sarah
/
tapir-rs
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Initial Cut of Tor/Service/Authentication App

This commit is contained in:
Sarah Jamie Lewis 2020-11-22 01:16:38 -08:00
parent ed506c3f4a
commit a97f5ce12c
28 changed files with 2156 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.idea/tapir-rs.iml
View File

@ -3,6 +3,8 @@
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$">
<sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" />
<sourceFolder url="file://$MODULE_DIR$/tests" isTestSource="true" />
<sourceFolder url="file://$MODULE_DIR$/deps/rust-socks/src" isTestSource="false" />
<excludeFolder url="file://$MODULE_DIR$/target" />
</content>
<orderEntry type="inheritedJdk" />

21
Cargo.toml
View File

@ -1,16 +1,31 @@
[package]
name = "tapir-rs"
name = "tapir"
version = "0.1.0"
authors = ["Sarah Jamie Lewis <sarah@openprivacy.ca>"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[workspace]
members = ["deps/rust-socks"]
[[test]]
name = "simple_setup"
[dependencies]
torut = "0.1.6"
rand = "0.7.3"
curve25519-dalek = "3.0.0"
x25519-dalek = "1.1"
ed25519-dalek = "1.0.1"
merlin = "2.0.0"
hex = "0.4.2"
hex = "0.4.2"
base32 = "0.4.0"
base64 = "0.13.0"
sha3 = "0.9.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0.59"
byteorder = "1.3.4"
socks = {path="./deps/rust-socks"}
integer-encoding = "2.1.1"
secretbox = "0.1.2"

42
deps/rust-socks/.circleci/config.yml vendored Normal file
View File

@ -0,0 +1,42 @@
restore_registry: &RESTORE_REGISTRY
restore_cache:
key: registry
save_registry: &SAVE_REGISTRY
save_cache:
key: registry-{{ .BuildNum }}
paths:
- /usr/local/cargo/registry/index
deps_key: &DEPS_KEY
key: deps-{{ checksum "~/rust-version" }}-{{ checksum "Cargo.lock" }}
restore_deps: &RESTORE_DEPS
restore_cache:
<<: *DEPS_KEY
save_deps: &SAVE_DEPS
save_cache:
<<: *DEPS_KEY
paths:
- target
- /usr/local/cargo/registry/cache
version: 2
jobs:
build:
docker:
- image: rust:1.19.0
working_directory: ~/build
environment:
RUSTFLAGS: -D warnings
steps:
- checkout
- run: apt-get update
- run: apt-get install -y --no-install-recommends dante-server
- run: danted -D -f .circleci/danted_no_auth.conf
- run: danted -D -f .circleci/danted_password.conf
- run: useradd testuser -p '$1$DLEVM6FQ$dNm6etLDprLfwWSLCUtQY/' # password: testpass
- *RESTORE_REGISTRY
- run: cargo generate-lockfile
- *SAVE_REGISTRY
- run: rustc --version > ~/rust-version
- *RESTORE_DEPS
- run: cargo test
- *SAVE_DEPS

17
deps/rust-socks/.circleci/danted_no_auth.conf vendored Normal file
View File

@ -0,0 +1,17 @@
logoutput: stdout
internal: lo port = 1080
external: eth0
socksmethod: none
clientmethod: none
user.unprivileged: nobody
client pass {
from: 127.0.0.1/0 port 1-65535 to: 0.0.0.0/0
}
socks pass {
from: 127.0.0.1/0 to: 0.0.0.0/0
}

17
deps/rust-socks/.circleci/danted_password.conf vendored Normal file
View File

@ -0,0 +1,17 @@
logoutput: stdout
internal: lo port = 1081
external: eth0
socksmethod: username
clientmethod: none
user.unprivileged: nobody
client pass {
from: 127.0.0.1/0 port 1-65535 to: 0.0.0.0/0
}
socks pass {
from: 127.0.0.1/0 to: 0.0.0.0/0
}

4
deps/rust-socks/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
target
Cargo.lock
.idea
*.iml

19
deps/rust-socks/Cargo.toml vendored Normal file
View File

@ -0,0 +1,19 @@
[package]
name = "socks"
version = "0.3.2"
authors = ["Steven Fackler <sfackler@gmail.com>"]
license = "MIT/Apache-2.0"
description = "SOCKS proxy clients"
repository = "https://github.com/sfackler/rust-socks"
documentation = "https://docs.rs/socks/0.3.0/socks"
readme = "README.md"
[dependencies]
byteorder = "1.0"
[target.'cfg(unix)'.dependencies]
libc = "0.2"
[target.'cfg(windows)'.dependencies]
winapi = "0.2.8"
ws2_32-sys = "0.2.1"

202
deps/rust-socks/LICENSE-APACHE vendored Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

19
deps/rust-socks/LICENSE-MIT vendored Normal file
View File

@ -0,0 +1,19 @@
Copyright (c) 2015 The rust-socks Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

22
deps/rust-socks/README.md vendored Normal file
View File

@ -0,0 +1,22 @@
# rust-socks
[![Build Status](https://travis-ci.org/sfackler/rust-socks.svg?branch=master)](https://travis-ci.org/sfackler/rust-socks)
[Documentation](https://docs.rs/socks/0.2.3/socks)
SOCKS proxy support for Rust.
## License
Licensed under either of
* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
* MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
at your option.
### Contribution
Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be dual licensed as above, without any additional terms or
conditions.

162
deps/rust-socks/src/lib.rs vendored Normal file
View File

@ -0,0 +1,162 @@
//! SOCKS proxy clients
#![doc(html_root_url="https://docs.rs/socks/0.3.0")]
#![warn(missing_docs)]
extern crate byteorder;
#[cfg(unix)]
extern crate libc;
#[cfg(windows)]
extern crate winapi;
#[cfg(windows)]
extern crate ws2_32;
use std::io;
use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs};
use std::vec;
pub use v4::{Socks4Stream, Socks4Listener};
pub use v5::{Socks5Stream, Socks5Listener, Socks5Datagram};
mod v4;
mod v5;
mod writev;
/// A description of a connection target.
#[derive(Debug, Clone)]
pub enum TargetAddr {
/// Connect to an IP address.
Ip(SocketAddr),
/// Connect to a fully qualified domain name.
///
/// The domain name will be passed along to the proxy server and DNS lookup
/// will happen there.
Domain(String, u16),
}
impl ToSocketAddrs for TargetAddr {
type Iter = Iter;
fn to_socket_addrs(&self) -> io::Result<Iter> {
let inner = match *self {
TargetAddr::Ip(addr) => IterInner::Ip(Some(addr)),
TargetAddr::Domain(ref domain, port) => {
let it = (&**domain, port).to_socket_addrs()?;
IterInner::Domain(it)
}
};
Ok(Iter(inner))
}
}
enum IterInner {
Ip(Option<SocketAddr>),
Domain(vec::IntoIter<SocketAddr>),
}
/// An iterator over `SocketAddr`s associated with a `TargetAddr`.
pub struct Iter(IterInner);
impl Iterator for Iter {
type Item = SocketAddr;
fn next(&mut self) -> Option<SocketAddr> {
match self.0 {
IterInner::Ip(ref mut addr) => addr.take(),
IterInner::Domain(ref mut it) => it.next(),
}
}
}
/// A trait for objects that can be converted to `TargetAddr`.
pub trait ToTargetAddr {
/// Converts the value of `self` to a `TargetAddr`.
fn to_target_addr(&self) -> io::Result<TargetAddr>;
}
impl ToTargetAddr for TargetAddr {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
Ok(self.clone())
}
}
impl ToTargetAddr for SocketAddr {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
Ok(TargetAddr::Ip(*self))
}
}
impl ToTargetAddr for SocketAddrV4 {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
SocketAddr::V4(*self).to_target_addr()
}
}
impl ToTargetAddr for SocketAddrV6 {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
SocketAddr::V6(*self).to_target_addr()
}
}
impl ToTargetAddr for (Ipv4Addr, u16) {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
SocketAddrV4::new(self.0, self.1).to_target_addr()
}
}
impl ToTargetAddr for (Ipv6Addr, u16) {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
SocketAddrV6::new(self.0, self.1, 0, 0).to_target_addr()
}
}
impl<'a> ToTargetAddr for (&'a str, u16) {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
// try to parse as an IP first
if let Ok(addr) = self.0.parse::<Ipv4Addr>() {
return (addr, self.1).to_target_addr();
}
if let Ok(addr) = self.0.parse::<Ipv6Addr>() {
return (addr, self.1).to_target_addr();
}
Ok(TargetAddr::Domain(self.0.to_owned(), self.1))
}
}
impl<'a> ToTargetAddr for &'a str {
fn to_target_addr(&self) -> io::Result<TargetAddr> {
// try to parse as an IP first
if let Ok(addr) = self.parse::<SocketAddrV4>() {
return addr.to_target_addr();
}
if let Ok(addr) = self.parse::<SocketAddrV6>() {
return addr.to_target_addr();
}
// split the string by ':' and convert the second part to u16
let mut parts_iter = self.rsplitn(2, ':');
let port_str = match parts_iter.next() {
Some(s) => s,
None => {
return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid socket address"))
}
};
let host = match parts_iter.next() {
Some(s) => s,
None => {
return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid socket address"))
}
};
let port: u16 = match port_str.parse() {
Ok(p) => p,
Err(_) => return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid port value")),
};
(host, port).to_target_addr()
}
}

266
deps/rust-socks/src/v4.rs vendored Normal file
View File

@ -0,0 +1,266 @@
use byteorder::{ReadBytesExt, WriteBytesExt, BigEndian};
use std::io::{self, Read, Write};
use std::net::{SocketAddr, ToSocketAddrs, SocketAddrV4, SocketAddrV6, TcpStream, Ipv4Addr};
use {ToTargetAddr, TargetAddr};
fn read_response(socket: &mut TcpStream) -> io::Result<SocketAddrV4> {
let mut response = [0u8; 8];
socket.read_exact(&mut response)?;
let mut response = &response[..];
if response.read_u8()? != 0 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid response version"));
}
match response.read_u8()? {
90 => {}
91 => return Err(io::Error::new(io::ErrorKind::Other, "request rejected or failed")),
92 => {
return Err(io::Error::new(io::ErrorKind::PermissionDenied,
"request rejected because SOCKS server cannot connect to \
idnetd on the client"))
}
93 => {
return Err(io::Error::new(io::ErrorKind::PermissionDenied,
"request rejected because the client program and identd \
report different user-ids"))
}
_ => return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid response code")),
}
let port = response.read_u16::<BigEndian>()?;
let ip = Ipv4Addr::from(response.read_u32::<BigEndian>()?);
Ok(SocketAddrV4::new(ip, port))
}
/// A SOCKS4 client.
#[derive(Debug)]
pub struct Socks4Stream {
socket: TcpStream,
proxy_addr: SocketAddrV4,
}
impl Socks4Stream {
/// Connects to a target server through a SOCKS4 proxy.
///
/// # Note
///
/// If `target` is a `TargetAddr::Domain`, the domain name will be forwarded
/// to the proxy server using the SOCKS4A protocol extension. If the proxy
/// server does not support SOCKS4A, consider performing the DNS lookup
/// locally and passing a `TargetAddr::Ip`.
pub fn connect<T, U>(proxy: T, target: U, userid: &str) -> io::Result<Socks4Stream>
where T: ToSocketAddrs,
U: ToTargetAddr
{
Self::connect_raw(1, proxy, target, userid)
}
fn connect_raw<T, U>(command: u8, proxy: T, target: U, userid: &str) -> io::Result<Socks4Stream>
where T: ToSocketAddrs,
U: ToTargetAddr
{
let mut socket = TcpStream::connect(proxy)?;
let target = target.to_target_addr()?;
let mut packet = vec![];
let _ = packet.write_u8(4); // version
let _ = packet.write_u8(command); // command code
match target.to_target_addr()? {
TargetAddr::Ip(addr) => {
let addr = match addr {
SocketAddr::V4(addr) => addr,
SocketAddr::V6(_) => {
return Err(io::Error::new(io::ErrorKind::InvalidInput,
"SOCKS4 does not support IPv6"));
}
};
let _ = packet.write_u16::<BigEndian>(addr.port());
let _ = packet.write_u32::<BigEndian>((*addr.ip()).into());
let _ = packet.write_all(userid.as_bytes());
let _ = packet.write_u8(0);
}
TargetAddr::Domain(ref host, port) => {
let _ = packet.write_u16::<BigEndian>(port);
let _ = packet.write_u32::<BigEndian>(Ipv4Addr::new(0, 0, 0, 1).into());
let _ = packet.write_all(userid.as_bytes());
let _ = packet.write_u8(0);
let _ = packet.extend(host.as_bytes());
let _ = packet.write_u8(0);
}
}
socket.write_all(&packet)?;
let proxy_addr = read_response(&mut socket)?;
Ok(Socks4Stream {
socket: socket,
proxy_addr: proxy_addr,
})
}
/// Returns the proxy-side address of the connection between the proxy and
/// target server.
pub fn proxy_addr(&self) -> SocketAddrV4 {
self.proxy_addr
}
/// Returns a shared reference to the inner `TcpStream`.
pub fn get_ref(&self) -> &TcpStream {
&self.socket
}
/// Returns a mutable reference to the inner `TcpStream`.
pub fn get_mut(&mut self) -> &mut TcpStream {
&mut self.socket
}
/// Consumes the `Socks4Stream`, returning the inner `TcpStream`.
pub fn into_inner(self) -> TcpStream {
self.socket
}
}
impl Read for Socks4Stream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
self.socket.read(buf)
}
}
impl<'a> Read for &'a Socks4Stream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
(&self.socket).read(buf)
}
}
impl Write for Socks4Stream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.socket.write(buf)
}
fn flush(&mut self) -> io::Result<()> {
self.socket.flush()
}
}
impl<'a> Write for &'a Socks4Stream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
(&self.socket).write(buf)
}
fn flush(&mut self) -> io::Result<()> {
(&self.socket).flush()
}
}
/// A SOCKS4 BIND client.
#[derive(Debug)]
pub struct Socks4Listener(Socks4Stream);
impl Socks4Listener {
/// Initiates a BIND request to the specified proxy.
///
/// The proxy will filter incoming connections based on the value of
/// `target`.
pub fn bind<T, U>(proxy: T, target: U, userid: &str) -> io::Result<Socks4Listener>
where T: ToSocketAddrs,
U: ToTargetAddr
{
Socks4Stream::connect_raw(2, proxy, target, userid).map(Socks4Listener)
}
/// The address of the proxy-side TCP listener.
///
/// This should be forwarded to the remote process, which should open a
/// connection to it.
pub fn proxy_addr(&self) -> io::Result<SocketAddr> {
if self.0.proxy_addr.ip().octets() != [0, 0, 0, 0] {
Ok(SocketAddr::V4(self.0.proxy_addr()))
} else {
let port = self.0.proxy_addr.port();
let peer = match self.0.socket.peer_addr()? {
SocketAddr::V4(addr) => SocketAddr::V4(SocketAddrV4::new(*addr.ip(), port)),
SocketAddr::V6(addr) => SocketAddr::V6(SocketAddrV6::new(*addr.ip(), port, 0, 0)),
};
Ok(peer)
}
}
/// Waits for the remote process to connect to the proxy server.
///
/// The value of `proxy_addr` should be forwarded to the remote process
/// before this method is called.
pub fn accept(mut self) -> io::Result<Socks4Stream> {
self.0.proxy_addr = read_response(&mut self.0.socket)?;
Ok(self.0)
}
}
#[cfg(test)]
mod test {
use std::io::{Read, Write};
use std::net::{SocketAddr, SocketAddrV4, ToSocketAddrs, TcpStream};
use super::*;
fn google_ip() -> SocketAddrV4 {
"google.com:80"
.to_socket_addrs()
.unwrap()
.filter_map(|a| {
match a {
SocketAddr::V4(a) => Some(a),
SocketAddr::V6(_) => None,
}
})
.next()
.unwrap()
}
#[test]
fn google() {
let mut socket = Socks4Stream::connect("127.0.0.1:1080", google_ip(), "").unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
socket.read_to_end(&mut result).unwrap();
println!("{}", String::from_utf8_lossy(&result));
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
#[test]
#[ignore] // dante doesn't support SOCKS4A
fn google_dns() {
let mut socket = Socks4Stream::connect("127.0.0.1:8080", "google.com:80", "").unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
socket.read_to_end(&mut result).unwrap();
println!("{}", String::from_utf8_lossy(&result));
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
#[test]
fn bind() {
// First figure out our local address that we'll be connecting from
let socket = Socks4Stream::connect("127.0.0.1:1080", google_ip(), "").unwrap();
let addr = socket.proxy_addr();
let listener = Socks4Listener::bind("127.0.0.1:1080", addr, "").unwrap();
let addr = listener.proxy_addr().unwrap();
let mut end = TcpStream::connect(addr).unwrap();
let mut conn = listener.accept().unwrap();
conn.write_all(b"hello world").unwrap();
drop(conn);
let mut result = vec![];
end.read_to_end(&mut result).unwrap();
assert_eq!(result, b"hello world");
}
}

681
deps/rust-socks/src/v5.rs vendored Normal file
View File

@ -0,0 +1,681 @@
use byteorder::{ReadBytesExt, WriteBytesExt, BigEndian};
use std::cmp;
use std::io::{self, Read, Write};
use std::net::{SocketAddr, ToSocketAddrs, SocketAddrV4, SocketAddrV6, TcpStream, Ipv4Addr,
Ipv6Addr, UdpSocket};
use std::ptr;
use {ToTargetAddr, TargetAddr};
use writev::WritevExt;
const MAX_ADDR_LEN: usize = 260;
fn read_addr<R: Read>(socket: &mut R) -> io::Result<TargetAddr> {
match socket.read_u8()? {
1 => {
let ip = Ipv4Addr::from(socket.read_u32::<BigEndian>()?);
let port = socket.read_u16::<BigEndian>()?;
Ok(TargetAddr::Ip(SocketAddr::V4(SocketAddrV4::new(ip, port))))
}
3 => {
let len = socket.read_u8()?;
let mut domain = vec![0; len as usize];
socket.read_exact(&mut domain)?;
let domain = String::from_utf8(domain)
.map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?;
let port = socket.read_u16::<BigEndian>()?;
Ok(TargetAddr::Domain(domain, port))
}
4 => {
let mut ip = [0; 16];
socket.read_exact(&mut ip)?;
let ip = Ipv6Addr::from(ip);
let port = socket.read_u16::<BigEndian>()?;
Ok(TargetAddr::Ip(SocketAddr::V6(SocketAddrV6::new(ip, port, 0, 0))))
}
_ => Err(io::Error::new(io::ErrorKind::Other, "unsupported address type")),
}
}
fn read_response(socket: &mut TcpStream) -> io::Result<TargetAddr> {
xs
if socket.read_u8()? != 5 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid response version"));
}
match socket.read_u8()? {
0 => {}
1 => return Err(io::Error::new(io::ErrorKind::Other, "general SOCKS server failure")),
2 => return Err(io::Error::new(io::ErrorKind::Other, "connection not allowed by ruleset")),
3 => return Err(io::Error::new(io::ErrorKind::Other, "network unreachable")),
4 => return Err(io::Error::new(io::ErrorKind::Other, "host unreachable")),
5 => return Err(io::Error::new(io::ErrorKind::Other, "connection refused")),
6 => return Err(io::Error::new(io::ErrorKind::Other, "TTL expired")),
7 => return Err(io::Error::new(io::ErrorKind::Other, "command not supported")),
8 => return Err(io::Error::new(io::ErrorKind::Other, "address kind not supported")),
_ => return Err(io::Error::new(io::ErrorKind::Other, "unknown error")),
}
if socket.read_u8()? != 0 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid reserved byte"));
}
read_addr(socket)
}
fn write_addr(mut packet: &mut [u8], target: &TargetAddr) -> io::Result<usize> {
let start_len = packet.len();
match *target {
TargetAddr::Ip(SocketAddr::V4(addr)) => {
packet.write_u8(1).unwrap();
packet.write_u32::<BigEndian>((*addr.ip()).into()).unwrap();
packet.write_u16::<BigEndian>(addr.port()).unwrap();
}
TargetAddr::Ip(SocketAddr::V6(addr)) => {
packet.write_u8(4).unwrap();
packet.write_all(&addr.ip().octets()).unwrap();
packet.write_u16::<BigEndian>(addr.port()).unwrap();
}
TargetAddr::Domain(ref domain, port) => {
packet.write_u8(3).unwrap();
if domain.len() > u8::max_value() as usize {
return Err(io::Error::new(io::ErrorKind::InvalidInput, "domain name too long"));
}
packet.write_u8(domain.len() as u8).unwrap();
packet.write_all(domain.as_bytes()).unwrap();
packet.write_u16::<BigEndian>(port).unwrap();
}
}
Ok(start_len - packet.len())
}
/// Authentication methods
#[derive(Debug)]
enum Authentication<'a> {
Password { username: &'a str, password: &'a str },
None
}
impl<'a> Authentication<'a> {
fn id(&self) -> u8 {
match *self {
Authentication::Password { .. } => 2,
Authentication::None => 0
}
}
fn is_no_auth(&self) -> bool {
if let Authentication::None = *self {
true
} else {
false
}
}
}
/// A SOCKS5 client.
#[derive(Debug)]
pub struct Socks5Stream {
socket: TcpStream,
proxy_addr: TargetAddr,
}
impl Socks5Stream {
/// Connects to a target server through a SOCKS5 proxy.
pub fn connect<T, U>(proxy: T, target: U) -> io::Result<Socks5Stream>
where T: ToSocketAddrs,
U: ToTargetAddr
{
Self::connect_raw(1, proxy, target, &Authentication::None)
}
/// Connects to a target server through a SOCKS5 proxy using given
/// username and password.
pub fn connect_with_password<T, U>(proxy: T, target: U, username: &str, password: &str) -> io::Result<Socks5Stream>
where T: ToSocketAddrs,
U: ToTargetAddr
{
let auth = Authentication::Password { username, password };
Self::connect_raw(1, proxy, target, &auth)
}
fn connect_raw<T, U>(command: u8, proxy: T, target: U, auth: &Authentication) -> io::Result<Socks5Stream>
where T: ToSocketAddrs,
U: ToTargetAddr
{
let mut socket = TcpStream::connect(proxy)?;
let target = target.to_target_addr()?;
let packet_len = if auth.is_no_auth() { 3 } else { 4 };
let packet = [
5, // protocol version
if auth.is_no_auth() { 1 } else { 2 }, // method count
auth.id(), // method
0, // no auth (always offered)
];
socket.write_all(&packet[..packet_len])?;
let mut buf = [0; 2];
socket.read_exact(&mut buf)?;
let response_version = buf[0];
let selected_method = buf[1];
if response_version != 5 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid response version"));
}
if selected_method == 0xff {
return Err(io::Error::new(io::ErrorKind::Other, "no acceptable auth methods"))
}
if selected_method != auth.id() && selected_method != Authentication::None.id() {
return Err(io::Error::new(io::ErrorKind::Other, "unknown auth method"))
}
match *auth {
Authentication::Password { username, password } if selected_method == auth.id() => {
Self::password_authentication(&mut socket, username, password)?
},
_ => ()
}
let mut packet = [0; MAX_ADDR_LEN + 3];
packet[0] = 5; // protocol version
packet[1] = command; // command
packet[2] = 0; // reserved
let len = write_addr(&mut packet[3..], &target)?;
socket.write_all(&packet[..len + 3])?;
let proxy_addr = read_response(&mut socket)?;
Ok(Socks5Stream {
socket: socket,
proxy_addr: proxy_addr,
})
}
fn password_authentication(socket: &mut TcpStream, username: &str, password: &str) -> io::Result<()> {
if username.len() < 1 || username.len() > 255 {
return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid username"))
};
if password.len() < 1 || password.len() > 255 {
return Err(io::Error::new(io::ErrorKind::InvalidInput, "invalid password"))
}
let mut packet = [0; 515];
let packet_size = 3 + username.len() + password.len();
packet[0] = 1; // version
packet[1] = username.len() as u8;
packet[2..2 + username.len()].copy_from_slice(username.as_bytes());
packet[2 + username.len()] = password.len() as u8;
packet[3 + username.len()..packet_size].copy_from_slice(password.as_bytes());
socket.write_all(&packet[..packet_size])?;
let mut buf = [0; 2];
socket.read_exact(&mut buf)?;
if buf[0] != 1 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid response version"));
}
if buf[1] != 0 {
return Err(io::Error::new(io::ErrorKind::PermissionDenied, "password authentication failed"));
}
Ok(())
}
/// Returns the proxy-side address of the connection between the proxy and
/// target server.
pub fn proxy_addr(&self) -> &TargetAddr {
&self.proxy_addr
}
/// Returns a shared reference to the inner `TcpStream`.
pub fn get_ref(&self) -> &TcpStream {
&self.socket
}
/// Returns a mutable reference to the inner `TcpStream`.
pub fn get_mut(&mut self) -> &mut TcpStream {
&mut self.socket
}
/// Consumes the `Socks5Stream`, returning the inner `TcpStream`.
pub fn into_inner(self) -> TcpStream {
self.socket
}
}
impl Read for Socks5Stream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
self.socket.read(buf)
}
}
impl<'a> Read for &'a Socks5Stream {
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
(&self.socket).read(buf)
}
}
impl Write for Socks5Stream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
self.socket.write(buf)
}
fn flush(&mut self) -> io::Result<()> {
self.socket.flush()
}
}
impl<'a> Write for &'a Socks5Stream {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
(&self.socket).write(buf)
}
fn flush(&mut self) -> io::Result<()> {
(&self.socket).flush()
}
}
/// A SOCKS5 BIND client.
#[derive(Debug)]
pub struct Socks5Listener(Socks5Stream);
impl Socks5Listener {
/// Initiates a BIND request to the specified proxy.
///
/// The proxy will filter incoming connections based on the value of
/// `target`.
pub fn bind<T, U>(proxy: T, target: U) -> io::Result<Socks5Listener>
where T: ToSocketAddrs,
U: ToTargetAddr
{
Socks5Stream::connect_raw(2, proxy, target, &Authentication::None).map(Socks5Listener)
}
/// Initiates a BIND request to the specified proxy using given username
/// and password.
///
/// The proxy will filter incoming connections based on the value of
/// `target`.
pub fn bind_with_password<T, U>(proxy: T, target: U, username: &str, password: &str) -> io::Result<Socks5Listener>
where T: ToSocketAddrs,
U: ToTargetAddr
{
let auth = Authentication::Password { username, password };
Socks5Stream::connect_raw(2, proxy, target, &auth).map(Socks5Listener)
}
/// The address of the proxy-side TCP listener.
///
/// This should be forwarded to the remote process, which should open a
/// connection to it.
pub fn proxy_addr(&self) -> &TargetAddr {
&self.0.proxy_addr
}
/// Waits for the remote process to connect to the proxy server.
///
/// The value of `proxy_addr` should be forwarded to the remote process
/// before this method is called.
pub fn accept(mut self) -> io::Result<Socks5Stream> {
self.0.proxy_addr = read_response(&mut self.0.socket)?;
Ok(self.0)
}
}
/// A SOCKS5 UDP client.
#[derive(Debug)]
pub struct Socks5Datagram {
socket: UdpSocket,
// keeps the session alive
stream: Socks5Stream,
}
impl Socks5Datagram {
/// Creates a UDP socket bound to the specified address which will have its
/// traffic routed through the specified proxy.
pub fn bind<T, U>(proxy: T, addr: U) -> io::Result<Socks5Datagram>
where T: ToSocketAddrs,
U: ToSocketAddrs
{
Self::bind_internal(proxy, addr, &Authentication::None)
}
/// Creates a UDP socket bound to the specified address which will have its
/// traffic routed through the specified proxy. The given username and password
/// is used to authenticate to the SOCKS proxy.
pub fn bind_with_password<T, U>(proxy: T, addr: U, username: &str, password: &str) -> io::Result<Socks5Datagram>
where T: ToSocketAddrs,
U: ToSocketAddrs
{
let auth = Authentication::Password { username, password };
Self::bind_internal(proxy, addr, &auth)
}
fn bind_internal<T, U>(proxy: T, addr: U, auth: &Authentication) -> io::Result<Socks5Datagram>
where T: ToSocketAddrs,
U: ToSocketAddrs
{
// we don't know what our IP is from the perspective of the proxy, so
// don't try to pass `addr` in here.
let dst = TargetAddr::Ip(SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(0, 0, 0, 0), 0)));
let stream = Socks5Stream::connect_raw(3, proxy, dst, auth)?;
let socket = UdpSocket::bind(addr)?;
socket.connect(&stream.proxy_addr)?;
Ok(Socks5Datagram {
socket: socket,
stream: stream,
})
}
/// Like `UdpSocket::send_to`.
///
/// # Note
///
/// The SOCKS protocol inserts a header at the beginning of the message. The
/// header will be 10 bytes for an IPv4 address, 22 bytes for an IPv6
/// address, and 7 bytes plus the length of the domain for a domain address.
pub fn send_to<A>(&self, buf: &[u8], addr: A) -> io::Result<usize>
where A: ToTargetAddr
{
let addr = addr.to_target_addr()?;
let mut header = [0; MAX_ADDR_LEN + 3];
// first two bytes are reserved at 0
// third byte is the fragment id at 0
let len = write_addr(&mut header[3..], &addr)?;
self.socket.writev([&header[..len + 3], buf])
}
/// Like `UdpSocket::recv_from`.
pub fn recv_from(&self, buf: &mut [u8]) -> io::Result<(usize, TargetAddr)> {
let mut header = [0; MAX_ADDR_LEN + 3];
let len = self.socket.readv([&mut header, buf])?;
let overflow = len.saturating_sub(header.len());
let header_len = cmp::min(header.len(), len);
let mut header = &mut &header[..header_len];
if header.read_u16::<BigEndian>()? != 0 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid reserved bytes"));
}
if header.read_u8()? != 0 {
return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid fragment id"));
}
let addr = read_addr(&mut header)?;
unsafe {
ptr::copy(buf.as_ptr(), buf.as_mut_ptr().offset(header.len() as isize), overflow);
}
buf[..header.len()].copy_from_slice(header);
Ok((header.len() + overflow, addr))
}
/// Returns the address of the proxy-side UDP socket through which all
/// messages will be routed.
pub fn proxy_addr(&self) -> &TargetAddr {
&self.stream.proxy_addr
}
/// Returns a shared reference to the inner socket.
pub fn get_ref(&self) -> &UdpSocket {
&self.socket
}
/// Returns a mutable reference to the inner socket.
pub fn get_mut(&mut self) -> &mut UdpSocket {
&mut self.socket
}
}
#[cfg(test)]
mod test {
use std::error::Error;
use std::io::{Read, Write};
use std::net::{ToSocketAddrs, TcpStream, UdpSocket};
use super::*;
const SOCKS_PROXY_NO_AUTH_ONLY: &str = "127.0.0.1:1080";
const SOCKS_PROXY_PASSWD_ONLY: &str = "127.0.0.1:1081";
#[test]
fn google_no_auth() {
let addr = "google.com:80".to_socket_addrs().unwrap().next().unwrap();
let socket = Socks5Stream::connect(SOCKS_PROXY_NO_AUTH_ONLY, addr).unwrap();
google(socket);
}
#[test]
fn google_with_password() {
let addr = "google.com:80".to_socket_addrs().unwrap().next().unwrap();
let socket = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
"testuser",
"testpass"
).unwrap();
google(socket);
}
fn google(mut socket: Socks5Stream) {
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
socket.read_to_end(&mut result).unwrap();
println!("{}", String::from_utf8_lossy(&result));
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
#[test]
fn google_dns() {
let mut socket = Socks5Stream::connect(SOCKS_PROXY_NO_AUTH_ONLY, "google.com:80").unwrap();
socket.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut result = vec![];
socket.read_to_end(&mut result).unwrap();
println!("{}", String::from_utf8_lossy(&result));
assert!(result.starts_with(b"HTTP/1.0"));
assert!(result.ends_with(b"</HTML>\r\n") || result.ends_with(b"</html>"));
}
#[test]
fn bind_no_auth() {
let addr = find_address();
let listener = Socks5Listener::bind(SOCKS_PROXY_NO_AUTH_ONLY, addr).unwrap();
bind(listener);
}
#[test]
fn bind_with_password_supported_but_no_auth_used() {
let addr = find_address();
let listener = Socks5Listener::bind_with_password(
SOCKS_PROXY_NO_AUTH_ONLY,
addr,
"unused_and_invalid_username",
"unused_and_invalid_password"
).unwrap();
bind(listener);
}
#[test]
fn bind_with_password() {
let addr = find_address();
let listener = Socks5Listener::bind_with_password(
"127.0.0.1:1081",
addr,
"testuser",
"testpass"
).unwrap();
bind(listener);
}
fn bind(listener: Socks5Listener) {
let addr = listener.proxy_addr().clone();
let mut end = TcpStream::connect(addr).unwrap();
let mut conn = listener.accept().unwrap();
conn.write_all(b"hello world").unwrap();
drop(conn);
let mut result = vec![];
end.read_to_end(&mut result).unwrap();
assert_eq!(result, b"hello world");
}
// First figure out our local address that we'll be connecting from
fn find_address() -> TargetAddr {
let socket = Socks5Stream::connect(SOCKS_PROXY_NO_AUTH_ONLY, "google.com:80").unwrap();
socket.proxy_addr().to_owned()
}
#[test]
fn associate_no_auth() {
let socks = Socks5Datagram::bind(SOCKS_PROXY_NO_AUTH_ONLY, "127.0.0.1:15410").unwrap();
associate(socks, "127.0.0.1:15411");
}
#[test]
fn associate_with_password() {
let socks = Socks5Datagram::bind_with_password(
SOCKS_PROXY_PASSWD_ONLY,
"127.0.0.1:15414",
"testuser",
"testpass"
).unwrap();
associate(socks, "127.0.0.1:15415");
}
fn associate(socks: Socks5Datagram, socket_addr: &str) {
let socket = UdpSocket::bind(socket_addr).unwrap();
socks.send_to(b"hello world!", socket_addr).unwrap();
let mut buf = [0; 13];
let (len, addr) = socket.recv_from(&mut buf).unwrap();
assert_eq!(len, 12);
assert_eq!(&buf[..12], b"hello world!");
socket.send_to(b"hello world!", addr).unwrap();
let len = socks.recv_from(&mut buf).unwrap().0;
assert_eq!(len, 12);
assert_eq!(&buf[..12], b"hello world!");
}
#[test]
fn associate_long() {
let socks = Socks5Datagram::bind(SOCKS_PROXY_NO_AUTH_ONLY, "127.0.0.1:15412").unwrap();
let socket_addr = "127.0.0.1:15413";
let socket = UdpSocket::bind(socket_addr).unwrap();
let mut msg = vec![];
for i in 0..(MAX_ADDR_LEN + 100) {
msg.push(i as u8);
}
socks.send_to(&msg, socket_addr).unwrap();
let mut buf = vec![0; msg.len() + 1];
let (len, addr) = socket.recv_from(&mut buf).unwrap();
assert_eq!(len, msg.len());
assert_eq!(msg, &buf[..msg.len()]);
socket.send_to(&msg, addr).unwrap();
let mut buf = vec![0; msg.len() + 1];
let len = socks.recv_from(&mut buf).unwrap().0;
assert_eq!(len, msg.len());
assert_eq!(msg, &buf[..msg.len()]);
}
#[test]
fn incorrect_password() {
let addr = "google.com:80".to_socket_addrs().unwrap().next().unwrap();
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
"testuser",
"invalid"
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::PermissionDenied);
assert_eq!(err.description(), "password authentication failed");
}
#[test]
fn auth_method_not_supported() {
let addr = "google.com:80".to_socket_addrs().unwrap().next().unwrap();
let err = Socks5Stream::connect(SOCKS_PROXY_PASSWD_ONLY, addr).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::Other);
assert_eq!(err.description(), "no acceptable auth methods");
}
#[test]
fn username_and_password_length() {
let addr = "google.com:80".to_socket_addrs().unwrap().next().unwrap();
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(1),
&string_of_size(1)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::PermissionDenied);
assert_eq!(err.description(), "password authentication failed");
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(255),
&string_of_size(255)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::PermissionDenied);
assert_eq!(err.description(), "password authentication failed");
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(0),
&string_of_size(255)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
assert_eq!(err.description(), "invalid username");
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(256),
&string_of_size(255)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
assert_eq!(err.description(), "invalid username");
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(255),
&string_of_size(0)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
assert_eq!(err.description(), "invalid password");
let err = Socks5Stream::connect_with_password(
SOCKS_PROXY_PASSWD_ONLY,
addr,
&string_of_size(255),
&string_of_size(256)
).unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::InvalidInput);
assert_eq!(err.description(), "invalid password");
}
fn string_of_size(size: usize) -> String {
(0..size).map(|_| 'x').collect()
}
}

132
deps/rust-socks/src/writev.rs vendored Normal file
View File

@ -0,0 +1,132 @@
use std::io;
use std::net::UdpSocket;
pub trait WritevExt {
fn writev(&self, bufs: [&[u8]; 2]) -> io::Result<usize>;
fn readv(&self, bufs: [&mut [u8]; 2]) -> io::Result<usize>;
}
#[cfg(unix)]
mod imp {
use libc;
use std::os::unix::io::AsRawFd;
use super::*;
impl WritevExt for UdpSocket {
fn writev(&self, bufs: [&[u8]; 2]) -> io::Result<usize> {
unsafe {
let iovecs = [
libc::iovec {
iov_base: bufs[0].as_ptr() as *const _ as *mut _,
iov_len: bufs[0].len(),
},
libc::iovec {
iov_base: bufs[1].as_ptr() as *const _ as *mut _,
iov_len: bufs[1].len(),
},
];
let r = libc::writev(self.as_raw_fd(), iovecs.as_ptr(), 2);
if r < 0 {
Err(io::Error::last_os_error())
} else {
Ok(r as usize)
}
}
}
fn readv(&self, bufs: [&mut [u8]; 2]) -> io::Result<usize> {
unsafe {
let mut iovecs = [
libc::iovec {
iov_base: bufs[0].as_mut_ptr() as *mut _,
iov_len: bufs[0].len(),
},
libc::iovec {
iov_base: bufs[1].as_mut_ptr() as *mut _,
iov_len: bufs[1].len(),
},
];
let r = libc::readv(self.as_raw_fd(), iovecs.as_mut_ptr(), 2);
if r < 0 {
Err(io::Error::last_os_error())
} else {
Ok(r as usize)
}
}
}
}
}
#[cfg(windows)]
mod imp {
use winapi;
use ws2_32;
use std::os::windows::io::AsRawSocket;
use std::ptr;
use super::*;
impl WritevExt for UdpSocket {
fn writev(&self, bufs: [&[u8]; 2]) -> io::Result<usize> {
unsafe {
let mut wsabufs = [
winapi::WSABUF {
len: bufs[0].len() as winapi::u_long,
buf: bufs[0].as_ptr() as *const _ as *mut _,
},
winapi::WSABUF {
len: bufs[1].len() as winapi::u_long,
buf: bufs[1].as_ptr() as *const _ as *mut _,
},
];
let mut sent = 0;
let r = ws2_32::WSASend(
self.as_raw_socket(),
wsabufs.as_mut_ptr(),
bufs.len() as winapi::DWORD,
&mut sent,
0,
ptr::null_mut(),
None,
);
if r == 0 {
Ok(sent as usize)
} else {
Err(io::Error::last_os_error())
}
}
}
fn readv(&self, bufs: [&mut [u8]; 2]) -> io::Result<usize> {
unsafe {
let mut wsabufs = [
winapi::WSABUF {
len: bufs[0].len() as winapi::u_long,
buf: bufs[0].as_mut_ptr() as *mut _,
},
winapi::WSABUF {
len: bufs[1].len() as winapi::u_long,
buf: bufs[1].as_mut_ptr() as *mut _,
},
];
let mut recved = 0;
let mut flags = 0;
let r = ws2_32::WSARecv(
self.as_raw_socket(),
wsabufs.as_mut_ptr(),
bufs.len() as winapi::DWORD,
&mut recved,
&mut flags,
ptr::null_mut(),
None,
);
if r == 0 {
Ok(recved as usize)
} else {
Err(io::Error::last_os_error())
}
}
}
}
}

7
src/acns/mod.rs Normal file
View File

@ -0,0 +1,7 @@
pub mod tor;
#[derive(Debug)]
pub enum ACNError {
AuthenticationError(String),
ServiceSetupError(String),
}

24
src/acns/tor/authentication.rs Normal file
View File

@ -0,0 +1,24 @@
use std::net::TcpStream;
use std::io::Write;
pub trait TorAuthenticationMethod {
fn authenticate(&self, conn: &mut TcpStream);
}
pub struct HashedPassword {
password: String
}
impl HashedPassword {
pub fn new(password: String) -> HashedPassword {
HashedPassword {
password
}
}
}
impl TorAuthenticationMethod for HashedPassword {
fn authenticate(&self, conn: &mut TcpStream) {
write!(conn, "AUTHENTICATE \"{}\"\r\n", self.password);
}
}

114
src/acns/tor/mod.rs Normal file
View File

@ -0,0 +1,114 @@
use std::net::TcpStream;
use std::io::{Error, BufReader, BufRead};
use crate::acns::ACNError;
use crate::acns::ACNError::{AuthenticationError, ServiceSetupError};
use std::io::Write;
use crate::acns::tor::authentication::TorAuthenticationMethod;
use ed25519_dalek::ExpandedSecretKey;
pub mod authentication;
#[derive(Debug)]
pub struct TorDisconnected(());
#[derive(Debug)]
pub struct TorConnected(());
#[derive(Debug)]
pub struct TorAuthenticated(());
#[derive(Debug)]
pub struct TorProcess<ConnectionStatus> {
conn: TcpStream,
status: ConnectionStatus
}
impl TorProcess<TorDisconnected> {
pub fn connect(control_port: u16) -> Result<TorProcess<TorConnected>, Error> {
match TcpStream::connect(&format!("127.0.0.1:{}", control_port)) {
Ok(conn) => {
Ok(TorProcess{
conn,
status: TorConnected(())
})
},
Err(err) => {
return Err(err)
}
}
}
}
/// From the control port spec...
/// Before the client has authenticated, no command other than
/// PROTOCOLINFO, AUTHCHALLENGE, AUTHENTICATE, or QUIT is valid. If the
/// controller sends any other command, or sends a malformed command, or
/// sends an unsuccessful AUTHENTICATE command, or sends PROTOCOLINFO or
/// AUTHCHALLENGE more than once, Tor sends an error reply and closes
/// the connection.
/// We are more strict as we only allow the caller to authenticate
impl TorProcess<TorConnected> {
pub fn authenticate(mut self, authMethod: Box<dyn TorAuthenticationMethod>) -> Result<TorProcess<TorAuthenticated>, ACNError> {
authMethod.authenticate(&mut self.conn);
let mut reader = BufReader::new(self.conn.try_clone().unwrap());
let mut result = String::new();
reader.read_line(&mut result);
match result.as_str() {
"250 OK\r\n" => {
Ok(TorProcess{
conn: self.conn,
status: TorAuthenticated(())
})
}
"515 Bad authentication\r\n" => {
Err(AuthenticationError(String::from("515 Bad authentication")))
}
_ => {
Err(AuthenticationError(String::from(result)))
}
}
}
}
/// We are now authenticated!
impl TorProcess<TorAuthenticated> {
/// Tell the control port to create a new Onion V3 service given the ed25519 secret key...
pub fn add_onion_v3(&mut self, secret_key: ed25519_dalek::SecretKey, virtual_port: u16, target_port: u16) -> Result<String,ACNError> {
let esk = ExpandedSecretKey::from(&secret_key);
write!(self.conn, "ADD_ONION ED25519-V3:{} Flags=Detach Port={},{}\r\n", base64::encode(esk.to_bytes()), virtual_port, target_port);
let mut reader = BufReader::new(self.conn.try_clone().unwrap());
let mut result = String::new();
reader.read_line(&mut result);
if result.starts_with("250-ServiceID=") {
// We authenticated!
return Ok(result);
}
Err(ServiceSetupError(result))
}
}
#[cfg(test)]
mod tests {
use crate::acns::tor::TorProcess;
use crate::acns::tor::authentication::HashedPassword;
use ed25519_dalek::{Keypair};
use rand::rngs::OsRng;
#[test]
fn connect_tor() {
let mut auth_control_port = TorProcess::connect(9051).unwrap().authenticate(Box::new(HashedPassword::new(String::from("examplehashedpassword")))).unwrap();
let mut csprng = OsRng{};
let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
match auth_control_port.add_onion_v3(keypair.secret, 9878, 10029) {
Ok(_) => {
// we authenticated!
},
Err(err) => {
println!("{:?}", err)
}
}
}
}

