torProvider struct {
breakChan chan bool
childListeners map[string]*onionListenService
statusCallback func(int, string)
versionCallback func(string)
lastRestartTime time.Time
authenticator tor.Authenticator
isClosed bool
dataDir string
version string
bootProgress int
authenticator Authenticator
}
func (ols *onionListenService) AddressFull() string {
ols.lock.Lock()
defer ols.lock.Unlock()
return ols.os.Addr().String()
}
func (ols *onionListenService) AddressIdentity() string {
return ols.os.Addr().String()[:56]
}
func (ols *onionListenService) Accept() (net.Conn, error) {
return ols.os.Accept()
}
func (ols *onionListenService) Close() {
ols.lock.Lock()
defer ols.lock.Unlock()
ols.tp.unregisterListener(ols.AddressIdentity())
ols.os.Close()
}
func (tp *torProvider) GetInfo(onion string) (map[string]string, error) {
tp.lock.Lock()
defer tp.lock.Unlock()
circuits, streams, err := getCircuitInfo(tp.t.Control)
if err == nil {
var circuitID string
for _, stream := range streams {
if stream.Key == "stream-status" {
lines := strings.Split(stream.Val, "\n")
for _, line := range lines {
parts := strings.Split(line, " ")
// StreamID SP StreamStatus SP CircuitID SP Target CRLF
if len(parts) == 4 {
if strings.HasPrefix(parts[3], onion) {
circuitID = parts[2]
break
}
}
}
}
}
if circuitID == "" {
return nil, errors.New("could not find circuit")
}
var hops []string
for _, circuit := range circuits {
if circuit.Key == "circuit-status" {
lines := strings.Split(circuit.Val, "\n")
for _, line := range lines {
parts := strings.Split(line, " ")
// CIRCID SP STATUS SP PATH...
if len(parts) >= 3 && circuitID == parts[0] {
//log.Debugf("Found Circuit for Onion %v %v", onion, parts)
if parts[1] == "BUILT" {
circuitPath := strings.Split(parts[2], ",")
for _, hop := range circuitPath {
fingerprint := hop[1:41]
keyvals, err := tp.t.Control.GetInfo(fmt.Sprintf("ns/id/%s", fingerprint))
if err == nil && len(keyvals) == 1 {
lines = strings.Split(keyvals[0].Val, "\n")
for _, line := range lines {
if strings.HasPrefix(line, "r") {
parts := strings.Split(line, " ")
if len(parts) > 6 {
keyvals, err := tp.t.Control.GetInfo(fmt.Sprintf("ip-to-country/%s", parts[6]))
if err == nil && len(keyvals) >= 1 {
hops = append(hops, fmt.Sprintf("%s:%s", strings.ToUpper(keyvals[0].Val), parts[6]))
} else {
hops = append(hops, fmt.Sprintf("%s:%s", "XX", parts[6]))
}
}
}
}
}
}
return map[string]string{"circuit": strings.Join(hops, ",")}, nil
}
}
}
}
}
}
return nil, err
}
var progRe = regexp.MustCompile("PROGRESS=([0-9]*)")
var sumRe = regexp.MustCompile("SUMMARY=\"(.*)\"$")
// GetBootstrapStatus returns an int 0-100 on the percent the bootstrapping of the underlying network is at and an optional string message
//
// returns -1 on network disconnected
// returns -2 on error
// returns -1 on network disconnected
// returns -2 on error
func (tp *torProvider) GetBootstrapStatus() (int, string) {
tp.lock.Lock()
defer tp.lock.Unlock()
@ -198,6 +106,8 @@ func (tp *torProvider) GetBootstrapStatus() (int, string) {
status := ""
if len(kvs) > 0 {
progRe := regexp.MustCompile("PROGRESS=([0-9]*)")
sumRe := regexp.MustCompile("SUMMARY=\"(.*)\"$")
if progMatches := progRe.FindStringSubmatch(kvs[0].Val); len(progMatches) > 1 {
progress, _ = strconv.Atoi(progMatches[1])
@ -207,45 +117,31 @@ func (tp *torProvider) GetBootstrapStatus() (int, string) {
status = statusMatches[1]
}
}
tp.bootProgress = progress
return progress, status
}
func (tp *torProvider) GetVersion() string {
tp.lock.Lock()
defer tp.lock.Unlock()
return tp.version
}
func (tp *torProvider) closed() bool {
tp.lock.Lock()
defer tp.lock.Unlock()
return tp.isClosed
}
// WaitTillBootstrapped Blocks until underlying network is bootstrapped
func (tp *torProvider) WaitTillBootstrapped() error {
for !tp.closed() {
func (tp *torProvider) WaitTillBootstrapped() {
for true {
progress, _ := tp.GetBootstrapStatus()
if progress == 100 {
return nil
break
}
time.Sleep(100 * time.Millisecond)
}
return errors.New("close called before bootstrap")
}
func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (connectivity.ListenService, error) {
var onion = ""
var privkey ed25519.PrivateKey
tp.lock.Lock()
defer tp.lock.Unlock()
if tp.t == nil {
return nil, errors.New("tor provider closed")
return nil, errors.New("Tor Provider closed")
}
var onion string
var privkey ed25519.PrivateKey
switch pk := identity.(type) {
case ed25519.PrivateKey:
privkey = pk
@ -253,11 +149,7 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
switch pubk := gpubk.(type) {
case ed25519.PublicKey:
onion = GetTorV3Hostname(pubk)
default:
return nil, fmt.Errorf("unknown public key type %v", pubk)
}
default:
return nil, fmt.Errorf("unknown private key type %v", pk)
}
// Hack around tor detached onions not having a more obvious resume mechanism
@ -268,101 +160,29 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
localport += 1024
}
var localListener net.Listener
var err error
if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
// for whonix like systems we tightly restrict possible listen...
// pick a random port between 15000 and 15378
// cwtch = 63 *77 *74* 63* 68 = 1537844616
log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
localport = 15000 + (localport % 378)
}
if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
} else {
log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
}
} else {
localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
}
if err != nil {
return nil, err
}
localListener, err := net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
conf := &tor.ListenConf{NoWait: true, Version3: true, Key: identity, RemotePorts: []int{port}, Detach: true, DiscardKey: true, LocalListener: localListener}
os, err := tp.t.Listen(context.TODO(), conf)
// Reattach to the old local listener...
// Note: this code probably shouldn't be hit in Cwtch anymore because we purge torrc on restart.
os, err := tp.t.Listen(nil, conf)
if err != nil && strings.Contains(err.Error(), "550 Unspecified Tor error: Onion address collision") {
log.Errorf("550 Unspecified Tor error: Onion address collision - Recovering, but this probably indicates some weird tor configuration issue...")
os = &tor.OnionService{Tor: tp.t, LocalListener: localListener, ID: onion, Version3: true, Key: bineed255192.FromCryptoPrivateKey(privkey), ClientAuths: make(map[string]string), RemotePorts: []int{port}}
os = &tor.OnionService{Tor: tp.t, LocalListener: localListener, ID: onion, Version3: true, Key: bineed255192.FromCryptoPrivateKey(privkey), ClientAuths: make(map[string]string, 0), RemotePorts: []int{port}}
err = nil
}
// Not set in t.Listen if supplied, we want it to handle this however
os.CloseLocalListenerOnClose = true
// Any other errors require an immediate return as os is likely nil...
if err != nil {
return nil, err
}
// We need to set os.ID here, otherwise os.Close() may not shut down the onion service properly...
os.ID = onion
os.CloseLocalListenerOnClose = true
ols := &onionListenService{os: os, tp: tp}
tp.childListeners[ols.AddressFull()] = ols
tp.childListeners[ols.AddressIdentity()] = ols
return ols, nil
}
func (tp *torProvider) Restart() {
log.Debugf("launching restart...")
tp.lock.Lock()
log.Debugf("checking last restart time")
if time.Since(tp.lastRestartTime) < restartCooldown {
tp.lock.Unlock()
return
}
tp.lock.Unlock()
go tp.restart()
}
func (tp *torProvider) restart() {
log.Debugf("Waiting for Tor to Close...")
tp.callStatusCallback(0, "rebooting")
tp.Close()
tp.lock.Lock()
defer tp.lock.Unlock()
// preserve status callback after shutdown
statusCallback := tp.statusCallback
versionCallback := tp.versionCallback
tp.t = nil
log.Debugf("Restarting Tor Process")
newTp, err := startTor(tp.appDirectory, tp.bundeledTorPath, tp.dataDir, tp.controlPort, tp.authenticator)
if err == nil {
// we need to reassign tor, dialer and callback which will have changed by swapping out
// the underlying connection.
tp.t = newTp.t
tp.dialer = newTp.dialer
tp.statusCallback = statusCallback
tp.versionCallback = versionCallback
if tp.versionCallback != nil {
tp.versionCallback(tp.version)
}
tp.lastRestartTime = time.Now()
tp.isClosed = false
go tp.monitorRestart()
} else {
log.Errorf("Error restarting Tor process: %v", err)
}
tp.restart()
}
func (tp *torProvider) Open(hostname string) (net.Conn, string, error) {
@ -370,11 +190,7 @@ func (tp *torProvider) Open(hostname string) (net.Conn, string, error) {
if tp.t == nil {
tp.lock.Unlock()
return nil, hostname, errors.New("tor is offline")
}
if tp.bootProgress != 100 {
tp.lock.Unlock()
return nil, hostname, fmt.Errorf("tor not online, bootstrap progress only %v", tp.bootProgress)
return nil, hostname, errors.New("Tor is offline")
}
tp.lock.Unlock()
@ -383,38 +199,22 @@ func (tp *torProvider) Open(hostname string) (net.Conn, string, error) {
addrParts := strings.Split(hostname, ":")
resolvedHostname = addrParts[1]
}
conn, err := tp.dialer.Dial("tcp", resolvedHostname+".onion:9878")
return conn, resolvedHostname, err
}
func (tp *torProvider) Close() {
closing := false
for _, child := range tp.childListeners {
child.Close()
}
tp.lock.Lock()
defer tp.lock.Unlock()
if !tp.isClosed {
// Break out of any background checks and close
// the underlying tor connection
tp.isClosed = true
tp.breakChan <- true
// wiggle lock to make sure if monitorRestart is waiting for the lock, it gets it, and finished that branch and gets the channel request to exit
tp.lock.Unlock()
tp.lock.Lock()
closing = true
}
// Unregister Child Listeners
for addr, child := range tp.childListeners {
child.Close()
delete(tp.childListeners, addr)
}
log.Debugf("shutting down acn threads..(is already closed: %v)", tp.isClosed)
if closing {
if tp.t != nil {
tp.t.Close()
tp.t = nil
}
tp.breakChan <- true
if tp.t != nil {
tp.t.Close()
tp.t = nil
}
}
@ -424,153 +224,100 @@ func (tp *torProvider) SetStatusCallback(callback func(int, string)) {
tp.statusCallback = callback
}
func (tp *torProvider) SetVersionCallback(callback func(string)) {
tp.lock.Lock()
defer tp.lock.Unlock()
tp.versionCallback = callback
}
func (tp *torProvider) GetStatusCallback() func(int, string) {
tp.lock.Lock()
defer tp.lock.Unlock()
return tp.statusCallback
}
func (tp *torProvider) GetVersionCallback() func(string) {
tp.lock.Lock()
defer tp.lock.Unlock()
return tp.versionCallback
}
func (tp *torProvider) callStatusCallback(prog int, status string) {
tp.lock.Lock()
defer tp.lock.Unlock()
if tp.statusCallback != nil {
tp.statusCallback(prog, status)
}
tp.lock.Unlock()
}
// NewTorACNWithAuth creates/starts a Tor ACN and returns a usable ACN object
func NewTorACNWithAuth(appDirectory string, bundledTorPath string, dataDir string, controlPort int, authenticator tor.Authenticator) (connectivity.ACN, error) {
tp, err := startTor(appDirectory, bundledTorPath, dataDir, controlPort, authenticator)
func NewTorACNWithAuth(appDirectory string, bundledTorPath string, controlPort int, authenticator Authenticator) (connectivity.ACN, error) {
tp, err := startTor(appDirectory, bundledTorPath, controlPort, authenticator)
if err == nil {
tp.isClosed = false
go tp.monitorRestart()
tp.dialer, err = tp.t.Dialer(nil, &tor.DialConf{})
if err == nil {
go tp.monitorRestart()
}
}
return tp, err
}
// NewTorACN creates/starts a Tor ACN and returns a usable ACN object with a NullAuthenticator - this will fail.
func NewTorACN(appDirectory string, bundledTorPath string) (connectivity.ACN, error) {
return NewTorACNWithAuth(appDirectory, bundledTorPath, 9051, NullAuthenticator{})
}
// newHideCmd creates a Creator function for bine which generates a cmd that one windows will hide the dosbox
func newHideCmd(exePath string) process.Creator {
return process.CmdCreatorFunc(func(ctx context.Context, args ...string) (*exec.Cmd, error) {
loggerDebug := &logWriter{log.LevelDebug}
loggerError := &logWriter{log.LevelError}
cmd := exec.CommandContext(ctx, exePath, args...)
cmd.Stdout = loggerDebug
cmd.Stderr = loggerError
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.SysProcAttr = sysProcAttr
// override tor ld_library_path if requested
torLdLibPath, exists := os.LookupEnv("TOR_LD_LIBRARY_PATH")
if exists {
ldLibPath := fmt.Sprintf("LD_LIBRARY_PATH=%v", torLdLibPath)
cmd.Env = append([]string{ldLibPath}, os.Environ()...)
}
return cmd, nil
})
}
func (tp *torProvider) checkVersion() (string, error) {
func startTor(appDirectory string, bundledTorPath string, controlPort int, authenticator Authenticator) (*torProvider, error) {
dataDir := path.Join(appDirectory, "tor")
os.MkdirAll(dataDir, 0700)
tp := &torProvider{authenticator: authenticator, controlPort: controlPort, appDirectory: appDirectory, bundeledTorPath: bundledTorPath, childListeners: make(map[string]*onionListenService), breakChan: make(chan bool), statusCallback: nil, lastRestartTime: time.Now().Add(-restartCooldown)}
// attempt connect to system tor
log.Debugf("dialing tor control port")
log.Debugf("dialing system tor control port\n")
controlport, err := dialControlPort(tp.controlPort)
if err == nil {
defer controlport.Close()
err := tp.authenticator.Authenticate(controlport)
err := authenticator.Authenticate(controlport)
if err == nil {
log.Debugln("connected to control port")
pinfo, err := controlport.ProtocolInfo()
if err == nil {
if minTorVersionReqs(pinfo.TorVersion) {
log.Debugln("OK version " + pinfo.TorVersion)
return pinfo.TorVersion, nil
}
return pinfo.TorVersion, fmt.Errorf("tor version not supported: %v", pinfo.TorVersion)
if err == nil && minTorVersionReqs(pinfo.TorVersion) {
log.Debugln("OK version " + pinfo.TorVersion)
tp.t = createFromExisting(controlport, dataDir)
return tp, nil
}
controlport.Close()
}
}
return "", err
}
func startTor(appDirectory string, bundledTorPath string, dataDir string, controlPort int, authenticator tor.Authenticator) (*torProvider, error) {
torDir := path.Join(appDirectory, "tor")
os.MkdirAll(torDir, 0700)
tp := &torProvider{authenticator: authenticator, controlPort: controlPort, appDirectory: appDirectory, bundeledTorPath: bundledTorPath, childListeners: make(map[string]*onionListenService), breakChan: make(chan bool, 1), statusCallback: nil, versionCallback: nil, lastRestartTime: time.Now().Add(-restartCooldown), bootProgress: -1}
log.Debugf("checking if there is a running system tor")
if version, err := tp.checkVersion(); err == nil {
tp.version = version
controlport, err := dialControlPort(tp.controlPort)
if err == nil {
log.Debugf("creating tor handler from system tor")
tp.t = createFromExisting(controlport, dataDir)
tp.dialer, err = tp.t.Dialer(context.TODO(), &tor.DialConf{Authenticator: tp.authenticator})
return tp, err
}
}
log.Debugf("launching system tor\n")
// check if the torrc file is present where expected
if _, err := os.Stat(path.Join(torDir, "torrc")); os.IsNotExist(err) {
err = &NoTorrcError{path.Join(torDir, "torrc")}
log.Debugln(err.Error())
return nil, err
if _, err := os.Stat(path.Join(dataDir, "torrc")); os.IsNotExist(err) {
