[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [torspec] 06/19: Uwe formal notation for credential and subcredential
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main
in repository torspec.
commit 1d5ba4f51a302992b9c29a2aca1c8f6bf4f29872
Author: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
AuthorDate: Tue Jan 17 13:25:39 2023 +0000
Uwe formal notation for credential and subcredential
In particular, give these formal names which contain "hs" (since they
are part of the hidden service protocol, and not any other kind of
authentication or authorisation scheme), and "N" to indicate that they
are hash-generated nonces, not passwords.
Change the references in the formulae, which it really seems to me
ought to refer to the formal names.
---
rend-spec-v3.txt | 14 ++++++++------
tor-spec.txt | 2 ++
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index c6586ce..bc565fa 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -502,9 +502,11 @@ Table of contents:
This is achieved using two nonces:
* A "credential", derived from the public identity key KP_hsid.
+ N_hs_cred.
* A "subcredential", derived from the credential N_hs_cred
and information which various with the current time period.
+ N_hs_subcred.
The body of each descriptor is also encrypted with a key derived from
the public signing key.
@@ -697,11 +699,11 @@ Table of contents:
The subcredential for a period is derived as:
- subcredential = H("subcredential" | credential | blinded-public-key).
+ N_hs_subcred = H("subcredential" | N_hs_cred | blinded-public-key).
In the above formula, credential corresponds to:
- credential = H("credential" | public-identity-key)
+ N_hs_cred = H("credential" | public-identity-key)
where public-identity-key is the public identity master key of the hidden
service.
@@ -1243,7 +1245,7 @@ Table of contents:
And here is what the hidden service computes:
SECRET_SEED = x25519(hs_y, client_X)
- KEYS = KDF(subcredential | SECRET_SEED, 40)
+ KEYS = KDF(N_hs_subcred | SECRET_SEED, 40)
CLIENT-ID = fist 8 bytes of KEYS
COOKIE-KEY = last 32 bytes of KEYS
@@ -1476,7 +1478,7 @@ Table of contents:
descriptor even if the content of the descriptor hasn't changed.
(So that we don't leak whether the intro point list etc. changed)
- secret_input = SECRET_DATA | subcredential | INT_8(revision_counter)
+ secret_input = SECRET_DATA | N_hs_subcred | INT_8(revision_counter)
keys = KDF(secret_input | salt | STRING_CONSTANT, S_KEY_LEN + S_IV_LEN + MAC_KEY_LEN)
@@ -1937,7 +1939,7 @@ Table of contents:
and computes:
intro_secret_hs_input = EXP(B,x) | AUTH_KEY | X | B | PROTOID
- info = m_hsexpand | subcredential
+ info = m_hsexpand | N_hs_subcred
hs_keys = KDF(intro_secret_hs_input | t_hsenc | info, S_KEY_LEN+MAC_LEN)
ENC_KEY = hs_keys[0:S_KEY_LEN]
MAC_KEY = hs_keys[S_KEY_LEN:S_KEY_LEN+MAC_KEY_LEN]
@@ -1991,7 +1993,7 @@ Table of contents:
introduction point encryption key 'b' to compute:
intro_secret_hs_input = EXP(X,b) | AUTH_KEY | X | B | PROTOID
- info = m_hsexpand | subcredential
+ info = m_hsexpand | N_hs_subcred
hs_keys = KDF(intro_secret_hs_input | t_hsenc | info, S_KEY_LEN+MAC_LEN)
HS_DEC_KEY = hs_keys[0:S_KEY_LEN]
HS_MAC_KEY = hs_keys[S_KEY_LEN:S_KEY_LEN+MAC_KEY_LEN]
diff --git a/tor-spec.txt b/tor-spec.txt
index d967a8e..6654e0e 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -97,6 +97,8 @@ see tor-design.pdf.
PK -- a public key.
SK -- a private key.
K -- a key for a symmetric cipher.
+ N -- a "nonce", a random value, usually deterministically chosen
+ from other inputs using hashing.
a|b -- concatenation of 'a' and 'b'.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits