From 81a066672d25c2413f0aca1ec735b63c1c98cb11 Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 19 Jul 2018 13:29:30 +1000 Subject: tor-spec: Rewrite the Routing Relay Cells section The section now consists of: * forward encryption at the client * forward decryption at ORs * backward encryption at the end (exit) * backward decryption at the client Part of 26860. --- tor-spec.txt | 64 +++++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 16 deletions(-) (limited to 'tor-spec.txt') diff --git a/tor-spec.txt b/tor-spec.txt index db32093..364505f 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1353,18 +1353,35 @@ see tor-design.pdf. 5.5. Routing relay cells - When an OR receives a RELAY or RELAY_EARLY cell, it checks the cell's - circID and determines whether it has a corresponding circuit along that - connection. If not, the OR drops the cell. +5.5.1. Circuit ID Checks - Otherwise, if the OR is not at the OP edge of the circuit (that is, - either an 'exit node' or a non-edge node), it de/encrypts the payload + When a node wants to send a RELAY or RELAY_EARLY cell, it checks the cell's + circID and determines whether the corresponding circuit along that + connection is still open. If not, the node drops the cell. + + When a node receives a RELAY or RELAY_EARLY cell, it checks the cell's + circID and determines whether it has a corresponding circuit along + that connection. If not, the node drops the cell. + +5.5.2. Forward Direction + + The forward direction is the direction that CREATE cells are sent. + +5.5.2.1. Routing from the Origin + + When a relay cell is sent from an OP, the OP encrypts the payload + with the stream cipher as follows: + OP sends relay cell: + For I=N...1, where N is the destination node: + Encrypt with Kf_I. + Transmit the encrypted cell to node 1. + +5.5.2.2. Relaying Forward at Onion Routers + + When a forward relay cell is received by an OR, it decrypts the payload with the stream cipher, as follows: - 'Forward' relay cell (same direction as CREATE): - Use Kf as key; decrypt. - 'Back' relay cell (opposite direction from CREATE): - Use Kb as key; encrypt. - Note that in counter mode, decrypt and encrypt are the same operation. + 'Forward' relay cell: + Use Kf as key; decrypt. The OR then decides whether it recognizes the relay cell, by inspecting the payload as described in section 6.1 below. If the OR @@ -1374,14 +1391,29 @@ see tor-design.pdf. encounters an unrecognized relay cell, an error has occurred: the OR sends a DESTROY cell to tear down the circuit. + For more information, see section 6 below. + +5.5.3. Backward Direction + + The backward direction is the opposite direction from CREATE cells. + +5.5.3.1. Relaying Backward at Onion Routers + + When a backward relay cell is received by an OR, it encrypts the payload + with the stream cipher, as follows: + 'Backward' relay cell: + Use Kb as key; encrypt. + +5.5.3. Routing to the Origin + When a relay cell arrives at an OP, the OP decrypts the payload with the stream cipher as follows: - OP receives data cell: - For I=1...N, - Decrypt with Kb_I. If the payload is recognized (see - section 6..1), then stop and process the payload. - - For more information, see section 6 below. + OP receives relay cell from node 1: + For I=1...N, where N is the final node on the circuit: + Decrypt with Kb_I. + If the payload is recognized (see section 6.1), then: + The sending node is I. + Stop and process the payload. 5.6. Handling relay_early cells -- cgit v1.2.3-54-g00ecf