Merge bitcoin/bitcoin#32166: torcontrol: Define tor reply code as const to improve our maintainability

8e4a0ddd50 torcontrol: Add comment explaining Proxy credential randomization for Tor privacy (Eval EXEC) ec5c0b26ce torcontrol: Define tor reply code as const to improve maintainability (Eval EXEC) Pull request description: This PR want to: 1. replace tor repy code with const to improve out maintainability. 2. cherry-picked https://github.com/bitcoin/bitcoin/pull/31973 , add comment to explain Proxy credential randomization for Tor privacy ACKs for top commit: hodlinator: re-ACK 8e4a0ddd50 laanwj: re-ACK 8e4a0ddd50 Tree-SHA512: 038daa6508ca88fceed5c8e155430614cb56976f36d1f8baee5114bca1141122cf94f51814a869848b3442691ee765cbf609cf946b2b35d5135015a9b749d917
2025-04-29 14:59:39 -04:00 · 2025-04-01 12:45:52 -04:00 · 2025-04-01 12:45:52 -04:00 · 6af68bb84b
commit 6af68bb84b
parent 6593293e47 8e4a0ddd50
1 changed files with 15 additions and 8 deletions
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@ -53,6 +53,9 @@ const std::string DEFAULT_TOR_CONTROL = "127.0.0.1:" + ToString(DEFAULT_TOR_CONT
 static const int TOR_COOKIE_SIZE = 32;
 /** Size of client/server nonce for SAFECOOKIE */
 static const int TOR_NONCE_SIZE = 32;
+/** Tor control reply code. Ref: https://spec.torproject.org/control-spec/replies.html */
+static const int TOR_REPLY_OK = 250;
+static const int TOR_REPLY_UNRECOGNIZED = 510;
 /** For computing serverHash in SAFECOOKIE */
 static const std::string TOR_SAFE_SERVERKEY = "Tor safe cookie authentication server-to-controller hash";
 /** For computing clientHash in SAFECOOKIE */
@ -357,7 +360,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
 {
    // NOTE: We can only get here if -onion is unset
    std::string socks_location;
-    if (reply.code == 250) {
+    if (reply.code == TOR_REPLY_OK) {
        for (const auto& line : reply.lines) {
            if (line.starts_with("net/listeners/socks=")) {
                const std::string port_list_str = line.substr(20);
@ -382,7 +385,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
        } else {
            LogPrintf("tor: Get SOCKS port command returned nothing\n");
        }
-    } else if (reply.code == 510) {  // 510 Unrecognized command
+    } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
        LogPrintf("tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)\n");
    } else {
        LogPrintf("tor: Get SOCKS port command failed; error code %d\n", reply.code);
@ -400,7 +403,11 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe

    Assume(resolved.IsValid());
    LogDebug(BCLog::TOR, "Configuring onion proxy for %s\n", resolved.ToStringAddrPort());
-    Proxy addrOnion = Proxy(resolved, true);
+
+    // With m_randomize_credentials = true, generates unique SOCKS credentials per proxy connection (e.g., Tor).
+    // Prevents connection correlation and enhances privacy by forcing different Tor circuits.
+    // Requires Tor's IsolateSOCKSAuth (default enabled) for effective isolation (see IsolateSOCKSAuth section in https://2019.www.torproject.org/docs/tor-manual.html.en).
+    Proxy addrOnion = Proxy(resolved, /*_randomize_credentials=*/ true);
    SetProxy(NET_ONION, addrOnion);

    const auto onlynets = gArgs.GetArgs("-onlynet");
@ -422,7 +429,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe

 void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlReply& reply)
 {
-    if (reply.code == 250) {
+    if (reply.code == TOR_REPLY_OK) {
        LogDebug(BCLog::TOR, "ADD_ONION successful\n");
        for (const std::string &s : reply.lines) {
            std::map<std::string,std::string> m = ParseTorReplyMapping(s);
@ -448,7 +455,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe
        }
        AddLocal(service, LOCAL_MANUAL);
        // ... onion requested - keep connection open
-    } else if (reply.code == 510) { // 510 Unrecognized command
+    } else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
        LogPrintf("tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n");
    } else {
        LogPrintf("tor: Add onion failed; error code %d\n", reply.code);
@ -457,7 +464,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe

 void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& reply)
 {
-    if (reply.code == 250) {
+    if (reply.code == TOR_REPLY_OK) {
        LogDebug(BCLog::TOR, "Authentication successful\n");

        // Now that we know Tor is running setup the proxy for onion addresses
@ -508,7 +515,7 @@ static std::vector<uint8_t> ComputeResponse(const std::string &key, const std::v

 void TorController::authchallenge_cb(TorControlConnection& _conn, const TorControlReply& reply)
 {
-    if (reply.code == 250) {
+    if (reply.code == TOR_REPLY_OK) {
        LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful\n");
        std::pair<std::string,std::string> l = SplitTorReplyLine(reply.lines[0]);
        if (l.first == "AUTHCHALLENGE") {
@ -543,7 +550,7 @@ void TorController::authchallenge_cb(TorControlConnection& _conn, const TorContr

 void TorController::protocolinfo_cb(TorControlConnection& _conn, const TorControlReply& reply)
 {
-    if (reply.code == 250) {
+    if (reply.code == TOR_REPLY_OK) {
        std::set<std::string> methods;
        std::string cookiefile;
        /*