log.Debugf("torrc file does not exist at %v", path.Join(dataDir, "torrc"))
return nil, fmt.Errorf("torrc file does not exist at %v", path.Join(dataDir, "torrc"))
}
// if not, try bundled tor, then running system tor
log.Debugln("checking if we can run bundled tor or system installed tor")
if version, pass := checkCmdlineTorVersion(bundledTorPath); pass {
log.Debugln("bundled tor appears viable, attempting to use '" + bundledTorPath + "'")
t, err := tor.Start(context.TODO(), &tor.StartConf{ControlPort: tp.controlPort, NoAutoSocksPort: true, DisableCookieAuth: true, UseEmbeddedControlConn: false, DisableEagerAuth: true, EnableNetwork: true, DataDir: dataDir, TorrcFile: path.Join(torDir, "torrc"), ExePath: bundledTorPath, DebugWriter: nil, ProcessCreator: newHideCmd(bundledTorPath)})
if err != nil {
log.Debugf("Error running bundled tor %v\n", err)
return nil, err
// if not, try running system tor
if checkCmdlineTorVersion("tor") {
t, err := tor.Start(nil, &tor.StartConf{EnableNetwork: true, DataDir: dataDir, TorrcFile: path.Join(dataDir, "torrc"), DebugWriter: nil, ProcessCreator: newHideCmd("tor")})
if err == nil {
tp.t = t
return tp, nil
}
tp.t = t
tp.version = version
} else if version, pass := checkCmdlineTorVersion("tor"); pass {
t, err := tor.Start(context.TODO(), &tor.StartConf{ControlPort: tp.controlPort, NoAutoSocksPort: true, DisableCookieAuth: true, UseEmbeddedControlConn: false, DisableEagerAuth: true, EnableNetwork: true, DataDir: dataDir, TorrcFile: path.Join(torDir, "torrc"), DebugWriter: nil, ProcessCreator: newHideCmd("tor")})
if err != nil {
log.Debugf("Error connecting to self-run system tor: %v\n", err)
return nil, err
}
tp.t = t
tp.version = version
} else {
log.Debugln("Could not find a viable tor running or to run")
return nil, fmt.Errorf("could not connect to or start Tor that met requirements (min Tor version 0.3.5.x)")
log.Debugf("Error connecting to self-run system tor: %v\n", err)
}
version, err := tp.checkVersion()
if err == nil {
tp.t.DeleteDataDirOnClose = false // caller is responsible for dealing with cached information...
tp.dialer, err = tp.t.Dialer(context.TODO(), &tor.DialConf{Authenticator: tp.authenticator})
tp.version = version
tp.t.Control.TakeOwnership()
log.Debugf("launching bundled tor\n")
// try running bundledTor
if bundledTorPath != "" && checkCmdlineTorVersion(bundledTorPath) {
log.Debugln("using bundled tor '" + bundledTorPath + "'")
t, err := tor.Start(nil, &tor.StartConf{EnableNetwork: true, DataDir: dataDir, TorrcFile: path.Join(dataDir, "torrc"), ExePath: bundledTorPath, DebugWriter: nil, ProcessCreator: newHideCmd(bundledTorPath)})
if err != nil {
log.Debugf("Error running bundled tor: %v\n", err)
}
tp.t = t
return tp, err
}
return nil, fmt.Errorf("could not connect to running tor: %v", err)
return nil, errors.New("Could not connect to or start Tor that met requirments (min Tor version 0.3.5.x)")
}
func (tp *torProvider) GetPID() (int, error) {
val, err := tp.t.Control.GetInfo("process/pid")
if err == nil {
return strconv.Atoi(val[0].Val)
}
return 0, err
func (tp *torProvider) unregisterListener(id string) {
tp.lock.Lock()
defer tp.lock.Unlock()
delete(tp.childListeners, id)
}
func (tp *torProvider) monitorRestart() {
@ -587,8 +334,8 @@ func (tp *torProvider) monitorRestart() {
prog, status := tp.GetBootstrapStatus()
if prog == torDown && tp.t != nil {
log.Warnf("monitorRestart calling tp.restart() with prog:%v\n", prog)
tp.restart()
return
}
if prog != lastBootstrapProgress {
@ -603,13 +350,30 @@ func (tp *torProvider) monitorRestart() {
}
}
func getCircuitInfo(controlport *control.Conn) ([]*control.KeyVal, []*control.KeyVal, error) {
circuits, cerr := controlport.GetInfo("circuit-status")
streams, serr := controlport.GetInfo("stream-status")
if cerr == nil && serr == nil {
return circuits, streams, nil
func (tp *torProvider) restart() {
tp.lock.Lock()
defer tp.lock.Unlock()
if time.Now().Sub(tp.lastRestartTime) < restartCooldown {
return
}
tp.lastRestartTime = time.Now()
for _, child := range tp.childListeners {
delete(tp.childListeners, child.AddressIdentity())
child.os.Close()
}
tp.t.Close()
tp.t = nil
for {
newTp, err := startTor(tp.appDirectory, tp.bundeledTorPath, tp.controlPort, tp.authenticator)
if err == nil {
tp.t = newTp.t
tp.dialer, _ = tp.t.Dialer(nil, &tor.DialConf{})
return
}
}
return nil, nil, errors.New("could not fetch circuits or streams")
}
func createFromExisting(controlport *control.Conn, datadir string) *tor.Tor {
@ -626,60 +390,30 @@ func createFromExisting(controlport *control.Conn, datadir string) *tor.Tor {
}
t.Control.DebugWriter = t.DebugWriter
t.EnableNetwork(nil, true)
return t
}
func checkCmdlineTorVersion(torCmd string) (string, bool) {
if torCmd == "" {
return "", false
}
// ideally we would use CommandContext with Timeout here
// but it doesn't work with programs that may launch other processes via scripts e.g. exec
// and the workout is more complex than just implementing the logic ourselves...
