diff options
author | Jim Newsome <jnewsome@torproject.org> | 2023-11-08 11:53:40 -0600 |
---|---|---|
committer | Jim Newsome <jnewsome@torproject.org> | 2023-11-08 11:53:40 -0600 |
commit | f223ae81c6d8a7370b7a0c50aeb6528eb134de3b (patch) | |
tree | 0676ced09b48175f051d95daa29dd332bd7e48a6 /spec | |
parent | 38682e613a42fe26054989611d299c8438ea3fca (diff) | |
download | torspec-f223ae81c6d8a7370b7a0c50aeb6528eb134de3b.tar.gz torspec-f223ae81c6d8a7370b7a0c50aeb6528eb134de3b.zip |
create-created-cells.md: replace some section references
Diffstat (limited to 'spec')
-rw-r--r-- | spec/tor-spec/create-created-cells.md | 11 | ||||
-rw-r--r-- | spec/tor-spec/setting-circuit-keys.md | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/spec/tor-spec/create-created-cells.md b/spec/tor-spec/create-created-cells.md index 453d4b0..d649f7c 100644 --- a/spec/tor-spec/create-created-cells.md +++ b/spec/tor-spec/create-created-cells.md @@ -55,7 +55,7 @@ or The first format is equivalent to a CREATE2 cell with HTYPE of 'tap' and length of `TAP_C_HANDSHAKE_LEN`. The second format is a way to encapsulate new handshake types into the old CREATE cell format for -migration. See 5.1.2 below. Recognized HTAG values are: +migration. See ["EXTEND and EXTENDED cells"](#EXTEND) below. Recognized HTAG values are: | Value | Description | | ----- | ----------- | @@ -171,7 +171,8 @@ The relay payload for an EXTEND relay cell consists of: The "legacy identity" and "identity fingerprint" fields are the SHA1 hash of the PKCS#1 ASN1 encoding of the next onion router's -identity (signing) key. (See 0.3 above.) The "Ed25519 identity" +identity (signing) key. (See ["Preliminaries » Ciphers"](./preliminaries.md#ciphers)) +The "Ed25519 identity" field is the Ed25519 identity key of the target node. Including this key information allows the extending OR verify that it is indeed connected to the correct target OR, and prevents certain @@ -235,7 +236,8 @@ Define TAP_S_HANDSHAKE_LEN as DH_LEN+HASH_LEN. The payload for a CREATE cell is an 'onion skin', which consists of the first step of the DH handshake data (also known as g^x). This value is encrypted using the "legacy hybrid encryption" algorithm -(see 0.4 above) to the server's onion key, giving a client handshake: +(see ["Preliminaries » A bad hybrid encryption algorithm..."](./preliminaries.md#legacy-hybrid-encryption)) +to the server's onion key, giving a client handshake: ```text KP-encrypted: @@ -270,7 +272,8 @@ the OR. Discarding other keys may allow attacks to learn bits of the private key.) Once both parties have g^xy, they derive their shared circuit keys -and 'derivative key data' value via the KDF-TOR function in 5.2.1. +and 'derivative key data' value via the +[KDF-TOR function](./setting-circuit-keys.md#kdf-tor). <a id="tor-spec.txt-5.1.4"></a> diff --git a/spec/tor-spec/setting-circuit-keys.md b/spec/tor-spec/setting-circuit-keys.md index 6cea0f3..36737c9 100644 --- a/spec/tor-spec/setting-circuit-keys.md +++ b/spec/tor-spec/setting-circuit-keys.md @@ -4,7 +4,7 @@ <a id="tor-spec.txt-5.2.1"></a> -## KDF-TOR +## KDF-TOR{#kdf-tor} This key derivation function is used by the TAP and CREATE_FAST handshakes, and in the current hidden service protocol. It shouldn't |