fixup! Initial draft of the guts of the adaptive padding machine.

For bug #25501: Verify padding comes from expected hop. Also needs tests.
mikeperry-tor · Oct 12, 2018 · 3e4d9e3 · 3e4d9e3
1 parent 12bdb63
commit 3e4d9e3
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 2 deletions.
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
@@ -896,6 +896,37 @@ circpad_event_padding_negotiate(circuit_t *circ, cell_t *cell)
   circpad_negotiate_free(negotiate);
 }
 
+/**
+ * Verify that padding is coming from the expected hop.
+ *
+ * Returns true if from_hop matches the target hop from
+ * one of our padding machines.
+ *
+ * Returns false if we're not an origin circuit, or if from_hop
+ * does not match one of the padding machines.
+ */
+int
+circpad_padding_is_from_expected_hop(circuit_t *circ,
+                                     crypt_path_t *from_hop)
+{
+  crypt_path_t *target_hop = NULL;
+  if (!CIRCUIT_IS_ORIGIN(circ))
+    return 0;
+
+  for (int i = 0; i < CIRCPAD_MAX_MACHINES; i++) {
+    if (!circ->padding_machine[i])
+      continue;
+
+    target_hop = circuit_get_cpath_hop(TO_ORIGIN_CIRCUIT(circ),
+                    circ->padding_machine[i]->target_hopnum);
+
+    if (target_hop == from_hop)
+      return 1;
+  }
+
+  return 0;
+}
+
 void
 circpad_machines_free(circuit_t *circ)
 {

diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h
@@ -284,6 +284,9 @@ void circpad_hs_serv_rend_machine_setup(circuit_t *);
 
 void circpad_machines_free(circuit_t *circ);
 
+int circpad_padding_is_from_expected_hop(circuit_t *circ,
+                                         crypt_path_t *from_hop);
+
 /** Serializaton functions for writing to/from torrc and consensus */
 char *circpad_machine_to_string(const circpad_machine_t *machine);
 const circpad_machine_t *circpad_string_to_machine(const char *str);

diff --git a/src/core/or/relay.c b/src/core/or/relay.c
@@ -1504,9 +1504,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
     }
   }
 
-  /* XXX we should be checking that we are something that should be receiving a
-     padding_negotiate. middle nodes receive this. */
   if (rh.command == RELAY_COMMAND_PADDING_NEGOTIATE) {
+    if (CIRCUIT_IS_ORIGIN(circ)) {
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+             "Padding negotiate cell unsupported at origin. Killing circ.");
+      return -END_CIRC_REASON_TORPROTOCOL;
+    }
+
     circpad_event_padding_negotiate(circ, cell);
 
     rep_hist_padding_count_read(PADDING_TYPE_DROP);
@@ -1515,6 +1519,15 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ,
   }
 
   if (rh.command == RELAY_COMMAND_DROP) {
+    if (CIRCUIT_IS_ORIGIN(circ)) {
+      if (circpad_padding_is_from_expected_hop(circ, layer_hint)) {
+        circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length);
+      } else {
+        /* This is unexpected padding. Ignore it for now. */
+        return 0;
+      }
+    }
+
     rep_hist_padding_count_read(PADDING_TYPE_DROP);
     /* The cell should be recognized by now, which means that we are on the
        destination, which means that we received a padding cell. We might be