Rename key identifiers that have changed in the spec
Generated with perl: s/K([PS])_hs_intro_tid/K$1_hs_ipt_sid/g; s/K([PS])_onion_ntor/K$1_ntor/g; s/K([PS])_hs_intro_ntor/K$1_hss_ntor/g; s/K([PS])_hs_desc_ephem/K$1_hss_desc_enc/g;
This commit is contained in:
parent
9046ef90d0
commit
18e8ac7cb6
|
@ -98,7 +98,7 @@ caret_int! {
|
|||
HS_BLINDED_ID_V_SIGNING = 0x08,
|
||||
|
||||
/// For onion services: Introduction point authentication key
|
||||
/// (`KP_hs_intro_tid`), signed with short term descriptor signing key
|
||||
/// (`KP_hs_ipt_sid`), signed with short term descriptor signing key
|
||||
/// (`KP_hs_desc_sign`).
|
||||
///
|
||||
/// This one is, sadly, a bit complicated. In the original specification
|
||||
|
@ -117,7 +117,7 @@ caret_int! {
|
|||
/// identity key.
|
||||
NTOR_CC_IDENTITY = 0x0A,
|
||||
|
||||
/// For onion services: Ntor encryption key (`KP_hs_intro_ntor`),
|
||||
/// For onion services: Ntor encryption key (`KP_hss_ntor`),
|
||||
/// converted to ed25519, signed with the descriptor signing key
|
||||
/// (`KP_hs_desc_sign`).
|
||||
///
|
||||
|
|
|
@ -254,7 +254,7 @@ pub struct DescSigningKey(ed25519::PublicKey) / DescSigningSecretKey(ed25519::Se
|
|||
|
||||
define_pk_keypair! {
|
||||
/// A key used to identify and authenticate an onion service at a single
|
||||
/// introduction point. (`KP_hs_intro_tid`)
|
||||
/// introduction point. (`KP_hs_ipt_sid`)
|
||||
///
|
||||
/// This key is included in the onion service's descriptor; a different one is
|
||||
/// used at each introduction point. Introduction points don't know the
|
||||
|
|
|
@ -140,14 +140,14 @@ pub struct IntroPointDesc {
|
|||
link_specifiers: Vec<LinkSpec>,
|
||||
|
||||
/// The key used to extend a circuit _to the introduction point_, using the
|
||||
/// ntor or ntor3 handshakes. (`KP_onion_ntor`)
|
||||
/// ntor or ntor3 handshakes. (`KP_ntor`)
|
||||
ntor_onion_key: curve25519::PublicKey,
|
||||
|
||||
/// A key used to identify the onion service at this introduction point.
|
||||
/// (`KP_hs_intro_tid`)
|
||||
/// (`KP_hs_ipt_sid`)
|
||||
auth_key: IntroPtAuthKey,
|
||||
|
||||
/// `KP_hs_intro_ntor`, the key used to encrypt a handshake _to the onion
|
||||
/// `KP_hss_ntor`, the key used to encrypt a handshake _to the onion
|
||||
/// service_ when using this introduction point.
|
||||
///
|
||||
/// The onion service uses a separate key of this type with each
|
||||
|
|
|
@ -185,7 +185,7 @@ impl HsDescInner {
|
|||
res
|
||||
};
|
||||
|
||||
// Parse the ntor "onion-key" (`KP_onion_ntor`) of the introduction point.
|
||||
// Parse the ntor "onion-key" (`KP_ntor`) of the introduction point.
|
||||
let ntor_onion_key = {
|
||||
let tok = ipt_section
|
||||
.slice(ONION_KEY)
|
||||
|
@ -196,17 +196,17 @@ impl HsDescInner {
|
|||
tok.parse_arg::<B64>(1)?.into_array()?.into()
|
||||
};
|
||||
|
||||
// Extract the auth_key (`KP_hs_intro_tid`) from the (unchecked)
|
||||
// Extract the auth_key (`KP_hs_ipt_sid`) from the (unchecked)
|
||||
// "auth-key" certificate.
