The developers of the Tor anonymous network have formed the first stable release (1.0.0) of the Arti project, which develops a Tor client written in Rust. Release 1.0 is marked as usable by general users and provides the same level of privacy, usability, and stability as the mainstream C implementation. The API offered for using Arti functionality in other applications has also been stabilized. The code is distributed under the Apache 2.0 and MIT licenses.
Unlike the C implementation, which was originally designed as a SOCKS proxy and then customized to suit other needs, Arti is initially developed as a modular plug-in library that can be used by various applications. In addition, when developing a new project, all past Tor development experience is taken into account, which avoids known architectural problems, making the project more modular and efficient.
The reason for rewriting Tor in Rust was to achieve a higher level of code security by using a memory-safe language. According to the Tor developers, at least half of all vulnerabilities tracked by the project will be excluded in the Rust implementation if the code does not use "unsafe" blocks. Rust will also allow you to achieve faster development speed than using C, due to the expressiveness of the language and strong guarantees that allow you not to waste time on double checks and writing unnecessary code.
As a result of the development of the first version, the use of the Rust language has justified itself. For example, it was noticed that at each stage in the Rust code, fewer errors were made than in comparable C development - the errors that surfaced during the development process were mainly related to logic and semantics. The over-demanding of the rustc compiler, noted by some as a drawback, has actually turned out to be a boon, since if the code compiles and passes the tests, the likelihood of its correctness is greatly increased.
Working on the new version also confirmed an increase in development speed, which is due not only to the fact that the functionality was recreated based on the existing template, but also to more expressive semantics of Rust, convenient function libraries, and the use of Rust code security features. Among the shortcomings, the large size of the resulting assemblies stands out - since the Rust standard library is not supplied by default on systems, it has to be included in packages offered for download.
Release 1.0 is mainly focused on basic work in the client role. In version 1.1, it is planned to implement support for pluggable transport and bridges to bypass locks. Version 1.2 is expected to support onion services and related features such as RTT Congestion Control and DDoS protection. Achieving parity with the C client is scheduled for the 2.0 branch, which will also offer bindings for using Arti in code in various programming languages.
Over the next few years, work will focus on implementing the functionality needed to run relays and directory servers. When the Rust code reaches a level that can completely replace the C version, the developers intend to make Arti the main implementation of Tor and stop maintaining the C implementation. Support for the C language version will be phased out to allow smooth migration.
Source: opennet.ru