mimblewimble · wiesche89 · Jun 21, 2026 · May 22, 2026 · May 23, 2026 · May 23, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/api/src/owner.rs b/api/src/owner.rs
@@ -23,8 +23,8 @@ use uuid::Uuid;
 use crate::config::{TorConfig, WalletConfig};
 use crate::core::core::OutputFeatures;
 use crate::core::global;
-use crate::impls::HttpSlateSender;
 use crate::impls::SlateSender as _;
+use crate::impls::TorSlateSender;
 use crate::keychain::{Identifier, Keychain};
 use crate::libwallet::api_impl::owner_updater::{start_updater_log_thread, StatusMessage};
 use crate::libwallet::api_impl::{owner, owner_updater};
@@ -2496,17 +2496,17 @@ pub fn try_slatepack_sync_workflow(
 	slate: &Slate,
 	dest: &str,
 	tor_config: Option<TorConfig>,
-	tor_sender: Option<HttpSlateSender>,
+	tor_sender: Option<TorSlateSender>,
 	send_to_finalize: bool,
 	test_mode: bool,
-) -> Result<Option<Slate>, libwallet::Error> {
+) -> Result<Option<Slate>, Error> {
 	if let Some(tc) = &tor_config {
 		if tc.skip_send_attempt == Some(true) {
 			return Ok(None);
 		}
 	}
 	let mut ret_slate = Slate::blank(2, false);
-	let mut send_sync = |mut sender: HttpSlateSender, method_str: &str| match sender
+	let mut send_sync = |mut sender: TorSlateSender, method_str: &str| match sender
 		.send_tx(&slate, send_to_finalize)
 	{
 		Ok(s) => {
@@ -2532,18 +2532,16 @@ pub fn try_slatepack_sync_workflow(
 					if test_mode {
 						None
 					} else {
-						match HttpSlateSender::with_socks_proxy(
-							&tor_addr.to_http_str(),
-							&tor_config.as_ref().unwrap().socks_proxy_addr,
-							&tor_config.as_ref().unwrap().send_config_dir,
-							tor_config.as_ref().unwrap().bridge.clone(),
-							tor_config.as_ref().unwrap().proxy.clone(),
-						) {
-							Ok(s) => Some(s),
-							Err(e) => {
-								debug!("Send (TOR): Cannot create TOR Slate sender {:?}", e);
-								None
+						if let Some(tc) = tor_config {
+							match TorSlateSender::new(&tor_addr.to_http_str(), tc) {
+								Ok(s) => Some(s),
+								Err(e) => {
+									debug!("Send (TOR): Cannot create TOR Slate sender {:?}", e);
+									None
+								}
 							}
+						} else {
+							return Err(Error::TorConfig("Tor config is not set".to_string()));
 						}
 					}
 				}

diff --git a/config/src/comments.rs b/config/src/comments.rs
@@ -206,12 +206,20 @@ fn comments() -> HashMap<String, String> {
 		"[tor]".to_string(),
 		"
 #########################################
-### TOR CONFIGURATION (Experimental)  ###
+### TOR CONFIGURATION                 ###
 #########################################
 "
 		.to_string(),
 	);
 
+	retval.insert(
+		"use_integrated".to_string(),
+		"
+#Whether to use integrated Tor library
+"
+		.to_string(),
+	);
+
 	retval.insert(
 		"skip_send_attempt".to_string(),
 		"
@@ -259,8 +267,11 @@ fn comments() -> HashMap<String, String> {
 		"
 #Tor bridge relay: allow to send and receive via TOR in a country where it is censored.
 #Enable it by entering a single bridge line. To disable it, you must comment it.
-#Support of the transport: obfs4, meek and snowflake. 
-#obfs4proxy or snowflake client binary must be installed and on your path.
+#Support of the transport: webtunnel, obfs4, and snowflake.
+#webtunnel, obfs4proxy or snowflake client binary must be installed and on your path.
+#Custom path for client binary
+#bridge_bin_path = \"\"
+
 #For example, the bridge line must be in the following format for obfs4 transport: \"obfs4 [IP:PORT] [FINGERPRINT] cert=[CERT] iat-mode=[IAT-MODE]\"
 #bridge_line = \"\"
 