|
||||
let auth_key: IntroPtAuthKey = {
|
||||
// Note that this certificate does not actually serve any
|
||||
// function _as_ a certificate; it was meant to cross-certify
|
||||
// the descriptor signing key (`KP_hs_desc_sign`) using the
|
||||
// authentication key (`KP_hs_intro_tid`). But the C tor
|
||||
// authentication key (`KP_hs_ipt_sid`). But the C tor
|
||||
// implementation got it backwards.
|
||||
//
|
||||
// We have to parse this certificate to extract
|
||||
// `KP_hs_intro_tid`, but we don't actually need to validate it:
|
||||
// `KP_hs_ipt_sid`, but we don't actually need to validate it:
|
||||
// it appears inside the inner layer, which is already signed
|
||||
// with `KP_hs_desc_sign`.
|
||||
//
|
||||
|
@ -248,7 +248,7 @@ impl HsDescInner {
|
|||
ed_key.into()
|
||||
};
|
||||
|
||||
// Extract the key `KP_hs_intro_ntor` that we'll use for our
|
||||
// Extract the key `KP_hss_ntor` that we'll use for our
|
||||
// handshake with the onion service itself. This comes from the
|
||||
// "enc-key" item.
|
||||
// TODO HS RENAME: Rename to KP_hs_intro_intor, or whatever we wind up with.
|
||||
|
@ -264,7 +264,7 @@ impl HsDescInner {
|
|||
};
|
||||
|
||||
// Check that the key in the "enc-key-cert" item matches the
|
||||
// `KP_hs_intro_ntor` we just extracted.
|
||||
// `KP_hss_ntor` we just extracted.
|
||||
{
|
||||
// NOTE: As above, this certificate is backwards, and hence
|
||||
// useless. Therefore, we do not validate it: we only check that
|
||||
|
|
|
@ -24,7 +24,7 @@ pub(super) struct HsDescMiddle {
|
|||
/// in use.
|
||||
///
|
||||
/// This is `desc-auth-ephemeral-key` in the document format; it does not
|
||||
/// yet have a name in our spec's list of keys. Call it `KP_hs_desc_ephem`
|
||||
/// yet have a name in our spec's list of keys. Call it `KP_hss_desc_enc`
|
||||
/// for now. It is used along with `KS_hsc_desc_enc` to perform a
|
||||
/// diffie-hellman operation and decrypt the inner layer.
|
||||
// TODO HS rename. Possibly to kp_hs_desc_ephem, depending.
|
||||
|
@ -87,7 +87,7 @@ impl HsDescMiddle {
|
|||
use tor_llcrypto::cipher::aes::Aes256Ctr as Cipher;
|
||||
use tor_llcrypto::d::Shake256 as KDF;
|
||||
|
||||
// Perform a diffie hellman handshake using `KS_hsc_desc_enc` and `KP_hs_desc_ephem`,
|
||||
// Perform a diffie hellman handshake using `KS_hsc_desc_enc` and `KP_hss_desc_enc`,
|
||||
// and use it to find our client_id and cookie_key.
|
||||
//
|
||||
// The spec says:
|
||||
|
@ -220,7 +220,7 @@ impl HsDescMiddle {
|
|||
}
|
||||
}
|
||||
|
||||
// Extract `KP_hs_desc_ephem` from DESC_AUTH_EPHEMERAL_KEY
|
||||
// Extract `KP_hss_desc_enc` from DESC_AUTH_EPHEMERAL_KEY
|
||||
let ephemeral_key: curve25519::PublicKey = {
|
||||
let token = body.required(DESC_AUTH_EPHEMERAL_KEY)?;
|
||||
let bytes = token.parse_arg::<B64>(0)?.into_array()?;
|
||||
|
|
|
@ -47,7 +47,7 @@ these offline keys:
|
|||
To operate, an onion service needs these secret keys, which do not have to be
|
||||
persistent.
|
||||
The corresponding public keys are published in the service descriptor:
|
||||
* A ntor key for its cryptographic handshake (`KS_hs_intro_ntor`).
|
||||
* A ntor key for its cryptographic handshake (`KS_hss_ntor`).
|
||||
* A signing key associated with each active introduction point.
|
||||
(`KS_hs_intro_auth`)
|
||||
|
||||
|
|
Loading…
Reference in New Issue