diff --git a/i2p2www/pages/site/docs/how/cryptography.html b/i2p2www/pages/site/docs/how/cryptography.html index 296110a1..19a0add8 100644 --- a/i2p2www/pages/site/docs/how/cryptography.html +++ b/i2p2www/pages/site/docs/how/cryptography.html @@ -1,6 +1,6 @@ {% extends "global/layout.html" %} {% block title %}{% trans %}Low-level Cryptography Details{% endtrans %}{% endblock %} -{% block lastupdated %}{% trans %}November 2013{% endtrans %}{% endblock %} +{% block lastupdated %}{% trans %}December 2013{% endtrans %}{% endblock %} {% block accuratefor %}0.9.9{% endblock %} {% block content %}
{% trans -%} @@ -139,19 +139,21 @@ or as a hexadecimal value: Using 2 as the generator. {%- endtrans %}
-{% trans commonstructures=site_url('docs/spec/common-structures'), -pdf='http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.14.5952&rep=rep1&type=pdf', -benchmarks=site_url('misc/benchmarks'), -oldbenchmarks='http://www.eskimo.com/~weidai/benchmarks.html' -%} +
{% trans commonstructures=site_url('docs/spec/common-structures') -%} While the standard exponent size is 2048 bits (256 bytes) and the I2P PrivateKey -is a full 256 bytes, +is a full 256 bytes, in some cases we use the short exponent size of 226 bits (28.25 bytes). +{%- endtrans %}
+ +{% trans pdf='http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.14.5952&rep=rep1&type=pdf',
+benchmarks=site_url('misc/benchmarks'),
+oldbenchmarks='http://www.eskimo.com/~weidai/benchmarks.html' -%}
This should be safe for use with the Oakley primes, per
On Diffie-Hellman Key Agreement with Short Exponents - van Oorschot, Weiner
at EuroCrypt 96, and crypto++'s benchmarks.
-Benchmarks originally at {{ oldbenchmarks }}
(now dead),
+Benchmarks originally at this link, now dead,
rescued from the wayback machine, dated Apr 23, 2008.
{%- endtrans %}
{% trans -%} +Prior to release 0.9.8, all routers used the short exponent. +As of release 0.9.8, 64-bit x86 routers use a full 2048-bit exponent. +Other routers continue to use the short exponent due to concerns about processor load. +The transition to a longer exponent for these platforms is a topic for further study. +{%- endtrans %}
+{% trans -%} The vulnerability of the network to an ElGamal attack and the impact of transitioning to a longer bit length is to be studied. diff --git a/i2p2www/pages/site/docs/protocol/i2cp.html b/i2p2www/pages/site/docs/protocol/i2cp.html index 65ef4727..842a13c4 100644 --- a/i2p2www/pages/site/docs/protocol/i2cp.html +++ b/i2p2www/pages/site/docs/protocol/i2cp.html @@ -7,27 +7,25 @@ The I2P Client Protocol (I2CP) exposes a strong separation of concerns between the router and any client that wishes to communicate over the network. It enables secure and asynchronous messaging by sending and receiving messages over a -single TCP socket, yet never exposing any private keys and authenticating itself -to the router only through signatures. With I2CP, a client application tells the +single TCP socket. +With I2CP, a client application tells the router who they are (their "destination"), what anonymity, reliability, and latency tradeoffs to make, and where to send messages. In turn the router uses I2CP to tell the client when any messages have arrived, and to request authorization for some tunnels to be used. {%- endtrans %}
-{% trans url='http://docs.i2p-projekt.de/javadoc/net/i2p/client/package-summary.html' -%} -The protocol itself has only been implemented in Java, to provide the +
{% trans url='http://docs.i2p-projekt.de/javadoc/net/i2p/client/package-summary.html', +libi2cp='http://git.repo.i2p/w/libi2cp.git', +streaming=site_url('docs/api/streaming') -%} +The protocol itself is implemented in Java, to provide the Client SDK. This SDK is exposed in the i2p.jar package, which implements the client-side of I2CP. Clients should never need to access the router.jar package, which contains the router itself and the router-side of I2CP. -{%- endtrans %}
- -{% trans streaming=site_url('docs/api/streaming') -%} -While implementing the client side of I2CP in a non-Java language is certainly feasible, -a non-Java client would also have to implement the +There is also a C library implementation. +A non-Java client would also have to implement the streaming library for TCP-style connections. -Together, implementing I2CP and the streaming library would be a sizable task. {%- endtrans %}
