hs: Pad RENDEZVOUS1 v3 cell to match length of v2

RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/changes/ticket23420 b/changes/ticket23420
new file mode 100644 (file)
index 0000000..6516466
--- /dev/null
+++ b/changes/ticket23420
@@ -0,0 +1,4 @@
+  o Minor bugfixes (hidden service v3):
+    - Pad RENDEZVOUS cell up to the size of the legacy cell which is much
+      bigger so the rendezvous point can't distinguish which hidden service
+      protocol is being used. Fixes ticket 23420.; bugfix on 0.3.2.1-alpha.

diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 2bfeac747c5ba604decc991a187938001b80813c..01e987c402d19c7473d9cd22e60b4dc23fc7cc23 100644 (file)
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -820,6 +820,15 @@ hs_circ_service_rp_has_opened(const hs_service_t *service,
                         sizeof(circ->hs_ident->rendezvous_handshake_info),
                         payload);
 
+  /* Pad the payload with random bytes so it matches the size of a legacy cell
+   * which is normally always bigger. Also, the size of a legacy cell is
+   * always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
+  if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
+    crypto_rand((char *) payload + payload_len,
+                HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
+    payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
+  }
+
   if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
                                    RELAY_COMMAND_RENDEZVOUS1,
                                    (const char *) payload, payload_len,

diff --git a/src/or/hs_common.h b/src/or/hs_common.h
index e28ffe1adbb48925f7961dafb72ac47ee639f80d..c95e59a6f89ee9ad72f77fd1a16f584471997cee 100644 (file)
--- a/src/or/hs_common.h
+++ b/src/or/hs_common.h
@@ -118,6 +118,12 @@
 /* Default value of hsdir spread fetch (hsdir_spread_fetch). */
 #define HS_DEFAULT_HSDIR_SPREAD_FETCH 3
 
+/* The size of a legacy RENDEZVOUS1 cell which adds up to 168 bytes. It is
+ * bigger than the 84 bytes needed for version 3 so we need to pad up to that
+ * length so it is indistinguishable between versions. */
+#define HS_LEGACY_RENDEZVOUS_CELL_SIZE \
+  (REND_COOKIE_LEN + DH_KEY_LEN + DIGEST_LEN)
+
 /* Type of authentication key used by an introduction point. */
 typedef enum {
   HS_AUTH_KEY_TYPE_LEGACY  = 1,

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 1e89ab6a7f1d2f487d412b43f46d830fc8c43a28..74646c78d1bbc5ea00443abec0f31d68899121d6 100644 (file)
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3398,7 +3398,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
   /* Send the cell */
   if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit),
                                    RELAY_COMMAND_RENDEZVOUS1,
-                                   buf, REND_COOKIE_LEN+DH_KEY_LEN+DIGEST_LEN,
+                                   buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE,
                                    circuit->cpath->prev)<0) {
     log_warn(LD_GENERAL, "Couldn't send RENDEZVOUS1 cell.");
     goto done;