diff options
Diffstat (limited to 'spec/rend-spec-v3/rendezvous-protocol.md')
-rw-r--r-- | spec/rend-spec-v3/rendezvous-protocol.md | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/spec/rend-spec-v3/rendezvous-protocol.md b/spec/rend-spec-v3/rendezvous-protocol.md index 65a70aa..316bcf2 100644 --- a/spec/rend-spec-v3/rendezvous-protocol.md +++ b/spec/rend-spec-v3/rendezvous-protocol.md @@ -1,4 +1,5 @@ <a id="rend-spec-v3.txt-4"></a> + # The rendezvous protocol Before connecting to a hidden service, the client first builds a @@ -19,6 +20,7 @@ but use an anonymous 3-hop circuit if: ``` <a id="rend-spec-v3.txt-4.1"></a> + ## Establishing a rendezvous point [EST_REND_POINT] The client sends the rendezvous point a RELAY_COMMAND_ESTABLISH_RENDEZVOUS @@ -47,6 +49,7 @@ The client should establish a rendezvous point BEFORE trying to connect to a hidden service. <a id="rend-spec-v3.txt-4.2"></a> + ## Joining to a rendezvous point [JOIN_REND] To complete a rendezvous, the hidden service host builds a circuit to @@ -87,13 +90,14 @@ Now both parties use the handshake output to derive shared keys for use on the circuit as specified in the section below: <a id="rend-spec-v3.txt-4.2.1"></a> + ### Key expansion The hidden service and its client need to derive crypto keys from the NTOR_KEY_SEED part of the handshake output. To do so, they use the KDF construction as follows: -K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 2 + S_KEY_LEN * 2) +K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN *2 + S_KEY_LEN* 2) The first HASH_LEN bytes of K form the forward digest Df; the next HASH_LEN bytes form the backward digest Db; the next S_KEY_LEN bytes form Kf, and the @@ -113,6 +117,7 @@ contents? It's not necessary, but it could be wise. Similarly, we should make it extensible.] <a id="rend-spec-v3.txt-4.3"></a> + ## Using legacy hosts as rendezvous points [This section is obsolete and refers to a workaround for now-obsolete Tor @@ -131,4 +136,3 @@ Relays older than 0.2.9.1 should not be used for rendezvous points by next generation onion services because they enforce too-strict length checks to rendezvous cells. Hence the "HSRend" protocol from proposal#264 should be used to select relays for rendezvous points. - |