diff options
Diffstat (limited to 'spec/tor-spec')
-rw-r--r-- | spec/tor-spec/closing-streams.md | 2 | ||||
-rw-r--r-- | spec/tor-spec/create-created-cells.md | 16 | ||||
-rw-r--r-- | spec/tor-spec/creating-circuits.md | 4 | ||||
-rw-r--r-- | spec/tor-spec/opening-streams.md | 4 | ||||
-rw-r--r-- | spec/tor-spec/relay-cells.md | 4 | ||||
-rw-r--r-- | spec/tor-spec/relay-early.md | 2 | ||||
-rw-r--r-- | spec/tor-spec/remote-hostname-lookup.md | 2 | ||||
-rw-r--r-- | spec/tor-spec/routing-relay-cells.md | 16 | ||||
-rw-r--r-- | spec/tor-spec/setting-circuit-keys.md | 6 | ||||
-rw-r--r-- | spec/tor-spec/tearing-down-circuits.md | 2 |
10 files changed, 29 insertions, 29 deletions
diff --git a/spec/tor-spec/closing-streams.md b/spec/tor-spec/closing-streams.md index 5fa84a8..7182f48 100644 --- a/spec/tor-spec/closing-streams.md +++ b/spec/tor-spec/closing-streams.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-6.3"></a> -## Closing streams +# Closing streams When an anonymized TCP connection is closed, or an edge node encounters error on any stream, it sends a 'RELAY_END' cell along the diff --git a/spec/tor-spec/create-created-cells.md b/spec/tor-spec/create-created-cells.md index 2cc5f9d..d182f48 100644 --- a/spec/tor-spec/create-created-cells.md +++ b/spec/tor-spec/create-created-cells.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-5.1"></a> -## CREATE and CREATED cells +# CREATE and CREATED cells Users set up circuits incrementally, one hop at a time. To create a new circuit, OPs send a CREATE/CREATE2 cell to the first node, with @@ -71,7 +71,7 @@ DESTROY cell to tear down the circuit. <a id="tor-spec.txt-5.1.1"></a> -### Choosing circuit IDs in create cells {#choosing-circid} +## Choosing circuit IDs in create cells {#choosing-circid} The CircID for a CREATE/CREATE2 cell is a nonzero integer, selected by the node (OP or OR) that sends the CREATE/CREATED2 cell. @@ -105,7 +105,7 @@ randomly chosen CircID values are all in use (today's Tor stops after 64). <a id="tor-spec.txt-5.1.2"></a> -### EXTEND and EXTENDED cells +## EXTEND and EXTENDED cells To extend an existing circuit, the client sends an EXTEND or EXTEND2 RELAY_EARLY cell to the last node in the circuit. @@ -206,7 +206,7 @@ use the format with 'client handshake type tag'. <a id="tor-spec.txt-5.1.3"></a> -### The "TAP" handshake {#TAP} +## The "TAP" handshake {#TAP} This handshake uses Diffie-Hellman in Z_p and RSA to compute a set of shared keys which the client knows are shared only with a particular @@ -260,7 +260,7 @@ and 'derivative key data' value via the KDF-TOR function in 5.2.1. <a id="tor-spec.txt-5.1.4"></a> -### The "ntor" handshake {#ntor} +## The "ntor" handshake {#ntor} This handshake uses a set of DH handshakes to compute a set of shared keys which the client knows are shared only with a particular @@ -339,7 +339,7 @@ described in 5.2.2 and the tag m_expand. <a id="tor-spec.txt-5.1.4.1"></a> -#### The "ntor-v3" handshake {#ntor-v3} +### The "ntor-v3" handshake {#ntor-v3} This handshake extends the ntor handshake to include support for extra data transmitted as part of the handshake. Both @@ -495,7 +495,7 @@ their circuit keys. <a id="tor-spec.txt-5.1.5"></a> -### CREATE_FAST/CREATED_FAST cells {#create_fast} +## CREATE_FAST/CREATED_FAST cells {#create_fast} When initializing the first hop of a circuit, the OP has already established the OR's identity and negotiated a secret key using TLS. @@ -529,7 +529,7 @@ networkstatus parameter as described in dir-spec.txt. <a id="tor-spec.txt-5.1.6"></a> -### Additional data in CREATE/CREATED cells {#additional-data} +## Additional data in CREATE/CREATED cells {#additional-data} Some handshakes (currently ntor-v3 defined above) allow the client or the relay to send additional data as part of the handshake. When used in a diff --git a/spec/tor-spec/creating-circuits.md b/spec/tor-spec/creating-circuits.md index c69d2cf..23e5a83 100644 --- a/spec/tor-spec/creating-circuits.md +++ b/spec/tor-spec/creating-circuits.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-5.3"></a> -## Creating circuits +# Creating circuits When creating a circuit through the network, the circuit creator (OP) performs the following steps: @@ -81,7 +81,7 @@ network latency too greatly.) <a id="tor-spec.txt-5.3.1"></a> -### Canonical connections +## Canonical connections It is possible for an attacker to launch a man-in-the-middle attack against a connection by telling OR Alice to extend to OR Bob at some diff --git a/spec/tor-spec/opening-streams.md b/spec/tor-spec/opening-streams.md index 956e2c8..5c264cb 100644 --- a/spec/tor-spec/opening-streams.md +++ b/spec/tor-spec/opening-streams.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-6.2"></a> -## Opening streams and transferring data +# Opening streams and transferring data To open a new anonymized TCP connection, the OP chooses an open circuit to an exit that may be able to connect to the destination @@ -90,7 +90,7 @@ a cell, the OR or OP must drop it. <a id="tor-spec.txt-6.2.1"></a> -### Opening a directory stream +## Opening a directory stream If a Tor relay is a directory server, it should respond to a RELAY_BEGIN_DIR cell as if it had received a BEGIN cell requesting a diff --git a/spec/tor-spec/relay-cells.md b/spec/tor-spec/relay-cells.md index a40f06a..b827d0f 100644 --- a/spec/tor-spec/relay-cells.md +++ b/spec/tor-spec/relay-cells.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-6.1"></a> -## Relay cells +# Relay cells Within a circuit, the OP and the end node use the contents of RELAY packets to tunnel end-to-end commands and TCP connections @@ -116,7 +116,7 @@ still count with respect to the digests and flow control windows, though. <a id="tor-spec.txt-6.1.1"></a> -### Calculating the 'Digest' field {#digest-field} +## Calculating the 'Digest' field {#digest-field} The 'Digest' field itself serves the purpose to check if a cell has been fully decrypted, that is, all onion layers have been removed. Having a diff --git a/spec/tor-spec/relay-early.md b/spec/tor-spec/relay-early.md index 2517dcc..cefa790 100644 --- a/spec/tor-spec/relay-early.md +++ b/spec/tor-spec/relay-early.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-5.6"></a> -## Handling relay_early cells +# Handling relay_early cells A RELAY_EARLY cell is designed to limit the length any circuit can reach. When an OR receives a RELAY_EARLY cell, and the next node in the circuit diff --git a/spec/tor-spec/remote-hostname-lookup.md b/spec/tor-spec/remote-hostname-lookup.md index ba78cf1..8482660 100644 --- a/spec/tor-spec/remote-hostname-lookup.md +++ b/spec/tor-spec/remote-hostname-lookup.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-6.4"></a> -## Remote hostname lookup +# Remote hostname lookup To find the address associated with a hostname, the OP sends a RELAY_RESOLVE cell containing the hostname to be resolved with a NUL diff --git a/spec/tor-spec/routing-relay-cells.md b/spec/tor-spec/routing-relay-cells.md index e2c784c..07057b0 100644 --- a/spec/tor-spec/routing-relay-cells.md +++ b/spec/tor-spec/routing-relay-cells.md @@ -1,10 +1,10 @@ <a id="tor-spec.txt-5.5"></a> -## Routing relay cells +# Routing relay cells <a id="tor-spec.txt-5.5.1"></a> -### Circuit ID Checks +## Circuit ID Checks When a node wants to send a RELAY or RELAY_EARLY cell, it checks the cell's circID and determines whether the corresponding circuit along that @@ -16,14 +16,14 @@ that connection. If not, the node drops the cell. <a id="tor-spec.txt-5.5.2"></a> -### Forward Direction +## Forward Direction The forward direction is the direction that CREATE/CREATE2 cells are sent. <a id="tor-spec.txt-5.5.2.1"></a> -#### Routing from the Origin +### Routing from the Origin When a relay cell is sent from an OP, the OP encrypts the payload with the stream cipher as follows: @@ -37,7 +37,7 @@ with the stream cipher as follows: <a id="tor-spec.txt-5.5.2.2"></a> -#### Relaying Forward at Onion Routers +### Relaying Forward at Onion Routers When a forward relay cell is received by an OR, it decrypts the payload with the stream cipher, as follows: @@ -59,14 +59,14 @@ For more information, see section 6 below. <a id="tor-spec.txt-5.5.3"></a> -### Backward Direction +## Backward Direction The backward direction is the opposite direction from CREATE/CREATE2 cells. <a id="tor-spec.txt-5.5.3.1"></a> -#### Relaying Backward at Onion Routers +### Relaying Backward at Onion Routers When a backward relay cell is received by an OR, it encrypts the payload with the stream cipher, as follows: @@ -78,7 +78,7 @@ with the stream cipher, as follows: <a id="tor-spec.txt-5.5.3"></a> -### Routing to the Origin +## Routing to the Origin When a relay cell arrives at an OP, the OP decrypts the payload with the stream cipher as follows: diff --git a/spec/tor-spec/setting-circuit-keys.md b/spec/tor-spec/setting-circuit-keys.md index f299f81..95a5b27 100644 --- a/spec/tor-spec/setting-circuit-keys.md +++ b/spec/tor-spec/setting-circuit-keys.md @@ -1,10 +1,10 @@ <a id="tor-spec.txt-5.2"></a> -## Setting circuit keys +# Setting circuit keys <a id="tor-spec.txt-5.2.1"></a> -### KDF-TOR +## KDF-TOR This key derivation function is used by the TAP and CREATE_FAST handshakes, and in the current hidden service protocol. It shouldn't @@ -36,7 +36,7 @@ Kb is used to encrypt the stream of data going from the OR to the OP. <a id="tor-spec.txt-5.2.2"></a> -### KDF-RFC5869 +## KDF-RFC5869 For newer KDF needs, Tor uses the key derivation function HKDF from RFC5869, instantiated with SHA256. (This is due to a construction diff --git a/spec/tor-spec/tearing-down-circuits.md b/spec/tor-spec/tearing-down-circuits.md index f06b231..66e71bd 100644 --- a/spec/tor-spec/tearing-down-circuits.md +++ b/spec/tor-spec/tearing-down-circuits.md @@ -1,6 +1,6 @@ <a id="tor-spec.txt-5.4"></a> -## Tearing down circuits +# Tearing down circuits Circuits are torn down when an unrecoverable error occurs along the circuit, or when all streams on a circuit are closed and the |