[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] tor-spec patch from adam langley
Update of /home2/or/cvsroot/tor/doc
In directory moria:/home/arma/work/onion/cvs/tor/doc
Modified Files:
tor-spec.txt
Log Message:
tor-spec patch from adam langley
Index: tor-spec.txt
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/tor-spec.txt,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -d -r1.86 -r1.87
--- tor-spec.txt 20 May 2005 12:43:55 -0000 1.86
+++ tor-spec.txt 16 Jun 2005 20:33:03 -0000 1.87
@@ -31,8 +31,9 @@
Unless otherwise specified, all symmetric ciphers are AES in counter
mode, with an IV of all 0 bytes. Asymmetric ciphers are either RSA
- with 1024-bit keys and exponents of 65537, or DH with the safe prime
- from rfc2409, section 6.2, whose hex representation is:
+ with 1024-bit keys and exponents of 65537, or DH where the generator
+ is 2 and the modulus is the safe prime from rfc2409, section 6.2,
+ whose hex representation is:
"FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
"8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
@@ -43,7 +44,7 @@
All "hashes" are 20-byte SHA1 cryptographic digests.
When we refer to "the hash of a public key", we mean the SHA1 hash of the
- ASN.1 encoding of an RSA public key (as specified in PKCS.1).
+ DER encoding of an ASN.1 RSA public key (as specified in PKCS.1).
1. System overview
@@ -71,9 +72,9 @@
least 128 bits, and digests of at least 160 bits.
An OP or OR always sends a two-certificate chain, consisting of a
- self-signed certificate containing the OR's identity key, and a second
- certificate using a short-term connection key. The commonName of the
- second certificate is the OR's nickname, and the commonName of the first
+ certificate using a short-term connection key and a second, self-
+ signed certificate containing the OR's identity key. The commonName of the
+ first certificate is the OR's nickname, and the commonName of the second
certificate is the OR's nickname, followed by a space and the string
"<identity>".
@@ -164,13 +165,14 @@
The payload for a CREATE cell is an 'onion skin', which consists
of the first step of the DH handshake data (also known as g^x).
- The data is encrypted to Bob's PK as follows: Suppose Bob's PK is
- L octets long. If the data to be encrypted is shorter than L-42,
- then it is encrypted directly (with OAEP padding). If the data is at
- least as long as L-42, then a randomly generated 16-byte symmetric
- key is prepended to the data, after which the first L-16-42 bytes
- of the data are encrypted with Bob's PK; and the rest of the data is
- encrypted with the symmetric key.
+ The data is encrypted to Bob's PK as follows: Suppose Bob's PK
+ modulus is L octets long. If the data to be encrypted is shorter
+ than L-42, then it is encrypted directly (with OAEP padding: see
+ ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf). If the
+ data is at least as long as L-42, then a randomly generated 16-byte
+ symmetric key is prepended to the data, after which the first L-16-42
+ bytes of the data are encrypted with Bob's PK; and the rest of the
+ data is encrypted with the symmetric key.
So in this case, the onion skin on the wire looks like:
RSA-encrypted:
@@ -265,7 +267,7 @@
router's exit policy does not exclude all pending streams
that need a circuit.
- 2. Choose a chain of (N-1) chain of N onion routers
+ 2. Choose a chain of (N-1) onion routers
(R_1...R_N-1) to constitute the path, such that no router
appears in the path twice.