2021-06-17 17:18:28 +01:00
|
|
|
# Arti: reimplementing Tor in Rust
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is a project to produce an embeddable, production-quality implementation
|
|
|
|
of the [Tor](https://www.torproject.org/) anonymity protocols in the
|
|
|
|
[Rust](https://www.rust-lang.org/) programming language.
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is **not ready for production use**; [see below](#status) for more information.
|
2021-06-09 19:36:59 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## Links:
|
2020-05-09 21:38:12 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [Official source repository](https://gitlab.torproject.org/tpo/core/arti)
|
2020-05-09 21:38:12 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [API-level developer documentation](https://tpo.pages.torproject.net/core/doc/rust/tor_client/index.html)
|
2020-05-09 21:38:12 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [Guidelines for contributors](./CONTRIBUTING.md)
|
2020-10-18 22:38:28 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [Architectural overview](./doc/Architecture.md)
|
2020-09-13 02:46:32 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [Compatibility guide](./doc/Compatibility.md)
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* [Frequently Asked Questions](./doc/FAQ.md)
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## Why rewrite Tor in Rust?
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Rust is *more secure than C*. Despite our efforts, it's all too simple to
|
|
|
|
mess up when using a language that does not enforce memory safety. We
|
|
|
|
estimate that at least half of our tracked security vulnerabilities would
|
|
|
|
have been impossible in Rust, and many of the others would have been very
|
|
|
|
unlikely.
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Rust enables *faster development than C*. Because of Rust's expressiveness
|
|
|
|
and strong guarantees, we've found that we can be far more efficient and
|
|
|
|
confident writing code in Rust. We hope that in the long run this will
|
|
|
|
improve the pace of our software development.
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is *more flexible than our C tor implementation*. Unlike our C `tor`,
|
|
|
|
which was designed as SOCKS proxy originally, and whose integration features
|
|
|
|
were later "bolted on", Arti is designed from the ground up to work as a
|
|
|
|
modular, embeddable library that other applications can use.
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is *cleaner than our C tor implementation*. Although we've tried to
|
|
|
|
develop C tor well, we've learned a lot since we started it back in 2002.
|
|
|
|
There are lots of places in the current C codebase where complicated
|
2021-06-17 23:45:05 +01:00
|
|
|
"spaghetti" relationships between different pieces of code make our software
|
2021-06-17 17:18:28 +01:00
|
|
|
needlessly hard to understand and improve.
|
2020-05-09 21:36:33 +01:00
|
|
|
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## <a name="status"></a>Current status
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is a work-in-progress. It can connect to the Tor network, bootstrap a
|
|
|
|
view of the Tor directory, and make anonymized connections over the network.
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti is currently missing some features that are required for good privacy,
|
|
|
|
and is therefore vulnerable to a lot of attacks that do not yet affect the
|
|
|
|
Tor network. Therefore, **you should probably not use Arti in production**
|
|
|
|
if you want any kind of privacy at all.
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
There are absolutely no guarantees about API stability yet: if you write code
|
|
|
|
that uses Arti, you should expect that
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## Trying it out today
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Arti can act as a SOCKS proxy that uses the Tor network. (Not a very
|
|
|
|
secure or anonymous one!) It knows how to download directory
|
|
|
|
information and how to load it from cache, but it doesn't try to
|
|
|
|
download more than one directory per run.
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
To try it out, run the demo program in `arti` as follows. It will open a
|
|
|
|
SOCKS proxy on port 9150.
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
% cargo run --release
|
2020-12-17 15:52:18 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Again, do not use this program yet if you need anonymity, privacy, security,
|
|
|
|
or stability.
|
2020-09-10 00:27:47 +01:00
|
|
|
|
2021-08-24 20:53:43 +01:00
|
|
|
## Minimum supported Rust Version
|
|
|
|
|
|
|
|
Arti should always build with the most recent _stable_ Rust release, and
|
|
|
|
_may_ build with one or two older Rust releases. Eventually, we may
|
|
|
|
declare some long-term Minimum Supported Rust Version (MSRV), but while
|
|
|
|
Arti is still in its early stages, you'll need to stay up-to-date.
|
|
|
|
|
|
|
|
As of this writing (24 August 2021), Arti works with Rust 1.53 and later.
|
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## Helping out
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 23:45:05 +01:00
|
|
|
Have a look at our [contributor guidelines](./CONTRIBUTING.md).
|
2020-09-26 17:20:46 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## Roadmap
|
2020-09-10 00:27:47 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
Thanks to a generous grant from
|
|
|
|
[Zcash Open Major Grants (ZOMG)](https://zcashomg.org/), we're able to devote
|
|
|
|
some significant time to Arti in the years 2021-2022. Here is our _rough_
|
|
|
|
set of plans for what we hope to deliver when.
