[tor-dev] Cell digest of relay cells destined for hidden services

Nick Mathewson nickm at alum.mit.edu
Thu May 2 01:40:44 UTC 2013

On Tue, Apr 30, 2013 at 9:39 AM, Frank Young <pfcodes at gmail.com> wrote:
> The digest of relay cells are running digests [ SHA_final() is never
> called ], so the digest of each cell is dependent on the previously
> computed digest destined for that node particular node.
> Hashing is seeded with values determine by the OR which responded with
> I have noticed that, the payload of RELAY_COMMAND_RENDEZVOUS unlike
> CREATED OR RELAY EXTENDED cells made no provisions for the seeding
> bytes.
> This can be referenced in section 1.10 of
> https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt

Looks like a bug in the spec. In reality, the algorithm for extracting
the keys from g^xy and for using the relay crypto is the same as it is
for keys produced through the regular "TAP" handshake.  I've opened
ticket https://trac.torproject.org/projects/tor/ticket/8809 to get the
spec fixed.


More information about the tor-dev mailing list