prop289: Add random bytes to the unused portion of the cell

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index 47275a811ee2fc3b7248719379928dc117ecfa1b..63c406d8af703d362b154cf3580756ea639ab6e7 100644 (file)
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -572,6 +572,14 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ,
   if (payload_len)
     memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len);
 
+  /* Add random bytes to the unused portion of the payload, to foil attacks
+   * where the other side can predict all of the bytes in the payload and thus
+   * compute authenticated sendme cells without seeing the traffic.  See
+   * proposal 289. */
+  crypto_fast_rng_getbytes(get_thread_fast_rng(),
+                           cell.payload + RELAY_HEADER_SIZE + payload_len,
+                           RELAY_PAYLOAD_SIZE - payload_len);
+
   log_debug(LD_OR,"delivering %d cell %s.", relay_command,
             cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward");