diff options
author | George Kadianakis <desnacked@riseup.net> | 2017-05-23 15:48:21 +0300 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2017-05-25 16:08:29 +0300 |
commit | c8e256400689fd19f4c429349f532ab21cb7583e (patch) | |
tree | dac49750df44f6431bc26939f15234a58916c715 /proposals/224-rend-spec-ng.txt | |
parent | ec3802145b280bd19ae635ac567a9c24dfb874dd (diff) | |
download | torspec-c8e256400689fd19f4c429349f532ab21cb7583e.tar.gz torspec-c8e256400689fd19f4c429349f532ab21cb7583e.zip |
prop224: Remove KH from ntor key derivation.
We don't need KH anymore since we do a MAC check anyway.
Diffstat (limited to 'proposals/224-rend-spec-ng.txt')
-rw-r--r-- | proposals/224-rend-spec-ng.txt | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index f8e131c..6f16fce 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -1857,12 +1857,11 @@ Table of contents: NTOR_KEY_SEED part of the handshake output. To do so, they use the KDF construction as follows: - K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 3 + S_KEY_LEN * 2) + K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 2 + S_KEY_LEN * 2) - The first HASH_LEN bytes of K form KH; the next HASH_LEN form the forward - digest Df; the next HASH_LEN bytes form the backward digest Db; the next - S_KEY_LEN bytes form Kf, and the final S_KEY_LEN bytes form Kb. Excess - bytes from K are discarded. + The first HASH_LEN bytes of K form the forward digest Df; the next HASH_LEN + bytes form the backward digest Db; the next S_KEY_LEN bytes form Kf, and the + final S_KEY_LEN bytes form Kb. Excess bytes from K are discarded. Subsequently, the rendezvous point passes relay cells, unchanged, from each of the two circuits to the other. When Alice's OP sends RELAY cells along |