I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Doc issues from orignal/i2pd #46

New Issue
Open
opened 2025-04-21 14:48:18 -04:00 by idk · 16 comments
idk commented 2025-04-21 14:48:18 -04:00
Owner
Copy Link

Opened 7 years ago

Last modified 7 years ago

#1147accepteddefect

Doc issues from orignal/i2pd

Reported by:zzzOwned by:zzz
Priority:
maintenance
Milestone:

Component:
www/i2p
Version:
0.9.9
Keywords:
docs
Cc:

Parent Tickets:

Sensitive:
no

Description

ref: ​http://habrahabr.ru/post/205320/ (RU)

tunnel specs:

  • Top tunnels section, last couple sentences, we say OB tunnels are req'd but you can send to IBGW directly

  • Starting at 4th comment, Says we use ECB but don't explicitly say it.

  • Double encryption of IV not explained (I think it's in the background docs and old emails, perhaps could be copied over)

Other things on that page appear to be good clarifications of our docs but it may take a native RU speaker to convert it to English patches for our pages.

Anything else?

honesly there are too many things are unclear in the docs

… but he didn't elaborate. Need specifics. Hopefully orignal will append here.

Subtickets

Opened [7 years ago](/timeline?from=2013-12-16T19%3A04%3A35Z&precision=second "See timeline at Dec 16, 2013 7:04:35 PM") Last modified [7 years ago](/timeline?from=2014-07-04T15%3A16%3A27Z&precision=second "See timeline at Jul 4, 2014 3:16:27 PM") ## [\#1147](/ticket/1147)[accepted](/query?status=accepted)[defect](/query?status=!closed&type=defect) # Doc issues from orignal/i2pd Reported by:[zzz](/query?status=!closed&reporter=zzz)Owned by:[zzz](/query?status=!closed&owner=zzz) Priority: [maintenance](/query?status=!closed&priority=maintenance) Milestone: Component: [www/i2p](/query?status=!closed&component=www%2Fi2p) Version: [0.9.9](/query?status=!closed&version=0.9.9) Keywords: [docs](/query?status=!closed&keywords=~docs) Cc: Parent Tickets: Sensitive: [no](/query?status=!closed&sensitive=0) ### Description ref: [​http://habrahabr.ru/post/205320/](http://habrahabr.ru/post/205320/) (RU) tunnel specs: - Top tunnels section, last couple sentences, we say OB tunnels are req'd but you can send to IBGW directly - Starting at 4th comment, Says we use ECB but don't explicitly say it. - Double encryption of IV not explained (I think it's in the background docs and old emails, perhaps could be copied over) Other things on that page appear to be good clarifications of our docs but it may take a native RU speaker to convert it to English patches for our pages. Anything else? <orignal> honesly there are too many things are unclear in the docs … but he didn't elaborate. Need specifics. Hopefully orignal will append here. ### Subtickets
idk added this to the undecided milestone 2025-04-21 14:48:18 -04:00
idk added the
#1147
i2p
www
 labels 2025-04-21 14:48:18 -04:00
idk commented 2025-04-21 14:48:18 -04:00
Author
Owner
Copy Link

comment:16 Changed 7 years ago by zzz

orignal@freenode you should state it will be garlic

right

orignal@freenode because there is a confusion with "encrypted LeaseSet?"

ok

orignal@freenode that's something else I even don't know what is it\

I'm just wondering if it _really_ must be garlic, or if we could just encrypt the reply without wrapping it in a garlic

orignal@freenode that's my question as well

orignal@freenode I don't see reason why it must be garlic

try it

orignal@freenode try what?

orignal@freenode you can encrypt payload using session key

orignal@freenode then your party can try to decrypt it

orignal@freenode because it they expect encrypted reply they assume any DatabaseStore? coming through particular tunnel are encrypted

orignal@freenode with key associated with this tunnel

it looks like our code in net.i2p.router.message is only set up to "garlic encrypt" GarlicMessages?. I think our specs allow for garlic encrypting other messages and maybe we would decrypt and handle them correctly, maybe not. But I don't think we send them.

orignal@freenode Than it shouldn't be "garlic" but "AES/ElGamal"

orignal@freenode Garlic mostly means cloves

orignal@freenode but AES/ElGamal means encryption method

we document the "garlic" confusion here: ​http://i2p-projekt.i2p/en/docs/how/garlic-routing

[comment:16](https://trac.i2p2.de/\#comment:16) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-07-04T15%3A16%3A27Z&precision=second "See timeline at Jul 4, 2014 3:16:27 PM") by zzz <iRelay> <orignal@freenode> you should state it will be garlic <zzz> right <iRelay> <orignal@freenode> because there is a confusion with "encrypted LeaseSet?" <zzz> ok <iRelay> <orignal@freenode> that's something else I even don't know what is it\ <zzz> I'm just wondering if it \_really\_ must be garlic, or if we could just encrypt the reply without wrapping it in a garlic <iRelay> <orignal@freenode> that's my question as well <iRelay> <orignal@freenode> I don't see reason why it must be garlic <psi> try it <iRelay> <orignal@freenode> try what? <iRelay> <orignal@freenode> you can encrypt payload using session key <iRelay> <orignal@freenode> then your party can try to decrypt it <iRelay> <orignal@freenode> because it they expect encrypted reply they assume any DatabaseStore? coming through particular tunnel are encrypted <iRelay> <orignal@freenode> with key associated with this tunnel <zzz> it looks like our code in net.i2p.router.message is only set up to "garlic encrypt" GarlicMessages?. I think our specs allow for garlic encrypting other messages and maybe we would decrypt and handle them correctly, maybe not. But I don't think we send them. <iRelay> <orignal@freenode> Than it shouldn't be "garlic" but "AES/ElGamal" <iRelay> <orignal@freenode> Garlic mostly means cloves <iRelay> <orignal@freenode> but AES/ElGamal means encryption method <zzz> we document the "garlic" confusion here: [​http://i2p-projekt.i2p/en/docs/how/garlic-routing](https://trac.i2p2.de/http://i2p-projekt.i2p/en/docs/how/garlic-routing)
idk commented 2025-04-21 14:48:19 -04:00
Author
Owner
Copy Link

comment:15 Changed 7 years ago by orignal

​https://geti2p.net/en/docs/spec/i2np#msg_DatabaseLookup

Should mention that encrypted reply will be garlic

[comment:15](https://trac.i2p2.de/\#comment:15) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-07-03T13%3A48%3A34Z&precision=second "See timeline at Jul 3, 2014 1:48:34 PM") by orignal [​https://geti2p.net/en/docs/spec/i2np#msg\_DatabaseLookup](https://trac.i2p2.de/https://geti2p.net/en/docs/spec/i2np#msg_DatabaseLookup) Should mention that encrypted reply will be garlic
idk commented 2025-04-21 14:48:19 -04:00
Author
Owner
Copy Link

comment:14 in reply to: 13 Changed 7 years ago by orignal

Well I agree it's there but on different page, also see the page

​https://geti2p.net/en/docs/how/cryptography#AES

Not mentioning ECB.

Now look from developer's viewpoint.

You see reply key/reply IV, you also see layer key and it's clear IV comes with tunnel message, but wtf is IV key?

Indeed it's used for encryption/decryption of IV key in tunnel messages. But what IV we are supposed to use for this encryption? Remember we are still at the "Tunnel creation" page, looking into the cryptography page we can see CBC only.

In my opinion, ECB and double encryption should be specified explicitly there.

[comment:14](https://trac.i2p2.de/\#comment:14) in reply to: [13](https://trac.i2p2.de/\#comment:13) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-14T17%3A43%3A01Z&precision=second "See timeline at Feb 14, 2014 5:43:01 PM") by orignal Well I agree it's there but on different page, also see the page [​https://geti2p.net/en/docs/how/cryptography#AES](https://trac.i2p2.de/https://geti2p.net/en/docs/how/cryptography#AES) Not mentioning ECB. Now look from developer's viewpoint. You see reply key/reply IV, you also see layer key and it's clear IV comes with tunnel message, but wtf is IV key? Indeed it's used for encryption/decryption of IV key in tunnel messages. But what IV we are supposed to use for this encryption? Remember we are still at the "Tunnel creation" page, looking into the cryptography page we can see CBC only. In my opinion, ECB and double encryption should be specified explicitly there.
idk commented 2025-04-21 14:48:19 -04:00
Author
Owner
Copy Link

comment:13follow-up: 14 Changed 7 years ago by zzz

Owner:
set to _zzz_Status:new →
accepted

On ​http://i2p-projekt.i2p/en/docs/tunnels/implementation( participant processing section) it does specify ECB. I added a link to the email from 2005 that justified double-encryption of IV. I could not find any place where it talked about the IV encryption and didn't specify ECB.

