Clarify handdshake digest logic

svn:r1435

doc/rend-spec.txt

@@ -128,17 +128,18 @@ Tor Rendezvous Spec
    introduction.  To establish the introduction, Bob sends a
    RELAY_ESTABLISH_INTRO cell, containing:
 
-        KL   Key length                             [2 octets
+        KL   Key length                             [2 octets]
         PK   Bob's public key                       [KL octets]
         HS   Hash of session info                   [20 octets]
         SIG  Signature of above information         [KL octets]
 
    To prevent replay attacks, the HS field contains a SHA-1 hash based on the
-   shared secret g^xy between Bob's OP and the introduction point, as
+   shared secret KH between Bob's OP and the introduction point, as
    follows:
-       HS = H(g^xy | "INTRODUCE")
+       HS = H(KH | "INTRODUCE")
    That is:
-       HS = H(g^xy | [49 4E 54 52 4F 44 55 43 45])
+       HS = H(KH | [49 4E 54 52 4F 44 55 43 45])
+   (KH, as specified in tor-spec.txt, is H(g^xy | [00]) .)
 
    Upon receiving such a cell, the OR first checks that the signature is
    correct with the included public key.  If so, it checks whether HS is
@@ -268,7 +269,7 @@ Tor Rendezvous Spec
    point, and sends a RELAY_RENDEZVOUS1 cell along this circuit, containing:
        RC       Rendezvous cookie  [20 octets]
        g^y      Diffie-Hellman     [128 octets]
-       H(KH)    Handshake digest   [20 octets]
+       KH       Handshake digest   [20 octets]
 
    (Bob's OP MUST NOT use this circuit for any other purpose.)
 
@@ -276,7 +277,7 @@ Tor Rendezvous Spec
    corresponding circuit in a RELAY_RENDEZVOUS2 cell, containing:
 
        g^y      Diffie-Hellman     [128 octets]
-       H(KH)    Handshake digest   [20 octets]
+       KH       Handshake digest   [20 octets]
 
    (If the RP does not recognize the RC, it discards the cell and
    tears down the circuit.)