[tor-dev] Using Tor as a library

Fabio Pietrosanti (naif) lists at infosecurity.ch
Fri Mar 29 13:36:17 UTC 2013 

On 3/29/13 4:50 AM, wac wrote:
>
> I tell you what. I don't have intentions to change Tor. I basically want to do this for me. But since I notice now it could be useful to the community and the community could be providing feedback I can make it public under the same license. So this is what I am going to do. Fork Tor under the same license and change it until I get a working library. If somebody wants to join well everybody invited. I think more hands working on it will be great. And if you want to merge it with Tor well you all can decide that later. And if you want we can cooperate directly. After all both projects would be sharing a lot of sourcecode. Many fixes and optimizations will be able to come back to Tor and the library could receive updates from the Tor project. I am thinking to name it libtor. What do you say?
I'd suggest for the "output" to produce a set of patches against Tor
(development version), including modifications to:
- build system
- documentation (man pages)
- unit-tests
everything following the coding guidelines of Tor with the goal/hope to
be integrated.

It would be very valuable to define the "use case" of your library, in
particular what you are going to support and for which context of
use.For example are you going to simply support "outgoing anonymous
connection" or "are you going to support caching descriptors to avoid
excessive load on Tor network?" or "Are you going to support Tor Hidden
Service exposure to receive inbound connections" ?

After a first prototype is achieved, it would be the best to:
a) define the API
b) document the API
c) submit the API for review (to tor-dev mlist)

Additionally, due to the paranoia-level of Tor environment, it would be
useful a documents describing a "Threat model" with a set of risks
represented by the use of Tor as a library and how they are
managed/mitigated.

If you will need to modify some existing core pieces of Tor code here
and there, always open a relevant ticket on http://trac.torproject.org
explaining why a modification is relevant/useful with a commit of the
patch well documented (to stimulate/facilitate the integration).

As a prototype example, i'd suggest you to provide an example "Python
Binding" that use your "libtor", due to the heavy use of Python within
the Tor Environment, that show how to embed Tor within a Python application.

Fabio

More information about the tor-dev mailing list