diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-06-13 11:15:47 -0400 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2023-06-13 12:13:25 -0400 |
commit | b345ca044131b2eb18e6ae0d5f23643a92aeff34 (patch) | |
tree | 90467259827771077dcb4344600b2cfdb8ed93ea /tor-spec.txt | |
parent | a31defc82d3ebc5809791bbbf7da7259262c70c8 (diff) | |
download | torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.tar.gz torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.zip |
Describe the behavior of our HSv3 crypto layers.
These layers use SHA3 instead of SHA1 and AES256 instead of AES128.
Their SENDME tags are made with SHA3 too, but they are truncated to
20 bytes.
Closes #204.
Diffstat (limited to 'tor-spec.txt')
-rw-r--r-- | tor-spec.txt | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tor-spec.txt b/tor-spec.txt index 72a3f19..8ab16d8 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -2175,6 +2175,11 @@ see tor-design.pdf. matched on the other side from the previous cell sent that the OR/OP must remember. + (Note that if the digest in use has an output length greater than 20 + bytes—as is the case for the hop of an onion service rendezvous + circuit created by the hs_ntor handshake—we truncate the digest + to 20 bytes here.) + If the VERSION is unrecognized or below the minimum accepted version (taken from the consensus), the circuit should be torn down. |