diff options
author | Nick Mathewson <nickm@torproject.org> | 2011-02-21 13:45:00 -0500 |
---|---|---|
committer | Sebastian Hahn <sebastian@torproject.org> | 2011-02-21 21:13:44 +0100 |
commit | 1dd2adc5e02131f523157749d399cced1831294e (patch) | |
tree | b5faa389e720a1e2fb2262130994aff0790a2488 /proposals/176-revising-handshake.txt | |
parent | 3869a76023c3dccde0d844de61f1e19d7289c019 (diff) | |
download | torspec-1dd2adc5e02131f523157749d399cced1831294e.tar.gz torspec-1dd2adc5e02131f523157749d399cced1831294e.zip |
Add fixed string and nonce to prop 176 at suggestion from agl
Diffstat (limited to 'proposals/176-revising-handshake.txt')
-rw-r--r-- | proposals/176-revising-handshake.txt | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/proposals/176-revising-handshake.txt b/proposals/176-revising-handshake.txt index f37f770..db7ea4a 100644 --- a/proposals/176-revising-handshake.txt +++ b/proposals/176-revising-handshake.txt @@ -358,13 +358,14 @@ Supersedes: 169 cell. If AuthType is 1 (meaning "RSA-SHA256-TLSSecret"), then the Authentication contains the following: + Type: The characters "AUTH0001" [8 octets] CID: A SHA256 hash of the client's RSA1024 identity key [32 octets] SID: A SHA256 hash of the server's RSA1024 identity key [32 octets] SLOG: A SHA256 hash of all bytes sent from the server to the client as part of the negotiation up to and including the AUTH_CHALLENGE cell; that is, the VERSIONS cell, the CERT cell, and the AUTH_CHALLENGE cell. [32 octets] - CLOG: A SHA256 hash of all byte sent from the client to the + CLOG: A SHA256 hash of all bytes sent from the client to the server as part of the negotiation so far; that is, the VERSIONS cell and the CERT cell. [32 octets] SCERT: A SHA256 hash of the server's TLS link @@ -377,6 +378,7 @@ Supersedes: 169 "Tor V3 handshake TLS cross-certification" [32 octets] TIME: The time of day in seconds since the POSIX epoch. [8 octets] + NONCE: A 16 byte value, randomly chosen by the client [16 octets] SIG: A signature of a SHA256 hash of all the previous fields using the client's "Authenticate" key as presented. (As always in Tor, we use OAEP-MGF1 padding; see tor-spec.txt |