I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit 25249a94 authored by zzz's avatar zzz
Browse files

NTCP RI sig types

parent ba020121
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
i2p2www/pages/site/docs/transport/ntcp.html
+ 29
13
View file @ 25249a94
{% extends "global/layout.html" %} {% extends "global/layout.html" %}
{% block title %}{% trans %}NTCP (NIO-based TCP){% endtrans %}{% endblock %} {% block title %}{% trans %}NTCP (NIO-based TCP){% endtrans %}{% endblock %}
{% block lastupdated %}{% trans %}February 2014{% endtrans %}{% endblock %} {% block lastupdated %}{% trans %}August 2014{% endtrans %}{% endblock %}
{% block accuratefor %}0.9.11{% endblock %} {% block accuratefor %}0.9.15{% endblock %}
{% block content %} {% block content %}
<p>{% trans transports=site_url('docs/transport'), ssu=site_url('docs/transport/ssu') -%} <p>{% trans transports=site_url('docs/transport'), ssu=site_url('docs/transport/ssu') -%}
NTCP is one of two <a href="{{ transports }}">transports</a> currently implemented in I2P. NTCP is one of two <a href="{{ transports }}">transports</a> currently implemented in I2P.
...@@ -110,7 +110,7 @@ so as not to send a duplicate message; this is often the case when connecting to ...@@ -110,7 +110,7 @@ so as not to send a duplicate message; this is often the case when connecting to
<p>{% trans -%} <p>{% trans -%}
In the establish state, there is a 4-phase message sequence to exchange DH keys and signatures. In the establish state, there is a 4-phase message sequence to exchange DH keys and signatures.
In the first two messages there is a 2048-bit Diffie Hellman exchange. In the first two messages there is a 2048-bit Diffie Hellman exchange.
Then, DSA signatures of the critical data are exchanged to confirm the connection. Then, signatures of the critical data are exchanged to confirm the connection.
{%- endtrans %}</p> {%- endtrans %}</p>
{% highlight %} {% highlight %}
Alice contacts Bob Alice contacts Bob
...@@ -127,7 +127,7 @@ Alice contacts Bob ...@@ -127,7 +127,7 @@ Alice contacts Bob
X, Y: {% trans %}256 byte DH public keys{% endtrans %} X, Y: {% trans %}256 byte DH public keys{% endtrans %}
H(): 32 byte SHA256 Hash H(): 32 byte SHA256 Hash
E(data, session key, IV): AES256 Encrypt E(data, session key, IV): AES256 Encrypt
S(): 40 byte DSA Signature S(): Signature
tsA, tsB: {% trans %}timestamps (4 bytes, seconds since epoch){% endtrans %} tsA, tsB: {% trans %}timestamps (4 bytes, seconds since epoch){% endtrans %}
sk: {% trans %}32 byte Session key{% endtrans %} sk: {% trans %}32 byte Session key{% endtrans %}
sz: {% trans %}2 byte size of Alice identity to follow{% endtrans %} sz: {% trans %}2 byte size of Alice identity to follow{% endtrans %}
...@@ -308,12 +308,12 @@ Alice may drop the connection if the clock skew with Bob is too high as calculat ...@@ -308,12 +308,12 @@ Alice may drop the connection if the clock skew with Bob is too high as calculat
<h4>{% trans %}Message 3 (Session Confirm A){% endtrans %}</h4> <h4>{% trans %}Message 3 (Session Confirm A){% endtrans %}</h4>
<p>{% trans -%} <p>{% trans -%}
This contains Alice's router identity, and a DSA signature of the critical data. Alice sends Bob: This contains Alice's router identity, and a signature of the critical data. Alice sends Bob:
{%- endtrans %}</p> {%- endtrans %}</p>
{% highlight %} {% highlight %}
E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB), sk, hX_xor_Bob.identHash[16:31])---&gt; E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB), sk, hX_xor_Bob.identHash[16:31])---&gt;
{% trans %}Size:{% endtrans %} 448 bytes (typ. for 387 byte identity) {% trans %}Size:{% endtrans %} 448 bytes (typ. for 387 byte identity and DSA signature), see notes below
{% endhighlight %} {% endhighlight %}
<p>{% trans %}Unencrypted Contents:{% endtrans %}</p> <p>{% trans %}Unencrypted Contents:{% endtrans %}</p>
{% highlight lang='dataspec' %} {% highlight lang='dataspec' %}
...@@ -341,16 +341,16 @@ This contains Alice's router identity, and a DSA signature of the critical data. ...@@ -341,16 +341,16 @@ This contains Alice's router identity, and a DSA signature of the critical data.
| | | |
+----+----+----+----+----+----+----+----+ +----+----+----+----+----+----+----+----+
sz :: {% trans %}2 byte size of Alice's router identity to follow (should always be 387){% endtrans %} sz :: {% trans %}2 byte size of Alice's router identity to follow (387+){% endtrans %}
ident :: {% trans %}Alice's 387 byte `RouterIdentity`{% endtrans %} ident :: {% trans %}Alice's 387+ byte `RouterIdentity`{% endtrans %}
tsA :: {% trans %}4 byte timestamp (seconds since the epoch){% endtrans %} tsA :: {% trans %}4 byte timestamp (seconds since the epoch){% endtrans %}
padding :: {% trans %}15 bytes random data{% endtrans %} padding :: {% trans %}0-15 bytes random data{% endtrans %}
signature :: {% trans -%} signature :: {% trans -%}
the 40 byte DSA `Signature` of the following concatenated data: the `Signature` of the following concatenated data:
X, Y, Bob's `RouterIdentity`, tsA, tsB. X, Y, Bob's `RouterIdentity`, tsA, tsB.
Alice signs it with the `SigningPrivateKey` associated with the `SigningPublicKey` in her `RouterIdentity` Alice signs it with the `SigningPrivateKey` associated with the `SigningPublicKey` in her `RouterIdentity`
{%- endtrans %} {%- endtrans %}
...@@ -389,18 +389,27 @@ Bob may drop the connection if the clock skew with Alice is too high as calculat ...@@ -389,18 +389,27 @@ Bob may drop the connection if the clock skew with Alice is too high as calculat
<li>{% trans -%} <li>{% trans -%}
Alice will use the last 16 bytes of the encrypted contents of this message as the IV for the next message. Alice will use the last 16 bytes of the encrypted contents of this message as the IV for the next message.
{%- endtrans %}</li> {%- endtrans %}</li>
<li>
Through release 0.9.15, the router identity was always 387 bytes,
the signature was always a 40 byte DSA signature, and the
padding was always 15 bytes.
As of release 0.9.16, the router identity may be longer than 387 bytes, and the signature type and length
are implied by the type of the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPublicKey">Signing Public Key</a>
in Alice's <a href="{{ site_url('docs/spec/common-structures') }}#struct_RouterIdentity">Router Identity</a>.
The padding is as necessary to a multiple of 16 bytes for the entire unencrypted contents.
</li>
</ul> </ul>
<h4>{% trans %}Message 4 (Session Confirm B){% endtrans %}</h4> <h4>{% trans %}Message 4 (Session Confirm B){% endtrans %}</h4>
<p>{% trans -%} <p>{% trans -%}
This is a DSA signature of the critical data. Bob sends Alice: This is a signature of the critical data. Bob sends Alice:
{%- endtrans %}</p> {%- endtrans %}</p>
{% highlight %} {% highlight %}
* &lt;----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev) * &lt;----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev)
{% trans %}Size:{% endtrans %} 48 bytes {% trans %}Size:{% endtrans %} 48 bytes (typ. for DSA signature), see notes below
{% endhighlight %} {% endhighlight %}
<p>{% trans %}Unencrypted Contents:{% endtrans %}</p> <p>{% trans %}Unencrypted Contents:{% endtrans %}</p>
{% highlight lang='dataspec' %} {% highlight lang='dataspec' %}
...@@ -419,7 +428,7 @@ This is a DSA signature of the critical data. Bob sends Alice: ...@@ -419,7 +428,7 @@ This is a DSA signature of the critical data. Bob sends Alice:
+----+----+----+----+----+----+----+----+ +----+----+----+----+----+----+----+----+
signature :: {% trans -%} signature :: {% trans -%}
the 40 byte DSA `Signature` of the following concatenated data: the `Signature` of the following concatenated data:
X, Y, Alice's `RouterIdentity`, tsA, tsB. X, Y, Alice's `RouterIdentity`, tsA, tsB.
Bob signs it with the `SigningPrivateKey` associated with the `SigningPublicKey` in his `RouterIdentity` Bob signs it with the `SigningPrivateKey` associated with the `SigningPublicKey` in his `RouterIdentity`
{%- endtrans %} {%- endtrans %}
...@@ -456,6 +465,13 @@ Alice verifies the signature, and on failure, drops the connection. ...@@ -456,6 +465,13 @@ Alice verifies the signature, and on failure, drops the connection.
<li>{% trans -%} <li>{% trans -%}
Bob will use the last 16 bytes of the encrypted contents of this message as the IV for the next message. Bob will use the last 16 bytes of the encrypted contents of this message as the IV for the next message.
{%- endtrans %}</li> {%- endtrans %}</li>
<li>
Through release 0.9.15, the signature was always a 40 byte DSA signature and the
padding was always 8 bytes. As of release 0.9.16, the signature type and length
are implied by the type of the <a href="{{ site_url('docs/spec/common-structures') }}#type_SigningPublicKey">Signing Public Key</a>
in Bob's <a href="{{ site_url('docs/spec/common-structures') }}#struct_RouterIdentity">Router Identity</a>.
The padding is as necessary to a multiple of 16 bytes for the entire unencrypted contents.
</li>
</ul> </ul>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]