Spec: decryption order appears to be wrongly specified
catalyst noted in #tor-dev
that the decryption algorithm in 5.5:
won't work unless decryption is commutative (which it is for plain AES-CTR, but not for the proposal)
doesn't look like it'll work to handle a relay cell arriving at the OP that originates from an intermediate node
I had also noted the latter, so I postulated is the order of that line backwards? that is... should it be "For I=1...N?"
and asked what does little-t tor do?
And asn noted:
in relay_decrypt_cell() it does: {{{ if (CIRCUIT_IS_ORIGIN(circ)) { /* We're at the beginning of the circuit. * We'll want to do layered decrypts. */ crypt_path_t *thishop, *cpath = TO_ORIGIN_CIRCUIT(circ)->cpath; thishop = cpath; }}} i think this is I=1...N like you say (for 1 being the hop closest to the OP)
So it looks like this is an error in the spec, rather than a problem with tor
.