23 #include <boost/signals2/signal.hpp> 24 #include <boost/algorithm/string/split.hpp> 25 #include <boost/algorithm/string/classification.hpp> 26 #include <boost/algorithm/string/replace.hpp> 28 #include <event2/bufferevent.h> 29 #include <event2/buffer.h> 30 #include <event2/util.h> 31 #include <event2/event.h> 32 #include <event2/thread.h> 41 static const std::string
TOR_SAFE_SERVERKEY =
"Tor safe cookie authentication server-to-controller hash";
43 static const std::string
TOR_SAFE_CLIENTKEY =
"Tor safe cookie authentication controller-to-server hash";
79 typedef std::function<void(TorControlConnection &,const TorControlReply &)>
ReplyHandlerCB;
93 bool Connect(
const std::string& tor_control_center,
const ConnectionCB& connected,
const ConnectionCB& disconnected);
104 bool Command(
const std::string &cmd,
const ReplyHandlerCB& reply_handler);
107 boost::signals2::signal<void(TorControlConnection &,const TorControlReply &)>
async_handler;
123 static void readcb(
struct bufferevent *bev,
void *
ctx);
124 static void eventcb(
struct bufferevent *bev,
short what,
void *
ctx);
128 base(_base), b_conn(nullptr)
141 struct evbuffer *input = bufferevent_get_input(bev);
142 size_t n_read_out = 0;
146 while((line = evbuffer_readln(input, &n_read_out, EVBUFFER_EOL_CRLF)) !=
nullptr)
148 std::string s(line, n_read_out);
153 self->message.code =
atoi(s.substr(0,3));
154 self->message.lines.push_back(s.substr(4));
158 if (self->message.code >= 600) {
161 self->async_handler(*
self, self->message);
163 if (!self->reply_handlers.empty()) {
165 self->reply_handlers.front()(*
self,
self->message);
166 self->reply_handlers.pop_front();
171 self->message.Clear();
178 LogPrintf(
"tor: Disconnecting because MAX_LINE_LENGTH exceeded\n");
186 if (what & BEV_EVENT_CONNECTED) {
188 self->connected(*
self);
189 }
else if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
190 if (what & BEV_EVENT_ERROR) {
196 self->disconnected(*
self);
205 struct sockaddr_storage connect_to_addr;
206 int connect_to_addrlen =
sizeof(connect_to_addr);
207 if (evutil_parse_sockaddr_port(tor_control_center.c_str(),
208 (
struct sockaddr*)&connect_to_addr, &connect_to_addrlen)<0) {
209 LogPrintf(
"tor: Error parsing socket address %s\n", tor_control_center);
214 b_conn = bufferevent_socket_new(
base, -1, BEV_OPT_CLOSE_ON_FREE);
218 bufferevent_enable(
b_conn, EV_READ|EV_WRITE);
223 if (bufferevent_socket_connect(
b_conn, (
struct sockaddr*)&connect_to_addr, connect_to_addrlen) < 0) {
224 LogPrintf(
"tor: Error connecting to address %s\n", tor_control_center);
241 struct evbuffer *buf = bufferevent_get_output(
b_conn);
244 evbuffer_add(buf, cmd.data(), cmd.size());
245 evbuffer_add(buf,
"\r\n", 2);
261 while (ptr < s.size() && s[ptr] !=
' ') {
262 type.push_back(s[ptr]);
267 return make_pair(type, s.substr(ptr));
278 std::map<std::string,std::string> mapping;
280 while (ptr < s.size()) {
281 std::string key, value;
282 while (ptr < s.size() && s[ptr] !=
'=' && s[ptr] !=
' ') {
283 key.push_back(s[ptr]);
287 return std::map<std::string,std::string>();
291 if (ptr < s.size() && s[ptr] ==
'"') {
293 bool escape_next =
false;
294 while (ptr < s.size() && (escape_next || s[ptr] !=
'"')) {
296 escape_next = (s[ptr] ==
'\\' && !escape_next);
297 value.push_back(s[ptr]);
301 return std::map<std::string,std::string>();
313 std::string escaped_value;
314 for (
size_t i = 0; i < value.size(); ++i) {
315 if (value[i] ==
'\\') {
321 if (value[i] ==
'n') {
322 escaped_value.push_back(
'\n');
323 }
else if (value[i] ==
't') {
324 escaped_value.push_back(
'\t');
325 }
else if (value[i] ==
