net: Automatically create hidden service, listen on Tor

laanwj commented at 3:43 pm on September 4, 2015: member

Discussion in #6586.

Starting with Tor version 0.2.7.1 it is possible, through Tor’s control socket API, to create and destroy ’ephemeral’ hidden services programmatically. https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service

This means that if Tor is running (and proper authorization is available), bitcoin automatically creates a hidden service to listen on, without user manual configuration. This will positively affect the number of available .onion nodes.

When the node is started, connect to Tor through control socket
Send ADD_ONION command
First time:
- Make it create a hidden service key
- Save the key in the data directory for later usage
Make it redirect port 8333 to the local port 8333 (or whatever port we’re listening on).
Keep control socket connection open for as long node is running. The hidden service will (by default) automatically go away when the connection is closed.

Adds command line options:

-listenonion Automatically create Tor hidden service (default: 1)
-torcontrol=<ip>:<port> “Tor control port to use if onion listening enabled (default: 127.0.0.1:9051)

TODO:

SAFECOOKIE authentication support (see discussion in #6586)
HASHEDPASSWORD authentication: manually provide Tor credentials
Logging: most of the more specific logging should go into a debug category

laanwj added the label P2P on Sep 4, 2015

jgarzik commented at 11:27 pm on September 15, 2015: contributor

I like the feature - concept ACK

Trying to think through whether there are edge cases that persuade us to default this ‘off’ Leaning towards default-on as presented.

dcousens commented at 7:09 am on September 16, 2015: contributor

concept ACK

btcdrak commented at 7:55 pm on September 23, 2015: contributor

concept ACK

sipa commented at 0:07 am on September 26, 2015: member

2015-09-26 00:03:11 [tor] Using COOKIE authentication, reading cookie authentication from /var/run/tor/control.authcookie 2015-09-26 00:03:11 [tor] Authentication cookie not found, is inaccessible, or is not exactly 64 bytes

I have ControlPort 9051 and CookieAuthentication in torrc.

pstratem commented at 0:23 am on September 26, 2015: contributor

Check the permissions On Sep 25, 2015 5:07 PM, “Pieter Wuille” notifications@github.com wrote:

2015-09-26 00:03:11 [tor] Using COOKIE authentication, reading cookie authentication from /var/run/tor/control.authcookie 2015-09-26 00:03:11 [tor] Authentication cookie not found, is inaccessible, or is not exactly 64 bytes

I have ControlPort 9051 and CookieAuthentication in torrc.

— Reply to this email directly or view it on GitHub #6639 (comment).

laanwj force-pushed on Oct 2, 2015

laanwj commented at 12:25 pm on October 2, 2015: member

@sipa the check was broken, the cookie is 32 bytes not 64. That said, we should have a more specific error message.

in src/torcontrol.cpp: in 4ed85cff18 outdated

301+{
302+    FILE *f = fopen(filename.c_str(), "wb");
303+    if (f == NULL)
304+        return false;
305+    if (fwrite(data.data(), 1, data.size(), f) != data.size())
306+        return false;

theuni commented at 3:24 pm on October 2, 2015:

false case needs fclose too

laanwj commented at 4:50 pm on October 2, 2015:

oops good catch

theuni commented at 3:54 pm on October 2, 2015: member

Can the shutdown detection be changed to work like the httpserver? ie Init calls InterruptTorControl() which starts the immediate shutdown process?

in src/torcontrol.cpp: in 4ed85cff18 outdated

192+    return true;
193+}
194+
195+bool TorControlConnection::Disconnect()
196+{
197+    if (b_conn)

theuni commented at 4:26 pm on October 2, 2015:

Need to undo the AddLocal here?

in src/torcontrol.cpp: in 4ed85cff18 outdated

183+    bufferevent_enable(b_conn, EV_READ|EV_WRITE);
184+    this->connected = connected;
185+    this->disconnected = disconnected;
186+
187+    // Finally, connect to target
188+    if (bufferevent_socket_connect(b_conn, (struct sockaddr*)&connect_to_addr, connect_to_addrlen) < 0) {

theuni commented at 4:37 pm on October 2, 2015:

