diff options
author | David Goulet <dgoulet@torproject.org> | 2024-04-04 13:55:41 +0000 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2024-04-04 13:55:41 +0000 |
commit | cf339e7ec3ce89c783c0f0801d5bf09bbcbf1da6 (patch) | |
tree | fe1a98fc2ef45c3fdb4eaf1e3c16fb6c7198b62e /spec/rend-spec | |
parent | 063f3836effae5a4aa33b683d0386b1ca0b78f4d (diff) | |
parent | 02e00acc592ca9c8c3aa1e347c6932daadded57f (diff) | |
download | torspec-cf339e7ec3ce89c783c0f0801d5bf09bbcbf1da6.tar.gz torspec-cf339e7ec3ce89c783c0f0801d5bf09bbcbf1da6.zip |
Merge branch 'clarify_hsv3_relay' into 'main'
Slight clarifications about hsv3 relay crypto
See merge request tpo/core/torspec!261
Diffstat (limited to 'spec/rend-spec')
-rw-r--r-- | spec/rend-spec/encrypting-user-data.md | 7 | ||||
-rw-r--r-- | spec/rend-spec/introduction-protocol.md | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/spec/rend-spec/encrypting-user-data.md b/spec/rend-spec/encrypting-user-data.md index 460f71e..fdf1a30 100644 --- a/spec/rend-spec/encrypting-user-data.md +++ b/spec/rend-spec/encrypting-user-data.md @@ -10,3 +10,10 @@ Tor relay encryption protocol, applying encryption with these keys before other encryption, and decrypting with these keys before other decryption. The client encrypts with Kf and decrypts with Kb; the service host does the opposite. + +As mentioned +[previously](./introduction-protocol.md#INTRO-HANDSHAKE-REQS), +these keys are used the same as for +[regular relay cell encryption](../tor-spec/routing-relay-cells.md), +except that instead of using AES-128 and SHA1, +both parties use AES-256 and SHA3-256. diff --git a/spec/rend-spec/introduction-protocol.md b/spec/rend-spec/introduction-protocol.md index 43c5638..0181dd2 100644 --- a/spec/rend-spec/introduction-protocol.md +++ b/spec/rend-spec/introduction-protocol.md @@ -696,7 +696,9 @@ HANDSHAKE_INFO element (see \[JOIN_REND\]). The hidden service host now also knows the keys generated by the handshake, which it will use to encrypt and authenticate data end-to-end between the client and the server. These keys are as -computed in tor-spec.txt section 5.1.4, except that instead of using +computed with the +[ntor handshake](../tor-spec/create-created-cells.html#ntor), +except that instead of using AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256. <a id="rend-spec-v3.txt-3.4"></a> |