forked from I2P_Developers/i2p.www
prop. 159 back to 16 byte short header
This commit is contained in:
@ -2594,13 +2594,13 @@ Before header obfuscation and protection:
|
||||
|
||||
Short Header
|
||||
`````````````
|
||||
The short header is 13 bytes. It is used after a session is created, for Data messages.
|
||||
The short header is 16 bytes. It is used after a session is created, for Data messages.
|
||||
or (maybe?) for unauthenticated messages.
|
||||
|
||||
TODO 16 bytes would be a lot easier for both AES and ChaCha20.
|
||||
We have to decrypt the first part to get the packet type,
|
||||
and then must decrypt further if it's actually a long header.
|
||||
How can we save the state and continue decrypting the next 16 bytes?
|
||||
16 bytes is required, because
|
||||
the receiver must decrypt the first 16 bytes to get the message type,
|
||||
and then must decrypt an additional 16 bytes if it's actually a long header,
|
||||
as indicated by the message type.
|
||||
|
||||
Before header obfuscation and protection:
|
||||
|
||||
@ -2611,17 +2611,24 @@ Before header obfuscation and protection:
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Destination Connection ID |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Packet Number |type|
|
||||
+----+----+----+----+----+
|
||||
| Packet Number |type| flags |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
|
||||
Destination Connection ID :: 8 bytes, unsigned big endian integer
|
||||
|
||||
type :: The message type, 0-10
|
||||
|
||||
Packet Number :: 4 bytes, unsigned big endian integer
|
||||
|
||||
type :: The message type, 0-10
|
||||
|
||||
flags :: 3 bytes, unused, set to 0 for future compatibility
|
||||
|
||||
{% endhighlight %}
|
||||
|
||||
Note: If any out-of-session relay or peer test messages are defined
|
||||
and used, we must also have the ver and id fields present.
|
||||
|
||||
|
||||
|
||||
|
||||
Connection ID Numbering
|
||||
```````````````````````````
|
||||
@ -2698,6 +2705,9 @@ Both the long and short headers are always obfuscated with AES-CBC using
|
||||
For SessionCreated, where the destination router hash and IV are not yet known,
|
||||
the source router hash and IV are used.
|
||||
|
||||
TODO ChaCha20 instead?
|
||||
|
||||
|
||||
|
||||
Header Protection
|
||||
```````````````````
|
||||
@ -3136,6 +3146,7 @@ Notes
|
||||
with excessive padding. Bob will specify his padding options in Session Created.
|
||||
Min/max guidelines TBD. Random size from 0 to 31 bytes minimum?
|
||||
(Distribution to be determined, see Appendix A.)
|
||||
TODO UNLESS minimum packet size is enforced for PMTU.
|
||||
|
||||
- On any error, including AEAD, DH, timestamp, apparent replay, or key
|
||||
validation failure, Bob must halt further message processing and
|
||||
@ -3369,6 +3380,7 @@ Notes
|
||||
Alice will specify her padding options in Session Confirmed.
|
||||
Min/max guidelines TBD. Random size from 0 to 31 bytes minimum?
|
||||
(Distribution to be determined, see Appendix A.)
|
||||
TODO UNLESS minimum packet size is enforced for PMTU.
|
||||
|
||||
- On any error, including AEAD, DH, timestamp, apparent replay, or key
|
||||
validation failure, Alice must halt further message processing and close the
|
||||
@ -3474,9 +3486,9 @@ Alice sends to Bob.
|
||||
Noise content: Alice's static key
|
||||
Noise payload part 1: None
|
||||
Noise payload part 2: Alice's RouterInfo, options, data, and padding blocks
|
||||
Max payload size: MTU - 105 (IPv4) or MTU - 125 (IPv6)
|
||||
For 1280 MTU: Max payload is 1175 (IPv4) or 1155 (IPv6)
|
||||
For 1500 MTU: Max payload is 1395 (IPv4) or 1375 (IPv6)
|
||||
Max payload size: MTU - 108 (IPv4) or MTU - 128 (IPv6)
|
||||
For 1280 MTU: Max payload is 1172 (IPv4) or 1152 (IPv6)
|
||||
For 1500 MTU: Max payload is 1392 (IPv4) or 1372 (IPv6)
|
||||
|
||||
Payload Security Properties:
|
||||
|
||||
@ -3526,9 +3538,9 @@ Raw contents:
|
||||
{% highlight lang='dataspec' %}
|
||||
+----+----+----+----+----+----+----+----+
|
||||
|Short Header obfuscated with dest hash |
|
||||
+encrypted, bytes 8-12 +----+----+----+
|
||||
| header protected | |
|
||||
+----+----+----+----+----+ +
|
||||
+ encrypted, bytes 8-15 +
|
||||
| header protected |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| ChaCha20 frame (32 bytes) |
|
||||
+ Encrypted and authenticated data +
|
||||
+ Alice static key S +
|
||||
@ -3579,17 +3591,17 @@ Unencrypted data (Poly1305 auth tags not shown):
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Destination Connection ID |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Packet Number |type| |
|
||||
+----+----+----+----+----+ +
|
||||
| Packet Number |type| flags |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| |
|
||||
+ +
|
||||
| S |
|
||||
+ Alice static key +
|
||||
| (32 bytes) |
|
||||
+ +
|
||||
| +----+----+----|
|
||||
+ | +
|
||||
+----+----+----+----+----+ +
|
||||
| |
|
||||
+ +
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| |
|
||||
+ +
|
||||
| Noise Payload |
|
||||
@ -3599,8 +3611,16 @@ Unencrypted data (Poly1305 auth tags not shown):
|
||||
| |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
|
||||
S :: 32 bytes, Alice's X25519 static key, little endian
|
||||
Destination Connection ID :: As sent in Session Request,
|
||||
or one received in Session Confirmed?