diff --git a/config/src/types.rs b/config/src/types.rs
@@ -162,6 +162,8 @@ impl From<io::Error> for ConfigError {
 /// Tor configuration
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
 pub struct TorConfig {
+	/// whether to use integrated Tor library
+	pub use_integrated: Option<bool>,
 	/// whether to skip any attempts to send via TOR
 	pub skip_send_attempt: Option<bool>,
 	/// Whether to start tor listener on listener startup (default true)
@@ -181,6 +183,7 @@ pub struct TorConfig {
 impl Default for TorConfig {
 	fn default() -> TorConfig {
 		TorConfig {
+			use_integrated: Some(true),
 			skip_send_attempt: Some(false),
 			use_tor_listener: true,
 			socks_proxy_addr: "127.0.0.1:59050".to_owned(),
@@ -194,6 +197,8 @@ impl Default for TorConfig {
 /// Tor Bridge Config
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
 pub struct TorBridgeConfig {
+	/// Path to bridge binary to use with integrated Tor library
+	pub bridge_bin_path: Option<String>,
 	/// Bridge Line
 	pub bridge_line: Option<String>,
 	/// Client Option
@@ -203,6 +208,7 @@ pub struct TorBridgeConfig {
 impl Default for TorBridgeConfig {
 	fn default() -> TorBridgeConfig {
 		TorBridgeConfig {
+			bridge_bin_path: None,
 			bridge_line: None,
 			client_option: None,
 		}

diff --git a/controller/Cargo.toml b/controller/Cargo.toml
@@ -21,7 +21,7 @@ log = "0.4"
 prettytable-rs = "0.10"
 ring = "0.16"
 term = "0.6"
-tokio = { version = "0.2", features = ["full"] }
+tokio = { version = "1.52.3", features = ["full"] }
 uuid = { version = "0.8", features = ["serde", "v4"] }
 url = "2.1"
 chrono = { version = "0.4.11", features = ["serde"] }

diff --git a/controller/src/command.rs b/controller/src/command.rs
@@ -224,7 +224,7 @@ where
 				g_args.tls_conf.clone(),
 				tor_config.use_tor_listener,
 				test_mode,
-				Some(tor_config.clone()),
+				tor_config,
 			);
 			if let Err(e) = res {
 				error!("Error starting listener: {}", e);

diff --git a/controller/src/controller.rs b/controller/src/controller.rs
@@ -48,6 +48,8 @@ use crate::apiwallet::{
 };
 use easy_jsonrpc_mw;
 use easy_jsonrpc_mw::{Handler, MaybeReply};
+use grin_wallet_impls::tor::arti::start_tor_service;
+use grin_wallet_impls::tor::Tor;
 
 lazy_static! {
 	pub static ref GRIN_OWNER_BASIC_REALM: HeaderValue =
@@ -82,32 +84,14 @@ fn check_middleware(
 }
 
 /// initiate the tor listener
-fn init_tor_listener<L, C, K>(
-	wallet: Arc<Mutex<Box<dyn WalletInst<'static, L, C, K> + 'static>>>,
-	keychain_mask: Arc<Mutex<Option<SecretKey>>>,
+fn init_tor_listener(
+	sec_key: SecretKey,
+	tor_dir: String,
 	addr: &str,
 	bridge: TorBridgeConfig,
 	tor_proxy: TorProxyConfig,
-) -> Result<(tor_process::TorProcess, SlatepackAddress), Error>
-where
-	L: WalletLCProvider<'static, C, K> + 'static,
-	C: NodeClient + 'static,
-	K: Keychain + 'static,
-{
+) -> Result<Tor, Error> {
 	let mut process = tor_process::TorProcess::new();
-	let mask = keychain_mask.lock();
-	// eventually want to read a list of service config keys
-	let mut w_lock = wallet.lock();
-	let lc = w_lock.lc_provider()?;
-	let w_inst = lc.wallet_inst()?;
-	let k = w_inst.keychain((&mask).as_ref())?;
-	let parent_key_id = w_inst.parent_key_id();
-	let tor_dir = format!("{}/tor/listener", lc.get_top_level_directory()?);
-	let sec_key = address::address_from_derivation_path(&k, &parent_key_id, 0)
-		.map_err(|e| Error::TorConfig(format!("{:?}", e)))?;
-	let onion_address = OnionV3Address::from_private(&sec_key.0)
-		.map_err(|e| Error::TorConfig(format!("{:?}", e)))?;
-	let sp_address = SlatepackAddress::try_from(onion_address.clone())?;
 
