D Deferred
X Abandoned
-Flag-day changes: (things which are backward incompatible)
- o remove link key from directories, from connection_t.
- (just get it from the tls cert)
- o Generate link keys on startup; don't store them to disk.
- o make onion keys include oaep padding, so you can tell
- if you decrypted it correctly
- o Rotate onion keys as needed
- D Rotate TLS connections [arma]
- o Set expiration times on X509 certs [nickm]
- o add bandwidthrate and bandwidthburst to server descriptor [nickm]
- o directories need to say who signed them. [nickm]
- - remove assumption that 0.0.5 doesn't do rendezvous?
- D what other pieces of the descriptors need to change?
- maybe add a section for who's connected to a given router?
- add a flexible section for reputation info?
For September:
- Windows port
- allow non-clique topology
Other details and small things:
+ - hidserv offerers shouldn't need to define a SocksPort
+ - when the client fails to pick an intro point for a hidserv,
+ it should refetch the hidserv desc.
. should maybe make clients exit(1) when bad things happen?
e.g. clock skew.
- should retry exitpolicy end streams even if the end cell didn't
PK_ID is the hash of Bob's public key. RP is NUL-padded.
- The data is encrypted to Bob's PK as follows: Suppose Bob's PK is L octets
- long. If the data to be encrypted is shorter than L-42, then it is
- encrypted directly (with OAEP padding). If the data is at least as long
- as L-42, then a randomly generated 16-byte symmetric key is prepended to
- the data, after which the first L-16-42 bytes of the data are encrypted with
- Bob's PK; and the rest of the data is encrypted with the symmetric key.
+ The hybrid encryption to Bob's PK works just like the hybrid
+ encryption in CREATE cells (see main spec). Thus the payload of the
+ RELAY_INTRODUCE1 cell on the wire will contain 20+42+16+20+20+128=246
+ bytes.
1.9. Introduction: From the Introduction Point to Bob's OP
proxies is a fixed-width "cell". Each cell contains the following
fields:
- CircID [2 bytes]
+ CircID [2 bytes]
Command [1 byte]
Payload (padded with 0 bytes) [509 bytes]
[Total size: 512 bytes]
which instructs the last node in the circuit to send a CREATE cell
to extend the circuit.
- The payload for a CREATE cell is an 'onion skin', consisting of:
- RSA-encrypted data [128 bytes]
- Symmetrically-encrypted data [16 bytes]
+ The payload for a CREATE cell is an 'onion skin', which consists
+ of the first step of the DH handshake data (also known as g^x).
- The RSA-encrypted portion contains:
- Symmetric key [16 bytes]
- First part of DH data (g^x) [112 bytes]
- The symmetrically encrypted portion contains:
- Second part of DH data (g^x) [16 bytes]
+ The data is encrypted to Bob's PK as follows: Suppose Bob's PK is
+ L octets long. If the data to be encrypted is shorter than L-42,
+ then it is encrypted directly (with OAEP padding). If the data is at
+ least as long as L-42, then a randomly generated 16-byte symmetric
+ key is prepended to the data, after which the first L-16-42 bytes
+ of the data are encrypted with Bob's PK; and the rest of the data is
+ encrypted with the symmetric key.
- The two parts of DH data, once decrypted and concatenated, form
- g^x as calculated by the client.
+ So in this case, the onion skin on the wire looks like:
+ RSA-encrypted:
+ OAEP padding [42 bytes]
+ Symmetric key [16 bytes]
+ First part of g^x [70 bytes]
+ Symmetrically encrypted:
+ Second part of g^x [58 bytes]
The relay payload for an EXTEND relay cell consists of:
Address [4 bytes]
Port [2 bytes]
- Onion skin [144 bytes]
+ Onion skin [186 bytes]
The port and address field denote the IPV4 address and port of the
next onion router in the circuit.
projects / thirdparty / tor.git / commitdiff
