Skip to content

A little bug of circular path of Tor

In order to defend the circular-path attacks, Tor relays detects the next hop and previous hop of a circuit through node-id and Ed25519-id. However, when the Tor relay detects the previous node has the same Ed25519-id with next node, it forgot to return -1, and continue to extend the circuit. This might cause some loopholes for the circular-path.

  /* Next, check if we're being asked to connect to the hop that the
   * extend cell came from. There isn't any reason for that, and it can
   * assist circular-path attacks. */
  if (tor_memeq(ec.node_id,
                TO_OR_CIRCUIT(circ)->p_chan->identity_digest,
                DIGEST_LEN)) {
    log_fn(LOG_PROTOCO[[Image()]]L_WARN, LD_PROTOCOL,
           "Client asked me to extend back to the previous hop.");
    return -1;
  }

  /* Check the previous hop Ed25519 ID too */
  if (! ed25519_public_key_is_zero(&ec.ed_pubkey) &&
      ed25519_pubkey_eq(&ec.ed_pubkey,
                        &TO_OR_CIRCUIT(circ)->p_chan->ed25519_identity)) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Client asked me to extend back to the previous hop "
           "(by Ed25519 ID).");
  }

Trac:
Username: TBD.Chen

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information