Bitcoin Core 31.99.0
P2P Digital Currency
torcontrol.cpp
Go to the documentation of this file.
1// Copyright (c) 2015-present The Bitcoin Core developers
2// Copyright (c) 2017 The Zcash developers
3// Distributed under the MIT software license, see the accompanying
4// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6#include <torcontrol.h>
7
8#include <chainparams.h>
9#include <chainparamsbase.h>
10#include <common/args.h>
11#include <compat/compat.h>
12#include <crypto/hmac_sha256.h>
13#include <logging.h>
14#include <net.h>
15#include <netaddress.h>
16#include <netbase.h>
17#include <random.h>
18#include <tinyformat.h>
19#include <util/check.h>
20#include <util/fs.h>
21#include <util/readwritefile.h>
22#include <util/strencodings.h>
23#include <util/string.h>
24#include <util/thread.h>
25#include <util/time.h>
26
27#include <algorithm>
28#include <cassert>
29#include <chrono>
30#include <cstdint>
31#include <cstdlib>
32#include <deque>
33#include <functional>
34#include <map>
35#include <optional>
36#include <set>
37#include <thread>
38#include <utility>
39#include <vector>
40
41using util::ReplaceAll;
42using util::SplitString;
43using util::ToString;
44
46const std::string DEFAULT_TOR_CONTROL = "127.0.0.1:" + ToString(DEFAULT_TOR_CONTROL_PORT);
48constexpr int TOR_COOKIE_SIZE = 32;
50constexpr int TOR_NONCE_SIZE = 32;
52static const std::string TOR_SAFE_SERVERKEY = "Tor safe cookie authentication server-to-controller hash";
54static const std::string TOR_SAFE_CLIENTKEY = "Tor safe cookie authentication controller-to-server hash";
56constexpr std::chrono::duration<double> RECONNECT_TIMEOUT_START{1.0};
58constexpr double RECONNECT_TIMEOUT_EXP = 1.5;
60constexpr std::chrono::duration<double> RECONNECT_TIMEOUT_MAX{600.0};
65constexpr int MAX_LINE_LENGTH = 100000;
70constexpr int MAX_LINE_COUNT = 1000;
72constexpr auto SOCKET_SEND_TIMEOUT = 10s;
73
74/****** Low-level TorControlConnection ********/
75
76TorControlConnection::TorControlConnection(CThreadInterrupt& interrupt)
77 : m_interrupt(interrupt)
78{
79}
80
81TorControlConnection::~TorControlConnection()
82{
83 Disconnect();
84}
85
86bool TorControlConnection::Connect(const std::string& tor_control_center)
87{
88 if (m_sock) {
89 Disconnect();
90 }
91
92 std::optional<CService> control_service = Lookup(tor_control_center, DEFAULT_TOR_CONTROL_PORT, fNameLookup);
93 if (!control_service.has_value()) {
94 LogWarning("tor: Failed to look up control center %s", tor_control_center);
95 return false;
96 }
97
98 m_sock = ConnectDirectly(control_service.value(), /*manual_connection=*/true);
99 if (!m_sock) {
100 LogWarning("tor: Error connecting to address %s", tor_control_center);
101 return false;
102 }
103
104 m_recv_buffer.clear();
105 m_message.Clear();
106 m_reply_handlers.clear();
107
108 LogDebug(BCLog::TOR, "Successfully connected to Tor control port");
109 return true;
110}
111
112void TorControlConnection::Disconnect()
113{
114 m_sock.reset();
115 m_recv_buffer.clear();
116 m_message.Clear();
117 m_reply_handlers.clear();
118}
119
120bool TorControlConnection::IsConnected() const
121{
122 if (!m_sock) return false;
123 std::string errmsg;
124 const bool connected{m_sock->IsConnected(errmsg)};
125 if (!connected && !errmsg.empty()) {
126 LogDebug(BCLog::TOR, "Connection check failed: %s", errmsg);
127 }
128 return connected;
129}
130
131bool TorControlConnection::WaitForData(std::chrono::milliseconds timeout)
132{
133 if (!m_sock) return false;
134
135 Sock::Event event{0};
136 if (!m_sock->Wait(timeout, Sock::RECV, &event)) {
137 return false;
138 }
139 if (event & Sock::ERR) {
140 LogDebug(BCLog::TOR, "Socket error detected");
141 Disconnect();
142 return false;
143 }
144
145 return (event & Sock::RECV);
146}
147
148bool TorControlConnection::ReceiveAndProcess()
149{
150 if (!m_sock) return false;
151
152 std::byte buf[4096];
153 ssize_t nread = m_sock->Recv(buf, sizeof(buf), MSG_DONTWAIT);
154
155 if (nread < 0) {
156 int err = WSAGetLastError();
157 if (err == WSAEWOULDBLOCK || err == WSAEINTR || err == WSAEINPROGRESS) {
158 // No data available currently
159 return true;
160 }
161 LogWarning("tor: Error reading from socket: %s", NetworkErrorString(err));
162 return false;
163 }
164
165 if (nread == 0) {
166 LogDebug(BCLog::TOR, "End of stream");
167 return false;
168 }
169
170 m_recv_buffer.insert(m_recv_buffer.end(), buf, buf + nread);
171 try {
172 return ProcessBuffer();
173 } catch (const std::runtime_error& e) {
174 LogWarning("tor: Error processing receive buffer: %s", e.what());
175 return false;
176 }
177}
178
179bool TorControlConnection::ProcessBuffer()
180{
181 util::LineReader reader(m_recv_buffer, MAX_LINE_LENGTH);
182 auto start = reader.it;
183
184 while (auto line = reader.ReadLine()) {
185 if (m_message.lines.size() == MAX_LINE_COUNT) {
186 throw std::runtime_error(strprintf("Control port reply exceeded %d lines, disconnecting", MAX_LINE_COUNT));
187 }
188 // Skip short lines
189 if (line->size() < 4) continue;
190
191 // Parse: <code><separator><data>
192 // <status>(-|+| )<data>
193 m_message.code = ToIntegral<int>(line->substr(0, 3)).value_or(0);
194 m_message.lines.push_back(line->substr(4));
195 char separator = (*line)[3]; // '-', '+', or ' '
196
197 if (separator == ' ') {
198 if (m_message.code >= 600) {
199 // Async notifications are currently unused
200 // Synchronous and asynchronous messages are never interleaved
201 LogDebug(BCLog::TOR, "Received async notification %i", m_message.code);
202 } else if (!m_reply_handlers.empty()) {
203 // Invoke reply handler with message
204 m_reply_handlers.front()(*this, m_message);
205 m_reply_handlers.pop_front();
206 } else {
207 LogDebug(BCLog::TOR, "Received unexpected sync reply %i", m_message.code);
208 }
209 m_message.Clear();
210 }
211 }
212
213 m_recv_buffer.erase(m_recv_buffer.begin(), m_recv_buffer.begin() + std::distance(start, reader.it));
214 return true;
215}
216
217bool TorControlConnection::Command(const std::string &cmd, const ReplyHandlerCB& reply_handler)
218{
219 if (!m_sock) return false;
220
221 std::string command = cmd + "\r\n";
222 try {
223 m_sock->SendComplete(std::span<const char>{command}, SOCKET_SEND_TIMEOUT, m_interrupt);
224 } catch (const std::runtime_error& e) {
225 LogWarning("tor: Error sending command: %s", e.what());
226 return false;
227 }
228
229 m_reply_handlers.push_back(reply_handler);
230 return true;
231}
232
233/****** General parsing utilities ********/
234
235/* Split reply line in the form 'AUTH METHODS=...' into a type
236 * 'AUTH' and arguments 'METHODS=...'.
237 * Grammar is implicitly defined in https://spec.torproject.org/control-spec by
238 * the server reply formats for PROTOCOLINFO (S3.21) and AUTHCHALLENGE (S3.24).
239 */
240std::pair<std::string,std::string> SplitTorReplyLine(const std::string &s)
241{
242 size_t ptr=0;
243 std::string type;
244 while (ptr < s.size() && s[ptr] != ' ') {
245 type.push_back(s[ptr]);
246 ++ptr;
247 }
248 if (ptr < s.size())
249 ++ptr; // skip ' '
250 return make_pair(type, s.substr(ptr));
251}
252
259std::map<std::string,std::string> ParseTorReplyMapping(const std::string &s)
260{
261 std::map<std::string,std::string> mapping;
262 size_t ptr=0;
263 while (ptr < s.size()) {
264 std::string key, value;
265 while (ptr < s.size() && s[ptr] != '=' && s[ptr] != ' ') {
266 key.push_back(s[ptr]);
267 ++ptr;
268 }
269 if (ptr == s.size()) // unexpected end of line
270 return std::map<std::string,std::string>();
271 if (s[ptr] == ' ') // The remaining string is an OptArguments
272 break;
273 ++ptr; // skip '='
274 if (ptr < s.size() && s[ptr] == '"') { // Quoted string
275 ++ptr; // skip opening '"'
276 bool escape_next = false;
277 while (ptr < s.size() && (escape_next || s[ptr] != '"')) {
278 // Repeated backslashes must be interpreted as pairs
279 escape_next = (s[ptr] == '\\' && !escape_next);
280 value.push_back(s[ptr]);
281 ++ptr;
282 }
283 if (ptr == s.size()) // unexpected end of line
284 return std::map<std::string,std::string>();
285 ++ptr; // skip closing '"'
296 std::string escaped_value;
297 for (size_t i = 0; i < value.size(); ++i) {
298 if (value[i] == '\\') {
299 // This will always be valid, because if the QuotedString
300 // ended in an odd number of backslashes, then the parser
301 // would already have returned above, due to a missing
302 // terminating double-quote.
303 ++i;
304 if (value[i] == 'n') {
305 escaped_value.push_back('\n');
306 } else if (value[i] == 't') {
307 escaped_value.push_back('\t');
308 } else if (value[i] == 'r') {
309 escaped_value.push_back('\r');
310 } else if ('0' <= value[i] && value[i] <= '7') {
311 size_t j;
312 // Octal escape sequences have a limit of three octal digits,
313 // but terminate at the first character that is not a valid
314 // octal digit if encountered sooner.
315 for (j = 1; j < 3 && (i+j) < value.size() && '0' <= value[i+j] && value[i+j] <= '7'; ++j) {}
316 // Tor restricts first digit to 0-3 for three-digit octals.
317 // A leading digit of 4-7 would therefore be interpreted as
318 // a two-digit octal.