'r') {
326 escaped_value.push_back(
'\r');
327 }
else if (
'0' <= value[i] && value[i] <=
'7') {
332 for (j = 1; j < 3 && (i+j) < value.size() &&
'0' <= value[i+j] && value[i+j] <=
'7'; ++j) {}
336 if (j == 3 && value[i] >
'3') {
339 escaped_value.push_back(strtol(value.substr(i, j).c_str(),
nullptr, 8));
343 escaped_value.push_back(value[i]);
346 escaped_value.push_back(value[i]);
349 value = escaped_value;
351 while (ptr < s.size() && s[ptr] !=
' ') {
352 value.push_back(s[ptr]);
356 if (ptr < s.size() && s[ptr] ==
' ')
358 mapping[key] = value;
370 static std::pair<bool,std::string>
ReadBinaryFile(
const fs::path &filename,
size_t maxsize=std::numeric_limits<size_t>::max())
374 return std::make_pair(
false,
"");
378 while ((n=fread(buffer, 1,
sizeof(buffer), f)) > 0) {
383 return std::make_pair(
false,
"");
385 retval.append(buffer, buffer+n);
386 if (retval.size() > maxsize)
390 return std::make_pair(
true,retval);
401 if (fwrite(data.data(), 1, data.size(), f) != data.size()) {
421 fs::path GetPrivateKeyFile();
455 static void reconnect_cb(evutil_socket_t fd,
short what,
void *arg);
460 m_tor_control_center(tor_control_center), conn(
base), reconnect(true), reconnect_ev(0),
466 LogPrintf(
"tor: Failed to create event for reconnection: out of memory?\n");
493 if (reply.
code == 250) {
495 for (
const std::string &s : reply.
lines) {
497 std::map<std::string,std::string>::iterator i;
498 if ((i = m.find(
"ServiceID")) != m.end())
500 if ((i = m.find(
"PrivateKey")) != m.end())
504 LogPrintf(
"tor: Error parsing ADD_ONION parameters:\n");
505 for (
const std::string &s : reply.
lines) {
519 }
else if (reply.
code == 510) {
520 LogPrintf(
"tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n");
522 LogPrintf(
"tor: Add onion failed; error code %d\n", reply.
code);
528 if (reply.
code == 250) {
549 LogPrintf(
"tor: Authentication failed\n");
569 static std::vector<uint8_t>
ComputeResponse(
const std::string &key,
const std::vector<uint8_t> &
cookie,
const std::vector<uint8_t> &
clientNonce,
const std::vector<uint8_t> &serverNonce)
571 CHMAC_SHA256 computeHash((
const uint8_t*)key.data(), key.size());
573 computeHash.Write(cookie.data(), cookie.size());
574 computeHash.Write(clientNonce.data(), clientNonce.size());
575 computeHash.Write(serverNonce.data(), serverNonce.size());
576 computeHash.Finalize(computedHash.data());
582 if (reply.
code == 250) {
585 if (l.first ==
"AUTHCHALLENGE") {
591 std::vector<uint8_t> serverHash =
ParseHex(m[
"SERVERHASH"]);
592 std::vector<uint8_t> serverNonce =
ParseHex(m[
"SERVERNONCE"]);
594 if (serverNonce.size() != 32) {
595 LogPrintf(
"tor: ServerNonce is not 32 bytes, as required by spec\n");
600 if (computedServerHash != serverHash) {
601 LogPrintf(
"tor: ServerHash %s does not match expected ServerHash %s\n",
HexStr(serverHash),
HexStr(computedServerHash));
608 LogPrintf(
"tor: Invalid reply to AUTHCHALLENGE\n");
611 LogPrintf(
"tor: SAFECOOKIE authentication challenge failed\n");
617 if (reply.
code == 250) {
618 std::set<std::string> methods;
619 std::string cookiefile;
625 for (
const std::string &s : reply.
lines) {
627 if (l.first ==
"AUTH") {
629 std::map<std::string,std::string>::iterator i;
630 if ((i = m.find(
"METHODS")) != m.end())
631 boost::split(methods, i->second, boost::is_any_of(
","));
632 if ((i = m.find(
"COOKIEFILE")) != m.end())
633 cookiefile = i->second;
634 }
else if (l.first ==
"VERSION") {
636 std::map<std::string,std::string>::iterator i;
637 if ((i = m.find(
"Tor")) != m.end()) {
642 for (
const std::string &s : methods) {
650 std::string torpassword =
gArgs.
