[tor-dev] Relay Truncated Cell Example

[Eli Vakrat]

Hello again everyone!

For anyone who doesn't know\remember, my name is Eli, I'm a high school
student from Israel and I'm currently trying to implement a TOR Client in
Python.

Currently, my project is configured so that my python client (OP) has its
guard node set as my local machine (which is running a downloaded version
of TOR). I do this for debugging purposes so that if I send a malformed
cell as the implemented client, I can read the debug log that the OR
generates and see what I did wrong.

Last time I sent a question to the dev-list I was stuck trying to get my
CREATE cells to work, and Nick Mathewson immediately answered my question
and helped me a lot! Thanks Nick!

I've made pretty good progress since then, and as of writing this, my
implemented OP can successfully send a CREATE cell and even an EXTEND
cell to my guard node.

However, I am running into a problem while trying to extend my circuit to
the third node (my exit node in this case).

After sending a RELAY_EXTEND cell to my middle node (which is encrypted
twice with my middle node and then guard node forward key using AES128 in
CTR mode), the Response I get back is a relay cell with the correct Circuit
Id and command (the command I get is the RELAY command which is represented
as 3), BUT the payload of the response cell is very weird. I am unable to
'recognize' it (as specified in section 6.1 of the tor-spec). and
furthermore, it does not seem to be any type of cell, it just seems like a
bunch of nonsense.

Seeing this I initially thought that the response cell I kept getting was a
RELAY_EXTENDED cell that I couldn't 'recognize' due to an error while
decrypting the cell payload.

But then I looked at the debug log of my guard node (remember that my guard
node is on my local machine) and it said that it had received a DESTROY
Cell back from the middle node and was passing on a RELAY_TRUNCATED cell to
me:

*Apr 26 16:11:03.014 [debug] command_process_destroy_cell: Received for
circID 2297363203.* <------this is the circuit ID between my gaurd node and
the middle node

*Apr 26 16:11:03.014 [debug] command_process_destroy_cell: Delivering
'truncated' back.Apr 26 16:11:03.014 [debug] relay_send_command_from_edge_:
delivering 9 cell backward.*

To my understanding what this log means is that some part of the EXTEND
cell I sent to the middle node was wrong or malformed and because of this
when the middle node tried to extend the circuit, an error occurred, and
the circuit needed to be torn down.

This is very weird because when I send an EXTEND cell that is meant for my
guard node (meaning I want to extend the circuit from one hop to two hops)
everything works fine, and I can even successfully derive the shared key
material for the middle node.


So I have several questions regarding this:

1. First of all, I didn't quite understand the exact format of a
RELAY_TRUNCATED cell. Does it contain a relay cell command +
recognized+field +digest and so on? or is it just a single octet that
immediately follows the cell command field? If some could show me an
example of the cell, it would be much appreciated...

2. What are some common errors that would make an OR drop a RELAY EXTEND
cell? I thought maybe it was a problem with my TAP handshake data, but
after extensive checking that doesn't seem to be the case.

3. If someone could describe the exact steps of extending a circuit to a
third node, it would greatly help me to make sure that I didn't miss a step
or do something wrong.

Thanks in advance for any answers, examples, or comments! I am having a lot
of fun doing this project so far and I hope to hear back from anyone who
has an answer :)

Regards,
Eli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20200428/f00e70ba/attachment-0001.html>