commit 4d3041c6fe8b27e92919970860487107d8ee3da6
Author: Nick Mathewson <ni...@torproject.org>
Date: Thu Mar 27 16:03:48 2014 -0400
Document that rend-spec.txt uses KDF-Tor like TAP does
Fix for #8809
---
rend-spec.txt | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/rend-spec.txt b/rend-spec.txt
index ebaf4e8..d030b8e 100644
--- a/rend-spec.txt
+++ b/rend-spec.txt
@@ -733,19 +733,17 @@
received a reply, it uses g^y and H(g^xy) to complete the handshake as in
the Tor circuit extend process: they establish a 60-octet string as
K = SHA1(g^xy | [00]) | SHA1(g^xy | [01]) | SHA1(g^xy | [02])
- and generate
- KH = K[0..15]
- Kf = K[16..31]
- Kb = K[32..47]
+ and generate KH, Df, Db, Kf, and Kb as in the KDF-TOR key derivation
+ approach documented in tor-spec.txt.
Subsequently, the rendezvous point passes relay cells, unchanged, from
- each of the two circuits to the other. When Alice's OP sends
- RELAY cells along the circuit, it first encrypts them with the
+ each of the two circuits to the other. When Alice's OP sends RELAY cells
+ along the circuit, it authenticates with Df, and encrypts them with the
Kf, then with all of the keys for the ORs in Alice's side of the circuit;
and when Alice's OP receives RELAY cells from the circuit, it decrypts
them with the keys for the ORs in Alice's side of the circuit, then
- decrypts them with Kb. Bob's OP does the same, with Kf and Kb
- interchanged.
+ decrypts them with Kb, and checks integrity with Db. Bob's OP does the
+ same, with Kf and Kb interchanged.
1.11. Creating streams
_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
