Loading changes/ntor 0 → 100644 +40 −0 Original line number Diff line number Diff line o Major features: - Tor now supports a new circuit extension handshake designed by Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original circuit extension handshake, later called "TAP", was a bit slow (especially on the server side), had a fragile security proof, and used weaker keys than we'd now prefer. The new circuit handshake uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman function, making it significantly more secure than the older handshake, and significantly faster. Tor can either use one of two built-in pure-C curve25519-donna implementations by Adam Langley, or link against the "nacl" library for a tuned version if present. The built-in version is very fast for 64-bit systems building with GCC. (About 10-14x faster on the server side, and about 7x faster on the client side.) The built-in 32-bit version is still faster than the old TAP protocol (about 3x), but using libnacl would be better on most 32-bit x86 hosts. Clients don't currently use this protocol by default, since comparatively few clients support it so far. To try it, set UseNTorHandshake to 1. Implements proposal 216; closes ticket #7202. - Tor servers and clients now support a better CREATE/EXTEND cell format, allowing the sender to specify multiple address, identity, and handshake types. Implements Robert Ransom's proposal 200; closes ticket #7199. o Code simplification and refactoring: - Split the onion.c file into separate modules for the onion queue and the different handshakes it supports. - Remove the marshalling/unmarshalling code for sending requests to cpuworkers over a socket, and instead just send structs. The recipient will always be the same Tor binary as the sender, so any encoding is overkill. o Testing: - Add benchmark functions to test onion handshake performance. Loading
changes/ntor 0 → 100644 +40 −0 Original line number Diff line number Diff line o Major features: - Tor now supports a new circuit extension handshake designed by Ian Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original circuit extension handshake, later called "TAP", was a bit slow (especially on the server side), had a fragile security proof, and used weaker keys than we'd now prefer. The new circuit handshake uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman function, making it significantly more secure than the older handshake, and significantly faster. Tor can either use one of two built-in pure-C curve25519-donna implementations by Adam Langley, or link against the "nacl" library for a tuned version if present. The built-in version is very fast for 64-bit systems building with GCC. (About 10-14x faster on the server side, and about 7x faster on the client side.) The built-in 32-bit version is still faster than the old TAP protocol (about 3x), but using libnacl would be better on most 32-bit x86 hosts. Clients don't currently use this protocol by default, since comparatively few clients support it so far. To try it, set UseNTorHandshake to 1. Implements proposal 216; closes ticket #7202. - Tor servers and clients now support a better CREATE/EXTEND cell format, allowing the sender to specify multiple address, identity, and handshake types. Implements Robert Ransom's proposal 200; closes ticket #7199. o Code simplification and refactoring: - Split the onion.c file into separate modules for the onion queue and the different handshakes it supports. - Remove the marshalling/unmarshalling code for sending requests to cpuworkers over a socket, and instead just send structs. The recipient will always be the same Tor binary as the sender, so any encoding is overkill. o Testing: - Add benchmark functions to test onion handshake performance.
