Walletwasabi: Refactor Tor process handling and use control port

Approach ACK.

I'm not sure about details, like:

Execute Tor from the installation directory instead of copying it to datadir.

Do you have writing permission there? I'm not sure probably yes, but it needs to be checked.

Use custom ports, Wasabi should always run it's own Tor instance.

Using own Tor is good to make implementation & testing easier. Not sure whether it has downsides. @lontivero and @nopara73 may probably know more about this subject.

Approach ACK.

I'm not sure about details, like:

Execute Tor from the installation directory instead of copying it to datadir.

Do you have writing permission there? I'm not sure probably yes, but it needs to be checked.

The installer put the files there similarly like with hwi and bitcoind. From Wasabi we are not writing anything.

Not sure whether it has downsides. @lontivero and @nopara73 may probably know more about this subject.

It adds an extra Tor layer on torified OSs like Tails or Whonix. Nothing biggie.

@kiminuo can you take this from here?

Yes.

Sources to research:

• Bitcoin Core Tor handling code
• Wasabi PayJoin implementation here
• https://github.com/lontivero/Torino
• https://github.com/nopara73/DotNetTor/

In this PR you can find a naive payjoin receiver implementation where I controlled Tor using the tor control port in order to create hidden services on the fly.

About Torino, it allows to create/list/destroy hidden services, listen for all kind of events, measure the bandwidth used by circuit/stream/total, stop/pause tor, get info tor (version, PID, user, auth method, etc), reload configuration, change/save configuration, change the guards among other things. It doesn't support cookie authentication (the one we should use) but I think it is a two lines of code change.

Use the control port to ask the Tor instance to quit.

This is not necessary because Tor will close automatically once the connection with the tor control port is closed. This is a very clever design and it is the behavior by default.

@nopara73

It adds an extra Tor layer on torified OSs like Tails or Whonix. Nothing biggie.

Tor over Tor is discouraged by both Tor and Whonix developers.

https://torproject.org/docs/faq.html.en#ChoosePathLength
https://whonix.org/wiki/DoNot#Allow_Tor_over_Tor_Scenarios

The TL;DR quotes:

We don't want to encourage people to use paths longer than this — it increases load on the network without (as far as we can tell) providing any more security.
[...]
Also, using paths longer than 3 could harm anonymity.

However, it is not guaranteed that the three additional hops received are different; the user could end up with the same hops, possibly in reverse or mixed order.
[...]
Therefore, Tor over Tor configurations are strongly discouraged.

A simple very bad example I can imagine is if, as sometimes happens, the onion service of the coordinator goes down and the clients start connecting to the clearnet site. In a Tor over Tor scenario a client could get his guard node also as exit node (the guard node of e.g., Whonix will turn out to be the same node used by Wasabi Tor as exit), which is kinda one of the worst possible thing for a Tor user.

There are not many users that use torified OSs, and Wasabi uses mostly onion services (which should alleviate some of the problems), but those users should have the option to opt-out and not use the Wasabi Tor instance.