aboutsummaryrefslogtreecommitdiff
path: root/spec/rend-spec-v3/rendezvous-protocol.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/rend-spec-v3/rendezvous-protocol.md')
-rw-r--r--spec/rend-spec-v3/rendezvous-protocol.md8
1 files changed, 6 insertions, 2 deletions
diff --git a/spec/rend-spec-v3/rendezvous-protocol.md b/spec/rend-spec-v3/rendezvous-protocol.md
index 65a70aa..316bcf2 100644
--- a/spec/rend-spec-v3/rendezvous-protocol.md
+++ b/spec/rend-spec-v3/rendezvous-protocol.md
@@ -1,4 +1,5 @@
<a id="rend-spec-v3.txt-4"></a>
+
# The rendezvous protocol
Before connecting to a hidden service, the client first builds a
@@ -19,6 +20,7 @@ but use an anonymous 3-hop circuit if:
```
<a id="rend-spec-v3.txt-4.1"></a>
+
## Establishing a rendezvous point [EST_REND_POINT]
The client sends the rendezvous point a RELAY_COMMAND_ESTABLISH_RENDEZVOUS
@@ -47,6 +49,7 @@ The client should establish a rendezvous point BEFORE trying to
connect to a hidden service.
<a id="rend-spec-v3.txt-4.2"></a>
+
## Joining to a rendezvous point [JOIN_REND]
To complete a rendezvous, the hidden service host builds a circuit to
@@ -87,13 +90,14 @@ Now both parties use the handshake output to derive shared keys for use on
the circuit as specified in the section below:
<a id="rend-spec-v3.txt-4.2.1"></a>
+
### Key expansion
The hidden service and its client need to derive crypto keys from the
NTOR_KEY_SEED part of the handshake output. To do so, they use the KDF
construction as follows:
-K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 2 + S_KEY_LEN * 2)
+K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN *2 + S_KEY_LEN* 2)
The first HASH_LEN bytes of K form the forward digest Df; the next HASH_LEN
bytes form the backward digest Db; the next S_KEY_LEN bytes form Kf, and the
@@ -113,6 +117,7 @@ contents? It's not necessary, but it could be wise. Similarly, we
should make it extensible.]
<a id="rend-spec-v3.txt-4.3"></a>
+
## Using legacy hosts as rendezvous points
[This section is obsolete and refers to a workaround for now-obsolete Tor
@@ -131,4 +136,3 @@ Relays older than 0.2.9.1 should not be used for rendezvous points by next
generation onion services because they enforce too-strict length checks to
rendezvous cells. Hence the "HSRend" protocol from proposal#264 should be
used to select relays for rendezvous points.
-
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion