From ecb69fbc15d5f6fa608e9734bf90573ae4bc7f87 Mon Sep 17 00:00:00 2001 From: zzz Date: Tue, 13 Aug 2019 17:50:45 +0000 Subject: [PATCH] Close proposal 147, copy changes to specs --- i2p2www/spec/ntcp2.rst | 20 ++++++++++++------- i2p2www/spec/proposals/111-ntcp-2.rst | 16 +++++++++------ .../147-transport-network-id-check.rst | 6 ++++-- i2p2www/spec/ssu.rst | 14 ++++++++++--- i2p2www/spec/updates.rst | 8 ++++++-- 5 files changed, 44 insertions(+), 20 deletions(-) diff --git a/i2p2www/spec/ntcp2.rst b/i2p2www/spec/ntcp2.rst index 0f0be16c..bae4156b 100644 --- a/i2p2www/spec/ntcp2.rst +++ b/i2p2www/spec/ntcp2.rst @@ -3,8 +3,8 @@ NTCP 2 ====== .. meta:: :category: Transports - :lastupdated: 2019-04-08 - :accuratefor: 0.9.36 + :lastupdated: August 2019 + :accuratefor: 0.9.42 .. contents:: @@ -511,12 +511,13 @@ Note: All fields are big-endian. {% highlight lang='dataspec' %} +----+----+----+----+----+----+----+----+ - |Rsvd| ver| padLen | m3p2len | Rsvd(0) | + | id | ver| padLen | m3p2len | Rsvd(0) | +----+----+----+----+----+----+----+----+ | tsA | Reserved (0) | +----+----+----+----+----+----+----+----+ - Reserved :: 7 bytes total, set to 0 for compatibility with future options + id :: 1 byte, the network ID (currently 2, except for test networks) + As of 0.9.42. See proposal 147. ver :: 1 byte, protocol version (currently 2) @@ -527,6 +528,8 @@ Note: All fields are big-endian. m3p2Len :: 2 bytes, length of the the second AEAD frame in SessionConfirmed (message 3 part 2) See notes below + Rsvd :: 2 bytes, set to 0 for compatibility with future options + tsA :: 4 bytes, Unix timestamp, unsigned seconds. Wraps around in 2106 @@ -616,9 +619,12 @@ Notes message 1 and reading in the padding. There should be no extra data from Alice, as Bob has not responded with message 2 yet. -Issues -`````` -- Is the fixed-size option block big enough? +- The network ID field is used to quickly identify cross-network connections. + If this field is nonzero, and does not match Bob's network ID, + Bob should disconnect and block future connections. + Any connections from test networks should have a different ID and will fail the test. + As of 0.9.42. See proposal 147 for more information. + diff --git a/i2p2www/spec/proposals/111-ntcp-2.rst b/i2p2www/spec/proposals/111-ntcp-2.rst index 7ad3dd31..95263809 100644 --- a/i2p2www/spec/proposals/111-ntcp-2.rst +++ b/i2p2www/spec/proposals/111-ntcp-2.rst @@ -6,7 +6,7 @@ NTCP 2 :editor: manas, str4d, zzz :created: 2014-02-13 :thread: http://zzz.i2p/topics/1577 - :lastupdated: 2019-04-08 + :lastupdated: 2019-08-13 :status: Closed :supercedes: 106 :target: 0.9.36 @@ -848,12 +848,13 @@ Note: All fields are big-endian. {% highlight lang='dataspec' %} +----+----+----+----+----+----+----+----+ - |Rsvd| ver| padLen | m3p2len | Rsvd(0) | + | id | ver| padLen | m3p2len | Rsvd(0) | +----+----+----+----+----+----+----+----+ | tsA | Reserved (0) | +----+----+----+----+----+----+----+----+ - Reserved :: 7 bytes total, set to 0 for compatibility with future options + id :: 1 byte, the network ID (currently 2, except for test networks) + As of 0.9.42. See proposal 147. ver :: 1 byte, protocol version (currently 2) @@ -864,6 +865,8 @@ Note: All fields are big-endian. m3p2Len :: 2 bytes, length of the the second AEAD frame in SessionConfirmed (message 3 part 2) See notes below + Rsvd :: 2 bytes, set to 0 for compatibility with future options + tsA :: 4 bytes, Unix timestamp, unsigned seconds. Wraps around in 2106 @@ -953,9 +956,10 @@ Notes message 1 and reading in the padding. There should be no extra data from Alice, as Bob has not responded with message 2 yet. -Issues -`````` -- Is the fixed-size option block big enough? +- The network ID field is used to quickly identify cross-network connections. + If this field is nonzero, and does not match Bob's network ID, + Bob should disconnect and block future connections. + As of 0.9.42. See proposal 147 for more information. diff --git a/i2p2www/spec/proposals/147-transport-network-id-check.rst b/i2p2www/spec/proposals/147-transport-network-id-check.rst index 0a5c8ebe..2b5fb5a6 100644 --- a/i2p2www/spec/proposals/147-transport-network-id-check.rst +++ b/i2p2www/spec/proposals/147-transport-network-id-check.rst @@ -5,8 +5,10 @@ Transport Network ID Check :author: zzz :created: 2019-02-28 :thread: http://zzz.i2p/topics/2687 - :lastupdated: 2019-08-05 - :status: Open + :lastupdated: 2019-08-13 + :status: Closed + :target: 0.9.42 + :implementedin: 0.9.42 .. contents:: diff --git a/i2p2www/spec/ssu.rst b/i2p2www/spec/ssu.rst index 026f54c1..284ad47b 100644 --- a/i2p2www/spec/ssu.rst +++ b/i2p2www/spec/ssu.rst @@ -3,8 +3,8 @@ SSU Protocol Specification ========================== .. meta:: :category: Transports - :lastupdated: July 2019 - :accuratefor: 0.9.41 + :lastupdated: August 2019 + :accuratefor: 0.9.42 .. contents:: @@ -36,7 +36,7 @@ encrypted with the appropriate key. The MAC used is HMAC-MD5, truncated to 16 bytes, while the key is a full 32 byte AES256 key. The specific construct of the MAC is the first 16 bytes from:: - HMAC-MD5(encryptedPayload + IV + (payloadLength ^ protocolVersion), macKey) + HMAC-MD5(encryptedPayload + IV + (payloadLength ^ protocolVersion ^ ((netid - 2) << 8)), macKey) where '+' means append and '^' means exclusive-or. @@ -58,6 +58,14 @@ The protocolVersion is a 2 byte unsigned integer and is currently set to 0. Peers using a different protocol version will not be able to communicate with this peer, though earlier versions not using this flag are. +The exclusive OR of ((netid - 2) << 8) is used to quickly identify cross-network connections. +As of 0.9.42. See proposal 147 for more information. +As the current network ID is 2, this is a no-op for the current network and is backward compatible. +Any connections from test networks should have a different ID and will fail the HMAC. + + + + HMAC Specification ------------------ diff --git a/i2p2www/spec/updates.rst b/i2p2www/spec/updates.rst index fff6ca41..ae68c20c 100644 --- a/i2p2www/spec/updates.rst +++ b/i2p2www/spec/updates.rst @@ -2,8 +2,8 @@ Software Update Specification ============================= .. meta:: - :lastupdated: March 2017 - :accuratefor: 0.9.29 + :lastupdated: August 2019 + :accuratefor: 0.9.42 .. contents:: @@ -338,6 +338,10 @@ Goals Specification ````````````` 1. The file must be named "i2pseeds.su3". + As of 0.9.42, the requestor should append a query string "?netid=2" to the request URL, + assuming the current network ID of 2. + This may be used to prevent cross-network connections. Test networks should set + a different network ID. See proposal 147 for details. 2. The file must be in the same directory as the router infos on the web server.