From cda3558894c23bb21bfdc33b1ab4e8e2c7ff27ea Mon Sep 17 00:00:00 2001
From: Neel Chauhan <neel@neelc.org>
Date: Sun, 15 Nov 2020 14:29:02 -0800
Subject: Add torspec for V3 control port authorization format

---
 control-spec.txt | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'control-spec.txt')

diff --git a/control-spec.txt b/control-spec.txt
index 12dd1a7..da8a1e5 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -1666,6 +1666,7 @@
             [SP "MaxStreams=" NumStreams]
             1*(SP "Port=" VirtPort ["," Target])
             *(SP "ClientAuth=" ClientName [":" ClientBlob]) CRLF
+            *(SP "ClientAuthV3=" V3Key) CRLF
 
     KeyType =
      "NEW"     / ; The server should generate a key of algorithm KeyBlob
@@ -1691,6 +1692,8 @@
                      to the current control connection.
      "BasicAuth" / ; Client authorization is required using the "basic"
                      method (v2 only).
+     "V3Auth"    / ; Version 3 client authorization is required (v3 only).
+
      "NonAnonymous" /; Add a non-anonymous Single Onion Service. Tor
                        checks this flag matches its configured hidden
                        service anonymity mode.
@@ -1713,6 +1716,8 @@
     ClientBlob = Authorization data for the client, in an opaque format
                  specific to the authorization method (v2 only).
 
+    V3Key = The client's base32-encoded public key (v3 only).
+
   The server reply format is:
 
     "250-ServiceID=" ServiceID CRLF
-- 
cgit v1.2.3-54-g00ecf


From 35aaa1bc6fd6f2285424b73ddc716ca8274b1fe5 Mon Sep 17 00:00:00 2001
From: Neel Chauhan <neel@neelc.org>
Date: Tue, 24 Nov 2020 20:14:27 -0800
Subject: Add asn@ review for V3 control auth

---
 control-spec.txt | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'control-spec.txt')

diff --git a/control-spec.txt b/control-spec.txt
index da8a1e5..679c0ff 100644
--- a/control-spec.txt
+++ b/control-spec.txt
@@ -1716,7 +1716,8 @@
     ClientBlob = Authorization data for the client, in an opaque format
                  specific to the authorization method (v2 only).
 
-    V3Key = The client's base32-encoded public key (v3 only).
+    V3Key = The client's base32-encoded ed25519 public key, using only the key
+            part of rend-spec-v3.txt section G.1.2 (v3 only).
 
   The server reply format is:
 
@@ -1803,6 +1804,11 @@
      S: 250-ClientAuth=bob:[Blob Redacted]
      S: 250 OK
 
+     C: ADD_ONION NEW:ED25519-V3 ClientAuthV3=[Blob Redacted] Port=22
+     S: 250-ServiceID=n35etu3yjxrqjpntmfziom5sjwspoydchmelc4xleoy4jk2u4lziz2yd
+     S: 250-ClientAuthV3=[Blob Redacted]
+     S: 250 OK
+
   Examples with Tor in anonymous onion service mode:
 
      C: ADD_ONION NEW:BEST Flags=DiscardPK Port=22
@@ -1826,6 +1832,7 @@
   [ClientAuth was added in Tor 0.2.9.1-alpha. It is v2 only.]
   [NonAnonymous was added in Tor 0.2.9.3-alpha.]
   [HS v3 support added 0.3.3.1-alpha]
+  [ClientV3Auth support added 0.4.6.1-alpha]
 
 3.28. DEL_ONION
 
-- 
cgit v1.2.3-54-g00ecf