kytv/I2P_Website
1
0
Fork 0
forked from I2P_Developers/i2p.www
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ntcp establishment, team

Browse Source
This commit is contained in:
zzz
2010-08-18 14:34:24 +00:00
parent da4ff1f2eb
commit 184216043c
3 changed files with 310 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

310
www.i2p2/pages/ntcp.html
View File

@ -25,16 +25,16 @@ Now you can enable inbound TCP without a static IP or dyndns service.
</p><p>
The NTCP code within I2P is relatively lightweight (1/4 the size of the SSU code)
because it uses the underlying Java TCP transport.
because it uses the underlying Java TCP transport for reliable delivery.
</p>
<h2>NTCP Protocol Specification</h2>
<h3>Standard Message Format</h3>
<p>
The NTCP transport sends individual I2NP messages AES/256/CBC encrypted with
After establishment,
the NTCP transport sends individual I2NP messages AES/256/CBC encrypted with
a simple checksum. The unencrypted message is encoded as follows:
<pre>
* +-------+-------+--//--+---//----+-------+-------+-------+-------+
@ -66,74 +66,308 @@ The minimum data size is 1.
* +-------+-------+-------+-------+-------+-------+-------+-------+
</pre>
Total length: 16 bytes. The time sync message is sent at approximately 15 minute intervals.
The message is encrypted just as standard messages are.
<h3>Checksums</h3>
The standard and time sync messages use the Adler-32 checksum
as defined in the <a href="http://tools.ietf.org/html/rfc1950">ZLIB Specification</a>.
<h3>Establishment Sequence</h3>
In the establish state, the following communication happens.
There is a 2048-bit Diffie Hellman exchange.
For more information see the <a href="how_cryptography.html#tcp">cryptography page</a>.
In the establish state, there is a 4-phase message sequence to exchange DH keys and signatures.
In the first two messages there is a 2048-bit Diffie Hellman exchange.
Then, DSA signatures of the critical data are exchanged to confirm the connection.
<pre>
* Alice contacts Bob
* =========================================================
* X+(H(X) xor Bob.identHash)-----------------------------&gt;
* &lt;----------------------------------------Y+E(H(X+Y)+tsB+padding, sk, Y[239:255])
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB+padding), sk, hX_xor_Bob.identHash[16:31])---&gt;
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB), sk, hX_xor_Bob.identHash[16:31])---&gt;
* &lt;----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev)
</pre>
<pre>
Hints for documentors:
X, Y: 256 byte DH keys
H(): 32 byte SHA256 Hash
E(data, session key, IV): AES256 Encrypt
S(): 40 byte DSA Signature
tsA, tsB: timestamps (4 bytes, seconds since epoch)
sk: 32 byte Session key
sz: 2 byte size of Alice identity to follow
Legend:
X, Y: 256 byte DH keys
H(): 32 byte SHA256 Hash
E(data, session key, IV): AES256 Encrypt
S(): 40 byte DSA Signature
tsA, tsB: timestamps (4 bytes, seconds since epoch)
sk: 32 byte Session key
sz: 2 byte size of Alice identity to follow
</pre>
<h4>Step 1</h4>
<h4 id="DH">DH Key Exchange</h4>
<p>
The initial 2048-bit DH key exchange
uses the same shared prime and generator as that used for I2P's
<a href="how_cryptography.html#elgamal">ElGamal encryption</a>.
</p>
<h4>Message 1 (Session Request)</h4>
This is the DH request.
Alice already has Bob's
<a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>,
IP address, and port, as contained in his
<a href="common_structures_spec.html#struct_RouterInfo">Router Info</a>,
which was published to the
<a href="how_networkdatabase.html">network database</a>.
Alice sends Bob:
<pre>
* X+(H(X) xor Bob.identHash)-----------------------------&gt;
Size: 288 bytes
</pre>
Todo: Explain this in words.
Contents:
<pre>
+----+----+----+----+----+----+----+----+
| X, as calculated from DH |
+ +
| |
~ . . . ~
| |
+----+----+----+----+----+----+----+----+
| |
+ +
| HXxorHI |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
X: 256 byte X from Diffie Hellman
HXxorHI: SHA256 Hash(X) xored with SHA256 Hash(Bob's <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>)
(32 bytes)
</pre>
<p><b>Notes:</b>
<ul><li>
Bob verifies HXxorHI using his own router hash. If it does not verify,
Alice has contacted the wrong router, and Bob drops the connection.
</li></ul>
<h4>Step 2</h4>
Bob sends Alice:
<h4>Message 2 (Session Created)</h4>
This is the DH reply. Bob sends Alice:
<pre>
* &lt;----------------------------------------Y+E(H(X+Y)+tsB+padding, sk, Y[239:255])
Size: 304 bytes
</pre>
Todo: Explain this in words.
<h4>Step 3</h4>
Alice sends Bob:
Unencrypted Contents:
<pre>
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB+padding), sk, hX_xor_Bob.identHash[16:31])---&gt;
+----+----+----+----+----+----+----+----+
| Y as calculated from DH |
+ +
| |
~ . . . ~
| |
+----+----+----+----+----+----+----+----+
| |
+ +
| HXY |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
| tsB | padding |
+----+----+----+----+ +
| |
+----+----+----+----+----+----+----+----+
Y: 256 byte Y from Diffie Hellman
HXY: SHA256 Hash(X concatentated with Y)
(32 bytes)
tsB: 4 byte timestamp (seconds since the epoch)
padding: 12 bytes random data
</pre>
Encrypted Contents:
<pre>
+----+----+----+----+----+----+----+----+
| Y as calculated from DH |
+ +
| |
~ . . . ~
| |
+----+----+----+----+----+----+----+----+
| |
+ +
| encrypted data |
+ +
| |
+ +
| |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
Y: 256 byte Y from Diffie Hellman
encrypted data: 48 bytes <a href="how_cryptography.html#AES">AES encrypted</a> using the DH session key and
the last 16 bytes of Y as the IV
</pre>
<p><b>Notes:</b>
<ul><li>
Alice may drop the connection if the clock skew with Bob is too high as calculated using tsB.
</li></ul>
</p>
<h4>Message 3 (Session Confirm A)</h4>
This contains Alice's router identity, and a DSA signature of the critical data. Alice sends Bob:
<pre>
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB), sk, hX_xor_Bob.identHash[16:31])---&gt;
Size: 448 bytes (typ. for 387 byte identity)
</pre>
Todo: Explain this in words.
Unencrypted Contents:
<pre>
+----+----+----+----+----+----+----+----+
| sz | Alice's Router Identity |
+----+----+ +
| |
~ . . . ~
| |
+ +----+----+----+
| | tsA
+----+----+----+----+----+----+----+----+
| padding |
+----+ +
| |
+----+----+----+----+----+----+----+----+
| |
+ +
| signature |
+ +
| |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
sz: 2 byte size of Alice's router identity to follow (should always be 387)
ident: Alice's 387 byte <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>
tsA: 4 byte timestamp (seconds since the epoch)
padding: 15 bytes random data
signature: the 40 byte <a href="common_structures_spec.html#type_Signature">DSA signature</a> of the following concatenated data:
X, Y, Bob's <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>, tsA, tsB.
Alice signs it with the <a href="common_structures_spec.html#type_SigningPrivateKey">private signing key</a> associated with the <a href="common_structures_spec.html#type_SigningPublicKey">public signing key</a> in her <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>
