prop289: Add random bytes to the unused portion of the cell

Signed-off-by: David Goulet <dgoulet@torproject.org>
author: David Goulet <dgoulet@torproject.org> 2019-02-19 15:02:11 -0500
committer: David Goulet <dgoulet@torproject.org> 2019-04-29 12:17:57 -0400
commit: a6e012508e5b0d676cdf204fcbd7942e3cc21419 (patch)
tree: 1a00bb34fffa27f17306316b16a62a9a0dc21e6b /src/core/or/relay.c
parent: 402f0a4f5d70bee128130f4dbd0ea18de1747410 (diff)
download: tor-a6e012508e5b0d676cdf204fcbd7942e3cc21419.tar.gz
tor-a6e012508e5b0d676cdf204fcbd7942e3cc21419.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index 47275a811e..63c406d8af 100644
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -572,6 +572,14 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ,
   if (payload_len)
     memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
 
+  /* Add random bytes to the unused portion of the payload, to foil attacks
+   * where the other side can predict all of the bytes in the payload and thus
+   * compute authenticated sendme cells without seeing the traffic.  See
+   * proposal 289. */
+  crypto_fast_rng_getbytes(get_thread_fast_rng(),
+                           cell.payload + RELAY_HEADER_SIZE + payload_len,
+                           RELAY_PAYLOAD_SIZE - payload_len);
+
   log_debug(LD_OR,"delivering %d cell %s.", relay_command,
             cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");
author	David Goulet <dgoulet@torproject.org>	2019-02-19 15:02:11 -0500
committer	David Goulet <dgoulet@torproject.org>	2019-04-29 12:17:57 -0400
commit	a6e012508e5b0d676cdf204fcbd7942e3cc21419 (patch)
tree	1a00bb34fffa27f17306316b16a62a9a0dc21e6b /src/core/or/relay.c
parent	402f0a4f5d70bee128130f4dbd0ea18de1747410 (diff)
download	tor-a6e012508e5b0d676cdf204fcbd7942e3cc21419.tar.gz tor-a6e012508e5b0d676cdf204fcbd7942e3cc21419.zip