func checkCmdlineTorVersion(torCmd string) bool {
cmd := exec.Command(torCmd, "--version")
var outb bytes.Buffer
cmd.Stdout = &outb
waiting := make(chan error, 1)
// try running the tor process
go func() {
log.Debugf("running tor process: %v", torCmd)
cmd.Run()
waiting <- nil
}()
// timeout function
go func() {
<-time.After(time.Second * 5)
waiting <- errors.New("timeout")
}()
err := <-waiting
if err != nil {
log.Debugf("tor process timed out")
return "", false
}
re := regexp.MustCompile(`[0-1]+\.[0-9]+\.[0-9]+\.[0-9]+`)
sysTorVersion := re.Find(outb.Bytes())
log.Infof("tor version: %v", string(sysTorVersion))
return string(sysTorVersion), minTorVersionReqs(string(sysTorVersion))
cmd.SysProcAttr = sysProcAttr
out, err := cmd.CombinedOutput()
re := regexp.MustCompile("[0-1]\\.[0-9]\\.[0-9]\\.[0-9]")
sysTorVersion := re.Find(out)
log.Infoln("tor version: " + string(sysTorVersion))
return err == nil && minTorVersionReqs(string(sysTorVersion))
}
// returns true if supplied version meets our min requirments
// min requirement: 0.3.5.x
func minTorVersionReqs(torversion string) bool {
torversions := strings.Split(torversion, ".") //eg: 0.3.4.8 or 0.3.5.1-alpha
if len(torversions) >= 3 {
log.Debugf("torversions: %v", torversions)
tva, _ := strconv.Atoi(torversions[0])
tvb, _ := strconv.Atoi(torversions[1])
tvc, _ := strconv.Atoi(torversions[2])
return tva > 0 || (tva == 0 && (tvb > 3 || (tvb == 3 && tvc >= 5)))
}
return false
log.Debugf("torversions: %v", torversions)
tva, _ := strconv.Atoi(torversions[0])
tvb, _ := strconv.Atoi(torversions[1])
tvc, _ := strconv.Atoi(torversions[2])
return tva > 0 || (tva == 0 && (tvb > 3 || (tvb == 3 && tvc >= 5)))
}
func dialControlPort(port int) (*control.Conn, error) {

89
tor/torProvider_test.go
View File

@ -2,13 +2,7 @@ package tor
import (
"fmt"
"git.openprivacy.ca/openprivacy/log"
"os"
path "path/filepath"
"runtime"
"runtime/pprof"
"testing"
"time"
)
func getStatusCallback(progChan chan int) func(int, string) {
@ -18,98 +12,19 @@ func getStatusCallback(progChan chan int) func(int, string) {
}
}
func getVersionCallback(verChan chan string) func(string) {
return func(version string) {
fmt.Printf("version: %v\n", version)
verChan <- version
}
}
func TestTorProvider(t *testing.T) {
goRoutineStart := runtime.NumGoroutine()
progChan := make(chan int, 10)
verChan := make(chan string, 10)
log.SetLevel(log.LevelDebug)
torpath := path.Join("..", "tmp/tor")
NewTorrc().WithControlPort(9051).WithHashedPassword("examplehashedpassword").Build(path.Join("..", "testing", "tor", "torrc"))
log.Debugf("setting tor path %v", torpath)
dataDir := ""
var err error
if dataDir, err = os.MkdirTemp(path.Join("..", "testing"), "data-dir-"); err != nil {
t.Fatalf("could not create data dir")
}
acn, err := NewTorACNWithAuth(path.Join("../testing/"), torpath, dataDir, 9051, HashedPasswordAuthenticator{"examplehashedpassword"})
progChan := make(chan int)
acn, err := NewTorACNWithAuth(".", "", 9051, HashedPasswordAuthenticator{"examplehashedpassword"})
if err != nil {
t.Error(err)
return
}
acn.SetStatusCallback(getStatusCallback(progChan))
acn.SetVersionCallback(getVersionCallback(verChan))
progress := 0
for progress < 100 {
progress = <-progChan
t.Logf("progress: %v", progress)
}
acn.Restart()
progress = 0
for progress < 100 {
progress = <-progChan
t.Logf("progress: %v", progress)
}
log.Debugf("Pulling tor version from version callback chan...\n")
version := <-verChan
if version == "" {
t.Errorf("failed to get tor version, got empty string\n")
} else {
log.Debugf("Tor version: %v\n", version)
}
// Test opening the OP Server
_, _, err = acn.Open("isbr2t6bflul2zyi6hjtnuezb2xvfr42svzjg2q3gyqfgg3wmnrbkkqd")
if err == nil {
info, err := acn.GetInfo("isbr2t6bflul2zyi6hjtnuezb2xvfr42svzjg2q3gyqfgg3wmnrbkkqd")
if err != nil {
t.Fatalf("could not find info for OP server %v", err)
}
cinfo, exists := info["circuit"]
if !exists || len(cinfo) == 0 {
t.Fatalf("could not find circuit info for OP server %v", err)
}
_, err = acn.GetInfo("not_a_real_onion")
if err == nil {
t.Fatalf("GetInfo for non existent onion should have errored")
}
} else {
t.Fatalf("could not connect to OP server %v", err)
}
// Should skip without blocking...
acn.Restart()
acn.Restart()
acn.Restart()
acn.Close()
time.Sleep(time.Second * 10)
goRoutineEnd := runtime.NumGoroutine()
if goRoutineEnd != goRoutineStart {
pprof.Lookup("goroutine").WriteTo(os.Stdout, 1)
t.Fatalf("goroutine leak in ACN: %v %v", goRoutineStart, goRoutineEnd)
}
}

80
tor/torUtils.go
View File

@ -1,13 +1,17 @@
package tor
import (
"crypto/rand"
"crypto/sha1"
"encoding/base32"
"encoding/hex"
"errors"
"filippo.io/edwards25519"
"git.openprivacy.ca/openprivacy/bine/control"
"git.openprivacy.ca/openprivacy/bine/tor"
"fmt"
"github.com/cretz/bine/control"
"golang.org/x/crypto/ed25519"
"golang.org/x/crypto/sha3"
"io"
"io/ioutil"
"strings"
)
@ -46,33 +50,6 @@ func IsValidHostname(address string) bool {
data, err := base32.StdEncoding.DecodeString(strings.ToUpper(address))
if err == nil {
pubkey := data[0:ed25519.PublicKeySize]
// Tor won't allow us to connect to a hostname containing a torsion component
// However because we permit authentication over inbound connections we would like to
// be extra safe and reject all *invalid* hostnames that contain a torsion component...
// to do this we need to multiply the point by the order of the group and check that the
// result is the ed25519 identity element.
// l = order of the group (minus 1)
lBytes := []byte{236, 211, 245, 92, 26, 99, 18, 88, 214, 156, 247, 162, 222, 249, 222, 20, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16}
l, _ := edwards25519.NewScalar().SetCanonicalBytes(lBytes)
// construct a curve point from the public key
// if this fails then the hostname is invalid
p, err := new(edwards25519.Point).SetBytes(pubkey)
if err != nil {
return false
}
// Calculate l*P (actually (l-1)P + P because of the limitations of the scalar library...
result := new(edwards25519.Point).ScalarMult(l, p)
result = new(edwards25519.Point).Add(result, p)
// The result should be the identity point..assuming the hostname contains no torsion components...
if result.Equal(edwards25519.NewIdentityPoint()) == 0 {
return false
}
// Finally check that we arrive at the same hostname as the one we were given...
if GetTorV3Hostname(ed25519.PublicKey(pubkey)) == address {
return true
}
@ -81,6 +58,11 @@ func IsValidHostname(address string) bool {
return false
}
// Authenticator provides a facade over various Tor control port authentication methods.
type Authenticator interface {
Authenticate(controlport *control.Conn) error
}
// HashedPasswordAuthenticator authenticates to a Tor control port using a hashed password.
// Note: This method is vulnerable to replay attacks by the host system (but so is cookie auth)
type HashedPasswordAuthenticator struct {
@ -93,7 +75,7 @@ func (h HashedPasswordAuthenticator) Authenticate(controlport *control.Conn) err
}
// NewHashedPasswordAuthenticator creates a new hashed password authenticator
func NewHashedPasswordAuthenticator(password string) tor.Authenticator {
func NewHashedPasswordAuthenticator(password string) Authenticator {
return HashedPasswordAuthenticator{Password: password}
}
@ -105,3 +87,39 @@ type NullAuthenticator struct {
func (n NullAuthenticator) Authenticate(controlport *control.Conn) error {
return errors.New("null authenticator provided, this control port is unsafe, start a new tor process instead")
}
// GenerateHashedPassword calculates a hash in the same waay tha tor --hash-password does
// this function takes a salt as input which is not great from an api-misuse perspective, but
// we make it private.
func generateHashedPassword(salt [8]byte, password string) string {
c := 96
count := (16 + (c & 15)) << ((c >> 4) + 6)
tmp := append(salt[:], []byte(password)...)
slen := len(tmp)
d := sha1.New()
for count != 0 {
if count > slen {
d.Write(tmp)
count -= slen
} else {
d.Write(tmp[:count])
count = 0
}
}
hashed := d.Sum([]byte{})
return fmt.Sprintf("16:%s%s%s", strings.ToUpper(hex.EncodeToString(salt[:])),
strings.ToUpper(hex.EncodeToString([]byte{byte(c)})),
strings.ToUpper(hex.EncodeToString(hashed)))
}
// GenerateTorrc generates a Tor config file with the control port bieng guarded by a hash of the given
// password.
