This is an automated email from the git hooks/post-receive script.
nickm pushed a commit to branch main in repository torspec.
commit 78385868959876f08149d7cd0346b2603d327a0f Author: Nick Mathewson nickm@torproject.org AuthorDate: Wed Feb 8 11:39:37 2023 -0500
Refer to N_hs_desc_enc in description of encrypted-cookie --- rend-spec-v3.txt | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index 0dc20db..947d82e 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -1242,13 +1242,8 @@ Table of contents: a pre-shared x25519 keypair (`KP_hsc_desc_enc`) which is used to decrypt the descriptor cookie.
- - We now describe the descriptor cookie encryption scheme. Here are the - relevant keys: - - descriptor_cookie = descriptor cookie used to encrypt the descriptor - - And here is what the hidden service computes: + We now describe the descriptor cookie encryption scheme. Here is what + the hidden service computes:
SECRET_SEED = x25519(KS_hs_desc_ephem, KP_hsc_desc_enc) KEYS = KDF(N_hs_subcred | SECRET_SEED, 40) @@ -1263,7 +1258,7 @@ Table of contents:
- The "encrypted-cookie" field contains the descriptor cookie ciphertext as follows and is encoded in base64: - encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR descriptor_cookie + encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR N_hs_desc_enc.
See section [FIRST-LAYER-CLIENT-BEHAVIOR] for the client-side logic of how to decrypt the descriptor cookie.