319 if (j == 3 && value[i] > '3') {
320 j--;
321 }
322 const auto end{i + j};
323 uint8_t val{0};
324 while (i < end) {
325 val *= 8;
326 val += value[i++] - '0';
327 }
328 escaped_value.push_back(char(val));
329 // Account for automatic incrementing at loop end
330 --i;
331 } else {
332 escaped_value.push_back(value[i]);
333 }
334 } else {
335 escaped_value.push_back(value[i]);
336 }
337 }
338 value = escaped_value;
339 } else { // Unquoted value. Note that values can contain '=' at will, just no spaces
340 while (ptr < s.size() && s[ptr] != ' ') {
341 value.push_back(s[ptr]);
342 ++ptr;
343 }
344 }
345 if (ptr < s.size() && s[ptr] == ' ')
346 ++ptr; // skip ' ' after key=value
347 mapping[key] = value;
348 }
349 return mapping;
350}
351
352TorController::TorController(const std::string& tor_control_center, const CService& target)
353 : m_tor_control_center(tor_control_center),
354 m_conn(m_interrupt),
355 m_reconnect(true),
356 m_reconnect_timeout(RECONNECT_TIMEOUT_START),
357 m_target(target)
358{
359 // Read service private key if cached
360 std::pair<bool,std::string> pkf = ReadBinaryFile(GetPrivateKeyFile());
361 if (pkf.first) {
362 LogDebug(BCLog::TOR, "Reading cached private key from %s", fs::PathToString(GetPrivateKeyFile()));
363 m_private_key = pkf.second;
364 }
365 m_thread = std::thread(&util::TraceThread, "torcontrol", [this] { ThreadControl(); });
366}
367
368TorController::~TorController()
369{
370 Interrupt();
371 Join();
372 if (m_service.IsValid()) {
373 RemoveLocal(m_service);
374 }
375}
376
377void TorController::Interrupt()
378{
379 m_reconnect = false;
380 m_interrupt();
381}
382
383void TorController::Join()
384{
385 if (m_thread.joinable()) {
386 m_thread.join();
387 }
388}
389
390void TorController::ThreadControl()
391{
392 LogDebug(BCLog::TOR, "Entering Tor control thread");
393
394 while (!m_interrupt) {
395 // Try to connect if not connected already
396 if (!m_conn.IsConnected()) {
397 LogDebug(BCLog::TOR, "Attempting to connect to Tor control port %s", m_tor_control_center);
398
399 if (!m_conn.Connect(m_tor_control_center)) {
400 LogWarning("tor: Initiating connection to Tor control port %s failed", m_tor_control_center);
401 if (!m_reconnect) {
402 break;
403 }
404 // Wait before retrying with exponential backoff
405 LogDebug(BCLog::TOR, "Retrying in %.1f seconds", m_reconnect_timeout.count());
406 if (!m_interrupt.sleep_for(std::chrono::duration_cast<std::chrono::milliseconds>(m_reconnect_timeout))) {
407 break;
408 }
409 m_reconnect_timeout = std::min(m_reconnect_timeout * RECONNECT_TIMEOUT_EXP, RECONNECT_TIMEOUT_MAX);
410 continue;
411 }
412 // Successfully connected, reset timeout and trigger connected callback
413 m_reconnect_timeout = RECONNECT_TIMEOUT_START;
414 connected_cb(m_conn);
415 }
416 // Wait for data with a timeout
417 if (!m_conn.WaitForData(std::chrono::seconds(1))) {
418 // Check if still connected
419 if (!m_conn.IsConnected()) {
420 LogDebug(BCLog::TOR, "Lost connection to Tor control port");
421 disconnected_cb(m_conn);
422 continue;
423 }
424 // Just a timeout, continue waiting
425 continue;
426 }
427 // Process incoming data
428 if (!m_conn.ReceiveAndProcess()) {
429 disconnected_cb(m_conn);
430 }
431 }
432 LogDebug(BCLog::TOR, "Exited Tor control thread");
433}
434
435void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlReply& reply)
436{
437 // NOTE: We can only get here if -onion is unset
438 std::string socks_location;
439 if (reply.code == TOR_REPLY_OK) {
440 for (const auto& line : reply.lines) {
441 if (line.starts_with("net/listeners/socks=")) {
442 const std::string port_list_str = line.substr(20);
443 std::vector<std::string> port_list = SplitString(port_list_str, ' ');
444
445 for (auto& portstr : port_list) {
446 if (portstr.empty()) continue;
447 if ((portstr[0] == '"' || portstr[0] == '\'') && portstr.size() >= 2 && (*portstr.rbegin() == portstr[0])) {
448 portstr = portstr.substr(1, portstr.size() - 2);
449 if (portstr.empty()) continue;
450 }
451 socks_location = portstr;
452 if (portstr.starts_with("127.0.0.1:")) {
453 // Prefer localhost - ignore other ports
454 break;
455 }
456 }
457 }
458 }
459 if (!socks_location.empty()) {
460 LogDebug(BCLog::TOR, "Get SOCKS port command yielded %s", socks_location);
461 } else {
462 LogWarning("tor: Get SOCKS port command returned nothing");
463 }
464 } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
465 LogWarning("tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)");
466 } else {
467 LogWarning("tor: Get SOCKS port command failed; error code %d", reply.code);
468 }
469
470 CService resolved;
471 Assume(!resolved.IsValid());
472 if (!socks_location.empty()) {
473 resolved = LookupNumeric(socks_location, DEFAULT_TOR_SOCKS_PORT);
474 }
475 if (!resolved.IsValid()) {
476 // Fallback to old behaviour
477 resolved = LookupNumeric("127.0.0.1", DEFAULT_TOR_SOCKS_PORT);
478 }
479
480 Assume(resolved.IsValid());
481 LogDebug(BCLog::TOR, "Configuring onion proxy for %s", resolved.ToStringAddrPort());
482
483 // Add Tor as proxy for .onion addresses.
484 // Enable stream isolation to prevent connection correlation and enhance privacy, by forcing a different Tor circuit for every connection.
485 // For this to work, the IsolateSOCKSAuth flag must be enabled on SOCKSPort (which is the default, see the IsolateSOCKSAuth section of Tor's manual page).
486 Proxy addrOnion = Proxy(resolved, /*tor_stream_isolation=*/ true);
487 SetProxy(NET_ONION, addrOnion);
488
489 const auto onlynets = gArgs.GetArgs("-onlynet");
490
491 const bool onion_allowed_by_onlynet{
492 onlynets.empty() ||
493 std::any_of(onlynets.begin(), onlynets.end(), [](const auto& n) {
494 return ParseNetwork(n) == NET_ONION;
495 })};
496
497 if (onion_allowed_by_onlynet) {
498 // If NET_ONION is reachable, then the below is a noop.
499 //
500 // If NET_ONION is not reachable, then none of -proxy or -onion was given.
501 // Since we are here, then -torcontrol and -torpassword were given.
502 g_reachable_nets.Add(NET_ONION);
503 }
504}
505
506static std::string MakeAddOnionCmd(const std::string& private_key, const std::string& target, bool enable_pow)
507{
508 // Note that the 'virtual' port is always the default port to avoid decloaking nodes using other ports.
509 return strprintf("ADD_ONION %s%s Port=%i,%s",
510 private_key,
511 enable_pow ? " PoWDefensesEnabled=1" : "",
512 Params().GetDefaultPort(),
513 target);
514}
515
516void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlReply& reply, bool pow_was_enabled)
517{
518 if (reply.code == TOR_REPLY_OK) {
519 LogDebug(BCLog::TOR, "ADD_ONION successful (PoW defenses %s)", pow_was_enabled ? "enabled" : "disabled");
520 for (const std::string &s : reply.lines) {
521 std::map<std::string,std::string> m = ParseTorReplyMapping(s);
522 std::map<std::string,std::string>::iterator i;
523 if ((i = m.find("ServiceID")) != m.end())
524 m_service_id = i->second;
525 if ((i = m.find("PrivateKey")) != m.end())
526 m_private_key = i->second;
527 }
528 if (m_service_id.empty()) {
529 LogWarning("tor: Error parsing ADD_ONION parameters:");
530 for (const std::string &s : reply.lines) {
531 LogWarning(" %s", SanitizeString(s));
532 }
533 return;
534 }
535 m_service = LookupNumeric(std::string(m_service_id+".onion"), Params().GetDefaultPort());
536 LogInfo("Got tor service ID %s, advertising service %s", m_service_id, m_service.ToStringAddrPort());
537 if (WriteBinaryFile(GetPrivateKeyFile(), m_private_key)) {
538 LogDebug(BCLog::TOR, "Cached service private key to %s", fs::PathToString(GetPrivateKeyFile()));
539 } else {
540 LogWarning("tor: Error writing service private key to %s", fs::PathToString(GetPrivateKeyFile()));
541 }
542 AddLocal(m_service, LOCAL_MANUAL);
543 // ... onion requested - keep connection open
544 } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
545 LogWarning("tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)");
546 } else if (pow_was_enabled && reply.code == TOR_REPLY_SYNTAX_ERROR) {
547 LogDebug(BCLog::TOR, "ADD_ONION failed with PoW defenses, retrying without");
548 _conn.Command(MakeAddOnionCmd(m_private_key, m_target.ToStringAddrPort(), /*enable_pow=*/false),
549 [this](TorControlConnection& conn, const TorControlReply& reply) {
550 add_onion_cb(conn, reply, /*pow_was_enabled=*/false);
551 });
552 } else {
553 LogWarning("tor: Add onion failed; error code %d", reply.code);
554 }
555}
556
557void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& reply)
558{
559 if (reply.code == TOR_REPLY_OK) {
560 LogDebug(BCLog::TOR, "Authentication successful");
561
562 // Now that we know Tor is running setup the proxy for onion addresses
563 // if -onion isn't set to something else.
564 if (gArgs.GetArg("-onion", "") == "") {
565 _conn.Command("GETINFO net/listeners/socks", std::bind_front(&TorController::get_socks_cb, this));
566 }
567
568 // Finally - now create the service
569 if (m_private_key.empty()) { // No private key, generate one
570 m_private_key = "NEW:ED25519-V3"; // Explicitly request key type - see issue #9214
571 }
572 // Request onion service, redirect port.
573 _conn.Command(MakeAddOnionCmd(m_private_key, m_target.ToStringAddrPort(), /*enable_pow=*/true),
574 [this](TorControlConnection& conn, const TorControlReply& reply) {
575 add_onion_cb(conn, reply, /*pow_was_enabled=*/true);
576 });
577 } else {
578 LogWarning("tor: Authentication failed");
579 }
580}
581
598static std::vector<uint8_t> ComputeResponse(std::string_view key, std::span<const uint8_t> cookie, std::span<const uint8_t> client_nonce, std::span<const uint8_t> server_nonce)
599{
600 CHMAC_SHA256 computeHash((const uint8_t*)key.data(), key.size());
601 std::vector<uint8_t> computedHash(CHMAC_SHA256::OUTPUT_SIZE, 0);
602 computeHash.Write(cookie.data(), cookie.size());
603 computeHash.Write(client_nonce.data(), client_nonce.size());
604 computeHash.Write(server_nonce.data(), server_nonce.size());
605 computeHash.Finalize(computedHash.data());
606 return computedHash;
607}
608
609void TorController::authchallenge_cb(TorControlConnection& _conn, const TorControlReply& reply)
610{
611 if (reply.code == TOR_REPLY_OK) {
612 LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful");
613 if (reply.lines.empty()) {
614 LogWarning("tor: AUTHCHALLENGE reply was empty");
615 return;
616 }
617 std::pair<std::string,std::string> l = SplitTorReplyLine(reply.lines[0]);
618 if (l.first == "AUTHCHALLENGE") {
619 std::map<std::string,std::string> m = ParseTorReplyMapping(l.second);
620 if (m.empty()) {
621 LogWarning("tor: Error parsing AUTHCHALLENGE parameters: %s", SanitizeString(l.second));
622 return;
623 }
624 std::vector<uint8_t> server_hash = ParseHex(m["SERVERHASH"]);
625 std::vector<uint8_t> server_nonce = ParseHex(m["SERVERNONCE"]);
626 LogDebug(BCLog::TOR, "AUTHCHALLENGE ServerHash %s ServerNonce %s", HexStr(server_hash), HexStr(server_nonce));
627 if (server_nonce.size() != 32) {
628 LogWarning("tor: ServerNonce is not 32 bytes, as required by spec");
629 return;
630 }
631
632 std::vector<uint8_t> computed_server_hash = ComputeResponse(TOR_SAFE_SERVERKEY, m_cookie, m_client_nonce, server_nonce);
633 if (computed_server_hash != server_hash) {
634 LogWarning("tor: ServerHash %s does not match expected ServerHash %s", HexStr(server_hash), HexStr(computed_server_hash));
