[tor-commits] [torspec/master] tor-spec: Rewrite the Routing Relay Cells section
nickm at torproject.org
nickm at torproject.org
Fri Jul 20 14:39:46 UTC 2018
commit 81a066672d25c2413f0aca1ec735b63c1c98cb11
Author: teor <teor at torproject.org>
Date: Thu Jul 19 13:29:30 2018 +1000
tor-spec: Rewrite the Routing Relay Cells section
The section now consists of:
* forward encryption at the client
* forward decryption at ORs
* backward encryption at the end (exit)
* backward decryption at the client
Part of 26860.
---
tor-spec.txt | 64 +++++++++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 48 insertions(+), 16 deletions(-)
diff --git a/tor-spec.txt b/tor-spec.txt
index db32093..364505f 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -1353,18 +1353,35 @@ see tor-design.pdf.
5.5. Routing relay cells
- When an OR receives a RELAY or RELAY_EARLY cell, it checks the cell's
- circID and determines whether it has a corresponding circuit along that
- connection. If not, the OR drops the cell.
+5.5.1. Circuit ID Checks
- Otherwise, if the OR is not at the OP edge of the circuit (that is,
- either an 'exit node' or a non-edge node), it de/encrypts the payload
+ When a node wants to send a RELAY or RELAY_EARLY cell, it checks the cell's
+ circID and determines whether the corresponding circuit along that
+ connection is still open. If not, the node drops the cell.
+
+ When a node receives a RELAY or RELAY_EARLY cell, it checks the cell's
+ circID and determines whether it has a corresponding circuit along
+ that connection. If not, the node drops the cell.
+
+5.5.2. Forward Direction
+
+ The forward direction is the direction that CREATE cells are sent.
+
+5.5.2.1. Routing from the Origin
+
+ When a relay cell is sent from an OP, the OP encrypts the payload
+ with the stream cipher as follows:
+ OP sends relay cell:
+ For I=N...1, where N is the destination node:
+ Encrypt with Kf_I.
+ Transmit the encrypted cell to node 1.
+
+5.5.2.2. Relaying Forward at Onion Routers
+
+ When a forward relay cell is received by an OR, it decrypts the payload
with the stream cipher, as follows:
- 'Forward' relay cell (same direction as CREATE):
- Use Kf as key; decrypt.
- 'Back' relay cell (opposite direction from CREATE):
- Use Kb as key; encrypt.
- Note that in counter mode, decrypt and encrypt are the same operation.
+ 'Forward' relay cell:
+ Use Kf as key; decrypt.
The OR then decides whether it recognizes the relay cell, by
inspecting the payload as described in section 6.1 below. If the OR
@@ -1374,14 +1391,29 @@ see tor-design.pdf.
encounters an unrecognized relay cell, an error has occurred: the OR
sends a DESTROY cell to tear down the circuit.
+ For more information, see section 6 below.
+
+5.5.3. Backward Direction
+
+ The backward direction is the opposite direction from CREATE cells.
+
+5.5.3.1. Relaying Backward at Onion Routers
+
+ When a backward relay cell is received by an OR, it encrypts the payload
+ with the stream cipher, as follows:
+ 'Backward' relay cell:
+ Use Kb as key; encrypt.
+
+5.5.3. Routing to the Origin
+
When a relay cell arrives at an OP, the OP decrypts the payload
with the stream cipher as follows:
- OP receives data cell:
- For I=1...N,
- Decrypt with Kb_I. If the payload is recognized (see
- section 6..1), then stop and process the payload.
-
- For more information, see section 6 below.
+ OP receives relay cell from node 1:
+ For I=1...N, where N is the final node on the circuit:
+ Decrypt with Kb_I.
+ If the payload is recognized (see section 6.1), then:
+ The sending node is I.
+ Stop and process the payload.
5.6. Handling relay_early cells
More information about the tor-commits
mailing list