Browse code

Adding Tor and Orbot project ideas

Yikes, between Nick and Nathan there's quite a few! Adding GSoC project ideas
from them both for Tor and Orbot.

Damian Johnson authored on27/02/2014 18:19:03
Showing1 changed files
... ...
@@ -425,7 +425,13 @@ meetings around the world.</li>
425 425
     <p>
426 426
     <b>Project Ideas:</b><br />
427 427
     <i><a href="#torCleanup">Tor Codebase Cleanup</a></i><br />
428
-    <i><a href="#chutneyExpansion">Make Chutney Do More, More Reliably</a></i>
428
+    <i><a href="#chutneyExpansion">Make Chutney Do More, More Reliably</a></i><br />
429
+    <i><a href="#improveTorTestCoverage">Improve test coverage in Tor</a></i><br />
430
+    <i><a href="#useMoreCores">Have the Tor daemon use more cores</a></i><br />
431
+    <i><a href="#improveHiddenServices">Help improve Tor hidden services</a></i><br />
432
+    <i><a href="#consensusDiffs">Implement consensus diffs</a></i><br />
433
+    <i><a href="#improvedDnsSupport">Improved DNS support for Tor</a></i><br />
434
+    <i><a href="#torSandboxing">Help improve Tor sandboxing</a></i>
429 435
     </p>
430 436
 
431 437
     <a id="project-orchid"></a>
... ...
@@ -516,6 +522,12 @@ meetings around the world.</li>
516 522
     date with all changes in Android and mobile threats.
517 523
     </p>
518 524
 
525
+    <p>
526
+    <b>Project Ideas:</b><br />
527
+    <i><a href="#orbotVPN">Orbot Android VPN</a></i><br />
528
+    <i><a href="#orfox">Orfox - Firefox/Gecko-based Android Browser for Tor</a></i>
529
+    </p>
530
+
519 531
     <a id="project-tails"></a>
520 532
     <h3><a href="https://tails.boum.org/">The Amnesic Incognito Live System</a> (<a
521 533
     href="https://git-tails.immerda.ch/tails/">code</a>, <a
... ...
@@ -1306,6 +1318,426 @@ information see ticket 7416.</a></b>
1306 1318
     </p>
1307 1319
     </li>
1308 1320
 
1321
+    <a id="orbotVPN"></a>
1322
+    <li>
1323
+    <b>Orbot Android VPN</b>
1324
+    <br>
1325
+    Effort Level: <i>Medium</i>
1326
+    <br>
1327
+    Skill Level: <i>High</i>
1328
+    <br>
1329
+    Likely Mentors: <i>Nathan (n8fr8)</i>
1330
+    <p>
1331
+Android offers the ability for any application to establish a
1332
+VPNService through which all traffic on the device is sent. We want to
1333
+implement this type of service in order to route all traffic through
1334
+the Tor network. This is a feature that will be implemented directly
1335
+into Orbot: Tor for Android if successfully implemented.
1336
+    </p>
1337
+
1338
+    <p>
1339
+The deliverables for the project will be a working Android VPN
1340
+implementation that routes traffic through Tor, and integration of VPN
1341
+code into the Orbot app. There must also be time made for reporting on
1342
+the project through blog posts, network auditing of tracking to ensure
1343
+leakage is not occurring.
1344
+    </p>
1345
+
1346
+    <p>
1347
+Useful links and documentation to study:
1348
+    </p>
1349
+
1350
+    <ul>
1351
+      <li><a href="https://gitweb.torproject.org/orbot.git">Orbot</a></li>
1352
+      <li><a href="http://developer.android.com/reference/android/net/VpnService.html">Android VPNService API</a></li>
1353
+      <li><a href="https://github.com/guardianproject/OrbotVPN">Existing work on Orbot VPN</a></li>
1354
+    </ul>
1355
+
1356
+    <p>
1357
+Applicant should have the ability to build Orbot application from
1358
+source using Android SDK and NDK tools. A solid understanding of IP
1359
+routing, iptables, netfilter and VPN protocols would also be very
1360
+helpful. The ability to use Wireshark or other network monitoring
1361
+software to test and verify solution is something that can be taught,
1362
+but if you already know how, bonus! Finally, understanding how the
1363
+exiting Tor software can be used with various transparent proxying
1364
+configurations is a good first step to understanding this problem.