635 return;
636 }
637
638 std::vector<uint8_t> computedClientHash = ComputeResponse(TOR_SAFE_CLIENTKEY, m_cookie, m_client_nonce, server_nonce);
639 _conn.Command("AUTHENTICATE " + HexStr(computedClientHash), std::bind_front(&TorController::auth_cb, this));
640 } else {
641 LogWarning("tor: Invalid reply to AUTHCHALLENGE");
642 }
643 } else {
644 LogWarning("tor: SAFECOOKIE authentication challenge failed");
645 }
646}
647
648void TorController::protocolinfo_cb(TorControlConnection& _conn, const TorControlReply& reply)
649{
650 if (reply.code == TOR_REPLY_OK) {
651 std::set<std::string> methods;
652 std::string cookiefile;
653 /*
654 * 250-AUTH METHODS=COOKIE,SAFECOOKIE COOKIEFILE="/home/x/.tor/control_auth_cookie"
655 * 250-AUTH METHODS=NULL
656 * 250-AUTH METHODS=HASHEDPASSWORD
657 */
658 for (const std::string &s : reply.lines) {
659 std::pair<std::string,std::string> l = SplitTorReplyLine(s);
660 if (l.first == "AUTH") {
661 std::map<std::string,std::string> m = ParseTorReplyMapping(l.second);
662 std::map<std::string,std::string>::iterator i;
663 if ((i = m.find("METHODS")) != m.end()) {
664 std::vector<std::string> m_vec = SplitString(i->second, ',');
665 methods = std::set<std::string>(m_vec.begin(), m_vec.end());
666 }
667 if ((i = m.find("COOKIEFILE")) != m.end())
668 cookiefile = i->second;
669 } else if (l.first == "VERSION") {
670 std::map<std::string,std::string> m = ParseTorReplyMapping(l.second);
671 std::map<std::string,std::string>::iterator i;
672 if ((i = m.find("Tor")) != m.end()) {
673 LogDebug(BCLog::TOR, "Connected to Tor version %s", i->second);
674 }
675 }
676 }
677 for (const std::string &s : methods) {
678 LogDebug(BCLog::TOR, "Supported authentication method: %s", s);
679 }
680 // Prefer NULL, otherwise SAFECOOKIE. If a password is provided, use HASHEDPASSWORD
681 /* Authentication:
682 * cookie: hex-encoded ~/.tor/control_auth_cookie
683 * password: "password"
684 */
685 std::string torpassword = gArgs.GetArg("-torpassword", "");
686 if (!torpassword.empty()) {
687 if (methods.contains("HASHEDPASSWORD")) {
688 LogDebug(BCLog::TOR, "Using HASHEDPASSWORD authentication");
689 ReplaceAll(torpassword, "\"", "\\\"");
690 _conn.Command("AUTHENTICATE \"" + torpassword + "\"", std::bind_front(&TorController::auth_cb, this));
691 } else {
692 LogWarning("tor: Password provided with -torpassword, but HASHEDPASSWORD authentication is not available");
693 }
694 } else if (methods.contains("NULL")) {
695 LogDebug(BCLog::TOR, "Using NULL authentication");
696 _conn.Command("AUTHENTICATE", std::bind_front(&TorController::auth_cb, this));
697 } else if (methods.contains("SAFECOOKIE")) {
698 // Cookie: hexdump -e '32/1 "%02x""\n"' ~/.tor/control_auth_cookie
699 LogDebug(BCLog::TOR, "Using SAFECOOKIE authentication, reading cookie authentication from %s", cookiefile);
700 std::pair<bool,std::string> status_cookie = ReadBinaryFile(fs::PathFromString(cookiefile), TOR_COOKIE_SIZE);
701 if (status_cookie.first && status_cookie.second.size() == TOR_COOKIE_SIZE) {
702 // _conn.Command("AUTHENTICATE " + HexStr(status_cookie.second), std::bind_front(&TorController::auth_cb, this));
703 m_cookie = std::vector<uint8_t>(status_cookie.second.begin(), status_cookie.second.end());
704 m_client_nonce = std::vector<uint8_t>(TOR_NONCE_SIZE, 0);
705 GetRandBytes(m_client_nonce);
706 _conn.Command("AUTHCHALLENGE SAFECOOKIE " + HexStr(m_client_nonce), std::bind_front(&TorController::authchallenge_cb, this));
707 } else {
708 if (status_cookie.first) {
709 LogWarning("tor: Authentication cookie %s is not exactly %i bytes, as is required by the spec", cookiefile, TOR_COOKIE_SIZE);
710 } else {
711 LogWarning("tor: Authentication cookie %s could not be opened (check permissions)", cookiefile);
712 }
713 }
714 } else if (methods.contains("HASHEDPASSWORD")) {
715 LogWarning("tor: The only supported authentication mechanism left is password, but no password provided with -torpassword");
716 } else {
717 LogWarning("tor: No supported authentication method");
718 }
719 } else {
720 LogWarning("tor: Requesting protocol info failed");
721 }
722}
723
724void TorController::connected_cb(TorControlConnection& _conn)
725{
726 m_reconnect_timeout = RECONNECT_TIMEOUT_START;
727 // First send a PROTOCOLINFO command to figure out what authentication is expected
728 if (!_conn.Command("PROTOCOLINFO 1", std::bind_front(&TorController::protocolinfo_cb, this)))
729 LogWarning("tor: Error sending initial protocolinfo command");
730}
731
732void TorController::disconnected_cb(TorControlConnection& _conn)
733{
734 // Stop advertising service when disconnected
735 if (m_service.IsValid())
736 RemoveLocal(m_service);
737 m_service = CService();
738 if (!m_reconnect)
739 return;
740
741 LogDebug(BCLog::TOR, "Not connected to Tor control port %s, will retry", m_tor_control_center);
742 _conn.Disconnect();
743}
744
745fs::path TorController::GetPrivateKeyFile()
746{
747 return gArgs.GetDataDirNet() / "onion_v3_private_key";
748}
749
750CService DefaultOnionServiceTarget(uint16_t port)
751{
752 struct in_addr onion_service_target;
753 onion_service_target.s_addr = htonl(INADDR_LOOPBACK);
754 return {onion_service_target, port};
755}
gArgs
ArgsManager gArgs
Definition: args.cpp:40
cmd
const auto cmd
Definition: bitcoin-util.cpp:171
command
const auto command
Definition: bitcoin-wallet.cpp:117
Params
const CChainParams & Params()
Return the currently selected parameters.
