From 6df7a797b8a69a188ee5d3b249022173f3656b25 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 10 Jan 2021 06:03:33 -0500 Subject: [PATCH] Prop. 157 updates --- i2p2www/spec/proposals/157-new-tbm.rst | 166 ++++++++++++++----------- 1 file changed, 96 insertions(+), 70 deletions(-) diff --git a/i2p2www/spec/proposals/157-new-tbm.rst b/i2p2www/spec/proposals/157-new-tbm.rst index 5b1faf2f..3f1c27de 100644 --- a/i2p2www/spec/proposals/157-new-tbm.rst +++ b/i2p2www/spec/proposals/157-new-tbm.rst @@ -99,11 +99,21 @@ Both will be "variable" with a one-byte number of records field, as with the existing Variable messages. ShortTunnelBuild: Type 25 - -ShortTunnelBuildReply: Type 26 - Typical length (with 4 records): 945 bytes +OutboundTunnelBuildReply: Type 26 +We define a new OutboundTunnelBuildReply message. +This is used for outbound tunnel builds only. +The purpose is to hide outbound build reply messages from the IBEP. +It must be garlic encrypted by the OBGW, targeting the originator +(delivery instructions TUNNEL). +The OBEP decrypts the tunnel build message, +constructs a OutboundTunnelBuildReply message, +and puts the reply into the cleartext field. +The other records go into the other slots. +It then garlic encrypts the message to originator with the derived symmetric keys. + + Additionally, we define a new InboundTunnelBuild message, Type 27. This is used for inbound tunnel builds only. The purpose is to hide inbound build messages from the OBGW. @@ -117,16 +127,53 @@ It then sends the ShortTunnelBuildMessage to the next hop. As the ShortTunnelBuild message is garlic encrypted, the build record for the IBGW does not need to be encrypted again. -Also, we define a new OutboundTunnelBuildReply message, Type 28. -This is used for outbound tunnel builds only. -The purpose is to hide outbound build reply messages from the IBEP. -It must be garlic encrypted by the OBGW, targeting the originator -(delivery instructions TUNNEL). -The OBEP decrypts the tunnel build message, -constructs a OutboundTunnelBuildReply message, -and puts the reply into the cleartext field. -The other records go into the other slots. -It then garlic encrypts the message to originator with the derived symmetric keys. + +Message Flow +------------------ + +.. raw:: html + + {% highlight %} +STBM: Short tunnel build message (type 25) + OTBRM: Outbound tunnel build reply message (type 26) + ITBM: Inbound tunnel build message (type 27) + + Outbound Build A-B-C + Reply through existing inbound D-E-F + + + STBM STBM STBM + Creator ------> A ------> B ------> C ---\ + OBEP \ + | Garlic wrapped + | OTBRM + | (TUNNEL delivery) + | from OBEP to + | creator + / + Creator <-------F---------E-------- D <--/ + IBGW + + + + Inbound Build D-E-F + Sent through existing outbound A-B-C + + + Creator ------> A ------> B ------> C ---\ + OBEP \ + | Garlic wrapped + | ITBM + | (ROUTER delivery) + | from creator + | to IBGW + STBM STBM STBM / + Creator <------ F <------ E <------ D <--/ + IBGW + + + +{% endhighlight %} @@ -212,30 +259,58 @@ Notes -.. _msg-ShortTunnelBuildReply: +.. _msg-OutboundTunnelBuildReply: -ShortTunnelBuildReply ------------------------- +OutboundTunnelBuildReply +--------------------------- I2NP Type 26 .. raw:: html {% highlight lang='dataspec' %} +----+----+----+----+----+----+----+----+ - | num| ShortBuildResponseRecords... + | num| ShortBuildReplyRecords... + +----+----+----+----+----+----+----+----+ + | + +----+----+----+----+----+----+----+----+ + |slot| length | Cleartext + +----+----+----+----+----+----+----+----+ + BuildReplyRecord | +----+----+----+----+----+----+----+----+ num :: + Number of encrypted records to follow 1 byte `Integer` - Valid values: 1-8 + Valid values: 0-7 - record size: 236 bytes - total size: 1+$num*236 + slot :: + Slot for the plaintext record to follow + 1 byte `Integer` + Valid values: 0-7 + + length :: + Length of the plaintext record to follow + 2 byte `Integer` + Valid values: TBD-172 + + BuildReplyRecord :: + Plaintext record for OBEP + length: TBD-172 + + encrypted record size: 236 bytes + cleartext record size: 236 bytes + total size: varies {% endhighlight %} Notes ````` -* Typical number of records is 4, for a total size of 945. +* The Cleartext BuildReplyRecord does NOT contain padding after + the properties field. It does not need to be fixed length. + This hopefully allows the garlic encrypted message to fit in + one tunnel message. Calculation TBD. +* This message MUST be garlic encrypted. + + .. _msg-InboundTunnelBuild: @@ -291,55 +366,6 @@ Notes -OutboundTunnelBuildReply ------------------------------- -I2NP Type 28 - -.. raw:: html - - {% highlight lang='dataspec' %} -+----+----+----+----+----+----+----+----+ - | num| ShortBuildReplyRecords... - +----+----+----+----+----+----+----+----+ - | - +----+----+----+----+----+----+----+----+ - |slot| length | Cleartext - +----+----+----+----+----+----+----+----+ - BuildReplyRecord | - +----+----+----+----+----+----+----+----+ - - num :: - Number of encrypted records to follow - 1 byte `Integer` - Valid values: 0-7 - - slot :: - Slot for the plaintext record to follow - 1 byte `Integer` - Valid values: 0-7 - - length :: - Length of the plaintext record to follow - 2 byte `Integer` - Valid values: TBD-172 - - BuildReplyRecord :: - Plaintext record for OBEP - length: TBD-172 - - encrypted record size: 236 bytes - cleartext record size: 236 bytes - total size: varies -{% endhighlight %} - -Notes -````` -* The Cleartext BuildReplyRecord does NOT contain padding after - the properties field. It does not need to be fixed length. - This hopefully allows the garlic encrypted message to fit in - one tunnel message. Calculation TBD. -* This message MUST be garlic encrypted. - Justification =============