[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] Correct description of extracting Kf and Kb from g^xy.
Update of /home/or/cvsroot/doc
In directory moria.mit.edu:/tmp/cvs-serv8783/doc
Modified Files:
tor-spec.txt
Log Message:
Correct description of extracting Kf and Kb from g^xy.
Index: tor-spec.txt
===================================================================
RCS file: /home/or/cvsroot/doc/tor-spec.txt,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- tor-spec.txt 25 Aug 2003 08:26:34 -0000 1.25
+++ tor-spec.txt 25 Aug 2003 18:50:29 -0000 1.26
@@ -278,11 +278,18 @@
4.2. Setting circuit keys
Once the handshake between the OP and an OR is completed, both
- servers can now calculate g^xy with ordinary DH. They divide the
- last 32 bytes of this shared secret into two 16-byte keys, the
- first of which (called Kf) is used to encrypt the stream of data
- going from the OP to the OR, and second of which (called Kb) is
- used to encrypt the stream of data going from the OR to the OP.
+ servers can now calculate g^xy with ordinary DH. From the base key
+ material g^xy, they compute two 16 byte keys, called Kf and Kb as
+ follows. First, the server represents g^xy as a big-endian
+ unsigned integer. Next, the server computes 40 bytes of key data
+ as K = SHA1(g^xy | [00]) | SHA1(g^xy | [01]) where "00" is a single
+ octet whose value is zero, and "01" is a single octet whose value
+ is one. The first 16 bytes of K form Kf, and the next 16 bytes of
+ K form Kb.
+
+ Kf is used to encrypt the stream of data going from the OP to the
+ OR, whereas Kb is used to encrypt the stream of data going from the
+ OR to the OP.
4.3. Creating circuits