[tor-commits] [torspec/master] prop269: Append PROTOID to TRANSCRIPT

isis at torproject.org isis at torproject.org
Sat Oct 15 00:52:15 UTC 2016


commit 045a8afb0c1b18b19fdc87b9b3aec3f498fcd859
Author: John M. Schanck <jschanck at securityinnovation.com>
Date:   Fri Oct 14 14:07:09 2016 -0400

    prop269: Append PROTOID to TRANSCRIPT
---
 proposals/269-hybrid-handshake.txt | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/proposals/269-hybrid-handshake.txt b/proposals/269-hybrid-handshake.txt
index eb35180..d2197da 100644
--- a/proposals/269-hybrid-handshake.txt
+++ b/proposals/269-hybrid-handshake.txt
@@ -174,7 +174,7 @@ Status: Draft
 
     The server derives the authentication tag:
       verify          := EXPAND(seed, T_AUTH, MU)
-      TRANSCRIPT      := ID | A | X | EPK | Y | C
+      TRANSCRIPT      := ID | A | X | EPK | Y | C | PROTOID
       AUTH            := HMAC(verify, TRANSCRIPT)
 
     The server sends a CREATED cell with contents:
@@ -196,7 +196,7 @@ Status: Draft
 
     The client derives the authentication tag:
       verify          := EXPAND(seed, T_AUTH, MU)
-      TRANSCRIPT      := ID | A | X | EPK | Y | C
+      TRANSCRIPT      := ID | A | X | EPK | Y | C | PROTOID
       AUTH            := HMAC(verify, TRANSCRIPT)
 
     The client verifies that AUTH matches the tag received from the server.
@@ -221,18 +221,18 @@ Status: Draft
   |                                                                          |
   |               --- CREATE_DATA --->                                       |
   |                                                                          |
-  |                            y, Y         := DH_GEN()                      |
-  |                            s0           := H(DH_MUL(X,a))                |
-  |                            s1           := DH_MUL(X,y)                   |
-  |                            s2, C        := KEM_ENC(EPK)                  |
-  |                            SALT         := ID | A | X | EPK              |
-  |                            secret       := s0 | s1 | s2                  |
-  |                            seed         := EXTRACT(SALT, secret)         |
-  |                            verify       := EXPAND(seed, T_AUTH, MU)      |
-  |                            TRANSCRIPT   := ID | A | X | Y | EPK | C      |
-  |                            AUTH         := HMAC(verify, TRANSCRIPT)      |
-  |                            key          := EXPAND(seed, T_KEY, KEY_LEN)  |
-  |                            CREATED_DATA := Y | C | AUTH                  |
+  |                       y, Y         := DH_GEN()                           |
+  |                       s0           := H(DH_MUL(X,a))                     |
+  |                       s1           := DH_MUL(X,y)                        |
+  |                       s2, C        := KEM_ENC(EPK)                       |
+  |                       SALT         := ID | A | X | EPK                   |
+  |                       secret       := s0 | s1 | s2                       |
+  |                       seed         := EXTRACT(SALT, secret)              |
+  |                       verify       := EXPAND(seed, T_AUTH, MU)           |
+  |                       TRANSCRIPT   := ID | A | X | Y | EPK | C | PROTOID |
+  |                       AUTH         := HMAC(verify, TRANSCRIPT)           |
+  |                       key          := EXPAND(seed, T_KEY, KEY_LEN)       |
+  |                       CREATED_DATA := Y | C | AUTH                       |
   |                                                                          |
   |               <-- CREATED_DATA ---                                       |
   |                                                                          |
@@ -283,7 +283,7 @@ Status: Draft
     secret_input        := H(EXP(X,a)) | EXP(X,y)
     seed                := EXTRACT(SALT, secret_input)
     verify              := EXPAND(seed, T_AUTH, MU)
-    TRANSCRIPT          := ID | A | X | Y
+    TRANSCRIPT          := ID | A | X | Y | PROTOID
     AUTH                := HMAC(verify, TRANSCRIPT)
     key                 := EXPAND(seed, T_KEY, KEY_LEN)
 





More information about the tor-commits mailing list