[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Clarify handdshake digest logic
Update of /home/or/cvsroot/doc
In directory moria.mit.edu:/tmp/cvs-serv29001/doc
Modified Files:
rend-spec.txt
Log Message:
Clarify handdshake digest logic
Index: rend-spec.txt
===================================================================
RCS file: /home/or/cvsroot/doc/rend-spec.txt,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- rend-spec.txt 1 Apr 2004 03:31:00 -0000 1.9
+++ rend-spec.txt 1 Apr 2004 22:09:34 -0000 1.10
@@ -128,17 +128,18 @@
introduction. To establish the introduction, Bob sends a
RELAY_ESTABLISH_INTRO cell, containing:
- KL Key length [2 octets
+ KL Key length [2 octets]
PK Bob's public key [KL octets]
HS Hash of session info [20 octets]
SIG Signature of above information [KL octets]
To prevent replay attacks, the HS field contains a SHA-1 hash based on the
- shared secret g^xy between Bob's OP and the introduction point, as
+ shared secret KH between Bob's OP and the introduction point, as
follows:
- HS = H(g^xy | "INTRODUCE")
+ HS = H(KH | "INTRODUCE")
That is:
- HS = H(g^xy | [49 4E 54 52 4F 44 55 43 45])
+ HS = H(KH | [49 4E 54 52 4F 44 55 43 45])
+ (KH, as specified in tor-spec.txt, is H(g^xy | [00]) .)
Upon receiving such a cell, the OR first checks that the signature is
correct with the included public key. If so, it checks whether HS is
@@ -268,7 +269,7 @@
point, and sends a RELAY_RENDEZVOUS1 cell along this circuit, containing:
RC Rendezvous cookie [20 octets]
g^y Diffie-Hellman [128 octets]
- H(KH) Handshake digest [20 octets]
+ KH Handshake digest [20 octets]
(Bob's OP MUST NOT use this circuit for any other purpose.)
@@ -276,7 +277,7 @@
corresponding circuit in a RELAY_RENDEZVOUS2 cell, containing:
g^y Diffie-Hellman [128 octets]
- H(KH) Handshake digest [20 octets]
+ KH Handshake digest [20 octets]
(If the RP does not recognize the RC, it discards the cell and
tears down the circuit.)