27 #include <event2/buffer.h>
28 #include <event2/bufferevent.h>
29 #include <event2/event.h>
30 #include <event2/thread.h>
31 #include <event2/util.h>
40 static const std::string
TOR_SAFE_SERVERKEY =
"Tor safe cookie authentication server-to-controller hash";
42 static const std::string
TOR_SAFE_CLIENTKEY =
"Tor safe cookie authentication controller-to-server hash";
70 struct evbuffer *input = bufferevent_get_input(bev);
71 size_t n_read_out = 0;
75 while((line = evbuffer_readln(input, &n_read_out, EVBUFFER_EOL_CRLF)) !=
nullptr)
77 std::string s(line, n_read_out);
82 self->message.code = LocaleIndependentAtoi<int>(s.substr(0,3));
83 self->message.lines.push_back(s.substr(4));
87 if (self->message.code >= 600) {
90 self->async_handler(*
self, self->message);
92 if (!self->reply_handlers.empty()) {
94 self->reply_handlers.front()(*
self,
self->message);
95 self->reply_handlers.pop_front();
100 self->message.Clear();
107 LogPrintf(
"tor: Disconnecting because MAX_LINE_LENGTH exceeded\n");
115 if (what & BEV_EVENT_CONNECTED) {
117 self->connected(*
self);
118 }
else if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
119 if (what & BEV_EVENT_ERROR) {
125 self->disconnected(*
self);
137 LogPrintf(
"tor: Failed to look up control center %s\n", tor_control_center);
141 struct sockaddr_storage control_address;
142 socklen_t control_address_len =
sizeof(control_address);
143 if (!control_service.
GetSockAddr(
reinterpret_cast<struct sockaddr*
>(&control_address), &control_address_len)) {
144 LogPrintf(
"tor: Error parsing socket address %s\n", tor_control_center);
149 b_conn = bufferevent_socket_new(
base, -1, BEV_OPT_CLOSE_ON_FREE);
154 bufferevent_enable(
b_conn, EV_READ|EV_WRITE);
159 if (bufferevent_socket_connect(
b_conn,
reinterpret_cast<struct sockaddr*
>(&control_address), control_address_len) < 0) {
160 LogPrintf(
"tor: Error connecting to address %s\n", tor_control_center);
177 struct evbuffer *buf = bufferevent_get_output(
b_conn);
180 evbuffer_add(buf,
cmd.data(),
cmd.size());
181 evbuffer_add(buf,
"\r\n", 2);
197 while (ptr < s.size() && s[ptr] !=
' ') {
198 type.push_back(s[ptr]);
203 return make_pair(type, s.substr(ptr));
214 std::map<std::string,std::string> mapping;
216 while (ptr < s.size()) {
217 std::string key, value;
218 while (ptr < s.size() && s[ptr] !=
'=' && s[ptr] !=
' ') {
219 key.push_back(s[ptr]);
223 return std::map<std::string,std::string>();
227 if (ptr < s.size() && s[ptr] ==
'"') {
229 bool escape_next =
false;
230 while (ptr < s.size() && (escape_next || s[ptr] !=
'"')) {
232 escape_next = (s[ptr] ==
'\\' && !escape_next);
233 value.push_back(s[ptr]);
237 return std::map<std::string,std::string>();
249 std::string escaped_value;
250 for (
size_t i = 0; i < value.size(); ++i) {
251 if (value[i] ==
'\\') {
257 if (value[i] ==
'n') {
258 escaped_value.push_back(
'\n');
259 }
else if (value[i] ==
't') {
260 escaped_value.push_back(
'\t');
261 }
else if (value[i] ==
'r') {
262 escaped_value.push_back(
'\r');
263 }
else if (
'0' <= value[i] && value[i] <=
'7') {
268 for (j = 1; j < 3 && (i+j) < value.size() &&
'0' <= value[i+j] && value[i+j] <=
'7'; ++j) {}
272 if (j == 3 && value[i] >
'3') {
275 const auto end{i + j};
279 val += value[i++] -
'0';
281 escaped_value.push_back(
char(val));
285 escaped_value.push_back(value[i]);
288 escaped_value.push_back(value[i]);
291 value = escaped_value;
293 while (ptr < s.size() && s[ptr] !=
' ') {
294 value.push_back(s[ptr]);
298 if (ptr < s.size() && s[ptr] ==
' ')
300 mapping[key] = value;
307 m_tor_control_center(tor_control_center), conn(base), reconnect(true), reconnect_timeout(
RECONNECT_TIMEOUT_START),
312 LogPrintf(
"tor: Failed to create event for reconnection: out of memory?\n");
340 std::string socks_location;
341 if (reply.
code == 250) {
342 for (
const auto& line : reply.
lines) {
343 if (0 == line.compare(0, 20,
"net/listeners/socks=")) {
344 const std::string port_list_str = line.substr(20);
345 std::vector<std::string> port_list =
SplitString(port_list_str,
' ');
347 for (
auto& portstr : port_list) {
348 if (portstr.empty())
continue;
349 if ((portstr[0] ==
'"' || portstr[0] ==
'\'') && portstr.size() >= 2 && (*portstr.rbegin() == portstr[0])) {
350 portstr = portstr.substr(1, portstr.size() - 2);
351 if (portstr.empty())
continue;
353 socks_location = portstr;
354 if (0 == portstr.compare(0, 10,
"127.0.0.1:")) {
361 if (!socks_location.empty()) {
364 LogPrintf(
"tor: Get SOCKS port command returned nothing\n");
366 }
else if (reply.
code == 510) {
367 LogPrintf(
"tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)\n");
369 LogPrintf(
"tor: Get SOCKS port command failed; error code %d\n", reply.
code);
374 if (!socks_location.empty()) {
389 const bool onion_allowed_by_onlynet{
391 std::any_of(onlynets.begin(), onlynets.end(), [](
const auto& n) {
392 return ParseNetwork(n) == NET_ONION;
395 if (onion_allowed_by_onlynet) {
406 if (reply.
code == 250) {
408 for (
const std::string &s : reply.
lines) {
410 std::map<std::string,std::string>::iterator i;
411 if ((i =
m.find(
"ServiceID")) !=
m.end())
413 if ((i =
m.find(
"PrivateKey")) !=
m.end())
417 LogPrintf(
"tor: Error parsing ADD_ONION parameters:\n");
418 for (
const std::string &s : reply.
lines) {
432 }
else if (reply.
code == 510) {
433 LogPrintf(
"tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n");
435 LogPrintf(
"tor: Add onion failed; error code %d\n", reply.
code);
441 if (reply.
code == 250) {
459 LogPrintf(
"tor: Authentication failed\n");
479 static std::vector<uint8_t>
ComputeResponse(
const std::string &key,
const std::vector<uint8_t> &cookie,
const std::vector<uint8_t> &clientNonce,
const std::vector<uint8_t> &serverNonce)
481 CHMAC_SHA256 computeHash((
const uint8_t*)key.data(), key.size());
483 computeHash.
Write(cookie.data(), cookie.size());
484 computeHash.
Write(clientNonce.data(), clientNonce.size());
485 computeHash.
Write(serverNonce.data(), serverNonce.size());
486 computeHash.
Finalize(computedHash.data());
492 if (reply.
code == 250) {
495 if (l.first ==
"AUTHCHALLENGE") {
501 std::vector<uint8_t> serverHash =
ParseHex(
m[
"SERVERHASH"]);
502 std::vector<uint8_t> serverNonce =
ParseHex(
m[
"SERVERNONCE"]);
504 if (serverNonce.size() != 32) {
505 LogPrintf(
"tor: ServerNonce is not 32 bytes, as required by spec\n");
510 if (computedServerHash != serverHash) {
511 LogPrintf(
"tor: ServerHash %s does not match expected ServerHash %s\n",
HexStr(serverHash),
HexStr(computedServerHash));
518 LogPrintf(
"tor: Invalid reply to AUTHCHALLENGE\n");
521 LogPrintf(
"tor: SAFECOOKIE authentication challenge failed\n");
527 if (reply.
code == 250) {
528 std::set<std::string> methods;
529 std::string cookiefile;
535 for (
const std::string &s : reply.
lines) {
537 if (l.first ==
"AUTH") {
539 std::map<std::string,std::string>::iterator i;
540 if ((i =
m.find(
"METHODS")) !=
m.end()) {
541 std::vector<std::string> m_vec =
SplitString(i->second,
',');
542 methods = std::set<std::string>(m_vec.begin(), m_vec.end());
544 if ((i =
m.find(
"COOKIEFILE")) !=
m.end())
545 cookiefile = i->second;
546 }
else if (l.first ==
"VERSION") {
548 std::map<std::string,std::string>::iterator i;
549 if ((i =
m.find(
"Tor")) !=
m.end()) {
554 for (
const std::string &s : methods) {
562 std::string torpassword =
gArgs.
GetArg(
"-torpassword",
"");
563 if (!torpassword.empty()) {
564 if (methods.count(
"HASHEDPASSWORD")) {
567 _conn.
Command(
"AUTHENTICATE \"" + torpassword +
"\"", std::bind(&
TorController::auth_cb,
this, std::placeholders::_1, std::placeholders::_2));
569 LogPrintf(
"tor: Password provided with -torpassword, but HASHEDPASSWORD authentication is not available\n");
571 }
else if (methods.count(
"NULL")) {
574 }
else if (methods.count(
"SAFECOOKIE")) {
576 LogPrint(
BCLog::TOR,
"Using SAFECOOKIE authentication, reading cookie authentication from %s\n", cookiefile);
578 if (status_cookie.first && status_cookie.second.size() ==
TOR_COOKIE_SIZE) {
580 cookie = std::vector<uint8_t>(status_cookie.second.begin(), status_cookie.second.end());
585 if (status_cookie.first) {
586 LogPrintf(
"tor: Authentication cookie %s is not exactly %i bytes, as is required by the spec\n", cookiefile,
TOR_COOKIE_SIZE);
588 LogPrintf(
"tor: Authentication cookie %s could not be opened (check permissions)\n", cookiefile);
591 }
else if (methods.count(
"HASHEDPASSWORD")) {
592 LogPrintf(
"tor: The only supported authentication mechanism left is password, but no password provided with -torpassword\n");
594 LogPrintf(
"tor: No supported authentication method\n");
597 LogPrintf(
"tor: Requesting protocol info failed\n");
606 LogPrintf(
"tor: Error sending initial protocolinfo command\n");
658 event_base_dispatch(
gBase);
665 evthread_use_windows_threads();
667 evthread_use_pthreads();
669 gBase = event_base_new();
671 LogPrintf(
"tor: Unable to create event_base\n");
684 event_base_once(
gBase, -1, EV_TIMEOUT, [](evutil_socket_t,
short,
void*) {
685 event_base_loopbreak(
gBase);
686 },
nullptr,
nullptr);
694 event_base_free(
gBase);
701 struct in_addr onion_service_target;
702 onion_service_target.s_addr = htonl(INADDR_LOOPBACK);
const CChainParams & Params()
Return the currently selected parameters.
const CBaseChainParams & BaseParams()
Return the currently selected parameters.
#define Assume(val)
Assume is the identity function.
std::vector< std::string > GetArgs(const std::string &strArg) const
Return a vector of strings of the given argument.
bool IsArgSet(const std::string &strArg) const
Return true if the given argument has been manually set.
const fs::path & GetDataDirNet() const
Get data directory path with appended network identifier.
std::string GetArg(const std::string &strArg, const std::string &strDefault) const
Return string argument or default value.
uint16_t OnionServiceTargetPort() const
A hasher class for HMAC-SHA-256.
void Finalize(unsigned char hash[OUTPUT_SIZE])
CHMAC_SHA256 & Write(const unsigned char *data, size_t len)
static const size_t OUTPUT_SIZE
A combination of a network address (CNetAddr) and a (TCP) port.
std::string ToStringIPPort() const
std::string ToString() const
bool GetSockAddr(struct sockaddr *paddr, socklen_t *addrlen) const
Obtain the IPv4/6 socket address this represents.
Low-level handling for Tor control connection.
std::deque< ReplyHandlerCB > reply_handlers
Response handlers.
bool Connect(const std::string &tor_control_center, const ConnectionCB &connected, const ConnectionCB &disconnected)
Connect to a Tor control port.
TorControlConnection(struct event_base *base)
Create a new TorControlConnection.
bool Command(const std::string &cmd, const ReplyHandlerCB &reply_handler)
Send a command, register a handler for the reply.
std::function< void(TorControlConnection &)> connected
Callback when ready for use.
static void readcb(struct bufferevent *bev, void *ctx)
Libevent handlers: internal.
std::function< void(TorControlConnection &, const TorControlReply &)> ReplyHandlerCB
static void eventcb(struct bufferevent *bev, short what, void *ctx)
std::function< void(TorControlConnection &)> disconnected
Callback when connection lost.
std::function< void(TorControlConnection &)> ConnectionCB
void Disconnect()
Disconnect from Tor control port.
struct bufferevent * b_conn
Connection to control socket.
struct event_base * base
Libevent event base.
Reply from Tor, can be single or multi-line.
std::vector< std::string > lines
Controller that connects to Tor control socket, authenticate, then create and maintain an ephemeral o...
TorControlConnection conn
static void reconnect_cb(evutil_socket_t fd, short what, void *arg)
Callback for reconnect timer.
fs::path GetPrivateKeyFile()
Get name of file to store private key in.
std::vector< uint8_t > clientNonce
ClientNonce for SAFECOOKIE auth.
void connected_cb(TorControlConnection &conn)
Callback after successful connection.
void get_socks_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for GETINFO net/listeners/socks result.
void add_onion_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for ADD_ONION result.
const std::string m_tor_control_center
void disconnected_cb(TorControlConnection &conn)
Callback after connection lost or failed connection attempt.
void authchallenge_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHCHALLENGE result.
std::vector< uint8_t > cookie
Cookie for SAFECOOKIE auth.
struct event * reconnect_ev
void auth_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for AUTHENTICATE result.
void Reconnect()
Reconnect, after getting disconnected.
void protocolinfo_cb(TorControlConnection &conn, const TorControlReply &reply)
Callback for PROTOCOLINFO result.
Path class wrapper to block calls to the fs::path(std::string) implicit constructor and the fs::path:...
#define LogPrint(category,...)
#define LogPrintfCategory(category,...)
static std::string PathToString(const path &path)
Convert path object to a byte string.
static path PathFromString(const std::string &string)
Convert byte string to path object.
void TraceThread(std::string_view thread_name, std::function< void()> thread_func)
A wrapper for do-something-once thread functions.
void RemoveLocal(const CService &addr)
bool AddLocal(const CService &addr_, int nScore)
void SetReachable(enum Network net, bool reachable)
Mark a network as reachable or unreachable (no automatic connects to it)
@ NET_ONION
TOR (v2 or v3)
bool SetProxy(enum Network net, const Proxy &addrProxy)
bool Lookup(const std::string &name, std::vector< CService > &vAddr, uint16_t portDefault, bool fAllowLookup, unsigned int nMaxSolutions, DNSLookupFn dns_lookup_function)
Resolve a service string to its corresponding service.
CService LookupNumeric(const std::string &name, uint16_t portDefault, DNSLookupFn dns_lookup_function)
Resolve a service string with a numeric IP to its first corresponding service.
void GetRandBytes(Span< unsigned char > bytes) noexcept
Overall design of the RNG and entropy sources.
bool WriteBinaryFile(const fs::path &filename, const std::string &data)
Write contents of std::string to a file.
std::pair< bool, std::string > ReadBinaryFile(const fs::path &filename, size_t maxsize=std::numeric_limits< size_t >::max())
Read full contents of a file and return them in a std::string.
std::vector< std::string > SplitString(std::string_view str, char sep)
void SetSyscallSandboxPolicy(SyscallSandboxPolicy syscall_policy)
Force the current thread (and threads created from the current thread) into a restricted-service oper...
static secp256k1_context * ctx
struct timeval MillisToTimeval(int64_t nTimeout)
Convert milliseconds to a struct timeval for e.g.
static const std::string TOR_SAFE_CLIENTKEY
For computing clientHash in SAFECOOKIE.
CService DefaultOnionServiceTarget()
static const int MAX_LINE_LENGTH
Maximum length for lines received on TorControlConnection.
std::pair< std::string, std::string > SplitTorReplyLine(const std::string &s)
static std::vector< uint8_t > ComputeResponse(const std::string &key, const std::vector< uint8_t > &cookie, const std::vector< uint8_t > &clientNonce, const std::vector< uint8_t > &serverNonce)
Compute Tor SAFECOOKIE response.
static const float RECONNECT_TIMEOUT_EXP
Exponential backoff configuration - growth factor.
const std::string DEFAULT_TOR_CONTROL
Default control port.
static void TorControlThread(CService onion_service_target)
static const std::string TOR_SAFE_SERVERKEY
For computing serverHash in SAFECOOKIE.
static const int TOR_COOKIE_SIZE
Tor cookie size (from control-spec.txt)
static struct event_base * gBase
static const int TOR_NONCE_SIZE
Size of client/server nonce for SAFECOOKIE.
void InterruptTorControl()
static std::thread torControlThread
static const float RECONNECT_TIMEOUT_START
Exponential backoff configuration - initial timeout in seconds.
static const uint16_t DEFAULT_TOR_SOCKS_PORT
void StartTorControl(CService onion_service_target)
std::map< std::string, std::string > ParseTorReplyMapping(const std::string &s)
Parse reply arguments in the form 'METHODS=COOKIE,SAFECOOKIE COOKIEFILE=".../control_auth_cookie"'.
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
std::vector< Byte > ParseHex(std::string_view str)
Parse the hex string into bytes (uint8_t or std::byte).
std::string SanitizeString(std::string_view str, int rule)
Remove unsafe chars.
void ReplaceAll(std::string &in_out, const std::string &search, const std::string &substitute)