Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T15:23:02Zhttps://gitlab.torproject.org/legacy/trac/-/issues/25501Ensure WTF-Pad padding comes from the expected hop2020-06-13T15:23:02ZDavid Gouletdgoulet@torproject.orgEnsure WTF-Pad padding comes from the expected hopWhen first looking at the WTF-Pad design for integration into Tor, we were concerned that there may be flow control issues with padding causing our SENDME windows to empty prematurely. It turns out that RELAY_DROP does not count towards ...When first looking at the WTF-Pad design for integration into Tor, we were concerned that there may be flow control issues with padding causing our SENDME windows to empty prematurely. It turns out that RELAY_DROP does not count towards these windows though, so no updates are needed there.
However, we should add an additional check to ensure that RELAY_DROP cells come from the expected hop (middle). This check is easy to do -- just inspect the layer_hint after the cell is recognized and see where it came from. In this way, we can prevent a malicious Exit node or RP from injecting end-to-end side channel cells, while still allowing padding.Tor: 0.4.0.x-finalMike PerryMike Perry