From 1dd2adc5e02131f523157749d399cced1831294e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 21 Feb 2011 13:45:00 -0500 Subject: Add fixed string and nonce to prop 176 at suggestion from agl --- proposals/176-revising-handshake.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'proposals/176-revising-handshake.txt') diff --git a/proposals/176-revising-handshake.txt b/proposals/176-revising-handshake.txt index f37f770..db7ea4a 100644 --- a/proposals/176-revising-handshake.txt +++ b/proposals/176-revising-handshake.txt @@ -358,13 +358,14 @@ Supersedes: 169 cell. If AuthType is 1 (meaning "RSA-SHA256-TLSSecret"), then the Authentication contains the following: + Type: The characters "AUTH0001" [8 octets] CID: A SHA256 hash of the client's RSA1024 identity key [32 octets] SID: A SHA256 hash of the server's RSA1024 identity key [32 octets] SLOG: A SHA256 hash of all bytes sent from the server to the client as part of the negotiation up to and including the AUTH_CHALLENGE cell; that is, the VERSIONS cell, the CERT cell, and the AUTH_CHALLENGE cell. [32 octets] - CLOG: A SHA256 hash of all byte sent from the client to the + CLOG: A SHA256 hash of all bytes sent from the client to the server as part of the negotiation so far; that is, the VERSIONS cell and the CERT cell. [32 octets] SCERT: A SHA256 hash of the server's TLS link @@ -377,6 +378,7 @@ Supersedes: 169 "Tor V3 handshake TLS cross-certification" [32 octets] TIME: The time of day in seconds since the POSIX epoch. [8 octets] + NONCE: A 16 byte value, randomly chosen by the client [16 octets] SIG: A signature of a SHA256 hash of all the previous fields using the client's "Authenticate" key as presented. (As always in Tor, we use OAEP-MGF1 padding; see tor-spec.txt -- cgit v1.2.3-54-g00ecf