diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-12-14 13:12:59 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2023-12-14 13:12:59 -0500 |
commit | 6067027691adcbcfe4a07583842752aed54d6251 (patch) | |
tree | dedcb7d068b8eae13005e726959734ca71925d28 | |
parent | 7451fc1d70dba68d027b35eb483a04259964e3f6 (diff) | |
download | torspec-6067027691adcbcfe4a07583842752aed54d6251.tar.gz torspec-6067027691adcbcfe4a07583842752aed54d6251.zip |
Revise table about AUTH0003 contents
-rw-r--r-- | spec/tor-spec/negotiating-channels.md | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md index bdeb406..01a22d1 100644 --- a/spec/tor-spec/negotiating-channels.md +++ b/spec/tor-spec/negotiating-channels.md @@ -360,26 +360,27 @@ and authenticated the responder. If AuthType is `[00 03]`, meaning "Ed25519-SHA256-RFC5705", -the Authentication field of the AUTHENTICE cell is as follows +the Authentication field of the AUTHENTICATE cell is as follows Modified values and new fields below are marked with asterisks. -| Field | Size | Description | +| Field | Size | Summary | | --------- | ---- | ----------- | | `TYPE` | 8 | The nonterminated string `AUTH0003` | | `CID` | 32 | `SHA256(KP_relayid_rsa)` for initiator | | `SID` | 32 | `SHA256(KP_relayid_rsa)` for responder | | `CID_ED` | 32 | `KP_relayid_ed` for initiator | | `SID_ED` | 32 | `KP_relayid_ed` for responder | -| `SLOG` | 32 | SHA256 of responder transcript | -| `CLOG` | 32 | SHA256 of initiator transcript | +| `SLOG` | 32 | Responder log digest, SHA256 | +| `CLOG` | 32 | Initiator log digest, SHA256 | | `SCERT` | 32 | SHA256 of responder's TLS certificate | | `TLSSECRETS`|32 | RFC5705 information | | `RAND` | 24 | [Random bytes] | | `SIG` | 64 | Ed25519 signature | -Notes: +- The `TYPE` string distinguishes this authentication document from others. + It must be the nonterminated 8-byte string `AUTH0003`. - For `CID` and `SID`, the SHA256 digest of an RSA key is computed as the SHA256 digest of its asn.1 encoding. - The `SLOG` field is computed @@ -396,6 +397,9 @@ Notes: the AUTHENTICATE cell. - This includes the VERSIONS cell, the CERTS cell, and any padding cells. +- The `SCERT` field holds the SHA256 digest + of the X.509 certificate presented by the responder + as part of the TLS negotiation. - The `TLSSECRETS` field is computed as the output of a Keying Material Exporter function on the TLS section. @@ -407,6 +411,7 @@ Notes: see [RFC 8446 Section 7.5]. - For keying material exporters on older TLS versions, see [RFC5705]. +- The `RAND` field is a uniform squence of [Random bytes]. - The `SIG` field is an Ed25519 signature of all earlier members in the Authentication (from `TYPE` through `RAND`) |