After circuit extension to the second Node, I realized that the OR at the second node can decrypt my cells and successfully process my circuit extension request to increase my circuit length to three but i can't decrypt the response from the same OR. At first I thought maybe I was messing up the key for backward encryption (should be decryption but it is counter mode crypto) but i realized it wasn't true. I extracted both the KF and KB at the same time and the crypto scheme is also the same for encryption and decryption since it is a counter mode AES operation. From the tor protocol specification, I will have to remove all skins starting with the immediate OR towards the exit Node. When the application of the above specification failed to decrypt the cell successfully, i decided to remove the skins in reverse order but this also failed. I'm really confused at the moment. Aren't each successive AES counter operation independent of the previous?
Must the state of the IV / EC for the counter mode be maintain for a particular node? According to section 0.3 of the tor specification, the IV must always be null bytes. Also must the context for SHA1 be maintain for a particular node or always freshly seeded with the DF / DB ?
Thank you
On 4/22/13, Roger Dingledine arma@mit.edu wrote:
On Sun, Apr 21, 2013 at 08:19:38AM -0700, Frank Young wrote:
I'm really confused at the moment. Aren't each successive AES counter operation independent of the previous?
Yes. So it would seem your bug is something else.
--Roger
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Frank Young -
Roger Dingledine