[tor-dev] Some Gosling Updates!
Richard Pospesel
richard at blueprintforfreespeech.net
Sat Jul 6 04:42:41 UTC 2024
Hi Everyone!
It's been a minute since the last time I posted to this list about
Gosling (December, 2021 what the actual heck:
https://lists.torproject.org/pipermail/tor-dev/2021-December/014684.html
). Well, since then I have been quite busy leading the applications team
and shipping browsers by day, and developing Ricochet-Refresh and
Gosling by night!
To summarise, gosling is a Rust crate (and cgosling is a C-FFI library)
which generalises and encapsulates all the hard parts of building
peer-to-peer applications using tor, where a peer's long-term identity
is an onion-service id. My vision and hope is that this allows for the
creation new peer-to-peer applications with all of the various
properties and guarantees of tor baked in, and that developers won't
need to go spend some years becoming tor experts to do it correctly and
safely.
The next version of Ricochet-Refresh will be using Gosling as its
foundation, and so of course heavily informed Gosling's features and
development direction.
The specific properties/features offered by Gosling:
- long-term peer identity: an onion-service id
- anonymous: it's onion-services and tor
- secure: end-to-end encrypted from tor-client to tor-client because tor
- nat-punching: more tor
- censorship-circumvention: tor + pluggable-transports and bridges
Ok and the novel/harder stuff:
- authentication: cryptographically prove connecting clients control the
private key of their claimed onion-service identity and their provided
client-auth keys
- customisable/application-specific handshakes: on top of the baseline
cryptographic authentication, the 'add me as a peer' handshake also
allows for an additional challenge+response requirement; imagine for
instance a one-time code verification, password verification, socialist
millionaire scheme, proof-of-work or stake, etc
- metadata-resistant: the only metadata available to untrusted clients
is your primary identity's onion-service's online/offline status; this
onion-service is not required to be online to connect with trusted
clients (unlike with other Ricochet-derived IM clients)
If any of this sounds exciting or useful to you, I'd love to invite you
over to the project Github to take a look:
- https://github.com/blueprint-freespeech/gosling
I'm hoping for Gosling to hit version 1.0.0 and lock-down/converge on a
plausible stable API before the end of this year. The current API
surface is very informed by my experience with what would be useful for
Ricochet-Refresh, but I'm sure there are blind-spots here or
improvements that could be made for other potential use-cases.
The goal from day one has been to make this code usable outside the Rust
ecosystem. To that end, I've tried to make the C-FFI API design
consistent, familiar and safe as possible, since it eventually will be
used from Ricochet-Refresh's C++ codebase.
---
The vast majority of the protocol work and initial implementation was
completed around the beginning of 2023. So what have I been up to for
the past couple years?
Basically, all of the 'boring' (quite exciting actually) software
engineering work to get Gosling both usable and trustworthy. To be
specific, I've been working on the following areas:
- code-cleanup: refactored Gosling into separate crates which may be
individually useful:
- honk-rpc: the bson-based, json-rpc inspired RPC protocol
- tor-interface: probably should have a better name, but this
encapsulates the tor-daemon configuration and lifecycle, control-port
communications, and connectivity
- gosling: the Rust protocol implementation
- cgosling: gosling wrapped in a safe+friendly C-FFI
- improved CMake project layout; cgosling should be relatively
usable/integratable into existing CMake projects
- build+test automation: build and run tests on github CI/CD Linux,
macOS, and Windows runners, publish code-coverage, generated Rust
documentation, doxygen C/C++ documentation
- fuzzing: fuzz the Rust crates including the C-FFI
- identified and fixed a lot of bugs in the entire stack this year :D
- language bindings: build a cbindgen -> c-header -> json idl pipeline
for the cgosling crate; json idl used to automatically generate:
- C/C++ headers, static+shared libraries
- python bindings to shared library
- Java/JNI shared library and jar
- packaging/deployment
- published Rust crates to crates.io
- deb-source package generation for debian-based Linux
- homebrew flask formula generation for macOS
- MSYS2 pkgbuild generation for Windows
- some minor new features:
- connect API to connect to non-gosling onion-services and clearnet
targets using tor
- use an already-running tor rather than running/configuring own tor
process
- configure bundled tor with all the familiar stuff: proxy, firewall,
pluggable transports, and bridges
- initial protoyping for in-proc arti-client backend (currently on
version 0.18 so a bit behind)
The remaining planned work in this area before hopefully shifting my
focus back on Ricochet-Refresh are a documentation pass on all my Rust
crates, cleaning up/documenting the example projects, and completing a
security audit. The Java and Python bindings could also use some love
and automation.
--
Anyway, I think that's enough technical non-sense for your inbox. If any
of this sounds interesting, come check things out the project website (
https://gosling.technology/ ) which links to all the relevant stuff.
best,
-richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xDE47360363F34B2C.asc
Type: application/pgp-keys
Size: 8030 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20240706/e39d8f5a/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20240706/e39d8f5a/attachment.sig>
More information about the tor-dev
mailing list