diff options
Diffstat (limited to 'spec/ext-orport-spec.md')
| -rw-r--r-- | spec/ext-orport-spec.md | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/spec/ext-orport-spec.md b/spec/ext-orport-spec.md index d8688c5..75e2ec2 100644 --- a/spec/ext-orport-spec.md +++ b/spec/ext-orport-spec.md @@ -18,6 +18,7 @@ Table of Contents ``` <a id="ext-orport-spec.txt-1"></a> + # Overview This document describes the "Extended ORPort" protocol, a wrapper @@ -33,7 +34,8 @@ This protocol was originally proposed in proposal 196, and extended with authentication in proposal 217. <a id="ext-orport-spec.txt-2"></a> -# Establishing a connection and authenticating. + +# Establishing a connection and authenticating When a client (that is to say, a server-side pluggable transport) connects to an Extended ORPort, the server sends: @@ -68,6 +70,7 @@ If the client sent an AuthType of value 0, or an AuthType that the server does not support, the server MUST close the connection. <a id="ext-orport-spec.txt-2.1"></a> + ## Authentication type: SAFE_COOKIE We define one authentication type: SAFE_COOKIE. Its AuthType @@ -88,6 +91,7 @@ defined as: where `<path>` is a filesystem path. <a id="ext-orport-spec.txt-2.1.2"></a> + ### Cookie-file format The format of the cookie-file is: @@ -108,6 +112,7 @@ present in the cookie file, before proceeding with the authentication protocol. <a id="ext-orport-spec.txt-2.1.3"></a> + ### SAFE_COOKIE Protocol specification A client that performs the SAFE_COOKIE handshake begins by sending: @@ -115,6 +120,7 @@ A client that performs the SAFE_COOKIE handshake begins by sending: ClientNonce [32 octets] Where, + + ClientNonce is 32 octets of random data. Then, the server replies with: @@ -161,12 +167,14 @@ Status [1 octet] ``` <a id="ext-orport-spec.txt-3"></a> + # The extended ORPort protocol Once a connection is established and authenticated, the parties communicate with the protocol described here. <a id="ext-orport-spec.txt-3.1"></a> + ## Protocol The extended server port protocol is as follows: @@ -204,9 +212,11 @@ If the server receives a recognized command that does not parse, it MUST close the connection to the client. <a id="ext-orport-spec.txt-3.2"></a> + ## Command descriptions <a id="ext-orport-spec.txt-3.2.1"></a> + ### USERADDR ```text @@ -223,6 +233,7 @@ transports MUST NOT send them.) The string MUST not be NUL-terminated. <a id="ext-orport-spec.txt-3.2.2"></a> + ### TRANSPORT An ASCII string holding the name of the pluggable transport used by @@ -236,6 +247,7 @@ Pluggable transport names are C-identifiers and Tor MUST check them for correctness. <a id="ext-orport-spec.txt-4"></a> + # Security Considerations Extended ORPort or TransportControlPort do _not_ provide link @@ -251,4 +263,3 @@ Extended ORPort to a non-localhost address. Pluggable transport proxies SHOULD issue a warning if they are instructed to connect to a non-localhost Extended ORPort. - |