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
The goal times below are complete imagination, based on broad assumptions about
|
|
|
|
developer availability. Please don't take them too seriously until we can
|
|
|
|
get our project manager to sign off on them.
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 0.0.1: Minimal Secure Client (Goal: end of October 2021??)
|
|
|
|
* Target audience: **developers**
|
|
|
|
* [ ] Guard support
|
|
|
|
* [ ] Stream Isolation
|
|
|
|
* [ ] High test coverage
|
|
|
|
* [ ] Draft APIs for basic usage
|
|
|
|
* [ ] Code cleanups
|
|
|
|
* [and more...](https://gitlab.torproject.org/tpo/core/arti/-/milestones/6)
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 0.1.0: Okay for experimental embedding (Goal: Mid March, 2022??)
|
|
|
|
* Target audience: **beta testers**
|
|
|
|
* [ ] Performance: preemptive circuit construction
|
|
|
|
* [ ] Performance: circuit build timeout inference
|
|
|
|
* [ ] API support for embedding
|
|
|
|
* [ ] API support for status reporting
|
|
|
|
* [ ] Correct timeout behavior
|
|
|
|
* [and more...](https://gitlab.torproject.org/tpo/core/arti/-/milestones/7)
|
2020-11-25 15:15:32 +00:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 1.0.0: Initial stable release (Goal: Mid September, 2022??)
|
|
|
|
* Target audience: **initial users**
|
|
|
|
* [ ] Security audit
|
|
|
|
* [ ] Stable API
|
|
|
|
* [ ] Stable CLI
|
|
|
|
* [ ] Stable configuration format
|
|
|
|
* [ ] Automatic detection and response of more kinds of network problems
|
|
|
|
* [ ] More performance work
|
|
|
|
* [and more...](https://gitlab.torproject.org/tpo/core/arti/-/milestones/8)
|
2020-09-10 00:27:47 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 1.1.0: Anti-censorship features (Goal: End of october, 2022?)
|
|
|
|
* Target audience: **censored users**
|
|
|
|
* [ ] Bridges
|
|
|
|
* [ ] Pluggable transports
|
|
|
|
* [and more...?](https://gitlab.torproject.org/tpo/core/arti/-/milestones/10)
|
2021-05-24 17:42:57 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 1.2.0: Onion service support (not funded, timeframe TBD)
|
2021-05-24 17:42:57 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti 2.0.0: Feature parity with C tor as a client (not funded, timeframe TBD)
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
* Arti ?.?.?: Relay support
|
2020-05-08 01:05:47 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
## How can I help out?
|
2020-05-08 01:05:47 +01:00
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
See [`CONTRIBUTING.md`](./CONTRIBUTING.md) for a few ideas for how to get
|
|
|
|
started.
|
2020-05-08 00:58:10 +01:00
|
|
|
|
2020-05-08 16:38:24 +01:00
|
|
|
## Licence
|
|
|
|
|
2021-06-17 17:18:28 +01:00
|
|
|
This code is licensed under either of
|
2020-05-08 16:38:24 +01:00
|
|
|
|
|
|
|
* [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
|
|
|
|
* [MIT license](http://opensource.org/licenses/MIT)
|
|
|
|
|
|
|
|
at your option.
|
|
|
|
|
|
|
|
## Contribution
|
|
|
|
|
|
|
|
Unless you explicitly state otherwise, any contribution intentionally
|
|
|
|
submitted for inclusion in the work by you, as defined in the Apache-2.0
|
|
|
|
license, shall be dual licensed as above, without any additional terms or
|
|
|
|
conditions.
|
|
|
|
|
|
|
|
>(The above notice, or something like it, seems to be pretty standard in Rust
|
|
|
|
>projects, so I'm using it here too. This instance of it is copied from
|
|
|
|
>the RustCrypto project's README.md file.)
|