From 5c6b282e57f866a1341eb705cb21507fcbfcc543 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Mon, 6 Feb 2023 12:25:55 +0000
Subject: Call the key in desc-auth-ephemeral-key, KP_hs_desc_ephem

Proposed by @nickm in
  https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/999/diffs#50f9790ab3f0a65f7ac3e4f413c84f51fae1f855_0_26

(I think the spec is not 100% clear that hs_y and hs_Y are *this* key,
rather than some other possible ephemeral keypair the HS might have,
so please would the reviewer check that this is actually true.)
---
 rend-spec-v3.txt | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'rend-spec-v3.txt')

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index a8ac264..afc2a46 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -1208,7 +1208,7 @@ Table of contents:
 
       If client authorization is disabled, the value here should be "x25519".
 
-     "desc-auth-ephemeral-key" SP key NL
+     "desc-auth-ephemeral-key" SP KP_hs_desc_ephem NL
 
       [Exactly once]
 
@@ -1239,13 +1239,11 @@ Table of contents:
 
           client_x = private x25519 key of authorized client
           client_X = public x25519 key of authorized client
-          hs_y = private key of ephemeral x25519 keypair of hidden service
-          hs_Y = public key of ephemeral x25519 keypair of hidden service
           descriptor_cookie = descriptor cookie used to encrypt the descriptor
 
       And here is what the hidden service computes:
 
-          SECRET_SEED = x25519(hs_y, client_X)
+          SECRET_SEED = x25519(KS_hs_desc_ephem, client_X)
           KEYS = KDF(N_hs_subcred | SECRET_SEED, 40)
           CLIENT-ID = fist 8 bytes of KEYS
           COOKIE-KEY = last 32 bytes of KEYS
-- 
cgit v1.2.3-54-g00ecf