Onion v2 deprecation

common/test/run-ip_port_parsing.c

@@ -113,6 +113,7 @@ void towire_u8_array(u8 **pptr UNNEEDED, const u8 *arr UNNEEDED, size_t num UNNE
 int main(int argc, char *argv[])
 {
 	struct wireaddr addr;
+	struct wireaddr_internal addr_int;
 	char *ip;
 	u16 port;
 
@@ -189,6 +190,12 @@ int main(int argc, char *argv[])
 	assert(parse_wireaddr("odpzvneidqdf5hdq.onion", &addr, 1, false, NULL));
 	assert(addr.port == 1);
 
+	// Don't accept legacy hidden services with deprecated APIs on
+	assert(!parse_wireaddr_internal("odpzvneidqdf5hdq.onion", &addr_int, 1,
+				        false, false, false, /* allow_deprecated = */ false, NULL));
+	assert(parse_wireaddr_internal("odpzvneidqdf5hdq.onion", &addr_int, 1,
+				       false, false, false, /* allow_deprecated = */ true, NULL));
+
 	assert(tal_count(wireaddr_from_hostname(tmpctx, "odpzvneidqdf5hdq.onion", 1, NULL, NULL, NULL)) > 0);
 	assert(wireaddr_from_hostname(tmpctx, "aaa.onion", 1, NULL, NULL, NULL) == NULL);
 

common/wireaddr.c

@@ -8,6 +8,7 @@
 #include <ccan/str/hex/hex.h>
 #include <ccan/tal/str/str.h>
 #include <common/base32.h>
+#include <common/configdir.h>
 #include <common/type_to_string.h>
 #include <common/utils.h>
 #include <common/wireaddr.h>
@@ -446,7 +447,7 @@ bool parse_wireaddr(const char *arg, struct wireaddr *addr, u16 defport,
 
 bool parse_wireaddr_internal(const char *arg, struct wireaddr_internal *addr,
 			     u16 port, bool wildcard_ok, bool dns_ok,
-			     bool unresolved_ok,
+			     bool unresolved_ok, bool allow_deprecated,
 			     const char **err_msg)
 {
 	u16 splitport;
@@ -491,18 +492,17 @@ bool parse_wireaddr_internal(const char *arg, struct wireaddr_internal *addr,
 					}
 				} else {
 					if (err_msg)
-							*err_msg = "Bad :torport: format";
+						*err_msg = "Bad :torport: format";
 					return false;
 				}
 			}
 		}
 
-	service_addr = tal_fmt(tmpctx, "%s", parts[0] + strlen("autotor:"));
+		service_addr = tal_fmt(tmpctx, "%s", parts[0] + strlen("autotor:"));
 
-	return parse_wireaddr(service_addr,
+		return parse_wireaddr(service_addr,
 				      &addr->u.torservice.address, 9051,
-				      dns_ok ? NULL : &needed_dns,
-				      err_msg);
+				      dns_ok ? NULL : &needed_dns, err_msg);
 	}
 
 	/* 'statictor:' is a special prefix meaning talk to Tor to create
@@ -540,23 +540,25 @@ bool parse_wireaddr_internal(const char *arg, struct wireaddr_internal *addr,
 							*err_msg = "Blob too short";
 						return false;
 					}
-				strncpy((char *)&(addr->u.torservice.blob[0]), (const char *)parts_eq[1], TOR_V3_BLOBLEN);
+				strncpy((char *)&(addr->u.torservice.blob[0]),
+					(const char *)parts_eq[1], TOR_V3_BLOBLEN);
 				use_magic_blob = false;
 				}
 			}
 		}
 
-	if (use_magic_blob) {
-		/* when statictor called just with the service address and or port generate the unique onion */
-		strncpy((char *)&(addr->u.torservice.blob[0]), tal_fmt(tmpctx, STATIC_TOR_MAGIC_STRING), strlen(STATIC_TOR_MAGIC_STRING));
-	}
+		if (use_magic_blob) {
+			/* when statictor called just with the service address and or port generate the unique onion */
+			strncpy((char *)&(addr->u.torservice.blob[0]),
+				tal_fmt(tmpctx, STATIC_TOR_MAGIC_STRING),
+				strlen(STATIC_TOR_MAGIC_STRING));
+		}
 
-	service_addr = tal_fmt(tmpctx, "%s", parts[0] + strlen("statictor:"));
+		service_addr = tal_fmt(tmpctx, "%s", parts[0] + strlen("statictor:"));
 
