Skip to content

Commit 6af68bb

Browse files
ryanofskyryanofsky
committed
Merge bitcoin/bitcoin#32166: torcontrol: Define tor reply code as const to improve our maintainability
8e4a0dd torcontrol: Add comment explaining Proxy credential randomization for Tor privacy (Eval EXEC) ec5c0b2 torcontrol: Define tor reply code as const to improve maintainability (Eval EXEC) Pull request description: This PR want to: 1. replace tor repy code with const to improve out maintainability. 2. cherry-picked bitcoin/bitcoin#31973 , add comment to explain Proxy credential randomization for Tor privacy ACKs for top commit: hodlinator: re-ACK 8e4a0dd laanwj: re-ACK 8e4a0dd Tree-SHA512: 038daa6508ca88fceed5c8e155430614cb56976f36d1f8baee5114bca1141122cf94f51814a869848b3442691ee765cbf609cf946b2b35d5135015a9b749d917
2 parents 6593293 + 8e4a0dd commit 6af68bb

File tree

1 file changed

+15
-8
lines changed

1 file changed

+15
-8
lines changed

src/torcontrol.cpp

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,9 @@ const std::string DEFAULT_TOR_CONTROL = "127.0.0.1:" + ToString(DEFAULT_TOR_CONT
5353
static const int TOR_COOKIE_SIZE = 32;
5454
/** Size of client/server nonce for SAFECOOKIE */
5555
static const int TOR_NONCE_SIZE = 32;
56+
/** Tor control reply code. Ref: https://spec.torproject.org/control-spec/replies.html */
57+
static const int TOR_REPLY_OK = 250;
58+
static const int TOR_REPLY_UNRECOGNIZED = 510;
5659
/** For computing serverHash in SAFECOOKIE */
5760
static const std::string TOR_SAFE_SERVERKEY = "Tor safe cookie authentication server-to-controller hash";
5861
/** For computing clientHash in SAFECOOKIE */
@@ -357,7 +360,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
357360
{
358361
// NOTE: We can only get here if -onion is unset
359362
std::string socks_location;
360-
if (reply.code == 250) {
363+
if (reply.code == TOR_REPLY_OK) {
361364
for (const auto& line : reply.lines) {
362365
if (line.starts_with("net/listeners/socks=")) {
363366
const std::string port_list_str = line.substr(20);
@@ -382,7 +385,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
382385
} else {
383386
LogPrintf("tor: Get SOCKS port command returned nothing\n");
384387
}
385-
} else if (reply.code == 510) { // 510 Unrecognized command
388+
} else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
386389
LogPrintf("tor: Get SOCKS port command failed with unrecognized command (You probably should upgrade Tor)\n");
387390
} else {
388391
LogPrintf("tor: Get SOCKS port command failed; error code %d\n", reply.code);
@@ -400,7 +403,11 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
400403

401404
Assume(resolved.IsValid());
402405
LogDebug(BCLog::TOR, "Configuring onion proxy for %s\n", resolved.ToStringAddrPort());
403-
Proxy addrOnion = Proxy(resolved, true);
406+
407+
// With m_randomize_credentials = true, generates unique SOCKS credentials per proxy connection (e.g., Tor).
408+
// Prevents connection correlation and enhances privacy by forcing different Tor circuits.
409+
// Requires Tor's IsolateSOCKSAuth (default enabled) for effective isolation (see IsolateSOCKSAuth section in https://2019.www.torproject.org/docs/tor-manual.html.en).
410+
Proxy addrOnion = Proxy(resolved, /*_randomize_credentials=*/ true);
404411
SetProxy(NET_ONION, addrOnion);
405412

406413
const auto onlynets = gArgs.GetArgs("-onlynet");
@@ -422,7 +429,7 @@ void TorController::get_socks_cb(TorControlConnection& _conn, const TorControlRe
422429

423430
void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlReply& reply)
424431
{
425-
if (reply.code == 250) {
432+
if (reply.code == TOR_REPLY_OK) {
426433
LogDebug(BCLog::TOR, "ADD_ONION successful\n");
427434
for (const std::string &s : reply.lines) {
428435
std::map<std::string,std::string> m = ParseTorReplyMapping(s);
@@ -448,7 +455,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe
448455
}
449456
AddLocal(service, LOCAL_MANUAL);
450457
// ... onion requested - keep connection open
451-
} else if (reply.code == 510) { // 510 Unrecognized command
458+
} else if (reply.code == TOR_REPLY_UNRECOGNIZED) {
452459
LogPrintf("tor: Add onion failed with unrecognized command (You probably need to upgrade Tor)\n");
453460
} else {
454461
LogPrintf("tor: Add onion failed; error code %d\n", reply.code);
@@ -457,7 +464,7 @@ void TorController::add_onion_cb(TorControlConnection& _conn, const TorControlRe
457464

458465
void TorController::auth_cb(TorControlConnection& _conn, const TorControlReply& reply)
459466
{
460-
if (reply.code == 250) {
467+
if (reply.code == TOR_REPLY_OK) {
461468
LogDebug(BCLog::TOR, "Authentication successful\n");
462469

463470
// Now that we know Tor is running setup the proxy for onion addresses
@@ -508,7 +515,7 @@ static std::vector<uint8_t> ComputeResponse(const std::string &key, const std::v
508515

509516
void TorController::authchallenge_cb(TorControlConnection& _conn, const TorControlReply& reply)
510517
{
511-
if (reply.code == 250) {
518+
if (reply.code == TOR_REPLY_OK) {
512519
LogDebug(BCLog::TOR, "SAFECOOKIE authentication challenge successful\n");
513520
std::pair<std::string,std::string> l = SplitTorReplyLine(reply.lines[0]);
514521
if (l.first == "AUTHCHALLENGE") {
@@ -543,7 +550,7 @@ void TorController::authchallenge_cb(TorControlConnection& _conn, const TorContr
543550

544551
void TorController::protocolinfo_cb(TorControlConnection& _conn, const TorControlReply& reply)
545552
{
546-
if (reply.code == 250) {
553+
if (reply.code == TOR_REPLY_OK) {
547554
std::set<std::string> methods;
548555
std::string cookiefile;
549556
/*

0 commit comments

Comments
 (0)