commit 7ad2fff7ef43678411b8e8ba6c40a1aaed27ee28 Author: George Kadianakis desnacked@riseup.net Date: Fri Apr 13 15:11:32 2018 +0300
Fix inconsistencies on HS v3 spec and cert-spec.txt.
Pointed out by inkylatenoth in: https://lists.torproject.org/pipermail/tor-dev/2017-October/012527.html
Fixes ticket #24544. --- cert-spec.txt | 9 ++++++--- rend-spec-v3.txt | 5 +++-- 2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/cert-spec.txt b/cert-spec.txt index 05f17f4..95c303f 100644 --- a/cert-spec.txt +++ b/cert-spec.txt @@ -72,8 +72,7 @@ Before processing any certificate, parties SHOULD know which identity key it is supposed to be signed by, and then check the signature. The signature is formed by signing the first N-64 - bytes of the certificate prefixed with the string "Tor node - signing key certificate v1". + bytes of the certificate.
2.2. Basic extensions
@@ -159,7 +158,6 @@ A.3. List of signature prefixes We describe various documents as being signed with a prefix. Here are those prefixes:
- "Tor node signing key certificate v1" (section 2.1) "Tor router descriptor signature v1" (see dir-spec.txt)
A.4. List of certified key types @@ -167,4 +165,9 @@ A.4. List of certified key types [01] ed25519 key [02] SHA256 hash of an RSA key [03] SHA256 hash of an X.509 certificate + [08] short-term HS descriptor signing key, signed with blinded public key (rend-spec-v3.txt) + [09] intro point authentication key, cross-certifying the HS descriptor + signing key (rend-spec-v3.txt) + [0B] ed25519 key derived from the curve25519 intro point encryption key, + cross-certifying the HS descriptor signing key (rend-spec-v3.txt)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 019b61e..fd51cb2 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1094,7 +1094,8 @@ Table of contents:
An encrypted blob, whose format is discussed in [HS-DESC-ENC] below. The blob is base64 encoded and enclosed in -----BEGIN MESSAGE---- and - ----END MESSAGE---- wrappers. + ----END MESSAGE---- wrappers. (The resulting document does not end with + a newline character.)
"signature" SP signature NL
@@ -2168,7 +2169,7 @@ A.2. Tor's key derivation scheme then clamp the blinding factor 'h' according to the ed25519 spec:
h[0] &= 248; - h[31] &= 127; + h[31] &= 63; h[31] |= 64;
and do the key derivation as follows: