diff options
Diffstat (limited to 'spec/tor-spec/negotiating-channels.md')
-rw-r--r-- | spec/tor-spec/negotiating-channels.md | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md index 1184fd8..1ab3721 100644 --- a/spec/tor-spec/negotiating-channels.md +++ b/spec/tor-spec/negotiating-channels.md @@ -321,34 +321,34 @@ cell, and authenticated the responder. If AuthType is 1 (meaning "RSA-SHA256-TLSSecret"), then the Authentication field of the AUTHENTICATE cell contains the following: -* TYPE: The characters "AUTH0001" [8 octets] -* CID: A SHA256 hash of the initiator's RSA1024 identity key [32 octets] -* SID: A SHA256 hash of the responder's RSA1024 identity key [32 octets] +* TYPE: The characters "AUTH0001" \[8 octets\] +* CID: A SHA256 hash of the initiator's RSA1024 identity key \[32 octets\] +* SID: A SHA256 hash of the responder's RSA1024 identity key \[32 octets\] * SLOG: A SHA256 hash of all bytes sent from the responder to the initiator as part of the negotiation up to and including the AUTH_CHALLENGE cell; that is, the VERSIONS cell, the CERTS cell, - the AUTH_CHALLENGE cell, and any padding cells. [32 octets] + the AUTH_CHALLENGE cell, and any padding cells. \[32 octets\] * CLOG: A SHA256 hash of all bytes sent from the initiator to the responder as part of the negotiation so far; that is, the - VERSIONS cell and the CERTS cell and any padding cells. [32 - octets] -* SCERT: A SHA256 hash of the responder's TLS link certificate. [32 - octets] + VERSIONS cell and the CERTS cell and any padding cells. \[32 + octets\] +* SCERT: A SHA256 hash of the responder's TLS link certificate. \[32 + octets\] * TLSSECRETS: A SHA256 HMAC, using the TLS master secret as the secret key, of the following: - client_random, as sent in the TLS Client Hello - server_random, as sent in the TLS Server Hello - the NUL terminated ASCII string: "Tor V3 handshake TLS cross-certification" - [32 octets] + \[32 octets\] * RAND: A 24 byte value, randomly chosen by the initiator. (In an imitation of SSL3's gmt_unix_time field, older versions of Tor sent an 8-byte timestamp as the first 8 bytes of this field; - new implementations should not do that.) [24 octets] + new implementations should not do that.) \[24 octets\] * SIG: A signature of a SHA256 hash of all the previous fields using the initiator's "Authenticate" key as presented. (As always in Tor, we use OAEP-MGF1 padding; see [Ciphers](./preliminaries.md#ciphers)) - [variable length] + \[variable length\] To check the AUTHENTICATE cell, a responder checks that all fields from TYPE through TLSSECRETS contain their unique @@ -370,31 +370,31 @@ Authentication field of the AuthType cell is as below: Modified values and new fields below are marked with asterisks. -* TYPE: The characters "AUTH0003" [8 octets] -* CID: A SHA256 hash of the initiator's RSA1024 identity key [32 octets] -* SID: A SHA256 hash of the responder's RSA1024 identity key [32 octets] -* CID_ED: The initiator's Ed25519 identity key [32 octets] -* SID_ED: The responder's Ed25519 identity key, or all-zero. [32 octets] +* TYPE: The characters "AUTH0003" \[8 octets\] +* CID: A SHA256 hash of the initiator's RSA1024 identity key \[32 octets\] +* SID: A SHA256 hash of the responder's RSA1024 identity key \[32 octets\] +* CID_ED: The initiator's Ed25519 identity key \[32 octets\] +* SID_ED: The responder's Ed25519 identity key, or all-zero. \[32 octets\] * SLOG: A SHA256 hash of all bytes sent from the responder to the initiator as part of the negotiation up to and including the AUTH_CHALLENGE cell; that is, the VERSIONS cell, the CERTS cell, - the AUTH_CHALLENGE cell, and any padding cells. [32 octets] + the AUTH_CHALLENGE cell, and any padding cells. \[32 octets\] * CLOG: A SHA256 hash of all bytes sent from the initiator to the responder as part of the negotiation so far; that is, the - VERSIONS cell and the CERTS cell and any padding cells. [32 - octets] -* SCERT: A SHA256 hash of the responder's TLS link certificate. [32 - octets] + VERSIONS cell and the CERTS cell and any padding cells. \[32 + octets\] +* SCERT: A SHA256 hash of the responder's TLS link certificate. \[32 + octets\] * TLSSECRETS: The output of an RFC5705 Exporter function on the TLS session, using as its inputs: - The label string "EXPORTER FOR TOR TLS CLIENT BINDING AUTH0003" - The context value equal to the initiator's Ed25519 identity key. - The length 32. - [32 octets] -* RAND: A 24 byte value, randomly chosen by the initiator. [24 octets] + \[32 octets\] +* RAND: A 24 byte value, randomly chosen by the initiator. \[24 octets\] * SIG: A signature of all previous fields using the initiator's Ed25519 authentication key (as in the cert with CertType 6). - [variable length] + \[variable length\] To check the AUTHENTICATE cell, a responder checks that all fields from TYPE through TLSSECRETS contain their unique |