From 6a31b18a87e50f2bb25bc8c7a95c5755ce600a2d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 18 Sep 2023 17:40:19 -0400 Subject: rend-spec: Recommend a 490-byte INTRODUCE1 message. Closes #222; see arti#1031 --- rend-spec-v3.txt | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'rend-spec-v3.txt') diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index c2fe833..d836d23 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1966,8 +1966,13 @@ Table of contents: extending to the rendezvous point. It must be of a type listed as supported in the hidden service descriptor. - When using a legacy introduction point, the INTRODUCE cells must be padded - to a certain length using the PAD field in the encrypted portion. + The PAD field should be filled with zeros; its size should be chosen + so that the INTRODUCE2 message occupies a fixed maximum size, in + order to hide the length of the encrypted data. (This maximum size is + 490, since we assume that a future Tor implementations will implement + proposal 340 and thus lower the number of bytes that can be contained + in a single relay message.) Note also that current versions of Tor + only pad the INTRODUCE2 message up to 246 bytes. Upon receiving a well-formed INTRODUCE2 cell, the hidden service host will have: @@ -2804,6 +2809,10 @@ Appendix G. Text vectors 0000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 + (Note! This should in fact be padded to be longer; when these + test vectors were generated, the target INTRODUCE1 length in C + Tor was needlessly short.) + The client now begins the hs-ntor handshake. It generates a curve25519 keypair: -- cgit v1.2.3-54-g00ecf