GetArg(
"-torpassword",
"");
651 if (!torpassword.empty()) {
652 if (methods.count(
"HASHEDPASSWORD")) {
654 boost::replace_all(torpassword,
"\"",
"\\\"");
655 _conn.
Command(
"AUTHENTICATE \"" + torpassword +
"\"", std::bind(&
TorController::auth_cb,
this, std::placeholders::_1, std::placeholders::_2));
657 LogPrintf(
"tor: Password provided with -torpassword, but HASHEDPASSWORD authentication is not available\n");
659 }
else if (methods.count(
"NULL")) {
662 }
else if (methods.count(
"SAFECOOKIE")) {
664 LogPrint(
BCLog::TOR,
"tor: Using SAFECOOKIE authentication, reading cookie authentication from %s\n", cookiefile);
666 if (status_cookie.first && status_cookie.second.size() ==
TOR_COOKIE_SIZE) {
668 cookie = std::vector<uint8_t>(status_cookie.second.begin(), status_cookie.second.end());
673 if (status_cookie.first) {
674 LogPrintf(
"tor: Authentication cookie %s is not exactly %i bytes, as is required by the spec\n", cookiefile,
TOR_COOKIE_SIZE);
676 LogPrintf(
"tor: Authentication cookie %s could not be opened (check permissions)\n", cookiefile);
679 }
else if (methods.count(
"HASHEDPASSWORD")) {
680 LogPrintf(
"tor: The only supported authentication mechanism left is password, but no password provided with -torpassword\n");
682 LogPrintf(
"tor: No supported authentication method\n");
685 LogPrintf(
"tor: Requesting protocol info failed\n");
694 LogPrintf(
"tor: Error sending initial protocolinfo command\n");
745 event_base_dispatch(gBase);
752 evthread_use_windows_threads();
754 evthread_use_pthreads();
756 gBase = event_base_new();
758 LogPrintf(
"tor: Unable to create event_base\n");
762 torControlThread = std::thread(&
TraceThread<std::function<
void()>>,
"torcontrol", [onion_service_target] {
771 event_base_once(gBase, -1, EV_TIMEOUT, [](evutil_socket_t,
short,
void*) {
772 event_base_loopbreak(gBase);
773 },
nullptr,
nullptr);
780 torControlThread.join();
781 event_base_free(gBase);
788 struct in_addr onion_service_target;
789 onion_service_target.s_addr = htonl(INADDR_LOOPBACK);
void authchallenge_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHCHALLENGE result.
std::string SanitizeString(const std::string &str, int rule)
Remove unsafe chars.
static void TorControlThread(CService onion_service_target)
static std::thread torControlThread
CService LookupNumeric(const std::string &name, int portDefault)
Resolve a service string with a numeric IP to its first corresponding service.
static const std::string TOR_SAFE_CLIENTKEY
For computing clientHash in SAFECOOKIE.
#define LogPrint(category,...)
bool AddLocal(const CService &addr, int nScore)
FILE * fopen(const fs::path &p, const char *mode)
std::function< void(TorControlConnection &)> disconnected
Callback when connection lost.
std::function< void(TorControlConnection &)> ConnectionCB
bool Connect(const std::string &tor_control_center, const ConnectionCB &connected, const ConnectionCB &disconnected)
Connect to a Tor control port.
struct bufferevent * b_conn
Connection to control socket.
static const int TOR_COOKIE_SIZE
Tor cookie size (from control-spec.txt)
std::vector< uint8_t > clientNonce
ClientNonce for SAFECOOKIE auth.
static struct event_base * gBase
Reply from Tor, can be single or multi-line.
std::vector< unsigned char > ParseHex(const char *psz)
A hasher class for HMAC-SHA-256.
void protocolinfo_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for PROTOCOLINFO result.
void Reconnect()
Reconnect, after getting disconnected.
static bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
std::vector< std::string > lines
static const int TOR_NONCE_SIZE
Size of client/server nonce for SAFECOOKIE.
const CBaseChainParams & BaseParams()
Return the currently selected parameters.
static void LogPrintf(const char *fmt, const Args &... args)
static std::pair< bool, std::string > ReadBinaryFile(const fs::path &filename, size_t maxsize=std::numeric_limits< size_t >::max())
Read full contents of a file and return them in a std::string.
uint16_t OnionServiceTargetPort() const
void GetRandBytes(unsigned char *buf, int num) noexcept
Overall design of the RNG and entropy sources.
void StartTorControl(CService onion_service_target)
std::deque< ReplyHandlerCB > reply_handlers
Response handlers.
void SetReachable(enum Network net, bool reachable)
Mark a network as reachable or unreachable (no automatic connects to it)
std::function< void(TorControlConnection &, const TorControlReply &)> ReplyHandlerCB
void disconnected_cb(TorControlConnection &conn)
Callback after connection lost or failed connection attempt.
const std::string m_tor_control_center
static void readcb(struct bufferevent *bev, void *ctx)
Libevent handlers: internal.
fs::path GetPrivateKeyFile()
Get name of file to store private key in.
struct event * reconnect_ev
TorControlConnection(struct event_base *base)
Create a new TorControlConnection.
std::map< std::string, std::string > ParseTorReplyMapping(const std::string &s)
Parse reply arguments in the form 'METHODS=COOKIE,SAFECOOKIE COOKIEFILE=".../control_auth_cookie"'.
const std::string DEFAULT_TOR_CONTROL
Default control port.
std::vector< uint8_t > cookie
Cookie for SAFECOOKIE auth.
static const float RECONNECT_TIMEOUT_START
Exponential backoff configuration - initial timeout in seconds.
TorControlConnection conn
static const float RECONNECT_TIMEOUT_EXP
Exponential backoff configuration - growth factor.
static secp256k1_context * ctx
int atoi(const std::string &str)
A combination of a network address (CNetAddr) and a (TCP) port.
static void reconnect_cb(evutil_socket_t fd, short what, void *arg)
Callback for reconnect timer.
const fs::path & GetDataDir(bool fNetSpecific)
void add_onion_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for ADD_ONION result.
std::pair< std::string, std::string > SplitTorReplyLine(const std::string &s)
void TraceThread(const char *name, Callable func)
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
bool SetProxy(enum Network net, const proxyType &addrProxy)
struct timeval MillisToTimeval(int64_t nTimeout)
Convert milliseconds to a struct timeval for e.g.
void auth_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHENTICATE result.
void Disconnect()
Disconnect from Tor control port.
const CChainParams & Params()
Return the currently selected parameters.
static void eventcb(struct bufferevent *bev, short what, void *ctx)
static const size_t OUTPUT_SIZE
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
std::string ToStringIPPort() const
bool Command(const std::string &cmd, const ReplyHandlerCB &reply_handler)
Send a command, register a handler for the reply.
CService DefaultOnionServiceTarget()
void connected_cb(TorControlConnection &conn)
Callback after successful connection.
std::string ToString() const
Controller that connects to Tor control socket, authenticate, then create and maintain an ephemeral o...
void InterruptTorControl()
Low-level handling for Tor control connection.
static const int MAX_LINE_LENGTH
Maximum length for lines received on TorControlConnection.
static const std::string TOR_SAFE_SERVERKEY
For computing serverHash in SAFECOOKIE.
boost::signals2::signal< void(TorControlConnection &, const TorControlReply &)> async_handler
Response handlers for async replies.
if(it !=peer.m_getdata_requests.end() &&!pfrom.fPauseSend)
TorController(struct event_base *base, const std::string &tor_control_center, const CService &target)
static std::vector< uint8_t > ComputeResponse(const std::string &key, const std::vector< uint8_t > &cookie, const std::vector< uint8_t > &clientNonce, const std::vector< uint8_t > &serverNonce)
Compute Tor SAFECOOKIE response.
TorControlReply message
Message being received.
void RemoveLocal(const CService &addr)
struct event_base * base
Libevent event base.
std::function< void(TorControlConnection &)> connected
Callback when ready for use.