[tor-bugs] #22995 [Core Tor/Tor]: prop224 should say we use SHA3-256 for rend circuit digests (was: prop224 should say we use SHA256 for rend circuit digests)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jul 23 00:01:39 UTC 2017 

#22995: prop224 should say we use SHA3-256 for rend circuit digests
------------------------------------+------------------------------------
 Reporter:  teor                    |          Owner:
     Type:  defect                  |         Status:  new
 Priority:  Medium                  |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor            |        Version:
 Severity:  Normal                  |     Resolution:
 Keywords:  prop224, tor-spec, doc  |  Actual Points:
Parent ID:                          |         Points:  0.5
 Reviewer:                          |        Sponsor:
------------------------------------+------------------------------------
Description changed by teor:

Old description:

> In prop224, the rend section says:
> {{{
>    A successfully completed handshake, as embedded in the
>    INTRODUCE/RENDEZVOUS cells, gives the client and hidden service host
>    a shared set of keys Kf, Kb, Df, Db, which they use for sending
>    end-to-end traffic encryption and authentication as in the regular
>    Tor relay encryption protocol, applying encryption with these keys
>    before other encryption, and decrypting with these keys before other
>    decryption. The client encrypts with Kf and decrypts with Kb; the
>    service host does the opposite.
> }}}
> https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-
> ng.txt#n1890
>
> But that's not what the code does: circuit_init_cpath_crypto() uses
> SHA256 rather than SHA1 when `is_hs_v3` is true.

New description:

 In prop224, the rend section says:
 {{{
    A successfully completed handshake, as embedded in the
    INTRODUCE/RENDEZVOUS cells, gives the client and hidden service host
    a shared set of keys Kf, Kb, Df, Db, which they use for sending
    end-to-end traffic encryption and authentication as in the regular
    Tor relay encryption protocol, applying encryption with these keys
    before other encryption, and decrypting with these keys before other
    decryption. The client encrypts with Kf and decrypts with Kb; the
    service host does the opposite.
 }}}
 https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-
 ng.txt#n1890

 But that's not what the code does: circuit_init_cpath_crypto() uses
 SHA3-256 rather than SHA1 when `is_hs_v3` is true.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22995#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list