1365
+    </p>
1366
+    </li>
1367
+
1368
+    <a id="orfox"></a>
1369
+    <li>
1370
+    <b>Orfox - Firefox/Gecko-based Android Browser for Tor</b>
1371
+    <br>
1372
+    Effort Level: <i>High</i>
1373
+    <br>
1374
+    Skill Level: <i>Medium</i>
1375
+    <br>
1376
+    Likely Mentors: <i>Nathan (n8fr8)</i>
1377
+    <p>
1378
+With almost 1 million downloads, our Orweb browser has been a popular
1379
+solution for easily accessing the web via Tor or any other HTTP or
1380
+SOCKS proxy, while also ensuring local data caches are cleared and
1381
+cookies are properly managed. Orweb is based on WebView, which has its
1382
+limitations unfortunately. We would like to move to a
1383
+Firefox/Fennec/GeckoView based browser, and have created a prototype
1384
+for it. Mozilla has begun releasing GeckoView as a standalone
1385
+component, as well, but it needs more testing, debugging and work on
1386
+integration into our streamlined browser app model. Our end goal is to
1387
+have a mobile browser that matches Tor Browser in terms of privacy
1388
+enhancing features and security.
1389
+    </p>
1390
+
1391
+    <p>
1392
+The deliverables for the project are expected to be the creation of a
1393
+alpha quality release of Orfox, a GeckoView-based browser with feature
1394
+parity of Orweb browser. A bonus goal is to implement additional
1395
+features and capabilities based on Tor Browser patches for
1396
+Fennec/Mozilla core. Finally, as always, a required activity is a
1397
+network audit testing of implemented solution with write-ups, reports
1398
+posted publicly.
1399
+    </p>
1400
+
1401
+    <p>
1402
+Useful links to review:
1403
+    </p>
1404
+
1405
+    <ul>
1406
+      <li><a href="https://github.com/guardianproject/orfox">Orfox (gecko prototype)</a></li>
1407
+      <li><a href="https://github.com/guardianproject/orweb">Orweb (production browser on WebView)</a></li>
1408
+      <li><a href="http://starkravingfinkle.org/blog/2013/10/geckoview-embedding-gecko-in-your-android-application/">GeckoView info</a></li>
1409
+      <li><a href="https://www.torproject.org/projects/torbrowser.html.en">Tor Browser (desktop)</a></li>
1410
+    </ul>
1411
+
1412
+    <p>
1413
+Applicant should have the ability to build Fennec and GeckoView
1414
+libraries from source using Android SDK and NDK. Some experince with
1415
+browser security models and threats would be a useful background to
1416
+have. Ability to do network audits to ensure browser proxying is not
1417
+leaking DNS, media streams or other network traffic, as well as tests
1418
+against common browser de-anonymizing attacks are necessary.
1419
+    </p>
1420
+    </li>
1421
+
1422
+    <a id="improveTorTestCoverage"></a>
1423
+    <li>
1424
+    <b>Improve test coverage in Tor</b>
1425
+    <br>
1426
+    Effort Level: <i>Medium</i>
1427
+    <br>
1428
+    Skill Level: <i>Medium</i>
1429
+    <br>
1430
+    Likely Mentors: <i>Nick (nickm)</i>
1431
+    <p>
1432
+Right now, our unit test coverage with the tests we ship is around 30%
1433
+-- only 30% of the executable lines in our source are reached by the
1434
+unit tests.  Improving this test coverage could make Tor development
1435
+much more reliable.
1436
+    </p>
1437
+
1438
+    <p>
1439
+So we need better unit tests, and we need better integration tests too.
1440
+    </p>
1441
+
1442
+    <p>
1443
+Improving unit tests would would involve refactoring functions to be more
1444
+testable, and writing a bunch of unit tests.
1445
+    </p>
1446
+
1447
+    <p>
1448
+Improving integratino tests would involve refactoring and improving
1449
+the "chutney" program that launches a test tor network, and writing a
1450
+bunch of tests to see what works and what doesn't work on such a
1451
+network.  It could also involve writing tests using the library "<a
1452
+href="https://stem.torproject.org/">stem</a>" to script individual clients on a
1453
+Chutney network.
1454
+    </p>
1455
+
1456
+    <p>
1457
+To get a feel for how testing works in Tor today, download Tor and
1458
+Chutney, and make sure you can build Tor and use Chutney.  See how the
1459
+unit tests work by skimming some of the test code in the src/test
1460
+subdirectory.  Try computing test coverage (according to the
1461
+instructions in the doc/HACKING file.
1462
+    </p>
1463
+
1464
+    <p>
1465
+Also, have a look at the one current integration test that works on
1466
+chutney today: it is a shell script distributed with Tor as
1467
+src/test/test-tor-network.sh .  We probably don't want to have all of
1468
+our integration tests be written as shell scripts, but it's interesting
1469
+to see how one works.
1470
+    </p>
1471
+
1472
+    <p>
1473
+If working on designs for an improved or refactored Chutney, watch out for <a
1474
+href="http://www.joelonsoftware.com/articles/fog0000000018.html">"archicture
1475
+astronautics"</a>: while it's important that we have a well-designed and
1476
+maintainable Chutney architecture, it wouldn't be very useful if a good
1477
+architecture were the <em>only</em> outcome here: we need tests too.
1478
+    </p>
1479
+
1480
+    <p>
1481
+As part of the application process, please contribute a patch that makes
1482
+a non-trivial improvement to chutney, and/or include a new test for some
1483
+interesting Tor function. (Please pick a function that isn't completely
1484
+easy to test.)
1485
+    </p>
1486
+    </li>
1487
+
1488
+    <a id="useMoreCores"></a>
1489
+    <li>
1490
+    <b>Have the Tor daemon use more cores</b>
1491
+    <br>
1492
+    Effort Level: <i>Medium</i>
1493
+    <br>
1494
+    Skill Level: <i>Medium</i>
1495
+    <br>
1496
+    Likely Mentors: <i>Nick (nickm)</i>
1497
+    <p>
1498
+Right now, if you run a busy Tor server on a multicore computer, most of
1499
+the cores are mostly unused.  We have a "cpuworker" mechanism to move
1500
+expensive computations into worker threads, but that mechanism is
1501
+currently only used for a small fraction of our cryptography.  Moving
1502
+more work into the worker threads could improve performance immensely.
1503
+    </p>
1504
+
1505
+    <p>
1506
+So it would be great to parallelize our cryptography more in order to
1507
+better handle more cores.  See
1508
+<a href="https://trac.torproject.org/projects/tor/wiki/org/projects/Tor/MultithreadedCrypto">MultithreadedCrypto</a>
1509
+for some background info, and
1510
+<a href="https://trac.torproject.org/projects/tor/ticket/7572">ticket 7572</a> for some subtickets
1511
+on our tracker.
1512
+    </p>
1513
+
1514
+    <p>
1515
+(If you're reading through the code to see how it works today, you will
1516
+also want to have a look at the new implementation for cpuworkers
1517
+described in <a href="https://trac.torproject.org/projects/tor/ticket/9682">9682</a>.)
1518
+    </p>
1519
+
1520
+    <p>
1521
+Completing the implementation of ticket #7572 --which would move our
1522
+circuit crypto onto separate threads-- could be a good summer project.
1523
+Alternatively, moving all of the signature generation and verification
1524
+code onto the cpuworkers could be fun.  In either case, you will have
1525
+some important architectural decisions to make about how to minimize
1526
+shared data between the main thread and the workers, how to avoid
1527
+race conditions between them, and how to test it all to make sure it has
1528
+no hidden failure cases.
1529
+    </p>
1530
+
1531
+    <p>
1532
+As part of the application process for this project, please contribute a
1533
+nontrivial patch to Tor -- ideally, one that will affect some part of
1534
+the codebase that you want to work on.
1535
+    </p>
1536
+    </li>
1537
+
1538
+    <a id="improveHiddenServices"></a>
1539
+    <li>
1540
+    <b>Help improve Tor hidden services</b>
1541
+    <br>
1542
+    Effort Level: <i>Medium</i>
1543
+    <br>
1544
+    Skill Level: <i>Medium</i>
1545
+    <br>
1546
+    Likely Mentors: <i>Nick (nickm)</i>
1547
+    <p>
1548
+We're working on a revamp of the entire Tor hidden service design to
1549
+improve the security and reliability of the hidden service system.
1550
+    </p>
1551
+
1552
+    <p>
1553
+This is a big project: see
1554
+<a href="https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/224-rend-spec-ng.txt">proposal
1555
+224</a> for the latest design.  Are you interested in implementing some
1556
+part of that?
1557
+    </p>
1558
+
1559
+    <p>
1560
+This is a very ambitious project, so we're deliberately not suggesting
1561
+particular sub-topics.  If you're interested in participating, try to
1562
+read and understand the <a
1563
+href="https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/rend-spec.txt">existing
1564
+design</a> and the design proposal for the new design, and then talk to
1565
+us about what part you want to work on.
1566
+    </p>
1567
+
1568
+    <p>
1569
+As part of the application process for this project, please contribute a
1570
+nontrivial patch to Tor -- ideally, one that will affect some part of
1571
+the codebase that you want to work on.
1572
+    </p>
1573
+    </li>
1574
+
1575
+    <a id="consensusDiffs"></a>
1576
+    <li>
1577
+    <b>Implement consensus diffs</b>
1578
+    <br>
1579
+    Effort Level: <i>Medium</i>
1580
+    <br>
1581
+    Skill Level: <i>Medium</i>
1582
+    <br>
1583
+    Likely Mentors: <i>Nick (nickm)</i>
1584
+    <p>
1585
+Right now, every few hours, a Tor client downloads a new signed "consensus
1586
+document" that describes the state of the network.  Even though these
1587
+documents are compressed, thisstill takes almost half a megabyte.
1588
+    </p>
1589
+
1590
+    <p>
1591
+<a
1592
+href="https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/140-consensus-diffs.txt">Proposal
1593
+140</a> describes a design to save a lot of bandwidth by transferring
1594
+compressed <a href="http://en.wikipedia.org/wiki/Diff">diff</a>s instead
1595
+of transferring the entire consensus document.
1596
+    </p>
1597
+
1598
+    <p>
1599
+That's an attractive idea, but it presents some programming challenges.
1600
+We probably don't want to ship a 'diff' and 'patch' along with Tor.  Is
1601
+there a free, <strong>safe</strong>, robust implementation of one of the
1602
+good diff algorithms that we can use?
1603
+    </p>
1604
+
1605
+    <p>
1606
+Alternatively, can we take advantage of regularities in the descriptor
1607
+format in order to generate diffs more simply?
1608
+    </p>
1609
+
1610
+    <p>
1611
+As part of the application process for this project, please contribute a
1612
+nontrivial patch to Tor -- ideally, one that will affect some part of
1613
+the codebase that you want to work on.  Make sure that your application
1614
+describes which implementations of the diff and patch algorithms you
1615
+intend to use, and that your coding samples show strong evidence that
1616
+you can do secure string manipulation in C.
1617
+    </p>
1618
+    </li>
1619
+
1620
+    <a id="improvedDnsSupport"></a>
1621
+    <li>
1622
+    <b>Improved DNS support for Tor</b>
1623
+    <br>
1624
+    Effort Level: <i>Medium</i>
1625
+    <br>
1626
+    Skill Level: <i>Medium</i>
1627
+    <br>
1628
+    Likely Mentors: <i>Nick (nickm)</i>
1629
+    <p>
1630
+Right now, you can only use Tor's DNS support to look up IPv4 and IPv6
1631
+addresses, and to fetch PTR records.  But DNS can do so much more!
1632
+    </p>
1633
+
1634
+    <p>
1635
+<a
1636
+href="https://gitweb.torproject.org/torspec.git/blob_plain/refs/heads/master:/proposals/219-expanded-dns.txt">Proposal
1637
+219</a> describes some new cell types that Tor could use to support
1638
+more types of DNS over Tor.
1639
+    </p>
1640
+
1641
+    <p>
1642
+To see how Tor implements its existing DNS lookups, start by tracing the
1643
+the connection_exit_begin_resolve() function in src/or/connection_edge.c ,
1644
+and see how we pass these requests downwards through src/or/dns.c to the
1645
+underlying resolver.  It's not too complicated, but there are some
1646
+tricky parts to understand.
1647
+    </p>
1648
+
1649
+    <p>
1650
+As part of the application process for this project, please contribute a
1651
+nontrivial patch to Tor -- ideally, one that will affect some part of
1652
+the codebase that you want to work on.
1653
+    </p>
1654
+    </li>
1655
+
1656
+    <a id="torSandboxing"></a>
1657
+    <li>
1658
+    <b>Help improve Tor sandboxing</b>
1659
+    <br>
1660
+    Effort Level: <i>Medium</i>
1661
+    <br>
1662
+    Skill Level: <i>Medium</i>
1663
+    <br>
1664
+    Likely Mentors: <i>Nick (nickm)</i>
1665
+    <p>
1666
+The seccomp2 mechanism on Linux lets programs improve their robustness
1667
+against unforseen bugs by running with restrictions on which system
1668
+calls they can invoke and how they can call them.  This can help
1669
+security a lot.
1670
+    </p>
1671
+
1672
+    <p>
1673
+Thanks to a GSOC student from last year, we now have seccomp2 support on
1674
+Linux, which we use to restrict the capabilities of the entire Tor
1675
+process.  (For implementation details, see src/commmon/sandbox.c in the
1676
+Tor source.)
1677
+    </p>
1678
+
1679
+    <p>
1680
+But since the restrictions are done over the whole process, all pieces
1681
+of the Tor code have permission to do things that only small parts of
1682
+the Tor program need to do.  Also, since we use seccomp2, these
1683
+restrictions only work on Linux.
1684
+    </p>
1685
+
1686
+    <p>
1687
+It would be great to instead divide the main Tor program into multiple
1688
+processes with a robust IPC mechanism and assign each process its own
1689
+minimal set of privileges; and to have this work (as best we can) on
1690
+systems that don't have seccomp2 (eg Windows, Mac).
1691
+    </p>
1692
+
1693
+    <p>
1694
+Either of these could be a whole GSOC project.
1695
+    </p>
1696
+
1697
+    <p>
1698
+To get started, make sure you understand the existing sandboxing code.
1699
+If you're interested in splitting Tor into multiple processes, think
1700
+about the architecture, and think about how we could reach this
1701
+architecture without completely rewriting the codebase.  (Remember that
1702
+even if you're focusing on Linux, Tor still needs to work on other
1703
+operating systems.)
1704
+    </p>
1705
+
1706
+    <p>
1707
+If you're interested in supporting more platforms, make sure you
1708
+understand and can explain what sandboxing mechansisms you want to use,
1709
+and what they're capable of.  (You might want to investigate the way
1710
+that other open-source programs, like the Chrome web browser, do their
1711
+sandboxing on different platforms.)
1712
+    </p>
1713
+
1714
+    <p>
1715
+As part of the application process for this project, please contribute a
1716
+nontrivial patch to Tor -- ideally, one that will affect some part of
1717
+the codebase that you want to work on.
1718
+    </p>
1719
+    </li>
1720
+
1721
+<!--
1722
+    <a id=""></a>
1723
+    <li>
1724
+    <b></b>
1725
+    <br>
1726
+    Effort Level: <i>Medium</i>
1727
+    <br>
1728
+    Skill Level: <i>Medium</i>
1729
+    <br>
1730
+    Likely Mentors: <i>Damian (atagar)</i>
1731
+    <p>
1732
+
1733
+    </p>
1734
+
1735
+    <p>
1736
+
1737
+    </p>
1738
+    </li>
1739
+-->
1740
+
1309 1741
     <li>
1310 1742
     <b>Bring up new ideas!</b>
1311 1743
     <br>