The developers of the anonymous Tor network presented the Arti project, which is working on creating an implementation of the Tor protocol in the Rust language. Unlike the C implementation, which was originally designed as a SOCKS proxy and then customized to suit other needs, Arti is initially developed as a modular plug-in library that can be used by various applications. Work has been underway for over a year with funding from the Zcash Open Major Grants (ZOMG) program. The code is distributed under the Apache 2.0 and MIT licenses.
The reasons for rewriting Tor in Rust are the desire to achieve a higher level of code security through the use of a language that provides safe work with memory. According to the Tor developers, at least half of all vulnerabilities tracked by the project will be excluded in the Rust implementation if the code does not use "unsafe" blocks. Rust will also allow you to achieve faster development speed than using C, due to the expressiveness of the language and strong guarantees that allow you not to waste time on double checks and writing unnecessary code. In addition, when developing a new project, all past Tor development experience is taken into account, which will avoid known architectural problems, make the project more modular and efficient.
In its current state, Arti can already connect to the Tor network, provide interaction with directory servers and create anonymized connections over Tor with the provision of a proxy based on the SOCKS protocol. The development is not yet recommended for use in production systems, as not all privacy features are implemented and backward compatibility at the API level is not guaranteed. The first version of the client, which meets the security criteria, supports sentry nodes and thread isolation, is scheduled to be released in October.
In March 2022, the first beta release is expected with an experimental implementation of the embeddable library and performance optimizations. The first stable release, with a stable API, CLI and configuration format, as well as auditing, is scheduled for mid-September 2022. This release will be suitable for initial use by regular users. Update 2022 is expected at the end of October 1.1 with support for pluggable transport and bridges to bypass blocking. Support for onion services is slated for release 1.2, and parity with the C client is expected in release 2.0, for which a timeline has yet to be determined.
In the future, the developers predict a gradual decrease in the activity associated with the development of code in C, and an increase in the time devoted to editing in Rust. When the Rust implementation reaches a level capable of replacing the C version, the developers will stop adding new features to the C implementation and after some time completely stop supporting it. But this will not come soon, and until the implementation in Rust reaches the level of a full-fledged replacement, the development of the Tor client and relay in C will continue.
Source: opennet.ru