Definition: chainparams.cpp:112
Assume
#define Assume(val)
Assume is the identity function.
Definition: check.h:128
ArgsManager::GetArgs
std::vector< std::string > GetArgs(const std::string &strArg) const EXCLUSIVE_LOCKS_REQUIRED(!cs_args)
Return a vector of strings of the given argument.
Definition: args.cpp:390
ArgsManager::GetArg
std::string GetArg(const std::string &strArg, const std::string &strDefault) const EXCLUSIVE_LOCKS_REQUIRED(!cs_args)
Return string argument or default value.
Definition: args.cpp:485
ArgsManager::GetDataDirNet
fs::path GetDataDirNet() const EXCLUSIVE_LOCKS_REQUIRED(!cs_args)
Get data directory path with appended network identifier.
Definition: args.cpp:330
CHMAC_SHA256
A hasher class for HMAC-SHA-256.
Definition: hmac_sha256.h:14
CHMAC_SHA256::Write
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
Definition: hmac_sha256.h:23
CHMAC_SHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hmac_sha256.cpp:31
CHMAC_SHA256::OUTPUT_SIZE
static const size_t OUTPUT_SIZE
Definition: hmac_sha256.h:20
CNetAddr::IsValid
bool IsValid() const
Definition: netaddress.cpp:424
CService
A combination of a network address (CNetAddr) and a (TCP) port.
Definition: netaddress.h:530
CService::ToStringAddrPort
std::string ToStringAddrPort() const
Definition: netaddress.cpp:903
CThreadInterrupt
A helper class for interruptible sleeps.
Definition: threadinterrupt.h:26
CThreadInterrupt::sleep_for
virtual bool sleep_for(Clock::duration rel_time) EXCLUSIVE_LOCKS_REQUIRED(!mut)
Sleep for the given duration.
Definition: threadinterrupt.cpp:36
Proxy
Definition: netbase.h:60
ReachableNets::Add
void Add(Network net) EXCLUSIVE_LOCKS_REQUIRED(!m_mutex)
Definition: netbase.h:105
Sock::Event
uint8_t Event
Definition: sock.h:141
Sock::ERR
static constexpr Event ERR
Ignored if passed to Wait(), but could be set in the occurred events if an exceptional condition has ...
Definition: sock.h:157
Sock::RECV
static constexpr Event RECV
If passed to Wait(), then it will wait for readiness to read from the socket.
Definition: sock.h:146
TorControlConnection
Low-level handling for Tor control connection.
Definition: torcontrol.h:56
TorControlConnection::m_message
TorControlReply m_message
Message being received.
Definition: torcontrol.h:108
TorControlConnection::m_reply_handlers
std::deque< ReplyHandlerCB > m_reply_handlers
Response handlers.
Definition: torcontrol.h:110
TorControlConnection::Command
bool Command(const std::string &cmd, const ReplyHandlerCB &reply_handler)
Send a command, register a handler for the reply.
Definition: torcontrol.cpp:217
TorControlConnection::m_recv_buffer
std::vector< std::byte > m_recv_buffer
Buffer for incoming data.
Definition: torcontrol.h:112
TorControlConnection::m_interrupt
CThreadInterrupt & m_interrupt
Reference to interrupt object for clean shutdown.
Definition: torcontrol.h:104
TorControlConnection::WaitForData
bool WaitForData(std::chrono::milliseconds timeout)
Wait for data to be available on the socket.
Definition: torcontrol.cpp:131
TorControlConnection::ReplyHandlerCB
std::function< void(TorControlConnection &, const TorControlReply &)> ReplyHandlerCB
Definition: torcontrol.h:58
TorControlConnection::ProcessBuffer
bool ProcessBuffer()
Process complete lines from the receive buffer.
Definition: torcontrol.cpp:179
TorControlConnection::ReceiveAndProcess
bool ReceiveAndProcess()
Read available data from socket and process complete replies.
Definition: torcontrol.cpp:148
TorControlConnection::Disconnect
void Disconnect()
Disconnect from Tor control port.
Definition: torcontrol.cpp:112
TorControlConnection::TorControlConnection
TorControlConnection(CThreadInterrupt &interrupt)
Create a new TorControlConnection.
Definition: torcontrol.cpp:76
TorControlConnection::Connect
bool Connect(const std::string &tor_control_center)
Connect to a Tor control port.
Definition: torcontrol.cpp:86
TorControlConnection::m_sock
std::unique_ptr< Sock > m_sock
Socket for the connection.
Definition: torcontrol.h:106
TorControlConnection::IsConnected
bool IsConnected() const
Check if the connection is established.
Definition: torcontrol.cpp:120
TorControlReply
Reply from Tor, can be single or multi-line.
Definition: torcontrol.h:38
TorControlReply::lines
std::vector< std::string > lines
Definition: torcontrol.h:43
TorController::m_interrupt
CThreadInterrupt m_interrupt
Definition: torcontrol.h:140
TorController::m_thread
std::thread m_thread
Definition: torcontrol.h:141
TorController::m_service
CService m_service
Definition: torcontrol.h:148
TorController::ThreadControl
void ThreadControl()
Main control thread.
Definition: torcontrol.cpp:390
TorController::GetPrivateKeyFile
fs::path GetPrivateKeyFile()
Get name of file to store private key in.
Definition: torcontrol.cpp:745
TorController::connected_cb
void connected_cb(TorControlConnection &conn)
Callback after successful connection.
Definition: torcontrol.cpp:724
TorController::get_socks_cb
void get_socks_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for GETINFO net/listeners/socks result.
Definition: torcontrol.cpp:435
TorController::add_onion_cb
void add_onion_cb(TorControlConnection &conn, const TorControlReply &reply, bool pow_was_enabled)
Callback for ADD_ONION result.
Definition: torcontrol.cpp:516
TorController::m_tor_control_center
const std::string m_tor_control_center
Definition: torcontrol.h:142
TorController::m_client_nonce
std::vector< uint8_t > m_client_nonce
ClientNonce for SAFECOOKIE auth.
Definition: torcontrol.h:153
TorController::disconnected_cb
void disconnected_cb(TorControlConnection &conn)
Callback after connection lost or failed connection attempt.
Definition: torcontrol.cpp:732
TorController::m_target
const CService m_target
Definition: torcontrol.h:149
TorController::authchallenge_cb
void authchallenge_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHCHALLENGE result.
Definition: torcontrol.cpp:609
TorController::m_conn
TorControlConnection m_conn
Definition: torcontrol.h:143
TorController::m_service_id
std::string m_service_id
Definition: torcontrol.h:145
TorController::m_reconnect
std::atomic< bool > m_reconnect
Definition: torcontrol.h:146
TorController::Interrupt
void Interrupt()
Interrupt the controller thread.
Definition: torcontrol.cpp:377
TorController::m_private_key
std::string m_private_key
Definition: torcontrol.h:144
TorController::Join
void Join()
Wait for the controller thread to exit.
Definition: torcontrol.cpp:383
TorController::auth_cb
void auth_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHENTICATE result.
Definition: torcontrol.cpp:557
TorController::protocolinfo_cb
void protocolinfo_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for PROTOCOLINFO result.
Definition: torcontrol.cpp:648
TorController::m_reconnect_timeout
std::chrono::duration< double > m_reconnect_timeout
Definition: torcontrol.h:147
TorController::m_cookie
std::vector< uint8_t > m_cookie
Cookie for SAFECOOKIE auth.
Definition: torcontrol.h:151
WSAEWOULDBLOCK
#define WSAEWOULDBLOCK
Definition: compat.h:61
WSAGetLastError
#define WSAGetLastError()
Definition: compat.h:59
MSG_DONTWAIT
#define MSG_DONTWAIT
Definition: compat.h:115
WSAEINPROGRESS
#define WSAEINPROGRESS
Definition: compat.h:65
WSAEINTR
#define WSAEINTR
Definition: compat.h:64
std::filesystem::PathToString
static std::string PathToString(const path &path)
Convert path object to a byte string.
Definition: fs.h:162
std::filesystem::PathFromString
static path PathFromString(const std::string &string)
Convert byte string to path object.
Definition: fs.h:185
HexStr
std::string HexStr(const std::span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: hex_base.cpp:30
hmac_sha256.h
LogWarning
#define LogWarning(...)
Definition: log.h:104
LogInfo
#define LogInfo(...)
Definition: log.h:103
LogDebug
#define LogDebug(category,...)
Definition: log.h:123
BCLog::TOR
@ TOR
Definition: categories.h:17
test_vectors_musig2_generate.s
tuple s
Definition: test_vectors_musig2_generate.py:72
tests_wycheproof_generate_ecdh.private_key
def private_key
Definition: tests_wycheproof_generate_ecdh.py:92
util::SplitString
std::vector< std::string > SplitString(std::string_view str, char sep)
Definition: string.h:150
util::TraceThread
void TraceThread(std::string_view thread_name, std::function< void()> thread_func)
A wrapper for do-something-once thread functions.
Definition: thread.cpp:15
util::ToString
std::string ToString(const T &t)
Locale-independent version of std::to_string.
Definition: string.h:247
util::ReplaceAll
void ReplaceAll(std::string &in_out, const std::string &search, const std::string &substitute)
Definition: string.cpp:14
RemoveLocal
void RemoveLocal(const CService &addr)
Definition: net.cpp:312
AddLocal
bool AddLocal(const CService &addr_, int nScore)
Definition: net.cpp:277
LOCAL_MANUAL
@ LOCAL_MANUAL
Definition: net.h:158
NET_ONION
@ NET_ONION
TOR (v2 or v3)
Definition: netaddress.h:44
ConnectDirectly
std::unique_ptr< Sock > ConnectDirectly(const CService &dest, bool manual_connection)
Create a socket and try to connect to the specified service.
Definition: netbase.cpp:645
SetProxy
bool SetProxy(enum Network net, const Proxy &addrProxy)
Definition: netbase.cpp:700
Lookup
std::vector< CService > Lookup(const std::string &name, uint16_t portDefault, bool fAllowLookup, unsigned int nMaxSolutions, DNSLookupFn dns_lookup_function)
Resolve a service string to its corresponding service.
Definition: netbase.cpp:191
g_reachable_nets
ReachableNets g_reachable_nets
Definition: netbase.cpp:43
fNameLookup
bool fNameLookup
Definition: netbase.cpp:37
LookupNumeric
CService LookupNumeric(const std::string &name, uint16_t portDefault, DNSLookupFn dns_lookup_function)
Resolve a service string with a numeric IP to its first corresponding service.
Definition: netbase.cpp:216
GetRandBytes
void GetRandBytes(std::span< unsigned char > bytes) noexcept
Generate random data via the internal PRNG.
Definition: random.cpp:601
WriteBinaryFile
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
Definition: readwritefile.cpp:36
ReadBinaryFile
std::pair< bool, std::string > ReadBinaryFile(const fs::path &filename, size_t maxsize)
Read full contents of a file and return them in a std::string.
Definition: readwritefile.cpp:15
NetworkErrorString
std::string NetworkErrorString(int err)
Return readable error string for a network error code.
Definition: sock.cpp:431
ParseHex
std::vector< Byte > ParseHex(std::string_view hex_str)
Like TryParseHex, but returns an empty vector on invalid input.
Definition: strencodings.h:68
util::LineReader::it
std::span< conststd::byte >::iterator it
Definition: string.h:270
util::LineReader::ReadLine
std::optional< std::string > ReadLine()
Returns a string from current iterator position up to (but not including) next and advances iterator...
Definition: string.cpp:23
strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1172
TOR_SAFE_CLIENTKEY
static const std::string TOR_SAFE_CLIENTKEY
For computing clientHash in SAFECOOKIE.
Definition: torcontrol.cpp:54
RECONNECT_TIMEOUT_MAX
constexpr std::chrono::duration< double > RECONNECT_TIMEOUT_MAX
Maximum reconnect timeout in seconds to prevent excessive delays.
Definition: torcontrol.cpp:60
TOR_COOKIE_SIZE
constexpr int TOR_COOKIE_SIZE
Tor cookie size (from control-spec.txt)
Definition: torcontrol.cpp:48
TOR_NONCE_SIZE
constexpr int TOR_NONCE_SIZE
Size of client/server nonce for SAFECOOKIE.
Definition: torcontrol.cpp:50
RECONNECT_TIMEOUT_START
constexpr std::chrono::duration< double > RECONNECT_TIMEOUT_START
Exponential backoff configuration - initial timeout in seconds.
Definition: torcontrol.cpp:56
MakeAddOnionCmd
static std::string MakeAddOnionCmd(const std::string &private_key, const std::string &target, bool enable_pow)
Definition: torcontrol.cpp:506
DEFAULT_TOR_CONTROL
const std::string DEFAULT_TOR_CONTROL
Default control ip and port.
Definition: torcontrol.cpp:46
SplitTorReplyLine
std::pair< std::string, std::string > SplitTorReplyLine(const std::string &s)
Definition: torcontrol.cpp:240
TOR_SAFE_SERVERKEY
static const std::string TOR_SAFE_SERVERKEY
For computing server_hash in SAFECOOKIE.
Definition: torcontrol.cpp:52
ComputeResponse
static std::vector< uint8_t > ComputeResponse(std::string_view key, std::span< const uint8_t > cookie, std::span< const uint8_t > client_nonce, std::span< const uint8_t > server_nonce)
Compute Tor SAFECOOKIE response.
Definition: torcontrol.cpp:598
MAX_LINE_COUNT
constexpr int MAX_LINE_COUNT
Maximum number of lines received on TorControlConnection per reply to avoid memory exhaustion.
Definition: torcontrol.cpp:70
RECONNECT_TIMEOUT_EXP
constexpr double RECONNECT_TIMEOUT_EXP
Exponential backoff configuration - growth factor.
Definition: torcontrol.cpp:58
ParseTorReplyMapping
std::map< std::string, std::string > ParseTorReplyMapping(const std::string &s)
Parse reply arguments in the form 'METHODS=COOKIE,SAFECOOKIE COOKIEFILE=".../control_auth_cookie"'.
Definition: torcontrol.cpp:259
DefaultOnionServiceTarget
CService DefaultOnionServiceTarget(uint16_t port)
Definition: torcontrol.cpp:750
SOCKET_SEND_TIMEOUT
constexpr auto SOCKET_SEND_TIMEOUT
Timeout for socket operations.
Definition: torcontrol.cpp:72
MAX_LINE_LENGTH
constexpr int MAX_LINE_LENGTH
Maximum length for lines received on TorControlConnection.
Definition: torcontrol.cpp:65
TOR_REPLY_SYNTAX_ERROR
constexpr int TOR_REPLY_SYNTAX_ERROR
Syntax error in command argument.
Definition: torcontrol.h:32
DEFAULT_TOR_SOCKS_PORT
constexpr uint16_t DEFAULT_TOR_SOCKS_PORT
Functionality for communicating with Tor.
Definition: torcontrol.h:24
TOR_REPLY_OK
constexpr int TOR_REPLY_OK
Tor control reply code.
Definition: torcontrol.h:30
TOR_REPLY_UNRECOGNIZED
constexpr int TOR_REPLY_UNRECOGNIZED
Definition: torcontrol.h:31
DEFAULT_TOR_CONTROL_PORT
constexpr int DEFAULT_TOR_CONTROL_PORT
Definition: torcontrol.h:25
SanitizeString
std::string SanitizeString(std::string_view str, int rule)
Remove unsafe chars.
Definition: strencodings.cpp:30
Generated on Fri Apr 24 2026 20:00:30 for Bitcoin Core by doxygen 1.9.4