22 #include <boost/signals2/signal.hpp>
24 #include <event2/buffer.h>
25 #include <event2/bufferevent.h>
26 #include <event2/event.h>
27 #include <event2/thread.h>
28 #include <event2/util.h>
44 "Tor safe cookie authentication server-to-controller hash";
47 "Tor safe cookie authentication controller-to-server hash";
99 bool Connect(
const std::string &tor_control_center,
135 static void readcb(
struct bufferevent *bev,
void *
ctx);
136 static void eventcb(
struct bufferevent *bev,
short what,
void *
ctx);
140 : base(_base), b_conn(nullptr) {}
150 struct evbuffer *input = bufferevent_get_input(bev);
151 size_t n_read_out = 0;
155 while ((line = evbuffer_readln(input, &n_read_out, EVBUFFER_EOL_CRLF)) !=
157 std::string s(line, n_read_out);
164 self->message.code =
atoi(s.substr(0, 3));
165 self->message.lines.push_back(s.substr(4));
170 if (self->message.code >= 600) {
173 self->async_handler(*
self, self->message);
175 if (!self->reply_handlers.empty()) {
177 self->reply_handlers.front()(*
self,
self->message);
178 self->reply_handlers.pop_front();
181 "tor: Received unexpected sync reply %i\n",
185 self->message.Clear();
193 LogPrintf(
"tor: Disconnecting because MAX_LINE_LENGTH exceeded\n");
201 if (what & BEV_EVENT_CONNECTED) {
203 self->connected(*
self);
204 }
else if (what & (BEV_EVENT_EOF | BEV_EVENT_ERROR)) {
205 if (what & BEV_EVENT_ERROR) {
207 "tor: Error connecting to Tor control socket\n");
212 self->disconnected(*
self);
223 struct sockaddr_storage connect_to_addr;
224 int connect_to_addrlen =
sizeof(connect_to_addr);
225 if (evutil_parse_sockaddr_port(tor_control_center.c_str(),
226 (
struct sockaddr *)&connect_to_addr,
227 &connect_to_addrlen) < 0) {
228 LogPrintf(
"tor: Error parsing socket address %s\n", tor_control_center);
233 b_conn = bufferevent_socket_new(
base, -1, BEV_OPT_CLOSE_ON_FREE);
239 bufferevent_enable(
b_conn, EV_READ | EV_WRITE);
244 if (bufferevent_socket_connect(
b_conn, (
struct sockaddr *)&connect_to_addr,
245 connect_to_addrlen) < 0) {
246 LogPrintf(
"tor: Error connecting to address %s\n", tor_control_center);
264 struct evbuffer *buf = bufferevent_get_output(
b_conn);
268 evbuffer_add(buf, cmd.data(), cmd.size());
269 evbuffer_add(buf,
"\r\n", 2);
284 while (ptr < s.size() && s[ptr] !=
' ') {
285 type.push_back(s[ptr]);
288 if (ptr < s.size()) {
292 return make_pair(type, s.substr(ptr));
304 std::map<std::string, std::string> mapping;
306 while (ptr < s.size()) {
307 std::string key, value;
308 while (ptr < s.size() && s[ptr] !=
'=' && s[ptr] !=
' ') {
309 key.push_back(s[ptr]);
313 if (ptr == s.size()) {
314 return std::map<std::string, std::string>();
323 if (ptr < s.size() && s[ptr] ==
'"') {
326 bool escape_next =
false;
327 while (ptr < s.size() && (escape_next || s[ptr] !=
'"')) {
329 escape_next = (s[ptr] ==
'\\' && !escape_next);
330 value.push_back(s[ptr]);
334 if (ptr == s.size()) {
335 return std::map<std::string, std::string>();
351 std::string escaped_value;
352 for (
size_t i = 0; i < value.size(); ++i) {
353 if (value[i] ==
'\\') {
359 if (value[i] ==
'n') {
360 escaped_value.push_back(
'\n');
361 }
else if (value[i] ==
't') {
362 escaped_value.push_back(
'\t');
363 }
else if (value[i] ==
'r') {
364 escaped_value.push_back(
'\r');
365 }
else if (
'0' <= value[i] && value[i] <=
'7') {
370 for (j = 1; j < 3 && (i + j) < value.size() &&
371 '0' <= value[i + j] && value[i + j] <=
'7';
377 if (j == 3 && value[i] >
'3') {
380 escaped_value.push_back(
381 strtol(value.substr(i, j).c_str(), NULL, 8));
385 escaped_value.push_back(value[i]);
388 escaped_value.push_back(value[i]);
391 value = escaped_value;
395 while (ptr < s.size() && s[ptr] !=
' ') {
396 value.push_back(s[ptr]);
400 if (ptr < s.size() && s[ptr] ==
' ') {
404 mapping[key] = value;
418 const std::string &tor_control_center,
460 static void reconnect_cb(evutil_socket_t fd,
short what,
void *arg);
464 const std::string &tor_control_center,
466 : base(_base), m_tor_control_center(tor_control_center), conn(base),
467 reconnect(true), reconnect_ev(0),
472 "tor: Failed to create event for reconnection: out of memory?\n");
477 std::placeholders::_1),
479 std::placeholders::_1))) {
480 LogPrintf(
"tor: Initiating connection to Tor control port %s failed\n",
504 if (reply.