func GenerateTorrc(password string, path string) error {
var salt [8]byte
if _, err := io.ReadFull(rand.Reader, salt[:]); err != nil {
return err
}
hashedpassword := generateHashedPassword(salt, password)
contents := fmt.Sprintf("SOCKSPort 9050\nControlPort 9051\nHashedControlPassword %s", hashedpassword)
return ioutil.WriteFile(path, []byte(contents), 0600)
}

87
tor/torUtils_test.go
View File

@ -1,9 +1,6 @@
package tor
import (
"encoding/hex"
"filippo.io/edwards25519"
"git.openprivacy.ca/openprivacy/bine/torutil"
"os"
"testing"
)
@ -16,93 +13,11 @@ func TestGenerateHashedPassword(t *testing.T) {
}
}
func TestIsValidHostname(t *testing.T) {
openprivonion := "openpravyvc6spbd4flzn4g2iqu4sxzsizbtb5aqec25t76dnoo5w7yd"
t.Logf("testing: %v", openprivonion)
if IsValidHostname(openprivonion) == false {
t.Fatalf("open privacy onion should validate as a valid hostname")
}
sarahonion := "icyt7rvdsdci42h6si2ibtwucdmjrlcb2ezkecuagtquiiflbkxf2cqd"
t.Logf("testing: %v", sarahonion)
if IsValidHostname(sarahonion) == false {
t.Fatalf("sarah onion should validate as a valid hostname")
}
// First we will construct a torsion point from our Valid Onion
pubKey, _ := torutil.PublicKeyFromV3OnionServiceID(openprivonion)
pubKeyPoint, _ := new(edwards25519.Point).SetBytes(pubKey)
torsionPubKeyBytes, _ := hex.DecodeString("26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05")
torsionHostname, _ := torutil.PublicKeyFromV3OnionServiceID(GetTorV3Hostname(torsionPubKeyBytes))
torsionPoint, _ := new(edwards25519.Point).SetBytes(torsionHostname)
malformedKey := new(edwards25519.Point).Add(pubKeyPoint, torsionPoint)
t.Logf("testing: %v", GetTorV3Hostname(malformedKey.Bytes()))
if IsValidHostname(GetTorV3Hostname(malformedKey.Bytes())) == true {
t.Fatalf("torsion onion should not validate as a valid hostname")
}
// Testing a few torsion points taken from https://lists.torproject.org/pipermail/tor-dev/2017-April/012226.html
torsionPubKey, _ := hex.DecodeString("0000000000000000000000000000000000000000000000000000000000000000")
t.Logf("testing: %v", GetTorV3Hostname(torsionPubKey))
if IsValidHostname(GetTorV3Hostname(torsionPubKey)) == true {
t.Fatalf("torsion onion should not validate as a valid hostname")
}
torsionPubKey, _ = hex.DecodeString("26e8958fc2b227b045c3f489f2ef98f0d5dfac05d3c63339b13802886d53fc05")
t.Logf("testing: %v", GetTorV3Hostname(torsionPubKey))
if IsValidHostname(GetTorV3Hostname(torsionPubKey)) == true {
t.Fatalf("torsion onion should not validate as a valid hostname")
}
torsionPubKey, _ = hex.DecodeString("c9fff3af0471c28e33e98c2043e44f779d0427b1e37c521a6bddc011ed1869af")
t.Logf("testing: %v", GetTorV3Hostname(torsionPubKey))
if IsValidHostname(GetTorV3Hostname(torsionPubKey)) == true {
t.Fatalf("torsion onion should not validate as a valid hostname")
}
torsionPubKey, _ = hex.DecodeString("f43e3a046db8749164c6e69b193f1e942c7452e7d888736f40b98093d814d5e7")
t.Logf("testing: %v", GetTorV3Hostname(torsionPubKey))
if IsValidHostname(GetTorV3Hostname(torsionPubKey)) == true {
t.Fatalf("torsion onion should not should validate as a valid hostname")
}
torsionPubKey, _ = hex.DecodeString("300ef2e64e588e1df55b48e4da0416ffb64cc85d5b00af6463d5cc6c2b1c185e")
t.Logf("testing: %v", GetTorV3Hostname(torsionPubKey))
if IsValidHostname(GetTorV3Hostname(torsionPubKey)) == true {
t.Fatalf("torsion onion should not validate as a valid hostname")
}
// this should pass
// (also from https://lists.torproject.org/pipermail/tor-dev/2017-April/012230.html)
validPubKey, _ := hex.DecodeString("4ba2e44760dff4c559ef3c38768c1c14a8a54740c782c8d70803e9d6e3ad8794")
t.Logf("testing: %v", GetTorV3Hostname(validPubKey))
if IsValidHostname(GetTorV3Hostname(validPubKey)) == false {
t.Fatalf("valid onion should validate as a valid hostname")
}
// Finally test a completely invalid key...
