diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-11-07 16:35:01 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2023-11-08 09:09:04 -0500 |
commit | 3cc08d2f1bca225079df86aa5beef2d32ac1e959 (patch) | |
tree | 0019eff2bd20f086bd2ba27da6743fc9ae018597 /spec/tor-spec/negotiating-channels.md | |
parent | c8d9292527211fcc79bcc9c1ef97ddaac01f37bf (diff) | |
download | torspec-3cc08d2f1bca225079df86aa5beef2d32ac1e959.tar.gz torspec-3cc08d2f1bca225079df86aa5beef2d32ac1e959.zip |
Revise channel negotiation a bit more.
Diffstat (limited to 'spec/tor-spec/negotiating-channels.md')
-rw-r--r-- | spec/tor-spec/negotiating-channels.md | 61 |
1 files changed, 28 insertions, 33 deletions
diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md index c4652f5..9948b53 100644 --- a/spec/tor-spec/negotiating-channels.md +++ b/spec/tor-spec/negotiating-channels.md @@ -72,30 +72,20 @@ it's a waste of resources. ## Negotiating versions with VERSIONS cells {#VERSIONS-cells} -There are multiple instances of the Tor link connection protocol. Any -connection negotiated using the "certificates up front" handshake (see -[Channels](./channels.md)) is "version 1". In any connection where both parties -have behaved as in the "renegotiation" handshake, the link protocol -version must be 2. In any connection where both parties have behaved -as in the "in-protocol" handshake, the link protocol must be 3 or higher. - -To determine the version, in any connection where the "renegotiation" -or "in-protocol" handshake was used (that is, where the responder -sent only one certificate at first and where the initiator did not -send any certificates in the first negotiation), both parties MUST -send a VERSIONS cell. In "renegotiation", they send a VERSIONS cell -right after the renegotiation is finished, before any other cells are -sent. In "in-protocol", the initiator sends a VERSIONS cell -immediately after the initial TLS handshake, and the responder -replies immediately with a VERSIONS cell. (As an exception to this rule, -if both sides support the "in-protocol" handshake, either side may send -VPADDING cells at any time.) +There are multiple instances of the Tor channel protocol. + +Once the TLS handshake is complete, +both parties send a VERSIONS cell +to negotiate which one they will use. The payload in a VERSIONS cell is a series of big-endian two-byte -integers. Both parties MUST select as the link protocol version the +integers. +Both parties MUST select as the link protocol version the highest number contained both in the VERSIONS cell they sent and in the -versions cell they received. If they have no such version in common, -they cannot communicate and MUST close the connection. Either party MUST +versions cell they received. +If they have no such version in common, +they cannot communicate and MUST close the connection. +Either party MUST close the connection if the versions cell is not well-formed (for example, if the payload contains an odd number of bytes). @@ -103,22 +93,26 @@ Any VERSIONS cells sent after the first VERSIONS cell MUST be ignored. (To be interpreted correctly, later VERSIONS cells MUST have a CIRCID_LEN matching the version negotiated with the first VERSIONS cell.) -Since the version 1 link protocol does not use the "renegotiation" -handshake, implementations MUST NOT list version 1 in their VERSIONS -cell. When the "renegotiation" handshake is used, implementations -MUST list only the version 2. When the "in-protocol" handshake is -used, implementations MUST NOT list any version before 3, and SHOULD -list at least version 3. +> (The +> [obsolete v1 channel protocol](./obsolete-channels.md#v1-handshake) +> does note VERSIONS cells. +> Implementations MUST NOT list version 1 in their VERSIONS cells. +> The +> [obsolete v2 channel protocol](./obsolete-channels.md#v2-handshake) +> can only be used after renegotiation; +> implementations MUST NOT list version 2 in their VERSIONS cells +> unless they have renegotiated the TLS session.) -Link protocols differences are: +The currently specified [Link](./subprotocol-versioning.md#link) protocols are: | Version | Description | ------- | ----------- -| 1 | The "certs up front" handshake. -| 2 | Uses the renegotiation-based handshake. Introduces variable-length cells. +| 1 | (Obsolete) The ["certs up front"](./obsolete-channels.md#v1-handshake) handshake. +| 2 | (Obsolete) Uses the [renegotiation-based handshake](./obsolete-channels.md#v2-handshake). Introduces variable-length cells. | 3 | Uses the in-protocol handshake. | 4 | Increases circuit ID width to 4 bytes. -| 5 | Adds support for link padding and negotiation (padding-spec.txt). +| 5 | Adds support for [link padding](../padding-spec) and negotiation. + <a id="tor-spec.txt-4.2"></a> @@ -149,8 +143,9 @@ Relevant certType values are: | 6 | Ed25519 AUTHENTICATE cell key, signed with ed25519 signing key. | 7 | Ed25519 identity, signed with RSA identity. -The certificate format for certificate types 1-3 is DER encoded -X509. For others, the format is as documented in cert-spec.txt. +The certificate format for certificate types 1-3 is DER encoded X509. +For others, the format is as documented in [a later section](./cert-spec.md) + Note that type 7 uses a different format from types 4-6. A CERTS cell may have no more than one certificate of each CertType. |