code == 250) {
506 for (
const std::string &s : reply.
lines) {
508 std::map<std::string, std::string>::iterator i;
509 if ((i = m.find(
"ServiceID")) != m.end()) {
512 if ((i = m.find(
"PrivateKey")) != m.end()) {
517 LogPrintf(
"tor: Error parsing ADD_ONION parameters:\n");
518 for (
const std::string &s : reply.
lines) {
525 LogPrintf(
"tor: Got service ID %s, advertising service %s\n",
531 LogPrintf(
"tor: Error writing service private key to %s\n",
536 }
else if (reply.
code == 510) {
537 LogPrintf(
"tor: Add onion failed with unrecognized command (You "
538 "probably need to upgrade Tor)\n");
540 LogPrintf(
"tor: Add onion failed; error code %d\n", reply.
code);
546 if (reply.
code == 250) {
572 std::placeholders::_1, std::placeholders::_2));
574 LogPrintf(
"tor: Authentication failed\n");
594 static std::vector<uint8_t>
596 const std::vector<uint8_t> &clientNonce,
597 const std::vector<uint8_t> &serverNonce) {
598 CHMAC_SHA256 computeHash((
const uint8_t *)key.data(), key.size());
600 computeHash.
Write(cookie.data(), cookie.size());
601 computeHash.
Write(clientNonce.data(), clientNonce.size());
602 computeHash.
Write(serverNonce.data(), serverNonce.size());
603 computeHash.
Finalize(computedHash.data());
609 if (reply.
code == 250) {
611 "tor: SAFECOOKIE authentication challenge successful\n");
612 std::pair<std::string, std::string> l =
614 if (l.first ==
"AUTHCHALLENGE") {
615 std::map<std::string, std::string> m =
618 LogPrintf(
"tor: Error parsing AUTHCHALLENGE parameters: %s\n",
622 std::vector<uint8_t> serverHash =
ParseHex(m[
"SERVERHASH"]);
623 std::vector<uint8_t> serverNonce =
ParseHex(m[
"SERVERNONCE"]);
625 "tor: AUTHCHALLENGE ServerHash %s ServerNonce %s\n",
627 if (serverNonce.size() != 32) {
629 "tor: ServerNonce is not 32 bytes, as required by spec\n");
635 if (computedServerHash != serverHash) {
636 LogPrintf(
"tor: ServerHash %s does not match expected "
646 std::placeholders::_1,
647 std::placeholders::_2));
649 LogPrintf(
"tor: Invalid reply to AUTHCHALLENGE\n");
652 LogPrintf(
"tor: SAFECOOKIE authentication challenge failed\n");
658 if (reply.
code == 250) {
659 std::set<std::string> methods;
660 std::string cookiefile;
667 for (
const std::string &s : reply.
lines) {
669 if (l.first ==
"AUTH") {
670 std::map<std::string, std::string> m =
672 std::map<std::string, std::string>::iterator i;
673 if ((i = m.find(
"METHODS")) != m.end()) {
674 std::vector<std::string> m_vec =
676 methods = std::set<std::string>(m_vec.begin(), m_vec.end());
678 if ((i = m.find(
"COOKIEFILE")) != m.end()) {
679 cookiefile = i->second;
681 }
else if (l.first ==
"VERSION") {
682 std::map<std::string, std::string> m =
684 std::map<std::string, std::string>::iterator i;
685 if ((i = m.find(
"Tor")) != m.end()) {
691 for (
const std::string &s : methods) {
701 std::string torpassword =
gArgs.
GetArg(
"-torpassword",
"");
702 if (!torpassword.empty()) {
703 if (methods.count(
"HASHEDPASSWORD")) {
705 "tor: Using HASHEDPASSWORD authentication\n");
707 _conn.
Command(
"AUTHENTICATE \"" + torpassword +
"\"",
709 std::placeholders::_1,
710 std::placeholders::_2));
712 LogPrintf(
"tor: Password provided with -torpassword, but "
713 "HASHEDPASSWORD authentication is not available\n");
715 }
else if (methods.count(
"NULL")) {
718 this, std::placeholders::_1,
719 std::placeholders::_2));
720 }
else if (methods.count(
"SAFECOOKIE")) {
723 "tor: Using SAFECOOKIE authentication, "
724 "reading cookie authentication from %s\n",
726 std::pair<bool, std::string> status_cookie =
728 if (status_cookie.first &&
733 cookie = std::vector<uint8_t>(status_cookie.second.begin(),
734 status_cookie.second.end());
739 std::placeholders::_1,
740 std::placeholders::_2));
742 if (status_cookie.first) {
743 LogPrintf(
"tor: Authentication cookie %s is not exactly %i "
744 "bytes, as is required by the spec\n",
747 LogPrintf(
"tor: Authentication cookie %s could not be "
748 "opened (check permissions)\n",
752 }
else if (methods.count(
"HASHEDPASSWORD")) {
753 LogPrintf(
"tor: The only supported authentication mechanism left "
754 "is password, but no password provided with "
757 LogPrintf(
"tor: No supported authentication method\n");
760 LogPrintf(
"tor: Requesting protocol info failed\n");
768 if (!_conn.
Command(
"PROTOCOLINFO 1",
770 std::placeholders::_1,
771 std::placeholders::_2))) {
772 LogPrintf(
"tor: Error sending initial protocolinfo command\n");
787 "tor: Not connected to Tor control port %s, trying to reconnect\n",
804 std::placeholders::_1),
806 std::placeholders::_1))) {
808 "tor: Re-initiating connection to Tor control port %s failed\n",
828 onion_service_target);
830 event_base_dispatch(
gBase);
836 evthread_use_windows_threads();
838 evthread_use_pthreads();
840 gBase = event_base_new();
842 LogPrintf(
"tor: Unable to create event_base\n");
856 gBase, -1, EV_TIMEOUT,
857 [](evutil_socket_t,
short,
void *) { event_base_loopbreak(
gBase); },
865 event_base_free(
gBase);
871 struct in_addr onion_service_target;
872 onion_service_target.s_addr = htonl(INADDR_LOOPBACK);
const CChainParams & Params()
Return the currently selected parameters.
const CBaseChainParams & BaseParams()
Return the currently selected parameters.
const fs::path & GetDataDirNet() const
Get data directory path with appended network identifier.
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
uint16_t OnionServiceTargetPort() const
A hasher class for HMAC-SHA-256.
CHMAC_SHA256 & Write(const uint8_t *data, size_t len)
static const size_t OUTPUT_SIZE
void Finalize(uint8_t hash[OUTPUT_SIZE])
A combination of a network address (CNetAddr) and a (TCP) port.
std::string ToStringIPPort() const
std::string ToString() const
Low-level handling for Tor control connection.
TorControlReply message
Message being received.
std::deque< ReplyHandlerCB > reply_handlers
Response handlers.
bool Connect(const std::string &tor_control_center, const ConnectionCB &connected, const ConnectionCB &disconnected)
Connect to a Tor control port.
TorControlConnection(struct event_base *base)
Create a new TorControlConnection.
bool Command(const std::string &cmd, const ReplyHandlerCB &reply_handler)
Send a command, register a handler for the reply.
std::function< void(TorControlConnection &)> connected
Callback when ready for use.
boost::signals2::signal< void(TorControlConnection &, const TorControlReply &)> async_handler
Response handlers for async replies.
static void readcb(struct bufferevent *bev, void *ctx)
Libevent handlers: internal.
std::function< void(TorControlConnection &)> disconnected
Callback when connection lost.
static void eventcb(struct bufferevent *bev, short what, void *ctx)
std::function< void(TorControlConnection &, const TorControlReply &)> ReplyHandlerCB
void Disconnect()
Disconnect from Tor control port.
struct bufferevent * b_conn
Connection to control socket.
struct event_base * base
Libevent event base.
std::function< void(TorControlConnection &)> ConnectionCB
Reply from Tor, can be single or multi-line.
std::vector< std::string > lines
Controller that connects to Tor control socket, authenticate, then create and maintain an ephemeral o...
TorControlConnection conn
static void reconnect_cb(evutil_socket_t fd, short what, void *arg)
Callback for reconnect timer.
fs::path GetPrivateKeyFile()
Get name fo file to store private key in.
std::vector< uint8_t > clientNonce
ClientNonce for SAFECOOKIE auth.
void connected_cb(TorControlConnection &conn)
Callback after successful connection.
void add_onion_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for ADD_ONION result.
const std::string m_tor_control_center
void disconnected_cb(TorControlConnection &conn)
Callback after connection lost or failed connection attempt.
void authchallenge_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHCHALLENGE result.
std::vector< uint8_t > cookie
Cookie for SAFECOOKIE auth.
struct event * reconnect_ev
TorController(struct event_base *base, const std::string &tor_control_center, const CService &target)
void auth_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHENTICATE result.
void Reconnect()
Reconnect, after getting disconnected.
void protocolinfo_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for PROTOCOLINFO result.
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
#define LogPrint(category,...)
static std::string PathToString(const path &path)
Convert path object to a byte string.
static path PathFromString(const std::string &string)
Convert byte string to path object.
void TraceThread(const char *thread_name, std::function< void()> thread_func)
A wrapper for do-something-once thread functions.
void RemoveLocal(const CService &addr)
void SetReachable(enum Network net, bool reachable)
Mark a network as reachable or unreachable (no automatic connects to it)
bool AddLocal(const CService &addr, int nScore)
@ NET_ONION
TOR (v2 or v3)
CService LookupNumeric(const std::string &name, uint16_t portDefault, DNSLookupFn dns_lookup_function)
Resolve a service string with a numeric IP to its first corresponding service.
bool SetProxy(enum Network net, const proxyType &addrProxy)
void GetRandBytes(uint8_t *buf, int num) noexcept
Overall design of the RNG and entropy sources.
std::pair< bool, std::string > ReadBinaryFile(const fs::path &filename, size_t maxsize=std::numeric_limits< size_t >::max())
Read full contents of a file and return them in a std::string.
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
static uint16_t GetDefaultPort()
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
std::string SanitizeString(const std::string &str, int rule)
Remove unsafe chars.
int atoi(const std::string &str)
std::vector< uint8_t > ParseHex(const char *psz)
void ReplaceAll(std::string &in_out, const std::string &search, const std::string &substitute)
std::vector< std::string > SplitString(std::string_view str, char sep)
struct timeval MillisToTimeval(int64_t nTimeout)
Convert milliseconds to a struct timeval for e.g.
static const std::string TOR_SAFE_CLIENTKEY
For computing clientHash in SAFECOOKIE.
CService DefaultOnionServiceTarget()
static const int MAX_LINE_LENGTH
Maximum length for lines received on TorControlConnection.
static std::vector< uint8_t > ComputeResponse(const std::string &key, const std::vector< uint8_t > &cookie, const std::vector< uint8_t > &clientNonce, const std::vector< uint8_t > &serverNonce)
Compute Tor SAFECOOKIE response.
static const float RECONNECT_TIMEOUT_EXP
Exponential backoff configuration - growth factor.
const std::string DEFAULT_TOR_CONTROL
Default control port.
static void TorControlThread(CService onion_service_target)
static const std::string TOR_SAFE_SERVERKEY
For computing serverHash in SAFECOOKIE.
static const int TOR_COOKIE_SIZE
Tor cookie size (from control-spec.txt)
static struct event_base * gBase
static const int TOR_NONCE_SIZE
Size of client/server nonce for SAFECOOKIE.
std::map< std::string, std::string > ParseTorReplyMapping(const std::string &s)
Parse reply arguments in the form 'METHODS=COOKIE,SAFECOOKIE COOKIEFILE=".../control_auth_cookie"'.
void InterruptTorControl()
static std::thread torControlThread
std::pair< std::string, std::string > SplitTorReplyLine(const std::string &s)
static const float RECONNECT_TIMEOUT_START
Exponential backoff configuration - initial timeout in seconds.
void StartTorControl(CService onion_service_target)
1.9.1