badPubKey, _ := hex.DecodeString("e19c65de75c68cf3b7643ea732ba9eb1a3d20d6d57ba223c2ece1df66feb5af0")
t.Logf("testing: %v", GetTorV3Hostname(badPubKey))
if IsValidHostname(GetTorV3Hostname(badPubKey)) == true {
t.Fatalf("invalid ed25519 point should not validate as a valid hostname")
}
}
func TestGenerateTorrc(t *testing.T) {
path := "./torrc.test"
password := "examplehashedpassword"
err := NewTorrc().WithHashedPassword(password).Build(path)
err := GenerateTorrc("examplehashedpassword", path)
if err != nil {
t.Errorf("Torrc file could not be written")
}
os.Remove(path)
}
func TestPreviewTorrc(t *testing.T) {
expected := "SocksPort 9050 OnionTrafficOnly\nControlPort 9061"
torrc := NewTorrc().WithCustom([]string{"SocksPort 9050"}).WithControlPort(9061).WithOnionTrafficOnly().Preview()
if torrc != expected {
t.Fatalf("unexpected torrc generated: [%v] [%v]", expected, torrc)
}
}

131
tor/torrcBuilder.go
View File

@ -1,131 +0,0 @@
package tor
import (
"crypto/rand"
"crypto/sha1"
"encoding/hex"
"fmt"
"io"
"os"
"strings"
)
type TorLogLevel string
const TorLogLevelDebug TorLogLevel = "debug"
const TorLogLevelNotice TorLogLevel = "notice"
const TorLogLevelInfo TorLogLevel = "info"
const TorLogLevelWarn TorLogLevel = "warn"
const TorLogLevelErr TorLogLevel = "err"
// TorrcBuilder is a a helper for building torrc files
type TorrcBuilder struct {
lines []string
}
// NewTorrc creates a new torrc builder
func NewTorrc() *TorrcBuilder {
return &TorrcBuilder{
lines: []string{},
}
}
// WithSocksPort sets the SOCKS port of the tor process
func (tb *TorrcBuilder) WithSocksPort(port int) *TorrcBuilder {
tb.lines = append(tb.lines, fmt.Sprintf("SocksPort %v", port))
return tb
}
// WithControlPort sets the control port of the tor process
func (tb *TorrcBuilder) WithControlPort(port int) *TorrcBuilder {
tb.lines = append(tb.lines, fmt.Sprintf("ControlPort %v", port))
return tb
}
// WithLog sets the Log to file directive to the specified file with the specified log level
func (tb *TorrcBuilder) WithLog(logfile string, level TorLogLevel) *TorrcBuilder {
tb.lines = append(tb.lines, fmt.Sprintf("Log %v file %v", level, logfile))
return tb
}
// WithSocksTimeout adjusts how long before a timeout error is generated trying to connect to the SOCKS port
func (tb *TorrcBuilder) WithSocksTimeout(timeOutSecs int) *TorrcBuilder {
tb.lines = append(tb.lines, fmt.Sprintf("SocksTimeout %v", timeOutSecs))
return tb
}
// WithCustom appends to the torrc builder and allows the client to set any option they want, while benefiting
// from other configuration options.
func (tb *TorrcBuilder) WithCustom(lines []string) *TorrcBuilder {
tb.lines = append(tb.lines, lines...)
return tb
}
// UseCustom clobbers the torrc builder and allows the client to set any option they want, while benefiting
// from other configuration options.
func (tb *TorrcBuilder) UseCustom(lines []string) *TorrcBuilder {
tb.lines = lines
return tb
}
// WithOnionTrafficOnly ensures that the tor process only routes tor onion traffic.
func (tb *TorrcBuilder) WithOnionTrafficOnly() *TorrcBuilder {
for i, line := range tb.lines {
if strings.HasPrefix(line, "SocksPort") {
tb.lines[i] = fmt.Sprintf("%v OnionTrafficOnly", line)
return tb
}
}
return tb
}
// WithOwningPid adds a __OwningControllerProcess line to the config that will attempt to have tor monitor parent PID health and die when parent dies
func (tb *TorrcBuilder) WithOwningPid(pid int) *TorrcBuilder {
tb.lines = append(tb.lines, fmt.Sprintf("__OwningControllerProcess %v", pid))
return tb
}
// WithHashedPassword sets a password for the control port.
func (tb *TorrcBuilder) WithHashedPassword(password string) *TorrcBuilder {
var salt [8]byte
if _, err := io.ReadFull(rand.Reader, salt[:]); err != nil {
panic("no randomness")
}
hashedpassword := generateHashedPassword(salt, password)
tb.lines = append(tb.lines, fmt.Sprintf("HashedControlPassword %s", hashedpassword))
return tb
}
// Build finalizes the torrc contents and write a file
func (tb *TorrcBuilder) Build(path string) error {
return os.WriteFile(path, []byte(strings.Join(tb.lines, "\n")), 0600)
}
// Preview provides a string representation of the torrc file without writing it to a file location.
func (tb *TorrcBuilder) Preview() string {
return strings.Join(tb.lines, "\n")
}
// GenerateHashedPassword calculates a hash in the same way tha tor --hash-password does
// this function takes a salt as input which is not great from an api-misuse perspective, but
// we make it private.
func generateHashedPassword(salt [8]byte, password string) string {
c := 96
count := (16 + (c & 15)) << ((c >> 4) + 6)
tmp := append(salt[:], []byte(password)...)
slen := len(tmp)
d := sha1.New()
for count != 0 {
if count > slen {
d.Write(tmp)
count -= slen
} else {
d.Write(tmp[:count])
count = 0
}
}
hashed := d.Sum([]byte{})
return fmt.Sprintf("16:%s%s%s", strings.ToUpper(hex.EncodeToString(salt[:])),
strings.ToUpper(hex.EncodeToString([]byte{byte(c)})),
strings.ToUpper(hex.EncodeToString(hashed)))
}