Opened 3 months ago

Last modified 3 days ago

#28803 needs_revision task

Integrate building pluggable transports for Android into tor-browser-build

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, tbb-mobile, TBA-a3, tor-pt, TorBrowserTeam201903, tbb-parity
Cc: sisbell, hans@…, n8fr8 Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor19-can

Description

We want to support Pluggable Transports in Tor Browser for Android. We should integrate those we support into our tor-browser-build process.

Child Tickets

TicketStatusOwnerSummaryComponent
#29002closedtbb-teamUpgrade Gradle to 4.6Applications/Tor Browser
#29003newtbb-teamCreate Go PT Bundle ProjectApplications/Tor Browser

Change History (18)

comment:1 Changed 3 months ago by sisbell

It looks like the candidate PTs are

  1. obfs4 (implemented in orbot)
  2. meek (implemeted in orbot - uses meek_lite)
  3. fteproxy-?has no plans for support on Android: https://github.com/kpdyer/fteproxy/issues/187

Configuration:

The obfs binary used by orbot supports: obfs3, obfs4. meek lite binary also is available. So we can support (1) and (2). All of these are configured and written to a custom torrc file:

ClientTransportPlugin transport exec path-to-binary [options]

The bridge list is read from a text file in the res/raw  folder. The bridges are then written to the custom torrc file.

Building the libraries:

Orbot uses Pluto to build the transports for Android: https://github.com/guardianproject/pluto . However, there is an updated Pluto 2 library available: https://github.com/guardianproject/AndroidPluggableTransports

So first question is do we want to use Pluto 1 (which is what orbot is currently using) or Pluto 2 which is the current recommended version?

To build the transport (for Pluto 1), we will need:

  1. Build go toolchain for android (this could be a separate project/go-android-toolchain)
  2. Build (with go)  github.com/n8fr8/meek/meek-client
  3. Build (with go) git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy

Pluto has a script which sets the correct parameters go compile params and flags. We can modify this script for use in tor-browser-build

The files in Pluto are then packaged into an Android library with the binaries in the res/raw folder. For our purposes, we could put these into the assets folder instead since we want to add this in the last phase of the tor-browser build. We will need to just make sure to create an installer class that will pull from the assets folder into the private data section of the app so we can execute the binaries during runtime.

For Pluto 2 the build is different: It uses the following git repo for building the transports: https://gitlab.com/eighthave/goptbundle .We can then follow a similar process for installing as outlined above.

comment:2 Changed 3 months ago by arma

Skipping FTEProxy makes a lot of sense at this point -- there are only a handful of bridges, and we expect FTEProxy to go away once Marionette replaces it.

For the future, so you are aware of what comes next, the three next PTs we plan to investigate, and hopefully will want to put onto Tor Browser Android too, are:

comment:3 Changed 3 months ago by gk

I think starting with Pluto 2 if there are no blockers for that is the right thing to do. Re the sepaate project/go-android-toolchain: I am not sure why we would need that separate project for the compiler as we build Go for all the other platforms in projects/go. Why can't we add the necessary bits for Android there as well?

comment:4 Changed 3 months ago by gaba

Keywords: tor-pt added
Sponsor: Sponsor19

comment:5 Changed 3 months ago by gk

Sponsor: Sponsor19Sponsor8

Nope, that's part of the browser work for Sponsor8.

comment:6 Changed 3 months ago by gaba

ok! Let's chat in January about it. It would be great if it goes into Sponsor8. If not then we continue with s19.

comment:7 Changed 2 months ago by sisbell

After some research into this, I think it looks strait forward to get Pluto2 and goptbundle implemented into the tor-browser-build. I'd estimate a week for a first implementation + time for feedback changes.

comment:8 Changed 2 months ago by sisbell

Status: newneeds_review

Initial commit (android-0106)

  • Project for android-pluggable-transports

This uses the prebuilt aar for goptbundle. AAR libraries for debug and release versions are copied to the output directory. These libraries will be used by Orbot (or whatever consuming project we decide to use).

comment:9 Changed 2 months ago by gk

Keywords: TorBrowserTeam201901R added; TorBrowserTeam201812 removed

comment:10 Changed 7 weeks ago by gk

Status: needs_reviewnew

Clearing review for now as it is not needed at the moment.

comment:11 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201901R removed

comment:12 Changed 6 weeks ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:13 Changed 3 weeks ago by gk

Status: newneeds_revision

FWIW, this needs revision as we need to make sure that the built stuff is actually used by our bundle. This requires at least copying the files to the proper places in a different project in tor-browser-build.

comment:14 Changed 2 weeks ago by eighthave

Cc: hans@… added

comment:15 Changed 2 weeks ago by gk

Cc: n8fr8 added

I guess Orbot is not ready for that yet and I am not sure where we are with our PT story once we switch to TOPL. Thus we might want to file a more specific ticket to include the obfs4proxy build process (a la Pluto or the Briar way) in our reproducible build process meanwhile. Or maybe we just wait a bit longer... :)

comment:16 Changed 2 weeks ago by gaba

Sponsor: Sponsor8Sponsor19-can

comment:17 Changed 11 days ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:18 Changed 3 days ago by gk

Keywords: tbb-parity added

Introducing tbb-parity.

Note: See TracTickets for help on using tickets.