On Tue, Apr 30, 2013 at 9:39 AM, Frank Young <[email protected]> wrote: > The digest of relay cells are running digests [ SHA_final() is never > called ], so the digest of each cell is dependent on the previously > computed digest destined for that node particular node. > Hashing is seeded with values determine by the OR which responded with > CREATED or REALY EXTENDED cell. > I have noticed that, the payload of RELAY_COMMAND_RENDEZVOUS unlike > CREATED OR RELAY EXTENDED cells made no provisions for the seeding > bytes. > This can be referenced in section 1.10 of > https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=rend-spec.txt
Looks like a bug in the spec. In reality, the algorithm for extracting the keys from g^xy and for using the relay crypto is the same as it is for keys produced through the regular "TAP" handshake. I've opened ticket https://trac.torproject.org/projects/tor/ticket/8809 to get the spec fixed. thanks, -- Nick _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
