phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-04-29 14:59:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge bitcoin/bitcoin#32166: torcontrol: Define tor reply code as const to improve our maintainability

Browse source 
8e4a0ddd50 torcontrol: Add comment explaining Proxy credential randomization for Tor privacy (Eval EXEC)
ec5c0b26ce torcontrol: Define tor reply code as const to improve maintainability (Eval EXEC)

Pull request description:

  This PR want to:
  1. replace tor repy code with const to improve out maintainability.
  2. cherry-picked https://github.com/bitcoin/bitcoin/pull/31973 , add comment to explain Proxy credential randomization for Tor privacy

ACKs for top commit:
  hodlinator:
    re-ACK 8e4a0ddd50
  laanwj:
    re-ACK 8e4a0ddd50

Tree-SHA512: 038daa6508ca88fceed5c8e155430614cb56976f36d1f8baee5114bca1141122cf94f51814a869848b3442691ee765cbf609cf946b2b35d5135015a9b749d917
This commit is contained in:
Ryan Ofsky 2025-04-01 12:45:52 -04:00
commit 6af68bb84b
No known key found for this signature in database
GPG key ID: 46800E30FC748A66
1 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/torcontrol.cpp
View file

@ -53,6 +53,9 @@ const std::string DEFAULT_TOR_CONTROL = "127.0.0.1:" + ToString(DEFAULT_TOR_CONT
static const int TOR_COOKIE_SIZE = 32; static const int TOR_COOKIE_SIZE = 32;
/** Size of client/server nonce for SAFECOOKIE */ /** Size of client/server nonce for SAFECOOKIE */
static const int TOR_NONCE_SIZE = 32; static const int TOR_NONCE_SIZE = 32;
/** Tor control reply code. Ref: https://spec.torproject.org/control-spec/replies.html */
static const int TOR_REPLY_OK = 250;
static const int TOR_REPLY_UNRECOGNIZED = 510;
/** For computing serverHash in SAFECOOKIE */ /** For computing serverHash in SAFECOOKIE */
static const std::string TOR_SAFE_SERVERKEY = "Tor safe cookie authentication server-to-controller hash"; static const std::string TOR_SAFE_SERVERKEY = "Tor safe cookie authentication server-to-controller hash";
/** For computing clientHash in SAFECOOKIE */ /** For computing clientHash in SAFECOOKIE */
@ -357,7 +360,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
{ {
// NOTE: We can only get here if -onion is unset // NOTE: We can only get here if -onion is unset
std::string socks_location; std::string socks_location;
if (reply.code == 250) { if (reply.code == TOR_REPLY_OK) {
for (const auto& line : reply.lines) { for (const auto& line : reply.lines) {
if (line.starts_with("net/listeners/socks=")) { if (line.starts_with("net/listeners/socks=")) {
const std::string port_list_str = line.substr(20); const std::string port_list_str = line.substr(20);
@ -382,7 +385,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
} else { } else {
LogPrintf("tor: Get SOCKS port command returned nothing\n"); LogPrintf("tor: Get SOCKS port command returned nothing\n");
} }
} else if (reply.code == 510) { // 510 Unrecognized command } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
LogPrintf("tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)\n"); LogPrintf("tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)\n");
} else { } else {
LogPrintf("tor: Get SOCKS port command failed; error code %d\n", reply.code); LogPrintf("tor: Get SOCKS port command failed; error code %d\n", reply.code);
@ -400,7 +403,11 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
Assume(resolved.IsValid()); Assume(resolved.IsValid());
LogDebug(BCLog::TOR, "Configuring onion proxy for %s\n", resolved.ToStringAddrPort()); LogDebug(BCLog::TOR, "Configuring onion proxy for %s\n", resolved.ToStringAddrPort());
Proxy addrOnion = Proxy(resolved, true);
// With m_randomize_credentials = true, generates unique SOCKS credentials per proxy connection (e.g., Tor).
// Prevents connection correlation and enhances privacy by forcing different Tor circuits.
// Requires Tor's IsolateSOCKSAuth (default enabled) for effective isolation (see IsolateSOCKSAuth section in https://2019.www.torproject.org/docs/tor-manual.html.en).
Proxy addrOnion = Proxy(resolved, /*_randomize_credentials=*/ true);
SetProxy(NET_ONION, addrOnion); SetProxy(NET_ONION, addrOnion);
const auto onlynets = gArgs.GetArgs("-onlynet"); const auto onlynets = gArgs.GetArgs("-onlynet");
@ -422,7 +429,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlReply& reply) void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlReply& reply)
{ {
if (reply.code == 250) { if (reply.code == TOR_REPLY_OK) {
LogDebug(BCLog::TOR, "ADD_ONION successful\n"); LogDebug(BCLog::TOR, "ADD_ONION successful\n");
for (const std::string &s : reply.lines) { for (const std::string &s : reply.lines) {
std::map<std::string,std::string> m = ParseTorReplyMapping(s); std::map<std::string,std::string> m = ParseTorReplyMapping(s);
@ -448,7 +455,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe
} }
AddLocal(service, LOCAL_MANUAL); AddLocal(service, LOCAL_MANUAL);
// ... onion requested - keep connection open // ... onion requested - keep connection open
} else if (reply.code == 510) { // 510 Unrecognized command } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
LogPrintf("tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n"); LogPrintf("tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n");
} else { } else {
LogPrintf("tor: Add onion failed; error code %d\n", reply.code); LogPrintf("tor: Add onion failed; error code %d\n", reply.code);
@ -457,7 +464,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe
void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& reply) void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& reply)
{ {
if (reply.code == 250) { if (reply.code == TOR_REPLY_OK) {
LogDebug(BCLog::TOR, "Authentication successful\n"); LogDebug(BCLog::TOR, "Authentication successful\n");
// Now that we know Tor is running setup the proxy for onion addresses // Now that we know Tor is running setup the proxy for onion addresses
@ -508,7 +515,7 @@ static std::vector<uint8_t> ComputeResponse(const std::string &key, const std::v
void TorController::authchallenge_cb(TorControlConnection& _conn, const TorControlReply& reply) void TorController::authchallenge_cb(TorControlConnection& _conn, const TorControlReply& reply)
{ {
if (reply.code == 250) { if (reply.code == TOR_REPLY_OK) {
LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful\n"); LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful\n");
std::pair<std::string,std::string> l = SplitTorReplyLine(reply.lines[0]); std::pair<std::string,std::string> l = SplitTorReplyLine(reply.lines[0]);
if (l.first == "AUTHCHALLENGE") { if (l.first == "AUTHCHALLENGE") {
@ -543,7 +550,7 @@ void TorController::authchallenge_cb(TorControlConnection& _conn, const TorContr
void TorController::protocolinfo_cb(TorControlConnection& _conn, const TorControlReply& reply) void TorController::protocolinfo_cb(TorControlConnection& _conn, const TorControlReply& reply)
{ {
if (reply.code == 250) { if (reply.code == TOR_REPLY_OK) {
std::set<std::string> methods; std::set<std::string> methods;
std::string cookiefile; std::string cookiefile;
/* /*