-	return parse_wireaddr(service_addr,
+		return parse_wireaddr(service_addr,
 				      &addr->u.torservice.address, 9051,
-				      dns_ok ? NULL : &needed_dns,
-				      err_msg);
+				      dns_ok ? NULL : &needed_dns, err_msg);
 	}
 
 	splitport = port;
@@ -577,8 +579,15 @@ bool parse_wireaddr_internal(const char *arg, struct wireaddr_internal *addr,
 
 	addr->itype = ADDR_INTERNAL_WIREADDR;
 	if (parse_wireaddr(arg, &addr->u.wireaddr, port,
-			   dns_ok ? NULL : &needed_dns, err_msg))
+			   dns_ok ? NULL : &needed_dns, err_msg)) {
+		if (!allow_deprecated && addr->u.wireaddr.type == ADDR_TYPE_TOR_V2) {
+			if (err_msg)
+				*err_msg = "v2 Tor onion services are deprecated";
+			return false;
+		}
+
 		return true;
+	}
 
 	if (!needed_dns || !unresolved_ok)
 		return false;

common/wireaddr.h

@@ -140,7 +140,8 @@ struct wireaddr_internal {
 };
 bool parse_wireaddr_internal(const char *arg, struct wireaddr_internal *addr,
 			     u16 port, bool wildcard_ok, bool dns_ok,
-			     bool unresolved_ok, const char **err_msg);
+			     bool unresolved_ok, bool allow_deprecated,
+			     const char **err_msg);
 
 void towire_wireaddr_internal(u8 **pptr,
 				 const struct wireaddr_internal *addr);

devtools/gossipwith.c

@@ -299,7 +299,7 @@ int main(int argc, char *argv[])
 				    (int)(at - argv[1]), argv[1]);
 
 	if (!parse_wireaddr_internal(at+1, &addr, DEFAULT_PORT, NULL,
-				     true, false, &err_msg))
+				     true, false, true, &err_msg))
 		opt_usage_exit_fail("%s '%s'", err_msg, argv[1]);
 
 	switch (addr.itype) {

doc/TOR.md

@@ -2,11 +2,8 @@
 
 To use any Tor features with c-lightning you must have Tor installed and running.
 
-Please note that nodes with V3 onion address i.e `vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion`
-will not be reachable over Tor if your Tor version is below 0.3.2.2-alpha
-
-Connections to nodes with old Tor V2 address form with less than 10 char prefix before .onion
-i.e.`3fyb44wdhnd2ghhl.onion` should work with any version of Tor.
+Note that [Tor v2 onion services are deprecated since mid-2020](https://blog.torproject.org/v2-deprecation-timeline)
+and that C-lightning deprecated their support since mid-2021.
 
 You can check your installed Tor version with `tor --version` or `sudo tor --version`
 
@@ -284,8 +281,7 @@ You can then specify multiple `statictor:` options with different
 `BLOB`s.
 
 However, even if you have multiple persistent addresses, you can
-only announce up to one each of a Tor V2 and a Tor V3 address.
-`statictor:` uses Tor V3 addresses by default.
+only announce up to one onion service (v3).
 This is a limitation of the BOLT spec.
 It is still possible for other nodes to contact you by those
 other hidden services.
@@ -297,13 +293,6 @@ address.
 
 ##### Explicit Control
 
-Add these lines in the `/etc/tor/torrc` file:
-
-````
-HiddenServiceDir /var/lib/tor/lightningd-service_v2/
-HiddenServicePort 1234 127.0.0.1:9735
-````
-
 If you want to create a version 3 address, you must also add `HiddenServiceVersion 3` so
 the whole section will be:
 
@@ -323,49 +312,28 @@ Save the file and restart the Tor service. In linux:
 on the configuration of your system.
 
 You will find the newly created address with:
-
-```
-sudo cat /var/lib/tor/lightningd-service_v2/hostname
-```
-or
 ```
 sudo cat /var/lib/tor/lightningd-service_v3/hostname
 ```
-in the
-case of a version 3 Tor address.
 
 Now you are able to create:
 
-* Non-persistent version 2 .onion address via auto service (temp-v2)
-
-* Persistent version 2 and version 3 .onion addresseses (v2 and v3).
+* Persistent version 3 hidden services.
 
 Let's see how to use them.
 
 ### What do we support
 
-| Case #  | IP Number     | Tor address               |Incoming / Outgoing Tor |
+| Case #  | IP Number     | Hidden service            |Incoming / Outgoing Tor |
 | ------- | ------------- | ------------------------- |-------------------------
 | 1       | Public        | NO                        | Outgoing               |
-| 2       | Public        | v2 [1]                    | Incoming [4]           |
-| 3       | Public        | temp-v2 [2]               | Incoming               |
-| 4       | Not Announced | v2                        | Incoming               |
-| 5       | Not Announced | temp-v2                   | Incoming               |
-| 6       | Public        | v3 [3] + temp-v2          | Incoming               |
-| 7       | Not Announced | v3 + v2 + temp-v2         | Incoming               |
+| 6       | Public        | v3                        | Incoming [1]           |
+| 7       | Not Announced | v3                        | Incoming               |
 | 8       | Public        | NO                        | Outcoing socks5 .      |
 
 NOTE:
 
-1. v2: The Version 2 onion address is persistent across Tor service restarts.
-It is created when you create the [Tor Hidden Service](#Creation-of-an-hidden-service-for-a-persistent-onion-address).
-
-2. temp-v2: The Version 2 onion address changes at each restart of the Tor service.
-A non-persistent .onion address is generated by accessing an [auto service](#creation-of-an-auto-service-for-non-persistent-onion-addresses).
-
-3. All the v3 addresses refer to [.onion addresses version 3].
-
-4. In all the "Incoming" use case, the node can also make "Outgoing" Tor
+1. In all the "Incoming" use case, the node can also make "Outgoing" Tor
 connections (connect to a .onion address) by adding the
 `--proxy=127.0.0.1:9050` option.
 
@@ -493,13 +461,12 @@ Other nodes will not be able to `connect` to you unless you communicate them how
 You will find your .onion address with the command `lightning-cli getinfo` and the other nodes will
 be able to connect to it through the 9735 port.
 
-#### Case #6 c-lightning has a public IP address and a fixed Tor V3 service address and a Tor V2 service address
+#### Case #6 c-lightning has a public IP address and a fixed Tor v3 hidden service
 
-You will be reachable via Clearnet, via Tor to the .onion V3 address and the
-.onion V2 address if this last is communicated to the node that wants to
+You will be reachable via Clearnet, via Tor to the .onion if it is communicated to the node that wants to
 connect with our node.
 
-to make your external IP address public you add:
+To make your external IP address public you add:
 ```
 --bind-addr=yourInternalAddress:port --announce-addr=yourexternalIPAddress:port`.
 ```
@@ -509,15 +476,13 @@ If the node is not on an internal network the option will be:
 Once the .onion addresses have been created with the procedures [oulined above](#creation-of-an-hidden-service-for-a-persistent-onion-address),
 the node is already reachable at the .onion address.
 
-To make your external .onion addresses public you add:
+To make your external hidden service public you add:
 ```
---announce-addr=.onionAddressV2:port --announce-addr=.onionAddressV3:port
+--announce-addr=.onionAddressV3:port
 ```
 to the options to publish your IP number.
 
-#### Case #7 c-lightning has no public IP address, a fixed Tor V3 service address, a fixed Tor V2 service address and also a 3rd non persisten V2 address
-
-External users can connect to this node by Tor V2 and V3 and a random V2 until next tor release, then also (V3 randomly).
+#### Case #7 c-lightning has no public IP address, a fixed Tor V3 service address
 
 The Persistent addresses can be created with the steps [outlined above](#creation-of-an-hidden-service-for-a-persistent-onion-address).
 
@@ -529,9 +494,9 @@ Also you must specify `--tor-service-password=yourpassword` (not the hash) to ac
 Tor service at 9051 If you have protected them with the password (no additional options if
 they are protected with a cookie file. [See above](#creation-of-an-auto-service-for-non-persistent-onion-addresses)).
 
-To make your external .onion address (V2 and V3) public you add:
+To make your external onion service public you add:
 ```
---bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddressV2:port --announce-addr=your.onionAddressV3:port
+--bind-addr=yourInternalIPAddress:port --announce-addr=your.onionAddressV3:port
 ```
 #### Case #8 	c-lightning has a public IP address and no Tor addresses
 

doc/lightningd-config.5

@@ -505,10 +505,6 @@ all DNS lookups, to avoid leaking information\.
 Disable the DNS bootstrapping mechanism to find a node by its node ID\.
 
 
- \fBenable-autotor-v2-mode\fR
-Try to get a v2 onion address from the Tor service call, default is v3\.
-
-
  \fBtor-service-password\fR=\fIPASSWORD\fR
 Set a Tor control password, which may be needed for \fIautotor:\fR to
 authenticate to the Tor control port\.
@@ -632,4 +628,4 @@ Main web site: \fIhttps://github.com/ElementsProject/lightning\fR
 Note: the modules in the ccan/ directory have their own licenses, but
 the rest of the code is covered by the BSD-style MIT license\.
 
-\" SHA256STAMP:1cbbdff8f2b7ba54d6912c54a731357fcf37b87c053a528d546f3ffbfccd1216
+\" SHA256STAMP:0010662a69870c935bdd6d701a254bfc116435797bbe026d8ca0c0de078c6492

doc/lightningd-config.5.md

@@ -414,9 +414,6 @@ all DNS lookups, to avoid leaking information.
  **disable-dns**
 Disable the DNS bootstrapping mechanism to find a node by its node ID.
 
- **enable-autotor-v2-mode**
-Try to get a v2 onion address from the Tor service call, default is v3.
-
  **tor-service-password**=*PASSWORD*
 Set a Tor control password, which may be needed for *autotor:* to
 authenticate to the Tor control port.

lightningd/connect_control.c

@@ -2,6 +2,7 @@
 #include <ccan/fdpass/fdpass.h>
 #include <ccan/list/list.h>
 #include <ccan/tal/str/str.h>
+#include <common/configdir.h>
 #include <common/errcode.h>
 #include <common/features.h>
 #include <common/json_command.h>
@@ -166,7 +167,7 @@ static struct command_result *json_connect(struct command *cmd,
 		if (!parse_wireaddr_internal(name, addr, *port, false,
 					     !cmd->ld->use_proxy_always
 					     && !cmd->ld->pure_tor_setup,
-					     true,
+					     true, deprecated_apis,
 					     &err_msg)) {
 			return command_fail(cmd, LIGHTNINGD,
 					    "Host %s:%u not valid: %s",

lightningd/options.c

@@ -145,7 +145,7 @@ static char *opt_add_addr_withtype(const char *arg,
 	if (!parse_wireaddr_internal(arg, &wi,
 				     ld->portnum,
 				     wildcard_ok, !ld->use_proxy_always, false,
-				     &err_msg)) {
+				     deprecated_apis, &err_msg)) {
 		return tal_fmt(NULL, "Unable to parse address '%s': %s", arg, err_msg);
 	}
 	tal_arr_expand(&ld->proposed_wireaddr, wi);
@@ -202,7 +202,8 @@ static char *opt_add_addr(const char *arg, struct lightningd *ld)
 	struct wireaddr_internal addr;
 
 	/* handle in case you used the addr option with an .onion */
-	if (parse_wireaddr_internal(arg, &addr, 0, true, false, true, NULL)) {
+	if (parse_wireaddr_internal(arg, &addr, 0, true, false, true,
+				    deprecated_apis, NULL)) {
 		if (addr.itype == ADDR_INTERNAL_WIREADDR && (
 			addr.u.wireaddr.type == ADDR_TYPE_TOR_V2 ||
 			addr.u.wireaddr.type == ADDR_TYPE_TOR_V3)) {
@@ -249,7 +250,8 @@ static char *opt_add_bind_addr(const char *arg, struct lightningd *ld)
 	struct wireaddr_internal addr;
 
 	/* handle in case you used the bind option with an .onion */
-	if (parse_wireaddr_internal(arg, &addr, 0, true, false, true, NULL)) {
+	if (parse_wireaddr_internal(arg, &addr, 0, true, false, true,
+				    deprecated_apis, NULL)) {
 		if (addr.itype == ADDR_INTERNAL_WIREADDR && (
 			addr.u.wireaddr.type == ADDR_TYPE_TOR_V2 ||
 			addr.u.wireaddr.type == ADDR_TYPE_TOR_V3)) {
@@ -949,7 +951,7 @@ static void register_opts(struct lightningd *ld)
 			 "Set an IP address (v4 or v6) to listen on, but not announce");
 	opt_register_arg("--announce-addr", opt_add_announce_addr, NULL,
 			 ld,
-			 "Set an IP address (v4 or v6) or .onion v2/v3 to announce, but not listen on");
+			 "Set an IP address (v4 or v6) or .onion v3 to announce, but not listen on");
 
 	opt_register_noarg("--offline", opt_set_offline, ld,
 			   "Start in offline-mode (do not automatically reconnect and do not accept incoming connections)");
@@ -966,8 +968,9 @@ static void register_opts(struct lightningd *ld)
 	opt_register_noarg("--disable-dns", opt_set_invbool, &ld->config.use_dns,
 			   "Disable DNS lookups of peers");
 
-	opt_register_noarg("--enable-autotor-v2-mode", opt_set_invbool, &ld->config.use_v3_autotor,
-			   "Try to get a v2 onion address from the Tor service call, default is v3");
+	if (deprecated_apis)
+		opt_register_noarg("--enable-autotor-v2-mode", opt_set_invbool, &ld->config.use_v3_autotor,
+			   	   "Try to get a v2 onion address from the Tor service call, default is v3");
 
 	opt_register_noarg("--encrypted-hsm", opt_set_hsm_password, ld,
 	                   "Set the password to encrypt hsm_secret with. If no password is passed through command line, "