[tor-commits] [torspec/master] prop224: Minor fixes to descriptor format

asn at torproject.org asn at torproject.org
Sat Apr 9 11:15:20 UTC 2016 

commit fdd5cc01bcb3c02901c51e3bd9f5812e4066c43b
Author: John Brooks <special at torproject.org>
Date:   Thu Mar 10 19:25:45 2016 +0100

    prop224: Minor fixes to descriptor format
---
 proposals/224-rend-spec-ng.txt | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index f7a4304..78b2071 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -942,11 +942,14 @@ Status: Draft
    The encrypted part of the hidden service descriptor is encrypted and
    authenticated with symmetric keys generated as follows:
 
-       salt = 16 random bytes, different for each post to each replica,
+       SALT = 16 bytes from H(random), different for each post to each replica,
               even if the content of the descriptor hasn't changed.
               (This avoids leaking service stability, and linking replicas
               via encrypted data comparison.)
 
+       (We hash salt so that we don't leak the raw bytes returned by a PRNG
+       to the network. See [RANDOM-REFS].)
+
        [ XX/teor - is the extra load on the HSDirs worth it? ]
 
        secret_input = blinded_public_key(replica-keynum) |
@@ -960,13 +963,10 @@ Status: Draft
 
    The encrypted data has the format:
 
-       H(SALT)    H(random bytes from above)      [16 bytes]
+       SALT       hashed random bytes from above  [16 bytes]
        ENCRYPTED  The plaintext encrypted with S  [variable]
        MAC        MAC of both above fields        [32 bytes]
 
-   (We hash salt so that we don't leak the raw bytes returned by a PRNG
-   to the network. See [RANDOM-REFS].)
-
    The encryption format is ENCRYPTED =
                STREAM(SECRET_IV,SECRET_KEY) xor Plaintext
 
@@ -1040,6 +1040,8 @@ Status: Draft
 
         [TODO: I'd like to have a cross-certification here too.]
 
+   To remain compatible with future revisions to the descriptor format,
+   clients should ignore unrecognized lines in the descriptor.
    Other encryption and authentication key formats are allowed; clients
    should ignore ones they do not recognize.

More information about the tor-commits mailing list