</pre>
Encrypted Contents:
<pre>
+----+----+----+----+----+----+----+----+
| |
+ +
| encrypted data |
~ . . . ~
| |
+----+----+----+----+----+----+----+----+
encrypted data: 448 bytes <a href="how_cryptography.html#AES">AES encrypted</a> using the DH session key and
the last 16 bytes of HXxorHI (i.e., the last 16 bytes of message #1) as the IV
</pre>
<h4>Step 4</h4>
Bob sends Alice:
<p><b>Notes:</b>
<ul><li>
Bob verifies the signature, and on failure, drops the connection.
</li><li>
Bob may drop the connection if the clock skew with Alice is too high as calculated using tsA.
</li></ul>
</p>
<h4>Message 4 (Session Confirm B)</h4>
This is a DSA signature of the critical data. Bob sends Alice:
<pre>
* &lt;----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev)
Size: 48 bytes
</pre>
Todo: Explain this in words.
Unencrypted Contents:
<pre>
+----+----+----+----+----+----+----+----+
| |
+ +
| signature |
+ +
| |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
| padding |
+----+----+----+----+----+----+----+----+
<h4>Finally</h4>
The connection is established and standard messages may be exchanged.
signature: the 40 byte <a href="common_structures_spec.html#type_Signature">DSA signature</a> of the following concatenated data:
X, Y, Alice's <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>, tsA, tsB.
Bob signs it with the <a href="common_structures_spec.html#type_SigningPrivateKey">private signing key</a> associated with the <a href="common_structures_spec.html#type_SigningPublicKey">public signing key</a> in his <a href="common_structures_spec.html#struct_RouterIdentity">Router Identity</a>
padding: 8 bytes random data
</pre>
Encrypted Contents:
<pre>
+----+----+----+----+----+----+----+----+
| |
+ +
| encrypted data |
~ . . . ~
| |
+----+----+----+----+----+----+----+----+
encrypted data: 48 bytes <a href="how_cryptography.html#AES">AES encrypted</a> using the DH session key and
the last 16 bytes of the encrypted contents of message #2 as the IV
</pre>
<p><b>Notes:</b>
<ul><li>
Alice verifies the signature, and on failure, drops the connection.
</li></ul>
</p>
<h4>After Establishment</h4>
<p>
The connection is established, and standard or time sync messages may be exchanged.
All subsequent messages are AES encrypted using the negotiated DH session key.
Alice will use the last 16 bytes of the encrypted contents of message #3 as the next IV.
Bob will use the last 16 bytes of the encrypted contents of message #4 as the next IV.
</p>
@ -159,7 +393,19 @@ However, for the record, check connections are formatted as follows.
Now on the <a href="ntcp_discussion.html">NTCP Discussion Page</a>.
<h2><a name="future">Future Work</a></h2>
<p>The maximum message size should be increased to approximately 32 KB.
<ul><li>
The maximum message size should be increased to approximately 32 KB.
</li><li>
A set of fixed packet sizes may be appropriate to further hide the data
fragmentation to external adversaries, but the tunnel, garlic, and end to
end padding should be sufficient for most needs until then.
However, there is currently no provision for padding beyond the next 16-byte boundary,
to create a limited number of message sizes.
</li><li>
Memory utilization (including that of the kernel) for NTCP should be compared to that for SSU.
</li><li>
Review and possibly disable 'check connection'
</li></ul>
</p>
{% endblock %}

37
www.i2p2/pages/team.html
View File

@ -10,7 +10,7 @@ network.
<table border="0">
<tr>
<td valign="top" rowspan="15"><b>Admin</b></td>
<td valign="top" rowspan="17"><b>Admin</b></td>
<td valign="top"><b>Project Manager</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>point of contact of last resort</i></td>
@ -50,6 +50,11 @@ network.
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>Windows installer packager</i></td>
</tr>
<tr>
<td valign="top"><b>Release Manager</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>Builds and signs the releases</i></td>
</tr>
<tr>
<td valign="top"><b>Reseed admin</b></td>
<td valign="top">_sw_rhpsdy</td>
@ -66,7 +71,7 @@ network.
<td valign="top"><i>gather, prioritize, advocate for user needs</i></td>
</tr>
<tr>
<td valign="top"><b>Webdesigner</b></td>
<td valign="top"><b>Web Designer</b></td>
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>manage the public project website content design</i></td>
</tr>
@ -80,6 +85,11 @@ network.
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>manage the public project website content</i></td>
</tr>
<tr>
<td valign="top"><b>News Admin</b></td>
<td valign="top">eche|on</td>
<td valign="top"><i>manage router console news feed</i></td>
</tr>
<tr>
<td valign="top"><b>Director of passion</b></td>
<td valign="top" style="color:blue">[vacant]</td>
@ -87,18 +97,18 @@ network.
</tr>
<tr><td colspan="4"><hr /></td></tr>
<tr>
<td valign="top" rowspan="18"><b>Dev</b></td>
<td valign="top" rowspan="20"><b>Dev</b></td>
<td valign="top"><b>Core Lead</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>lead dev for the SDK and router</i></td>
</tr>
<tr>
<td valign="top"><b><a href="http://www.postman.i2p/">I2P mail</a> lead</b></td>
<td valign="top"><b><a href="http://hq.postman.i2p/">I2P mail</a> lead</b></td>
<td valign="top">postman</td>
<td valign="top"><i>organize and develop the i2p mail system</i></td>
</tr>
<tr>
<td valign="top"><b><a href="http://i2host.i2p/">Addressbook</a> lead</b></td>
<td valign="top"><b><a href="http://i2host.i2p/">I2Host</a> lead</b></td>
<td valign="top">sponge</td>
<td valign="top"><i>I2Host addressbook application</i></td>
</tr>
@ -134,20 +144,25 @@ network.
</tr>
<tr>
<td valign="top"><b><a href="http://forum.i2p2.de/viewforum?f=29">Syndie</a> lead</b></td>
<td valign="top">welterde</td>
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>Syndie development</i></td>
</tr>
<tr>
<td valign="top" rowspan="5"><b>Console Translations</b></td>
<td valign="top"><b>Susimail lead</b></td>
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>Susimail development</i></td>
</tr>
<tr>
<td valign="top" rowspan="6"><b>Console Translations</b></td>
<td valign="top">walking</td>
<td valign="top"><i>Chinese, tagging support</i></td>
<td valign="top"><i>Chinese</i></td>
</tr>
<tr>
<td valign="top">monkeybrains</td>
<td valign="top"><i>Dutch</i></td>
</tr>
<tr>
<td valign="top">neutron</td>
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>French</i></td>
</tr>
<tr>
@ -158,6 +173,10 @@ network.
<td valign="top">rus, 4get</td>
<td valign="top"><i>Russian</i></td>
</tr>
<tr>
<td valign="top" style="color:blue">[vacant]</td>
<td valign="top"><i>Other languages</i></td>
</tr>
<tr>
<td valign="top" rowspan="3"><b>Contributors</b></td>
<td valign="top">cervantes</td>

8
www.i2p2/static/styles/light.css
View File

@ -162,7 +162,7 @@ ul {
h1 {
color: #9999ff;
text-shadow: 0px 0px 2px rgba(255, 255, 255, 0.9);
/* text-shadow: 0px 0px 2px rgba(255, 255, 255, 0.9); */
text-align: right;
padding-right: 20px;
padding-bottom: 5px;
@ -181,7 +181,7 @@ h1 {
h2{
color: #000011;
text-shadow: 0px 0px 1px rgba(0, 0, 128, 0.9);
/* text-shadow: 0px 0px 1px rgba(0, 0, 128, 0.9); */
border-bottom-width: 1px;
border-bottom-style: solid;
border-bottom-color: #000022;
@ -195,7 +195,7 @@ h3{
border-bottom-style: solid;
border-bottom-color: #000022;
padding-bottom: 3px;
text-shadow: 0px 0px 1px rgba(0, 0, 176, 0.9);
/* text-shadow: 0px 0px 1px rgba(0, 0, 176, 0.9); */
font-size: 11pt;
}
@ -472,4 +472,4 @@ background: #ffffff;
color: red;
font-weight: bold;
font-size: 9pt;
}
}