diff options
| author | David Goulet <dgoulet@torproject.org> | 2022-11-09 15:32:18 -0500 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2022-11-09 15:32:18 -0500 |
| commit | c13dc8b08accf24bd0c8533ecbc1ecd1de314a5a (patch) | |
| tree | 8a92de59c0f8ef141aeb14b3d49c62413e228325 /src/core/or/connection_edge.c | |
| parent | 780ca741f3738877ad577f84fcebf6874427b2bc (diff) | |
| parent | 21eac1e8d8a116f2dd8dd0a7d150916646ee9120 (diff) | |
| download | tor-c13dc8b08accf24bd0c8533ecbc1ecd1de314a5a.tar.gz tor-c13dc8b08accf24bd0c8533ecbc1ecd1de314a5a.zip | |
Merge branch 'ticket40674_047_01' into maint-0.4.7
Diffstat (limited to 'src/core/or/connection_edge.c')
| -rw-r--r-- | src/core/or/connection_edge.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 2b600385e0..7dd0935b47 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -102,6 +102,7 @@ #include "feature/stats/predict_ports.h" #include "feature/stats/rephist.h" #include "lib/buf/buffers.h" +#include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "core/or/cell_st.h" @@ -484,6 +485,21 @@ clip_dns_ttl(uint32_t ttl) return MAX_DNS_TTL; } +/** Given a TTL (in seconds), determine what TTL an exit relay should use by + * first clipping as usual and then adding some randomness which is sampled + * uniformly at random from [-FUZZY_DNS_TTL, FUZZY_DNS_TTL]. This facilitates + * fuzzy TTLs, which makes it harder to infer when a website was visited via + * side-channels like DNS (see "Website Fingerprinting with Website Oracles"). + * + * Note that this can't underflow because FUZZY_DNS_TTL < MIN_DNS_TTL. + */ +uint32_t +clip_dns_fuzzy_ttl(uint32_t ttl) +{ + return clip_dns_ttl(ttl) + + crypto_rand_uint(1 + 2*FUZZY_DNS_TTL) - FUZZY_DNS_TTL; +} + /** Send a relay end cell from stream <b>conn</b> down conn's circuit, and * remember that we've done so. If this is not a client connection, set the * relay end cell's reason for closing as <b>reason</b>. @@ -532,7 +548,7 @@ connection_edge_end(edge_connection_t *conn, uint8_t reason) memcpy(payload+1, tor_addr_to_in6_addr8(&conn->base_.addr), 16); addrlen = 16; } - set_uint32(payload+1+addrlen, htonl(clip_dns_ttl(conn->address_ttl))); + set_uint32(payload+1+addrlen, htonl(conn->address_ttl)); payload_len += 4+addrlen; } @@ -926,7 +942,7 @@ connected_cell_format_payload(uint8_t *payload_out, return -1; } - set_uint32(payload_out + connected_payload_len, htonl(clip_dns_ttl(ttl))); + set_uint32(payload_out + connected_payload_len, htonl(ttl)); connected_payload_len += 4; tor_assert(connected_payload_len <= MAX_CONNECTED_CELL_PAYLOAD_LEN); |