Opened 12 days ago

Last modified 30 hours ago

#30092 needs_revision enhancement

Add a probability-to-apply field for circuitpadidng machines

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: wtf-pad, tor-relay, tor-cell, padding, 041-proposed
Cc: Actual Points: 0.5
Parent ID: #28634 Points: 2
Reviewer: asn Sponsor: Sponsor2-can

Description

In #28634, we realized that we may want to make some fraction of pre-built GENERAL and HS_VANGUARDS circuits look like padded onion service circuits, as a defense in depth against a classifier that can still recognize our specially padded onion service circuits as, well, special, and still interesting.

But we don't want to make all general circuits look this way. Just some fraction. So it would be nice if the machine conditions could somehow toss a coin to decide to apply the machine to a circuit. Unfortunately, right now the conditions are memoryless, so we have nothing that can say "you already tossed the coin", but we could special case just this to have a flag on the circuit or something.

Child Tickets

Change History (6)

comment:1 Changed 12 days ago by mikeperry

Actual Points: 0.5
Status: newneeds_review

https://github.com/torproject/tor/pull/916

This was easy, but I'm not sure how best to test it. Open to suggestions if we feel it is necessary to test.

comment:2 Changed 11 days ago by nickm

Milestone: Tor: 0.4.1.x-final

comment:3 Changed 11 days ago by mikeperry

Parent ID: #28634

comment:4 Changed 5 days ago by asn

Reviewer: asn

comment:5 Changed 30 hours ago by asn

OK this LGTM.

I think a test would be nice tho since it has grown to non-trivial complexity after the last commit. Here is an easy way to test this:

  • Put the body of if (machine->conditions.apply_with_probability > 0) { into its own function which is gonna be unittested.
  • Create a mock machine and a mock circuit.
  • Call the new function a few times and check that circ->padding_apply_coin_tossed is behaving properly.

I think this can be done without mocking crypto_rand_double() but you could also mock it so that it returns predictable stuff to make it more easy.

comment:6 Changed 30 hours ago by asn

Status: needs_reviewneeds_revision
Note: See TracTickets for help on using tickets.