104
src/applications/authentication_app.rs Normal file
View File

@ -0,0 +1,104 @@
use crate::primitives::transcript::Transcript;
use std::net::TcpStream;
use std::sync::Arc;
use crate::primitives::identity::Identity;
use ed25519_dalek::PublicKey;
use std::io::{Write, Read};
use serde::Serialize;
use serde::Deserialize;
use byteorder::{WriteBytesExt, BigEndian, ReadBytesExt, LittleEndian};
use integer_encoding::{FixedInt, VarInt};
use crate::connections::utils::{expect, expect_encrypted, public_key_to_hostname, send_encrypted, send};
use sha3::Digest;
pub struct AuthenicationApp {
identity: Arc<Identity>
}
#[derive(Serialize, Deserialize, Debug)]
struct AuthMessage {
#[serde(rename(serialize = "LongTermPublicKey", deserialize = "LongTermPublicKey"))]
longterm_public_key: String,
#[serde(rename(serialize = "EphemeralPublicKey", deserialize = "EphemeralPublicKey"))]
ephemeral_public_key: String,
}
impl AuthenicationApp {
pub fn new(identity: Arc<Identity>) -> AuthenicationApp {
AuthenicationApp {
identity
}
}
pub fn run(&mut self, conn: &mut TcpStream, transcript: &mut Transcript) {
let longterm_public_key = self.identity.public_key().to_bytes();
let ephemeral_identity = Identity::initialize_ephemeral_identity();
let auth_message = AuthMessage{longterm_public_key: base64::encode(longterm_public_key), ephemeral_public_key: base64::encode(ephemeral_identity.public_key().to_bytes())};
let auth_message_json = serde_json::to_string(&auth_message).unwrap();
println!("TCP Timeout: {:?}", conn.read_timeout());
let mut len = [0u8;2];
(auth_message_json.len() as u16).encode_var(&mut len);
// println!("len {} {:?}", auth_message_json.len(), len);
let mut msg = vec![];
msg.extend_from_slice(len.as_slice());
msg.extend_from_slice(auth_message_json.as_bytes());
send(conn, msg);
let remote_auth_message_json = String::from_utf8(expect(conn)).unwrap();
println!("Received Auth Message: {}", remote_auth_message_json);
let remote_auth_message : AuthMessage = serde_json::from_str(remote_auth_message_json.as_str()).unwrap();
println!("Remote auth message: {:?}",remote_auth_message);
let remote_public_key = PublicKey::from_bytes(base64::decode(&remote_auth_message.longterm_public_key).unwrap().as_slice()).unwrap();
let remote_ephemeral_key = PublicKey::from_bytes(base64::decode(&remote_auth_message.ephemeral_public_key).unwrap().as_slice()).unwrap();
let l2e = self.identity.edh(remote_ephemeral_key);
let e2l = ephemeral_identity.edh(remote_public_key);
let e2e = ephemeral_identity.edh(remote_ephemeral_key);
let mut shared_secret = vec![];
// todo if outbound
shared_secret.extend_from_slice(l2e.as_bytes());
shared_secret.extend_from_slice(e2l.as_bytes());
shared_secret.extend_from_slice(e2e.as_bytes());
// todo else
let key = sha3::Sha3_256::digest(shared_secret.as_slice());
transcript.new_protocol("auth-app");
transcript.add_to_transcript("outbound-hostname", self.identity.hostname().as_bytes());
transcript.add_to_transcript("inbound-hostname", public_key_to_hostname(&remote_public_key).as_bytes());
transcript.add_to_transcript("outbound-challenge", auth_message_json.as_bytes());
transcript.add_to_transcript("inbound-challenge",remote_auth_message_json.as_bytes());
let challenge_bytes = transcript.commit_to_transcript("3dh-auth-challenge");
println!("Calculated Challenge: {}", hex::encode(challenge_bytes));
let mut msg = vec![];
let mut len = [0u8;2];
((challenge_bytes.len()+self.identity.hostname().as_bytes().len()) as u16).encode_var(&mut len);
msg.extend_from_slice(len.as_slice());
msg.extend_from_slice(challenge_bytes.as_slice());
msg.extend_from_slice(self.identity.hostname().as_bytes());
println!("Sending: {:?}", hex::encode(&msg));
send_encrypted(conn, key.as_slice(), msg);
let challenge = expect_encrypted(conn, key.as_slice());
let challenge_parts = challenge.split_at(64);
println!("Received Challenge: {:?} {:?}", hex::encode(challenge_parts.0), String::from_utf8(challenge_parts.1.to_vec()));
}
}
#[cfg(test)]
mod tests {
#[test]
fn test_transcript_app() {
//let mut transcript_app = TranscriptApp::NewInstance();
// transcript_app.Init();
// transcript_app.Transcript();
//println!("Transcript App Initial Commit: {:x}", transcript_app.Transcript().challenge_bytes())
}
}

10
src/applications/mod.rs
View File

@ -1,10 +1,2 @@
use crate::primitives::transcript::Transcript;
pub mod transcript_app;
pub trait Application {
fn new_instance(&self) -> Box<dyn Application>;
fn init(&mut self);
fn transcript(&mut self) -> Option<&mut Transcript>;
fn propagate_transcript(&mut self, transcript: &Transcript);
}
pub mod authentication_app;

15
src/applications/transcript_app.rs
View File

@ -1,19 +1,20 @@
use crate::primitives::transcript::Transcript;
use crate::applications::Application;
use std::net::TcpStream;
use std::sync::Arc;
#[derive(Clone)]
pub struct TranscriptApp {
transcript: Option<Transcript>
}
impl Application for TranscriptApp {
fn new_instance(&self) -> Box<dyn Application> {
Box::new(TranscriptApp {
transcript: None
})
impl TranscriptApp {
fn new() -> TranscriptApp {
TranscriptApp {
transcript: None
}
}
fn init(&mut self) {
fn run(&mut self, conn: &TcpStream) {
self.transcript = Some(Transcript::new_transcript("primitives-transcript".as_ref()))
}

18
src/connections/mod.rs Normal file
View File

@ -0,0 +1,18 @@
/// Connections provides an interface for manage sets of connections on top of a particular
/// ACN.
pub mod service;
pub mod utils;
#[derive(Debug)]
pub enum ServiceError {
ClosedNormally,
ConnectionFailed(String),
ListenFailed(String),
}
pub struct Hostname {
}

123
src/connections/service.rs Normal file
View File

@ -0,0 +1,123 @@
use crate::primitives::identity::Identity;
use crate::connections::{Hostname, ServiceError};
use std::net::{TcpListener, TcpStream};
use std::thread::{spawn, JoinHandle};
use crate::connections::ServiceError::{ClosedNormally, ConnectionFailed};
use std::sync::Arc;
use crate::acns::tor::TorProcess;
use socks::{Socks5Stream};
use socks::TargetAddr::Domain;
use std::io::Write;
pub struct NoListenService(());
pub struct ApplicationListenService(());
pub struct Service<ListenService> {
identity: Arc<Identity>,
listen_service: ListenService
}
impl<ListenService> Service<ListenService> {
pub fn connect<F>(&mut self, hostname:&str, application:F) -> Result<(), ServiceError> where F: FnOnce(TcpStream) + Send + Clone + 'static, {
let conn = Socks5Stream::connect(format!("127.0.0.1:9050"), Domain(format!("{}.onion", hostname),9878));
match conn {
Ok(mut conn) => {
let application = application.clone();
spawn( move || {
application(conn.into_inner())
});
Ok(())
},
Err(err) => {
Err(ConnectionFailed(err.to_string()))
}
}
}
}
impl Service<NoListenService> {
pub fn init(identity: Arc<Identity>) -> Service<NoListenService> {
Service {
identity,
listen_service: NoListenService(())
}
}
pub fn listen<F>(mut self, port: u16, application: F) -> Result<Service<JoinHandle<ServiceError>>, ServiceError> where F: FnOnce(TcpStream) + Send + Clone + 'static, {
let jh =spawn(move || {
let listener = TcpListener::bind(format!("127.0.0.1:{}", port));
match listener {
Ok(listener) => {
for stream in listener.incoming() {
match stream {
Ok(conn) => {
let application = application.clone();
spawn( move || {
application(conn)
});
},
Err(_) =>{}
}
}
ClosedNormally
},
Err(err) => {
ServiceError::ListenFailed(err.to_string())
}
}});
Ok(Service{
identity: self.identity,
listen_service: jh
})
}
}
impl Service<JoinHandle<ServiceError>> {
pub fn close(self) {
let result = self.listen_service.join();
match result {
Ok(err) => {
eprintln!("{:?}", err)
}
_ => {
eprintln!("Error joining listen thread")
}
}
}
}
#[cfg(test)]
mod tests {
use crate::connections::service::Service;
use crate::primitives::identity::Identity;
use ed25519_dalek::SecretKey;
use rand::rngs::OsRng;
use crate::applications::transcript_app::TranscriptApp;
use crate::connections::Hostname;
#[test]
fn service_state() {
let mut csprng = OsRng{};
let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
let secret_key = SecretKey::from_bytes(&keypair.secret.to_bytes());
let identity = Identity::initialize(keypair);
let mut service = Service::init(identity);
//let mut listen_service = service.listen(10000, TranscriptApp::new_instance()).unwrap_or_else(|_| panic!());
// this will not compile! wish we could test that service.connect(Hostname{},TranscriptApp::new_instance());
}
#[test]
fn service_lifetime() {
let mut csprng = OsRng{};
let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
let secret_key = SecretKey::from_bytes(&keypair.secret.to_bytes());
let identity = Identity::initialize(keypair);
let service = Service::init(identity);
//let listen_service = service.listen(1000, TranscriptApp::new_instance()).unwrap_or_else(|_| panic!());
// TODO use trybuild to test that this fails: service.connect(Hostname{},TranscriptApp::new_instance());
}
}

82
src/connections/utils.rs Normal file
View File

@ -0,0 +1,82 @@
use std::net::TcpStream;
use std::io::{Read, Write, BufReader};
use integer_encoding::{VarInt, FixedInt};
use secretbox::SecretBox;
use secretbox::CipherType::Salsa20;
use ed25519_dalek::PublicKey;
use sha3::Digest;
pub fn expect(conn: &mut TcpStream) -> Vec<u8> {
let mut msg = [0;8192];
let mut buf = BufReader::new(conn.try_clone().unwrap());
let result = buf.read_exact(&mut msg);
match result {
Err(e) =>{
println!("{:?}",e);
vec![]
}
Ok(()) => {
// TODO why did I decide to use varints here?!?!
let len = u16::decode_var(&msg[0..2]).unwrap().0 as usize;
println!("{} [{}]", len, String::from_utf8(msg[2..len+2].to_vec()).unwrap());
return msg[2..len+2].to_vec()
}
}
}
pub fn public_key_to_hostname(public_key: &PublicKey) -> String {
let mut buf = [0u8; 35];
public_key.to_bytes().iter().copied().enumerate().for_each(|(i, b)| {
buf[i] = b;
});
let mut h = sha3::Sha3_256::new();
h.update(b".onion checksum");
h.update(public_key);
h.update(b"\x03");
let res_vec = h.finalize().to_vec();
buf[32] = res_vec[0];
buf[33] = res_vec[1];
buf[34] = 0x03;
base32::encode(base32::Alphabet::RFC4648 {padding:false}, &buf).to_ascii_lowercase()
}
pub fn send(conn: &mut TcpStream, msg: Vec<u8>) {
let mut msg = msg;
while msg.len() < 8192 {
msg.push(0);
}
// println!("Sending Auth Message: {}", hex::encode(&msg));
conn.write_all(msg.as_slice());
}
pub fn send_encrypted(conn: &mut TcpStream, key: &[u8], msg: Vec<u8>) {
let mut msg = msg;
while msg.len() < 8192-40 {
msg.push(0);
}
let secret_box = SecretBox::new(key, Salsa20).unwrap();
let msg = secret_box.easy_seal(msg.as_slice());
conn.write_all(msg.as_slice());
}
pub fn expect_encrypted(conn: &mut TcpStream, key: &[u8]) -> Vec<u8> {
let secret_box = SecretBox::new(key, Salsa20).unwrap();
let mut result = [0u8;8192];
match conn.read_exact(&mut result) {
Err(e) =>{
eprintln!("{}",e.to_string())
}
_ => {}
}
let msg = secret_box.easy_unseal(&result).unwrap();
let msg = msg.as_slice();
let mut len_bytes = [0u8;2];
let len = u16::decode_fixed(&msg[0..2]) as usize;
if len > 8192 {
eprintln!("invalid length: {}", len);
return vec![] // lol no.
}
msg[2..len].to_vec()
}

7
src/lib.rs
View File

@ -1,8 +1,13 @@
#![feature(array_methods)]
// #[deny(missing_docs)]
#![feature(external_doc)]
#![doc(include = "../README.md")]
#![doc(html_logo_url = "https://git.openprivacy.ca/cwtch.im/tapir/media/branch/master/tapir.png")]
pub mod acns;
pub mod applications;
pub mod networks;
pub mod primitives;
pub mod connections;
#[cfg(test)]

1
src/networks/mod.rs
View File

@ -1 +0,0 @@
pub mod tor;

31
src/networks/tor/mod.rs
View File

@ -1,31 +0,0 @@
use std::net::TcpStream;
use std::io::Error;
#[derive(Debug)]
pub struct TorProcess {
}
impl TorProcess {
pub fn connect() -> Result<TorProcess, Error> {
match TcpStream::connect(&format!("127.0.0.1:{}", 9051)) {
Ok(_conn) => {
Ok(TorProcess{})
},
Err(err) => {
return Err(err)
}
}
}
}
#[cfg(test)]
mod tests {
use crate::networks::tor::TorProcess;
#[test]
fn connect_tor() {
println!("{:?}", TorProcess::connect());
}
}

22
src/primitives/identity.rs
View File

@ -3,6 +3,10 @@ use x25519_dalek::{StaticSecret, SharedSecret};
use x25519_dalek::PublicKey as X25519PublicKey ;
use rand::rngs::OsRng;
use std::intrinsics::transmute;
use sha3::Digest;
use std::sync::Arc;
use crate::connections::utils::public_key_to_hostname;
/// Identity - An ed25519 keypair, required for established a Tor v3 onion service and used to
/// maintain a consistent cryptographic identity for a peer.
@ -13,10 +17,10 @@ pub struct Identity {
impl Identity {
/// Initialize a persistent identity
pub fn initialize(keypair: Keypair) ->Identity {
Identity {
pub fn initialize(keypair: Keypair) -> Arc<Identity> {
Arc::new(Identity {
keypair
}
})
}
/// Initialize an ephemeral identity - used for both ephemeral diffie hellman key exchanges
@ -29,6 +33,14 @@ impl Identity {
}
}
pub fn public_key(&self) -> ed25519_dalek::PublicKey {
self.keypair.public.clone()
}
pub fn hostname(&self) -> String {
public_key_to_hostname(&self.keypair.public)
}
/// Perform a diffie hellman exchange between `self` and the `remote_pub_key`
/// Implementation: this method converts the secret key of `self` into a `StaticSecret`
/// and the `remote_pub_key` into a `x25519_dalek::PublicKey` such that they can be used
@ -61,7 +73,7 @@ mod tests {
let bob = Identity::initialize_ephemeral_identity();
assert_eq!(alice.edh(bob.keypair.public).to_bytes(), bob.edh(alice.keypair.public).to_bytes());
println!("Alice Shared Secret: {:?}", alice.edh(bob.keypair.public).to_bytes());
println!("Bob Shared Secret: {:?}", bob.edh(alice.keypair.public).to_bytes());
println!("Alice Shared Secret: {} {:?}", alice.hostname(), alice.edh(bob.keypair.public).to_bytes());
println!("Bob Shared Secret: {} {:?}", bob.hostname(), bob.edh(alice.keypair.public).to_bytes());
}
}

49
tests/simple_setup.rs Normal file
View File

@ -0,0 +1,49 @@
#[cfg(test)]
mod test {
use tapir::acns::tor::authentication::HashedPassword;
use tapir::acns::tor::TorProcess;
use rand::rngs::OsRng;
use tapir::primitives::identity::Identity;
use ed25519_dalek::SecretKey;
use tapir::connections::service::Service;
use tapir::applications::transcript_app::TranscriptApp;
use std::net::TcpStream;
use std::io::Write;
use tapir::applications::authentication_app::AuthenicationApp;
use tapir::primitives::transcript::Transcript;
#[test]
fn test_simple_setup() {
let mut auth_control_port = TorProcess::connect(9051).unwrap().authenticate(Box::new(HashedPassword::new(String::from("examplehashedpassword")))).unwrap();
let mut csprng = OsRng{};
let keypair = ed25519_dalek::Keypair::generate(&mut csprng);
match auth_control_port.add_onion_v3(SecretKey::from_bytes(&keypair.secret.to_bytes()).unwrap(), 9878, 10029) {
Ok(service_id) => {
// we authenticated!
let identity = Identity::initialize(keypair);
println!("Service Id: {}", service_id);
println!("Setup: {}", identity.hostname());
let mut service = Service::init(identity.clone());
let identity = identity.clone();
let function = |mut conn: TcpStream| {
let mut transcript = Transcript::new_transcript("tapir-transcript");
let mut auth_app = AuthenicationApp::new(identity);
auth_app.run(&mut conn, &mut transcript);
};
// let mut service = service.listen(10029, function.clone()).unwrap_or_else(|_|panic!());
service.connect("hejcfc3pduhcymo7i3zkoxezbjvw3vdsbavyy7gfsd677l5py7ccnlyd", function.clone());
// service.close();
loop{}
},
Err(err) => {
println!("{:?}", err)
}
}
}
}