[tor-commits] [tor/main] Service intro circuits are now 4-hop to avoid linkability by intro

asn at torproject.org asn at torproject.org
Wed Jul 28 09:04:17 UTC 2021 

commit 7ec9a68477d3c5b6937fa39445dc6b95415abb39
Author: George Kadianakis <desnacked at riseup.net>
Date:   Mon Jul 12 11:23:00 2021 +0300

    Service intro circuits are now 4-hop to avoid linkability by intro
    
    Now the circuits look like this:
    
             client rend:   C -> G -> L2 -> Rend
             client intro:  C -> G -> L2 -> M -> Intro
             client hsdir:  C -> G -> L2 -> M -> HSDir
             service rend:  C -> G -> L2 -> M -> Rend
             service intro: C -> G -> L2 -> M -> Intro
             service hsdir: C -> G -> L2 -> M -> HSDir
---
 src/core/or/circuitbuild.c   | 11 ++++++-----
 src/test/test_circuitbuild.c |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index 5cb647bd02..84a8bec421 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -1394,16 +1394,14 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei)
     return routelen;
 
   switch (purpose) {
-    /* These two purposes connect to a router that we chose, so
-     * DEFAULT_ROUTE_LEN is safe. */
-  case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
-    /* hidden service connecting to introduction point */
+    /* These purposes connect to a router that we chose, so DEFAULT_ROUTE_LEN
+     * is safe: */
   case CIRCUIT_PURPOSE_TESTING:
     /* router reachability testing */
     known_purpose = 1;
     break;
 
-    /* These three purposes connect to a router that someone else
+    /* These purposes connect to a router that someone else
      * might have chosen, so add an extra hop to protect anonymity. */
   case CIRCUIT_PURPOSE_C_GENERAL:
   case CIRCUIT_PURPOSE_C_HSDIR_GET:
@@ -1413,6 +1411,9 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei)
     /* client connecting to introduction point */
   case CIRCUIT_PURPOSE_S_CONNECT_REND:
     /* hidden service connecting to rendezvous point */
+  case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
+    /* hidden service connecting to intro point. In this case we want an extra
+       hop to avoid linkability attacks by the introduction point. */
     known_purpose = 1;
     routelen++;
     break;
diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c
index 873391a84f..0a5c3530bd 100644
--- a/src/test/test_circuitbuild.c
+++ b/src/test/test_circuitbuild.c
@@ -113,7 +113,7 @@ test_new_route_len_safe_exit(void *arg)
   /* hidden service connecting to introduction point */
   r = new_route_len(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, &dummy_ei,
                     &dummy_nodes);
-  tt_int_op(DEFAULT_ROUTE_LEN, OP_EQ, r);
+  tt_int_op(DEFAULT_ROUTE_LEN+1, OP_EQ, r);
 
   /* router testing its own reachability */
   r = new_route_len(CIRCUIT_PURPOSE_TESTING, &dummy_ei, &dummy_nodes);

More information about the tor-commits mailing list