commit c8e256400689fd19f4c429349f532ab21cb7583e Author: George Kadianakis desnacked@riseup.net Date: Tue May 23 15:48:21 2017 +0300
prop224: Remove KH from ntor key derivation.
We don't need KH anymore since we do a MAC check anyway. --- proposals/224-rend-spec-ng.txt | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index f8e131c..6f16fce 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -1857,12 +1857,11 @@ Table of contents: NTOR_KEY_SEED part of the handshake output. To do so, they use the KDF construction as follows:
- K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 3 + S_KEY_LEN * 2) + K = KDF(NTOR_KEY_SEED | m_hsexpand, HASH_LEN * 2 + S_KEY_LEN * 2)
- The first HASH_LEN bytes of K form KH; the next HASH_LEN form the forward - digest Df; the next HASH_LEN bytes form the backward digest Db; the next - S_KEY_LEN bytes form Kf, and the final S_KEY_LEN bytes form Kb. Excess - bytes from K are discarded. + The first HASH_LEN bytes of K form the forward digest Df; the next HASH_LEN + bytes form the backward digest Db; the next S_KEY_LEN bytes form Kf, and the + final S_KEY_LEN bytes form Kb. Excess bytes from K are discarded.
Subsequently, the rendezvous point passes relay cells, unchanged, from each of the two circuits to the other. When Alice's OP sends RELAY cells along