 	let mut hm_tor_bridge: HashMap<String, String> = HashMap::new();
 	let mut tor_timeout = 20;
@@ -129,10 +113,6 @@ where
 			.map_err(|e| Error::TorConfig(format!("{}", e).into()))?;
 	}
 
-	warn!(
-		"Starting Tor Hidden Service for API listener at address {}, binding to {}",
-		onion_address, addr
-	);
 	tor_config::output_tor_listener_config(
 		&tor_dir,
 		addr,
@@ -149,7 +129,11 @@ where
 		.completion_percent(100)
 		.launch()
 		.map_err(|e| Error::TorProcess(format!("{:?}", e)))?;
-	Ok((process, sp_address))
+	Ok(Tor {
+		process: Some(process),
+		service: None,
+		client: None,
+	})
 }
 
 /// Instantiate wallet Owner API for a single-use (command line) call
@@ -285,49 +269,67 @@ pub fn foreign_listener<L, C, K>(
 	tls_config: Option<TLSConfig>,
 	use_tor: bool,
 	test_mode: bool,
-	tor_config: Option<TorConfig>,
+	tor_config: TorConfig,
 ) -> Result<(), Error>
 where
 	L: WalletLCProvider<'static, C, K> + 'static,
 	C: NodeClient + 'static,
 	K: Keychain + 'static,
 {
 	// Check if wallet has been opened first
-	{
+	let (sec_key, tor_dir, onion_address) = {
+		let mask = keychain_mask.lock();
 		let mut w_lock = wallet.lock();
 		let lc = w_lock.lc_provider()?;
-		let _ = lc.wallet_inst()?;
-	}
-
-	let (tor_bridge, tor_proxy) = match tor_config.clone() {
-		Some(s) => (s.bridge, s.proxy),
-		None => (TorBridgeConfig::default(), TorProxyConfig::default()),
+		let w_inst = lc.wallet_inst()?;
+		let k = w_inst.keychain((&mask).as_ref())?;
+		let parent_key_id = w_inst.parent_key_id();
+		let sec_key = address::address_from_derivation_path(&k, &parent_key_id, 0)
+			.map_err(|e| Error::TorConfig(format!("{:?}", e)))?;
+		let tor_dir = format!("{}/tor/listener", lc.get_top_level_directory()?);
+		let onion_address = OnionV3Address::from_private(&sec_key.0)
+			.map_err(|e| Error::TorConfig(format!("{:?}", e)))?;
+		(sec_key, tor_dir, onion_address)
 	};
 
-	// need to keep in scope while the main listener is running
-	let (_tor_process, address) = match use_tor {
-		true => {
-			match init_tor_listener(
-				wallet.clone(),
-				keychain_mask.clone(),
+	// Need to keep external process in scope while the listener is running.
+	let tor_service = if use_tor {
+		let use_integrated = tor_config.use_integrated.unwrap_or(true);
+		let res = if use_integrated {
+			start_tor_service(sec_key, &tor_dir, addr, tor_config.clone())
+		} else {
+			init_tor_listener(
+				sec_key,
+				tor_dir,
 				addr,
-				tor_bridge,
-				tor_proxy,
-			) {
-				Ok((tp, addr)) => (Some(tp), Some(addr)),
-				Err(e) => {
-					warn!("Unable to start TOR listener; Check that TOR executable is installed and on your path");
-					error!("Tor Error: {}", e);
-					warn!("Listener will be available via HTTP only");
-					(None, None)
-				}
+				tor_config.bridge.clone(),
+				tor_config.proxy.clone(),
+			)
+		};
+		match res {
+			Ok(service) => {
+				warn!(
+					"Starting Tor Hidden Service for API listener at address {}, binding to {}",
+					onion_address, addr
+				);
+				Ok(Some(service))
+			}
+			Err(e) => {
+				warn!("Unable to start TOR listener; Check that TOR executable is installed and on your path");
+				error!("Tor Error: {}", e);
+				Err(e)
 			}
 		}
-		false => (None, None),
+	} else {
+		Ok(None)
 	};
 
