nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct description of extracting Kf and Kb from g^xy.

Browse Source 
svn:r414
This commit is contained in:
Nick Mathewson 2003-08-25 18:50:29 +00:00
parent 0878ceb779
commit ee0440f908
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/tor-spec.txt
View File

@ -278,11 +278,18 @@ which reveals the downstream node.
4.2. Setting circuit keys
Once the handshake between the OP and an OR is completed, both
servers can now calculate g^xy with ordinary DH. They divide the
last 32 bytes of this shared secret into two 16-byte keys, the
first of which (called Kf) is used to encrypt the stream of data
going from the OP to the OR, and second of which (called Kb) is
used to encrypt the stream of data going from the OR to the OP.
servers can now calculate g^xy with ordinary DH. From the base key
material g^xy, they compute two 16 byte keys, called Kf and Kb as
follows. First, the server represents g^xy as a big-endian
unsigned integer. Next, the server computes 40 bytes of key data
as K = SHA1(g^xy | [00]) | SHA1(g^xy | [01]) where "00" is a single
octet whose value is zero, and "01" is a single octet whose value
is one. The first 16 bytes of K form Kf, and the next 16 bytes of
K form Kb.
Kf is used to encrypt the stream of data going from the OP to the
OR, whereas Kb is used to encrypt the stream of data going from the
OR to the OP.
4.3. Creating circuits