|
||||
|
||||
Packet Number :: 1 unless retransmitted or resent after Retry
|
||||
|
||||
type :: 2
|
||||
|
||||
flags :: 3 bytes, unused, set to 0 for future compatibility
|
||||
|
||||
S :: 32 bytes, Alice's X25519 static key, little endian
|
||||
|
||||
{% endhighlight %}
|
||||
|
||||
@ -3697,8 +3717,8 @@ Data Message (Type 6)
|
||||
---------------------------
|
||||
|
||||
Noise payload: All block types are allowed
|
||||
Max payload size: MTU - 57 (IPv4) or MTU - 77 (IPv6)
|
||||
For 1500 MTU: Max payload is 1443 (IPv4) or 1423 (IPv6)
|
||||
Max payload size: MTU - 60 (IPv4) or MTU - 80 (IPv6)
|
||||
For 1500 MTU: Max payload is 1440 (IPv4) or 1420 (IPv6)
|
||||
|
||||
Starting with the 2nd part of Session Confirmed, all messages are inside
|
||||
an authenticated and encrypted ChaChaPoly payload.
|
||||
@ -3745,9 +3765,9 @@ Notes
|
||||
{% highlight lang='dataspec' %}
|
||||
+----+----+----+----+----+----+----+----+
|
||||
|Short Header obfuscated with dest hash |
|
||||
+encrypted, bytes 8-12 +----+----+----+
|
||||
| header protected | |
|
||||
+----+----+----+----+----+ +
|
||||
+ encrypted, bytes 8-15 +
|
||||
| header protected |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| ChaCha20 data |
|
||||
+ Encrypted and authenticated data +
|
||||
| length varies |
|
||||
@ -3771,8 +3791,8 @@ Unencrypted data (Poly1305 auth tag not shown):
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Destination Connection ID |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Packet Number |type| |
|
||||
+----+----+----+----+----+ +
|
||||
| Packet Number |type| flags |
|
||||
+----+----+----+----+----+----+----+----+
|
||||
| Noise payload (block data) |
|
||||
+ (length varies) +
|
||||
| |
|
||||
@ -3780,9 +3800,11 @@ Unencrypted data (Poly1305 auth tag not shown):
|
||||
|
||||
Destination Connection ID :: As specified in session setup
|
||||
|
||||
Packet Number :: 4 byte big endian integer
|
||||
|
||||
type :: 6
|
||||
|
||||
Packet Number :: 4 byte big endian integer
|
||||
flags :: 3 bytes, unused, set to 0 for future compatibility
|
||||
|
||||
{% endhighlight %}
|
||||
|
||||
@ -5070,10 +5092,10 @@ No IP fragmentation is assumed.
|
||||
IP + datagram header is 28 bytes.
|
||||
This assumes no IPv4 options.
|
||||
Max message size is MTU - 28.
|
||||
Data phase header is 13 bytes and MAC is 16 bytes, totalling 29 bytes.
|
||||
Payload size is MTU - 57.
|
||||
Max data phase payload is 1443 for a max 1500 MTU.
|
||||
Max data phase payload is 1223 for a min 1280 MTU.
|
||||
Data phase header is 16 bytes and MAC is 16 bytes, totalling 32 bytes.
|
||||
Payload size is MTU - 60.
|
||||
Max data phase payload is 1440 for a max 1500 MTU.
|
||||
Max data phase payload is 1220 for a min 1280 MTU.
|
||||
|
||||
|
||||
IPv6:
|
||||
@ -5081,10 +5103,10 @@ No IP fragmentation is allowed.
|
||||
IP + datagram header is 48 bytes.
|
||||
This assumes no IPv6 extension headers.
|
||||
Max message size is MTU - 48.
|
||||
Data phase header is 13 bytes and MAC is 16 bytes, totalling 29 bytes.
|
||||
Payload size is MTU - 77.
|
||||
Max data phase payload is 1423 for a max 1500 MTU.
|
||||
Max data phase payload is 1203 for a min 1280 MTU.
|
||||
Data phase header is 16 bytes and MAC is 16 bytes, totalling 32 bytes.
|
||||
Payload size is MTU - 80.
|
||||
Max data phase payload is 1420 for a max 1500 MTU.
|
||||
Max data phase payload is 1200 for a min 1280 MTU.
|
||||
|
||||
|
||||
|
||||
@ -5380,12 +5402,14 @@ Message Header+MAC Keys Data Padding Total Notes
|
||||
================== =========== ===== ====== ======= ====== =====
|
||||
Session Request 48 32 7 87 DateTime block
|
||||
Session Created 48 32 7 87 DateTime block
|
||||
Session Confirmed 45 32 1003 1080 RI block
|
||||
Data (1 full msg) 13 14 27
|
||||
Total 1281
|
||||
Session Confirmed 48 32 1003 1083 (2 macs) 1000 byte RI block
|
||||
Data (1 full msg) 32 14 46
|
||||
Total 1303
|
||||
================== =========== ===== ====== ======= ====== =====
|
||||
|
||||
|
||||
TODO UNLESS minimum packet size in Session Request and Created is enforced for PMTU.
|
||||
|
||||
|
||||
|
||||
|
||||
|
Reference in New Issue
Block a user