diff options
Diffstat (limited to 'spec/ext-orport-spec.md')
-rw-r--r-- | spec/ext-orport-spec.md | 49 |
1 files changed, 19 insertions, 30 deletions
diff --git a/spec/ext-orport-spec.md b/spec/ext-orport-spec.md index 9d84f92..1341630 100644 --- a/spec/ext-orport-spec.md +++ b/spec/ext-orport-spec.md @@ -1,25 +1,12 @@ +# Extended ORPort for pluggable transports + ```text - Extended ORPort for pluggable transports - George Kadianakis, Nick Mathewson - -Table of Contents - - 1. Overview - 2. Establishing a connection and authenticating. - 2.1. Authentication type: SAFE_COOKIE - 2.1.2. Cookie-file format - 2.1.3. SAFE_COOKIE Protocol specification - 3. The extended ORPort protocol - 3.1. Protocol - 3.2. Command descriptions - 3.2.1. USERADDR - 3.2.2. TRANSPORT - 4. Security Considerations + George Kadianakis, Nick Mathewson ``` <a id="ext-orport-spec.txt-1"></a> -# Overview +## Overview This document describes the "Extended ORPort" protocol, a wrapper around Tor's ordinary ORPort protocol for use by bridges that @@ -35,7 +22,7 @@ extended with authentication in proposal 217. <a id="ext-orport-spec.txt-2"></a> -# Establishing a connection and authenticating +## Establishing a connection and authenticating { #establishing } When a client (that is to say, a server-side pluggable transport) connects to an Extended ORPort, the server sends: @@ -71,7 +58,7 @@ server does not support, the server MUST close the connection. <a id="ext-orport-spec.txt-2.1"></a> -## Authentication type: SAFE_COOKIE +### Authentication type: SAFE_COOKIE { #SAFE_COOKIE } We define one authentication type: SAFE_COOKIE. Its AuthType value is 1. It is based on the client proving to the bridge that @@ -92,7 +79,7 @@ where `<path>` is a filesystem path. <a id="ext-orport-spec.txt-2.1.2"></a> -### Cookie-file format +#### Cookie-file format { #SAFE_COOKIE_file } The format of the cookie-file is: @@ -113,11 +100,13 @@ authentication protocol. <a id="ext-orport-spec.txt-2.1.3"></a> -### SAFE_COOKIE Protocol specification +#### SAFE_COOKIE Protocol specification { #SAFE_COOKIE_spec } A client that performs the SAFE_COOKIE handshake begins by sending: -ClientNonce \[32 octets\] +```text +ClientNonce [32 octets] +``` Where, @@ -144,9 +133,9 @@ terminate the connection. Otherwise the client replies with: -ClientHash \[32 octets\] - ```text +ClientHash [32 octets] + Where, + ClientHash is computed as: HMAC-SHA256(CookieString, @@ -168,14 +157,14 @@ Status \[1 octet\] <a id="ext-orport-spec.txt-3"></a> -# The extended ORPort protocol +## The extended ORPort protocol { #ext_orport_protocol} Once a connection is established and authenticated, the parties communicate with the protocol described here. <a id="ext-orport-spec.txt-3.1"></a> -## Protocol +### Protocol The extended server port protocol is as follows: @@ -213,11 +202,11 @@ MUST close the connection to the client. <a id="ext-orport-spec.txt-3.2"></a> -## Command descriptions +### Command descriptions { #ext-orport-commands} <a id="ext-orport-spec.txt-3.2.1"></a> -### USERADDR +#### USERADDR ```text An ASCII string holding the TCP/IP address of the client of the @@ -234,7 +223,7 @@ The string MUST not be NUL-terminated. <a id="ext-orport-spec.txt-3.2.2"></a> -### TRANSPORT +#### TRANSPORT An ASCII string holding the name of the pluggable transport used by the client of the pluggable transport proxy. A Tor bridge that @@ -248,7 +237,7 @@ for correctness. <a id="ext-orport-spec.txt-4"></a> -# Security Considerations +## Security Considerations Extended ORPort or TransportControlPort do _not_ provide link confidentiality, authentication or integrity. Sensitive data, like |