commit 83a62b6e0f31dcb8fbe917ac9d406b78193605b7 Author: George Kadianakis desnacked@riseup.net Date: Tue Mar 15 15:28:25 2016 +0200

prop224: In cells, replace TYPE/LEN/KEY with just TYPE/KEY. --- proposals/224-rend-spec-ng.txt | 45 +++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt index dd76e36..d80b2d5 100644 --- a/proposals/224-rend-spec-ng.txt +++ b/proposals/224-rend-spec-ng.txt @@ -153,6 +153,18 @@ Status: Draft themselves, but over those strings prefixed with a distinguishing value.

+ Through this proposal we use the following construction when sending + cryptographic keys in tor cells: + + KEYTYPE [1 byte] + KEY [depends on KEYTYPE] + + In this case the size of the KEY depends on the KEYTYPE. Here are the + currently defined key types: + + * The KEYTYPE value [01] is for Ed25519 keys (size: 32 bytes). + * The KEYTYPE value [02] is for Curve25519 keys (size: 32 bytes). + * The KEYTYPE value [03] is for truncated Curve25519 keys (size: 8 bytes).

0.4. Protocol building blocks [BUILDING-BLOCKS]

@@ -1182,14 +1194,11 @@ Status: Draft NUMKEYS [1 byte] NUMKEYS times: KEYTYPE [1 byte] - KEYLEN [1 byte] - KEY [KEYLEN bytes] + KEY [depends on KEYTYPE] COUNTER [4 bytes] SIGLEN [1 byte] SIGNATURE [SIGLEN bytes.]

- The KEYTYPE value [01] is for Curve25519 keys. - The COUNTER field is a monotonically increasing value across a given introduction point authentication key.

@@ -1252,9 +1261,11 @@ Status: Draft

An INTRODUCE1 cell has the following contents:

- AUTH_KEYID [32 bytes] - ENC_KEYID [8 bytes] - N_EXTENSIONS [1 Byte] + AUTH_KEYTYPE [1 byte] + AUTH_KEYID [depends on AUTH_KEYTYPE] + ENC_KEYTYPE [1 byte] + ENC_KEYID [depends on ENC_KEYTYPE] + N_EXTENSIONS [1 byte] N_EXTENSIONS times: EXT_FIELD_TYPE [1 byte] EXT_FIELD_LEN [1 byte] @@ -1275,12 +1286,12 @@ Status: Draft running whose PK_ID is the first 20 bytes of AUTH_KEYID. If so, it behaves as in rend-spec.txt.)

- The AUTH_KEYID for an Ed25519 public key is the public key itself. - The ENC_KEYID for a Curve25519 public key is the first 8 bytes of the - public key. (This key ID is safe to truncate, since all the keys are - generated by the hidden service host, and the ID is only valid - relative to a single AUTH_KEYID.) The ENCRYPTED field is as - described in 3.3 below. + The AUTH_KEYTYPE is an Ed25519 public key (value [01]). + + The ENC_KEYTYPE is a truncated Curve25519 public key (value [03]). (This key + is safe to truncate, since all the keys are generated by the hidden service + host, and the ID is only valid relative to a single AUTH_KEYID.) The + ENCRYPTED field is as described in 3.3 below.

To relay an INTRODUCE1 cell, the introduction point sends an INTRODUCE2 cell with exactly the same contents. @@ -1360,7 +1371,7 @@ Status: Draft EXT_FIELD_TYPE [1 byte] EXT_FIELD_LEN [1 byte] EXT_FIELD [EXT_FIELD_LEN bytes] - ONION_KEY_TYPE [2 bytes] + ONION_KEY_TYPE [1 bytes] ONION_KEY [depends on ONION_KEY_TYPE] NSPEC (Number of link specifiers) [1 byte] NSPEC times: @@ -1458,8 +1469,10 @@ Status: Draft Substituting those fields into the INTRODUCE1 cell body format described in [FMT_INTRO1] above, we have

- AUTH_KEYID [32 bytes] - ENC_KEYID [8 bytes] + AUTH_KEYTYPE [1 byte] + AUTH_KEYID [depends on AUTH_KEYTYPE] + ENC_KEYTYPE [1 byte] + ENC_KEYID [depends on ENC_KEYTYPE] N_EXTENSIONS [1 bytes] N_EXTENSIONS times: EXT_FIELD_TYPE [1 byte]