|
@@ -124,6 +124,8 @@ TODO: (very soon)
|
|
|
2 -- CREATED (Acknowledge create) (See Sec 4)
|
|
2 -- CREATED (Acknowledge create) (See Sec 4)
|
|
|
3 -- RELAY (End-to-end data) (See Sec 5)
|
|
3 -- RELAY (End-to-end data) (See Sec 5)
|
|
|
4 -- DESTROY (Stop using a circuit) (See Sec 4)
|
|
4 -- DESTROY (Stop using a circuit) (See Sec 4)
|
|
|
|
|
+ 5 -- CREATE_FAST (Create a circuit, no PK) (See sec 4)
|
|
|
|
|
+ 6 -- CREATED_FAST (Circtuit created, no PK) (See Sec 4)
|
|
|
|
|
|
|
|
The interpretation of 'Payload' depends on the type of the cell.
|
|
The interpretation of 'Payload' depends on the type of the cell.
|
|
|
PADDING: Payload is unused.
|
|
PADDING: Payload is unused.
|
|
@@ -207,6 +209,28 @@ TODO: (very soon)
|
|
|
implementations should notice when the other side of a connection is
|
|
implementations should notice when the other side of a connection is
|
|
|
sending CREATE cells with the "wrong" MSG, and switch accordingly.)
|
|
sending CREATE cells with the "wrong" MSG, and switch accordingly.)
|
|
|
|
|
|
|
|
|
|
+4.1.1. CREATE_FAST/CREATED_FAST cells
|
|
|
|
|
+
|
|
|
|
|
+ When initializing the first hop of a circuit, the OP has already
|
|
|
|
|
+ established the OR's identity and negotiated a secret key using TLS.
|
|
|
|
|
+ Because of this, it is not always necessary for the OP to perform the
|
|
|
|
|
+ an set of public key operations to create a circuit. In this case, the
|
|
|
|
|
+ OP SHOULD send a CREATE_FAST cell instead of a CREATE cell for the first
|
|
|
|
|
+ hop only. The OR responds with a CREATED_FAST cell, and the circuit is
|
|
|
|
|
+ created.
|
|
|
|
|
+
|
|
|
|
|
+ A CREATE_FAST cell contains:
|
|
|
|
|
+
|
|
|
|
|
+ Key material (X) [20 bytes]
|
|
|
|
|
+
|
|
|
|
|
+ A CREATED_FAST cell contains:
|
|
|
|
|
+
|
|
|
|
|
+ Key material (Y) [20 bytes]
|
|
|
|
|
+ Derivative key data [20 bytes]
|
|
|
|
|
+
|
|
|
|
|
+ [Versions of Tor before 0.1.???? did not support these cell types;
|
|
|
|
|
+ clients should not send CREATE_FAST cells to older Tor servers.]
|
|
|
|
|
+
|
|
|
4.2. Setting circuit keys
|
|
4.2. Setting circuit keys
|
|
|
|
|
|
|
|
Once the handshake between the OP and an OR is completed, both
|
|
Once the handshake between the OP and an OR is completed, both
|
|
@@ -227,6 +251,11 @@ TODO: (very soon)
|
|
|
is used to encrypt the stream of data going from the OP to the OR, and
|
|
is used to encrypt the stream of data going from the OP to the OR, and
|
|
|
Kb is used to encrypt the stream of data going from the OR to the OP.
|
|
Kb is used to encrypt the stream of data going from the OR to the OP.
|
|
|
|
|
|
|
|
|
|
+ The fast-setup case uses the same formula, except that X|Y is used
|
|
|
|
|
+ in place of g^xy in determining K. That is,
|
|
|
|
|
+ K = SHA1(X|Y | [00]) | SHA1(X|Y | [01]) | ... SHA1(X|Y| | [04])
|
|
|
|
|
+ The values KH, Kf, Kb, Df, and Db are established and used as before.
|
|
|
|
|
+
|
|
|
4.3. Creating circuits
|
|
4.3. Creating circuits
|
|
|
|
|
|
|
|
When creating a circuit through the network, the circuit creator
|
|
When creating a circuit through the network, the circuit creator
|
Nick Mathewson