Feature Request: conn.RemoteAddr() should return the client's onion ID
Closed this issue · 2 comments
To be fair I'm guessing this isn't really feasible but I figured I'd ask.
Accepting a connection from a hidden service gives you a connection from Tor to your local listener (by default, this will be 127.0.0.1:something. However, it would be super convenient for me if RemoteAddr returned the actual onion ID of the client.
I'm no Tor protocol expert but necessarily this information exists somewhere in Tor. The fact that we're proxying through a local TCP socket (and the connection we get is just that socket) makes that information inaccessible to the user. If it's possible to query Tor for this information (perhaps via Tor's source port for the connection its dialing to the local listener), we could then create our own net.Conn that provides this info up to the user.
Not sure where to start here but I will go looking. Would appreciate some additional context if anyone has any, happy to PR this if I can figure out a path forward.
However, it would be super convenient for me if RemoteAddr returned the actual onion ID of the client.
Clients don't have onion IDs I don't believe unless I'm misunderstanding. The purpose of anonymity is you don't know your client (only the most recent hop you're connected to).
Oh, ok. I assumed this was part of the end-to-end encryption (you don't know the client's actual IP address, but you know their anonymous cryptographic identity). However, I don't see why the client couldn't just generate an ephemeral key pair for end-to-end encryption, meaning the server couldn't identify two connections from the same client and increasing the anonymity. Like I said, not a Tor expert, so I probably just made the wrong assumption here.
Anyway, in my specific use case this isn't an issue anymore. My application only talks to other instances of itself, so I just created a handshake where the accepter sends a random challenge string and the dialer provides their onion ID and a signature of the challenge. This allows the dialer to prove to the accepter that it owns the onion ID.