[tor-commits] [torspec/master] prop269: Removed hash of initial XTR salt

[isis at torproject.org]

commit 8de17fa1b84c59a74178aba57c146bfb431801cf
Author: John M. Schanck <jschanck at securityinnovation.com>
Date:   Fri Oct 14 14:05:18 2016 -0400

    prop269: Removed hash of initial XTR salt
---
 proposals/269-hybrid-handshake.txt | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/proposals/269-hybrid-handshake.txt b/proposals/269-hybrid-handshake.txt
index 76b32c0..eb35180 100644
--- a/proposals/269-hybrid-handshake.txt
+++ b/proposals/269-hybrid-handshake.txt
@@ -168,7 +168,7 @@ Status: Draft
       s2, C           := KEM_ENC(EPK)
 
     The server extracts the seed:
-      SALT            := H(ID | A | X | EPK)
+      SALT            := ID | A | X | EPK
       secret          := s0 | s1 | s2
       seed            := EXTRACT(SALT, secret)
 
@@ -190,7 +190,7 @@ Status: Draft
       s2              := KEM_DEC(C, esk)
 
     The client then derives the seed:
-      SALT            := H(ID | A | X | EPK)
+      SALT            := ID | A | X | EPK
       secret          := s0 | s1 | s2
       seed            := EXTRACT(SALT, secret);
 
@@ -225,7 +225,7 @@ Status: Draft
   |                            s0           := H(DH_MUL(X,a))                |
   |                            s1           := DH_MUL(X,y)                   |
   |                            s2, C        := KEM_ENC(EPK)                  |
-  |                            SALT         := H(ID | A | X | EPK)           |
+  |                            SALT         := ID | A | X | EPK              |
   |                            secret       := s0 | s1 | s2                  |
   |                            seed         := EXTRACT(SALT, secret)         |
   |                            verify       := EXPAND(seed, T_AUTH, MU)      |
@@ -239,7 +239,7 @@ Status: Draft
   | s0           := H(DH_MUL(A,x))                                           |
   | s1           := DH_MUL(Y,x)                                              |
   | s2           := KEM_DEC(C, esk)                                          |
-  | SALT         := H(ID | A | X | EPK)                                      |
+  | SALT         := ID | A | X | EPK                                         |
   | secret       := s0 | s1 | s2                                             |
   | seed         := EXTRACT(SALT, secret)                                    |
   | verify       := EXPAND(seed, T_AUTH, MU)                                 |
@@ -279,7 +279,7 @@ Status: Draft
     key                 := EXPAND(seed, M_EXPAND, KEY_LEN)
 
   In hybrid-null the server computes
-    SALT                := H(ID | A | X)
+    SALT                := ID | A | X
     secret_input        := H(EXP(X,a)) | EXP(X,y)
     seed                := EXTRACT(SALT, secret_input)
     verify              := EXPAND(seed, T_AUTH, MU)