-	let api_handler_v2 =
-		ForeignAPIHandlerV2::new(wallet, keychain_mask, test_mode, Mutex::new(tor_config));
+	let api_handler_v2 = ForeignAPIHandlerV2::new(
+		wallet,
+		keychain_mask,
+		test_mode,
+		Mutex::new(Some(tor_config)),
+	);
 	let mut router = Router::new();
 
 	router
@@ -343,14 +345,17 @@ where
 	let api_thread = apis
 		.start(socket_addr, router, tls_config, api_chan)
 		.map_err(|_| Error::GenericError("API thread failed to start".to_string()))?;
-
 	warn!("HTTP Foreign listener started.");
-	if let Some(a) = address {
-		let qr_string = match QrCode::new(a.to_string()) {
+
+	if let Some(_) = tor_service.ok() {
+		let sp_address = SlatepackAddress::try_from(onion_address.clone())?;
+		let qr_string = match QrCode::new(sp_address.to_string()) {
 			Ok(qr) => qr.to_string(false, 3),
 			Err(_) => "Failed to generate QR code!".to_string(),
 		};
-		warn!("Slatepack Address is: {}\n{}", a, qr_string);
+		warn!("Slatepack Address is: {}\n{}", sp_address, qr_string);
+	} else {
+		warn!("Listener is available on {}", addr);
 	}
 
 	api_thread

diff --git a/impls/Cargo.toml b/impls/Cargo.toml
@@ -22,20 +22,33 @@ ring = "0.16"
 uuid = { version = "0.8", features = ["serde", "v4"] }
 chrono = { version = "0.4.11", features = ["serde"] }
 lazy_static = "1"
-tokio = { version = "0.2", features = ["full"] }
-reqwest = { version = "0.10", features = ["rustls-tls", "socks"] }
+tokio = { version = "1.52.3", features = ["full"] }
+reqwest = { version = "0.13.3", features = ["socks"] }
 
 #Socks/Tor/Bridge/Proxy
-byteorder = "1"
 ed25519-dalek = "1.0.0-pre.4"
-x25519-dalek = "0.6"
-data-encoding = "2"
+arti-ed25519-dalek = { version = "2.1.1", package = "ed25519-dalek" }
 regex = "1.3"
 timer = "0.2"
 sysinfo = "0.29"
 base64 = "0.12.0"
 url = "2.1"
 
+arti-client = { version = "0.42.0", features = ["static", "pt-client", "onion-service-service", "onion-service-client"] }
+tor-rtcompat = { version = "0.42.0", features = ["static"] }
+fs-mistrust = "0.14.1"
+tor-hsservice = "0.42.0"
+tor-hsrproxy = "0.42.0"
+tor-keymgr = "0.42.0"
+tor-llcrypto = "0.42.0"
+tor-hscrypto = "0.42.0"
+sha2 = "0.10.8"
+curve25519-dalek = "4.1.3"
+hyper = { version = "1.9.0", features = ["http1", "client"] }
+hyper-util = { version = "0.1.20", features = ["tokio"] }
+http-body-util = "0.1.3"
+bytes = "1.11.1"
+
 grin_wallet_util = { path = "../util", version = "5.4.0-alpha.1" }
 grin_wallet_config = { path = "../config", version = "5.4.0-alpha.1" }
 grin_wallet_libwallet = { path = "../libwallet", version = "5.4.0-alpha.1" }

diff --git a/impls/src/adapters/mod.rs b/impls/src/adapters/mod.rs
@@ -13,12 +13,12 @@
 // limitations under the License.
 
 mod file;
-pub mod http;
 mod slatepack;
+pub mod tor;
 
 pub use self::file::PathToSlate;
-pub use self::http::HttpSlateSender;
 pub use self::slatepack::PathToSlatepack;
+pub use self::tor::TorSlateSender;
 
 use crate::config::WalletConfig;
 use crate::libwallet::{Error, Slate};