{% trans streaming=site_url('docs/api/streaming'), datagrams=site_url('docs/spec/datagrams'), @@ -64,6 +62,16 @@ Clients in the same JVM as the router pass messages directly to the router through an internal JVM interface. {%- endtrans %}
+{% trans commonstructures=site_url('docs/spec/common-structures') -%} +The router also supports external connections over SSL. +While SSL is not the default, it is strongly recommended for any traffic that may +be exposed to the open Internet. The authorization user/password (if any), the +Private Key and +Signing Private Key for the +Destination +are all transmitted in-the-clear unless SSL is enabled. +{%- endtrans %}
+{% trans i2cp=site_url('docs/spec/i2cp') -%} Now on the I2CP Specification page. @@ -414,10 +422,12 @@ in the "unknown options" properties of the outbound tunnel pool's settings. Note: Large quantity, length, or variance settings may cause significant performance or reliability problems. {%- endtrans %}
-{% trans -%} +
{% trans commonstructures=site_url('docs/spec/common-structures') -%} Note: As of release 0.7.7, option names and values must use UTF-8 encoding. This is primarily useful for nicknames. Prior to that release, options with multi-byte characters were corrupted. +Since options are encoded in a Mapping, +all option names and values are limited to 255 bytes (not characters) maximum. {%- endtrans %}
{% trans -%} @@ -643,21 +653,14 @@ specified by RFC 1952.
{% trans %}NOTES:{% endtrans %}
-This message is sent in response to a RequestLeaseSetMessage and contains all +This message is sent in response to a +Create Lease Set Message +or +Create Variable Lease Set Message +and contains all of the Lease structures that should be published to the I2NP Network Database. Sent from Client to Router.
@@ -473,9 +491,9 @@ Sent from Client to Router.The SigningPrivateKey matches the SigningPublicKey from within the -LeaseSet, as does the PrivateKey with the PublicKey. The Signing keys are +LeaseSet, as does the PrivateKey with the PublicKey. The Signing key is necessary to allow the router to revoke the LeaseSet if the client goes offline, -and the normal keys are necessary for decrypting garlic routed messages. The +and the encryption key is necessary for decrypting garlic routed messages. The LeaseSet granted may include Lease structures for tunnels pointing at another router if the client is actively connected to multiple routers with Leases granted to each. @@ -532,6 +550,7 @@ The router responds with a Dest Reply Message. As of release 0.7. As of release 0.8.3, multiple outstanding lookups are supported, and lookups are supported in both I2PSimpleSession and in standard sessions. +Host Lookup Message is preferred as of release 0.9.10.
@@ -628,18 +647,111 @@ The router responds with a Set Date Message.+
+Sent from Client to Router. +The router responds with a Host Reply Message. +This replaces the Dest Lookup Message +and adds a request ID, a timeout, and host name lookup support. +As it also supports Hash lookups, it may be used for all lookups if the router supports it. +For host name lookups, the router will query its context's naming service. +This is only useful if the client is outside the router's context. +Inside router context, the client should query the naming service itself, +which is much more efficient. +
+ ++Sent from Router to Client in response to a +Host Lookup Message. +
+@@ -984,7 +1096,7 @@ i2cp.messageReliability=none for this message only.
-Sent from Client to Router. Same as Send Message Message, except includes an expiration. +Sent from Client to Router. Same as Send Message Message, except includes an expiration and options.
Note that the padding, if any, must be before the instruction/message pairs. -there is no provision for padding at the end.
X = g^x mod p
.{% endtrans %}X = g^x mod p
.{% endtrans %}Y = g^y mod p
.{% endtrans %}Y = g^y mod p
.{% endtrans %}sessionKey = Y^x mod p
.{% endtrans %}sessionKey = X^y mod p
.{% endtrans %}sessionKey = g^(x*y) mod p
.{% endtrans %}{% trans -%} +
{% trans crypto=site_url('docs/how/cryptography') -%} The sessionKey is then used to exchange identities in Message 3 and Message 4. +The exponent (x and y) length for the DH exchange is documented on the +cryptography page. {%- endtrans %}