[tor-commits] [torspec/master] Fix inconsistencies on HS v3 spec and cert-spec.txt.

nickm at torproject.org nickm at torproject.org
Fri Apr 13 16:17:34 UTC 2018 

commit 7ad2fff7ef43678411b8e8ba6c40a1aaed27ee28
Author: George Kadianakis <desnacked at riseup.net>
Date:   Fri Apr 13 15:11:32 2018 +0300

    Fix inconsistencies on HS v3 spec and cert-spec.txt.
    
    Pointed out by inkylatenoth in:
    https://lists.torproject.org/pipermail/tor-dev/2017-October/012527.html
    
    Fixes ticket #24544.
---
 cert-spec.txt    | 9 ++++++---
 rend-spec-v3.txt | 5 +++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/cert-spec.txt b/cert-spec.txt
index 05f17f4..95c303f 100644
--- a/cert-spec.txt
+++ b/cert-spec.txt
@@ -72,8 +72,7 @@
    Before processing any certificate, parties SHOULD know which
    identity key it is supposed to be signed by, and then check the
    signature.  The signature is formed by signing the first N-64
-   bytes of the certificate prefixed with the string "Tor node
-   signing key certificate v1".
+   bytes of the certificate.
 
 2.2. Basic extensions
 
@@ -159,7 +158,6 @@ A.3. List of signature prefixes
    We describe various documents as being signed with a prefix. Here
    are those prefixes:
 
-   "Tor node signing key certificate v1" (section 2.1)
    "Tor router descriptor signature v1" (see dir-spec.txt)
 
 A.4. List of certified key types
@@ -167,4 +165,9 @@ A.4. List of certified key types
    [01] ed25519 key
    [02] SHA256 hash of an RSA key
    [03] SHA256 hash of an X.509 certificate
+   [08] short-term HS descriptor signing key, signed with blinded public key (rend-spec-v3.txt)
+   [09] intro point authentication key, cross-certifying the HS descriptor
+        signing key  (rend-spec-v3.txt)
+   [0B] ed25519 key derived from the curve25519 intro point encryption key,
+        cross-certifying the HS descriptor signing key  (rend-spec-v3.txt)
 
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index 019b61e..fd51cb2 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -1094,7 +1094,8 @@ Table of contents:
 
        An encrypted blob, whose format is discussed in [HS-DESC-ENC] below. The
        blob is base64 encoded and enclosed in -----BEGIN MESSAGE---- and
-       ----END MESSAGE---- wrappers.
+       ----END MESSAGE---- wrappers. (The resulting document does not end with
+       a newline character.)
 
      "signature" SP signature NL
 
@@ -2168,7 +2169,7 @@ A.2. Tor's key derivation scheme
   then clamp the blinding factor 'h' according to the ed25519 spec:
 
            h[0] &= 248;
-           h[31] &= 127;
+           h[31] &= 63;
            h[31] |= 64;
 
   and do the key derivation as follows:

More information about the tor-commits mailing list