Evaluate non-C tor implementations for hackability
For testing, we should have badly-behaved clients and servers. But implementing that in C seems like horrible overkill. Let's look at the best-of-breed compatible implementations, and figure out which one would be the best basis for making a bunch of stub test client/servers.
(It's okay if the client answer and the server answer aren't the same)
Activity
changed milestone to %Tor: 0.2.8.x-final
Name: Gareth Owen's Tor Research Framework URL: https://github.com/owenson/tor-research-framework Role: Client Hackability: High (I contributed to it in 2014)
However, it has been used as part of his HS hashring research, not sure if we want that association. (But that functionality might help in testing banning for hashring crawling. Not sure if the hashring crawling part is publicly available or in this repository, though.)
Trac:
Severity: N/A to NormalName: haskell-tor URL: https://github.com/GaloisInc/haskell-tor Role: Client (no hidden service support) Hackability: unknown
Just mentioned on the tor-dev mailing list.
From tor-dev@:
python + Scapy: https://github.com/cea-sec/TorPylle
...and, based on the above, this: https://github.com/pycepa/pycepa
"I haven't tried either of the above. I also recall a Python + Twisted one, too, but I can't find it now."
They're now on the wiki at:
https://trac.torproject.org/projects/tor/wiki/doc/ListOfTorImplementations
Evaluating super quickly and unfairly. A unicode confused face (
- haskell-tor looks solidly written and nicely terse. A little less documentation than I'd prefer. But if you don't know haskell it won't be a walk in the park.
- purpleonion : 7 years outdated.
- gotor: Clean but far less documented than I'd prefer. In a nice language at least, and easy to follow.
- node-tor: Far less documented than I'd prefer.
- TorPylle: 2.5 years out of date. Far less documented than I'd prefer. No ntor support.
- pycepa: Documented! Pythonic, mostly! Appears not to be a complete client implementation though; there are hardwired node identities in Circuit.py. We'll have to see how much of this is actually implemented. Not sure it actually checks signatures. Looks pretty hackable. GPLv3.
- oppy: Documentd in some places; undocmented in others. Uses Twisted. Doesn't validate all signatures. Clean. Looks pretty hackable. 3BSD licensed.
- orchid: Far less documented than I'd like. Very nice code structure though. Very big complete implementation. Last commit around May 2015? 3BSD license.
- tor-research-framework: Far less documented than I'd like. Good documentation in some places though. Not in love with architecture/hackability; looks procedural at first glance. GPL3+ license.
- silvertunnel-ng: Documentation present but uneven. Pretty big implementation; pretty complete. GPL2+ license.
- haskell-tor looks solidly written and nicely terse. A little less documentation than I'd prefer. But if you don't know haskell it won't be a walk in the park.
Stem now has ORPort support for downloading descriptors: https://lists.torproject.org/pipermail/tor-dev/2018-February/012905.html
This support is based on Endosome: https://github.com/teor2345/endosome
Both are eminently hackable. (I used endosome to review tor-spec against the actual C relay implementation.)
This list is kept up to date: https://trac.torproject.org/projects/tor/wiki/doc/ListOfTorImplementations
Trac:
Reviewer: N/A to N/Amoved to tpo/core/tor#17270 (closed)