From 02e00acc592ca9c8c3aa1e347c6932daadded57f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 25 Mar 2024 21:17:33 -0400 Subject: Slight clarifications about hsv3 relay crypto There was a missing link at one point, and another point where we should have said what cryptography we were using. --- spec/rend-spec/encrypting-user-data.md | 7 +++++++ spec/rend-spec/introduction-protocol.md | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/spec/rend-spec/encrypting-user-data.md b/spec/rend-spec/encrypting-user-data.md index 460f71e..fdf1a30 100644 --- a/spec/rend-spec/encrypting-user-data.md +++ b/spec/rend-spec/encrypting-user-data.md @@ -10,3 +10,10 @@ Tor relay encryption protocol, applying encryption with these keys before other encryption, and decrypting with these keys before other decryption. The client encrypts with Kf and decrypts with Kb; the service host does the opposite. + +As mentioned +[previously](./introduction-protocol.md#INTRO-HANDSHAKE-REQS), +these keys are used the same as for +[regular relay cell encryption](../tor-spec/routing-relay-cells.md), +except that instead of using AES-128 and SHA1, +both parties use AES-256 and SHA3-256. diff --git a/spec/rend-spec/introduction-protocol.md b/spec/rend-spec/introduction-protocol.md index cb7debf..e605994 100644 --- a/spec/rend-spec/introduction-protocol.md +++ b/spec/rend-spec/introduction-protocol.md @@ -721,7 +721,9 @@ HANDSHAKE_INFO element (see \[JOIN_REND\]). The hidden service host now also knows the keys generated by the handshake, which it will use to encrypt and authenticate data end-to-end between the client and the server. These keys are as -computed in tor-spec.txt section 5.1.4, except that instead of using +computed with the +[ntor handshake](../tor-spec/create-created-cells.html#ntor), +except that instead of using AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256. -- cgit v1.2.3-54-g00ecf