Don’t we want logic to retry this every n seconds if it fails? If I launch Bitcoin and Tor a minute later, I would expect that it would be detected and used after a few minutes.

laanwj commented at 4:48 pm on October 2, 2015:

That’s what RECONNECT_TIMEOUT_START / RECONNECT_TIMEOUT_EXP is supposed to do. When I last checked, it was working.

theuni commented at 5:04 pm on October 2, 2015:

It looks like that only works on disconnection, though. If the first attempt fails on socket connection and the callbacks never start, I don’t see how the reconnect logic kicks in. Am I misreading?

theuni commented at 5:28 pm on October 2, 2015:

Nevermind, I misremembered this function’s return meaning. I thought it was possible to get an immediate failure in some cases, but a quick test shows that’s not the case.

theuni commented at 4:43 pm on October 2, 2015: member

(Not for this PR) Looks like it’d be pretty simple to add support for connecting via Unix socket (/var/run/tor/control) as well.

theuni commented at 4:45 pm on October 2, 2015: member

Concept ACK. This looks like a great feature.

laanwj commented at 9:57 am on October 3, 2015: member

@cfields

Can the shutdown detection be changed to work like the httpserver? ie Init calls InterruptTorControl() which starts the immediate shutdown process?

Yes, that sounds better. I have not done this before because it means making the libevent instance thread-safe - Interrupt happens from a different thread. But as we need multi-threaded libevent anyway from the http server that’s a bad reason.

(Not for this PR) Looks like it’d be pretty simple to add support for connecting via Unix socket (/var/run/tor/control) as well.

Good idea.

laanwj commented at 3:26 pm on October 3, 2015: member

Ok: addressed all of @theuni’s comments (apart from the UNIX socket, which we can add later). Still have SAFECOOKIE auth support on my TODO list above, it is superior to COOKIE (no potential exposure of data), and COOKIE will eventually be deprecated. This does require use of HMAC-SHA256. Luckily we have an implementation of that for BIP32, so I think it’s doable.

Edit: done

net: Automatically create hidden service, listen on Tor

Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically.
https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service

This means that if Tor is running (and proper authorization is available),
bitcoin automatically creates a hidden service to listen on, without user
manual configuration. This will positively affect the number of available
.onion nodes.

- When the node is started, connect to Tor through control socket
- Send `ADD_ONION` command
- First time:
    - Make it create a hidden service key
    - Save the key in the data directory for later usage
- Make it redirect port 8333 to the local port 8333 (or whatever port we're listening on).
- Keep control socket connection open for as long node is running. The hidden service will
  (by default) automatically go away when the connection is closed.

8f4e67f152

Better error message if Tor version too old 2f796e5fe7

laanwj force-pushed on Nov 10, 2015

laanwj commented at 5:07 pm on November 10, 2015: member

Also mentioned in release notes now.

petertodd commented at 8:30 pm on November 10, 2015: contributor

ACK

Tests done:

Restart reuses cached onion private key
SAFECOOKIE auth
HASHEDPASSWORD auth
Onion advertisement stops with tor disconnects
Onion advertisement starts when tor restarted

sipa commented at 7:53 am on November 11, 2015: member

No code review, did a weak test (it correctly reports my Tor version is too old).

MarcoFalke commented at 12:50 pm on November 11, 2015: member

That’s great! I will try to look into this soon.

petertodd commented at 6:06 pm on November 11, 2015: contributor

utACK squashme commits

in src/torcontrol.cpp: in 1bcc6beff6 outdated

418+        }
419+
420+        service = CService(service_id+".onion", GetListenPort(), false);
421+        LogPrintf("tor: Got service ID %s, advertizing service %s\n", service_id, service.ToString());
422+        if (WriteBinaryFile(GetPrivateKeyFile(), private_key)) {
423+            LogPrint("tor", "tor: Cached service private key to %s\n", GetPrivateKeyFile());

MarcoFalke commented at 10:41 pm on November 11, 2015:

~~Nit: “Wrote service key…”?~~

MarcoFalke commented at 10:54 pm on November 11, 2015:

Also, mind to pass this file through

contrib/devtools/clang-format.py clang-format src/torcontrol.cpp?

MarcoFalke commented at 10:25 am on November 12, 2015:

Nit: Please update https://github.com/bitcoin/bitcoin/blob/master/doc/files.md

MarcoFalke commented at 10:57 pm on November 11, 2015: member

Somehow I can set up a -onlynet=onion node and connect to it (sometimes) but it never established outgoing connections:

02015-11-11 22:05:45 tor: ADD_ONION succesful
12015-11-11 22:05:45 tor: Got service ID moheur3skn7jbca4, advertizing service moheur3skn7jbca4.onion:18333
22015-11-11 22:05:45 tor: Cached service private key to /home/test/.bitcoin/testnet3/onion_private_key
32015-11-11 22:05:45 AddLocal(moheur3skn7jbca4.onion:18333,4)
42015-11-11 22:05:46 Cannot connect to t6xj6wilh4ytvcs7.onion:18333: unsupported network
52015-11-11 22:05:46 Cannot connect to 4azvkpo55qaskhjl.onion:18333: unsupported network
62015-11-11 22:05:47 Cannot connect to nkf5e6b7pl4jfd4a.onion:18333: unsupported network
72015-11-11 22:05:48 Cannot connect to 4zhkir2ofl7orfom.onion:18333: unsupported network

gits7r commented at 11:56 pm on November 11, 2015: none

you are mistaking. it’s -onlynet=tor . you confuse onion with -onion=127.0.0.1:9050 where you instruct bitcoin to use that socks5 proxy to connect to onion peers (from tor network). While -onlynet=tor will make sure you connect only to onion (Tor) peers, -onion=xxx will only provide a gateway for these peers but connect to other kind of peers also.

MarcoFalke commented at 7:15 am on November 12, 2015: member

Then, why does -? doesn’t even mention tor?

0  -onlynet=<net>
1       Only connect to nodes in network <net> (ipv4, ipv6 or onion)

laanwj commented at 7:29 am on November 12, 2015: member

onlynet=onion should work. But is unrelated to this pull. Did you pass a proxy?

MarcoFalke commented at 7:48 am on November 12, 2015: member

I tried with and without proxy: bitcoin/src/bitcoind -debug=tor -onlynet=onion -proxy=127.0.0.1:9050 -listen=1 -torpassword=bar

But maybe my VPS provider is blocking tor…

laanwj commented at 7:54 am on November 12, 2015: member

They could, but that whouldn’t result in errors like

02015-11-11 22:05:46 Cannot connect to t6xj6wilh4ytvcs7.onion:18333: unsupported network

Instead you’d get proxy errors. It’s not using the proxy, why is that (again, this is seemingly unrleated to this pull, maybe file a new issue)

torcontrol improvements and fixes

- Force AUTHCOOKIE size to be 32 bytes: This provides protection against
  an attack where a process pretends to be Tor and uses the cookie
  authentication method to nab arbitrary files such as the
  wallet
- torcontrol logging
- fix cookie auth
- add HASHEDPASSWORD auth, fix fd leak when fwrite() fails
- better error reporting when cookie file is not ok
- better init/shutdown flow
- stop advertizing service when disconnected from tor control port
- COOKIE->SAFECOOKIE auth

09c1ae1c01

doc: Mention Tor listening in release notes 68ccdc4696

laanwj force-pushed on Nov 12, 2015

doc: update docs for Tor listening

- add new data directory files for 0.12 to doc/files.md
- mention torcontrol in doc/tor.md

58ef0ffa9e

laanwj referenced this in commit f291e9f8e6 on Nov 12, 2015

laanwj merged this on Nov 12, 2015

laanwj closed this on Nov 12, 2015

laanwj referenced this in commit bd629d77ed on Nov 12, 2015

MarcoFalke commented at 6:37 pm on November 12, 2015: member

tested ACK 58ef0ff

zkbot referenced this in commit 45faa928ec on Mar 26, 2017

DrahtBot locked this on Dec 16, 2021

net: Automatically create hidden service, listen on Tor #6639