torproject/torspec
1
0
Fork 0
mirror of https://github.com/torproject/torspec.git synced 2025-03-05 15:17:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Specify CREATE_FAST and CREATED_FAST

Browse Source 
svn:r4161
This commit is contained in:
Nick Mathewson 2005-05-02 22:09:34 +00:00
parent 12c25b9b52
commit 9688f4d39e
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
tor-spec.txt
View File

@ -124,6 +124,8 @@ TODO: (very soon)
2 -- CREATED (Acknowledge create) (See Sec 4)
3 -- RELAY (End-to-end data) (See Sec 5)
4 -- DESTROY (Stop using a circuit) (See Sec 4)
5 -- CREATE_FAST (Create a circuit, no PK) (See sec 4)
6 -- CREATED_FAST (Circtuit created, no PK) (See Sec 4)
The interpretation of 'Payload' depends on the type of the cell.
PADDING: Payload is unused.
@ -207,6 +209,28 @@ TODO: (very soon)
implementations should notice when the other side of a connection is
sending CREATE cells with the "wrong" MSG, and switch accordingly.)
4.1.1. CREATE_FAST/CREATED_FAST cells
When initializing the first hop of a circuit, the OP has already
established the OR's identity and negotiated a secret key using TLS.
Because of this, it is not always necessary for the OP to perform the
an set of public key operations to create a circuit. In this case, the
OP SHOULD send a CREATE_FAST cell instead of a CREATE cell for the first
hop only. The OR responds with a CREATED_FAST cell, and the circuit is
created.
A CREATE_FAST cell contains:
Key material (X) [20 bytes]
A CREATED_FAST cell contains:
Key material (Y) [20 bytes]
Derivative key data [20 bytes]
[Versions of Tor before 0.1.???? did not support these cell types;
clients should not send CREATE_FAST cells to older Tor servers.]
4.2. Setting circuit keys
Once the handshake between the OP and an OR is completed, both
@ -227,6 +251,11 @@ TODO: (very soon)
is used to encrypt the stream of data going from the OP to the OR, and
Kb is used to encrypt the stream of data going from the OR to the OP.
The fast-setup case uses the same formula, except that X|Y is used
in place of g^xy in determining K. That is,
K = SHA1(X|Y | [00]) | SHA1(X|Y | [01]) | ... SHA1(X|Y| | [04])
The values KH, Kf, Kb, Df, and Db are established and used as before.
4.3. Creating circuits
When creating a circuit through the network, the circuit creator