aboutsummaryrefslogtreecommitdiff
path: root/proposals/269-hybrid-handshake.txt
diff options
context:
space:
mode:
authorJohn M. Schanck <jschanck@securityinnovation.com>2016-10-14 14:07:09 -0400
committerJohn M. Schanck <jschanck@securityinnovation.com>2016-10-14 14:07:09 -0400
commit045a8afb0c1b18b19fdc87b9b3aec3f498fcd859 (patch)
treef0ec51591748dfea7f8e764af0bd65b2d4dedaec /proposals/269-hybrid-handshake.txt
parent8de17fa1b84c59a74178aba57c146bfb431801cf (diff)
downloadtorspec-045a8afb0c1b18b19fdc87b9b3aec3f498fcd859.tar.gz
torspec-045a8afb0c1b18b19fdc87b9b3aec3f498fcd859.zip
prop269: Append PROTOID to TRANSCRIPT
Diffstat (limited to 'proposals/269-hybrid-handshake.txt')
-rw-r--r--proposals/269-hybrid-handshake.txt30
1 files changed, 15 insertions, 15 deletions
diff --git a/proposals/269-hybrid-handshake.txt b/proposals/269-hybrid-handshake.txt
index eb35180..d2197da 100644
--- a/proposals/269-hybrid-handshake.txt
+++ b/proposals/269-hybrid-handshake.txt
@@ -174,7 +174,7 @@ Status: Draft
The server derives the authentication tag:
verify := EXPAND(seed, T_AUTH, MU)
- TRANSCRIPT := ID | A | X | EPK | Y | C
+ TRANSCRIPT := ID | A | X | EPK | Y | C | PROTOID
AUTH := HMAC(verify, TRANSCRIPT)
The server sends a CREATED cell with contents:
@@ -196,7 +196,7 @@ Status: Draft
The client derives the authentication tag:
verify := EXPAND(seed, T_AUTH, MU)
- TRANSCRIPT := ID | A | X | EPK | Y | C
+ TRANSCRIPT := ID | A | X | EPK | Y | C | PROTOID
AUTH := HMAC(verify, TRANSCRIPT)
The client verifies that AUTH matches the tag received from the server.
@@ -221,18 +221,18 @@ Status: Draft
| |
| --- CREATE_DATA ---> |
| |
- | y, Y := DH_GEN() |
- | s0 := H(DH_MUL(X,a)) |
- | s1 := DH_MUL(X,y) |
- | s2, C := KEM_ENC(EPK) |
- | SALT := ID | A | X | EPK |
- | secret := s0 | s1 | s2 |
- | seed := EXTRACT(SALT, secret) |
- | verify := EXPAND(seed, T_AUTH, MU) |
- | TRANSCRIPT := ID | A | X | Y | EPK | C |
- | AUTH := HMAC(verify, TRANSCRIPT) |
- | key := EXPAND(seed, T_KEY, KEY_LEN) |
- | CREATED_DATA := Y | C | AUTH |
+ | y, Y := DH_GEN() |
+ | s0 := H(DH_MUL(X,a)) |
+ | s1 := DH_MUL(X,y) |
+ | s2, C := KEM_ENC(EPK) |
+ | SALT := ID | A | X | EPK |
+ | secret := s0 | s1 | s2 |
+ | seed := EXTRACT(SALT, secret) |
+ | verify := EXPAND(seed, T_AUTH, MU) |
+ | TRANSCRIPT := ID | A | X | Y | EPK | C | PROTOID |
+ | AUTH := HMAC(verify, TRANSCRIPT) |
+ | key := EXPAND(seed, T_KEY, KEY_LEN) |
+ | CREATED_DATA := Y | C | AUTH |
| |
| <-- CREATED_DATA --- |
| |
@@ -283,7 +283,7 @@ Status: Draft
secret_input := H(EXP(X,a)) | EXP(X,y)
seed := EXTRACT(SALT, secret_input)
verify := EXPAND(seed, T_AUTH, MU)
- TRANSCRIPT := ID | A | X | Y
+ TRANSCRIPT := ID | A | X | Y | PROTOID
AUTH := HMAC(verify, TRANSCRIPT)
key := EXPAND(seed, T_KEY, KEY_LEN)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion