wiki:org/meetings/2015SummerDevMeeting/iOS and OS X

Tor on iOS and OS X - Technical

These are the notes from the 1645 Tuesday session on technical issues in iOS and OS X.

Overall Goals

  • It should be easy to integrate tor into your app
    • Landing page for SDK and app integration of Tor
  • There should be a way of enabling Tor for system-wide traffic on iOS (and perhaps OS X)
  • Tor on iOS and OS X should be of comparable quality to other platforms

Shared Issues

  • compiling tor using an Xcode project in tor/contrib/apple in master branch
    • a full Xcode build project (including Xcode-built sources) enables graphical debugging for OS X (and possibly iOS simulator)
    • a script-based approach (using ./configure and make) enables the tor binary being included in an iOS app
    • android wants to do something similar
  • packaging a single system tor (see the other session on this topic)
    • there is hopefully going to be a platform-agnostic solution to sharing tor between multiple client applications
  • VPN
    • blacklisting
    • app opt-in
    • services that leak info
    • also issues on android

iOS Specific Issues

Cross-Compilation and configure

  • fork fails
  • pt_deny_attach is missing from the header
  • NSGetEnvironment is missing, configure check doesn't do the right thing with cross-compiling
  • merging these patches into master
    • tor.framework in contrib/
    • configure script changes

Unit Tests on iOS

  • unit tests run on OS X (x86-64 and i386), but not on iOS
  • call unit test main from larger binary

Tor Client Performance Tuning

  • Best practices for tor client configuration
    • RAM & Drive usage
    • Bandwidth & latency
    • Data is expensive

Release Process

  • certificate
  • signing

Reproducible Builds

  • Binary Encryption
    • Write a tool to verify iOS binaries
    • Verification requires jailbreaking
    • Write a tool to sideload apps from Linux
  • Bitcode makes verification almost impossible

Tor Browser

  • in development, tracks Firefox on iOS
  • developer ID for App Store
  • sandboxing and entitlements (somewhat different to OS X)

Shared Tor Instance

  • run a system tor via VPN, or compile-in and call tor_main from the app
  • VPN on iOS requires entitlement from Apple

Pluggable Transports

  • change the fork model to a library / threaded model
  • run it as a SOCKS proxy, tor isn't able to manage launching it
  • scheduled for after initial release of initial iOS VPN app

OS X Specific Issues

Tor Browser

  • developer ID to sign binary - disable gatekeeper warnings
  • sandboxing for Tor Browser - enable App Store submission

Relay Performance Tuning

  • Generally, OS X has received less attention than other platforms
  • Tor code performance tuning
  • Tor config performance tuning
  • OS X network stack performance tuning

Shared Tor Instance

  • run a system tor via launchd, or launch your own tor
    • tor could also run as a VPN on OS X, using code similar to iOS
Last modified 4 years ago Last modified on Sep 29, 2015, 3:26:38 PM