On tunnel-creation, I added clarification that the layer key, IV key, reply key, and reply IV are all random values generated by the creator. I also clarified how the key and IV are used to encrypt each record. Is that sufficient?

On tunnel-message, I hopefully clarified the wording on the has of payload + IV.

in 097964b9720a7dd31d583607f84adfaa26e09b2c

[comment:13](https://trac.i2p2.de/\#comment:13)follow-up: [14](https://trac.i2p2.de/\#comment:14) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-14T01%3A23%3A40Z&precision=second "See timeline at Feb 14, 2014 1:23:40 AM") by zzz Owner: set to _zzz_Status:new → accepted On [​http://i2p-projekt.i2p/en/docs/tunnels/implementation](https://trac.i2p2.de/http://i2p-projekt.i2p/en/docs/tunnels/implementation)( participant processing section) it does specify ECB. I added a link to the email from 2005 that justified double-encryption of IV. I could not find any place where it talked about the IV encryption and didn't specify ECB. On tunnel-creation, I added clarification that the layer key, IV key, reply key, and reply IV are all random values generated by the creator. I also clarified how the key and IV are used to encrypt each record. Is that sufficient? On tunnel-message, I hopefully clarified the wording on the has of payload + IV. in 097964b9720a7dd31d583607f84adfaa26e09b2c
idk commented 2025-04-21 14:48:19 -04:00
Author
Owner
Copy Link

comment:12 Changed 7 years ago by orignal

​https://geti2p.net/en/docs/spec/tunnel-creation

"bytes 104-135: AES-256 tunnel IV key"

It's not clear where do we take IV for IV encryption from.

Had to guess it's zero or just ECB mode

[comment:12](https://trac.i2p2.de/\#comment:12) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-13T21%3A08%3A29Z&precision=second "See timeline at Feb 13, 2014 9:08:29 PM") by orignal [​https://geti2p.net/en/docs/spec/tunnel-creation](https://trac.i2p2.de/https://geti2p.net/en/docs/spec/tunnel-creation) "bytes 104-135: AES-256 tunnel IV key" It's not clear where do we take IV for IV encryption from. Had to guess it's zero or just ECB mode
idk commented 2025-04-21 14:48:19 -04:00
Author
Owner
Copy Link

comment:11 in reply to: 5 Changed 7 years ago by orignal

Definitely I looked at this spec before Decemeber.

However I believe it's better to say that checksum is hash of payload + IV

Last edited 7 years ago
by orignal
( previous)
( diff)

[comment:11](https://trac.i2p2.de/\#comment:11) in reply to: [5](https://trac.i2p2.de/\#comment:5) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-13T21%3A02%3A36Z&precision=second "See timeline at Feb 13, 2014 9:02:36 PM") by orignal Definitely I looked at this spec before Decemeber. However I believe it's better to say that checksum is hash of payload + IV Last edited [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-13T21%3A12%3A52Z&precision=second "See timeline at Feb 13, 2014 9:12:52 PM") by orignal ( [previous](https://trac.i2p2.de//ticket/1147?cversion=0&cnum_hist=11#comment:11)) ( [diff](https://trac.i2p2.de//ticket/1147?action=comment-diff&cnum=11&version=1))
idk commented 2025-04-21 14:48:20 -04:00
Author
Owner
Copy Link

comment:10 Changed 7 years ago by zzz

@orignal, please provide pointers to the places in the tunnel docs that have the problems listed in the OP.

[comment:10](https://trac.i2p2.de/\#comment:10) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-13T17%3A58%3A15Z&precision=second "See timeline at Feb 13, 2014 5:58:15 PM") by zzz @orignal, please provide pointers to the places in the tunnel docs that have the problems listed in the OP.
idk commented 2025-04-21 14:48:20 -04:00
Author
Owner
Copy Link

comment:9 Changed 7 years ago by zzz

Comment 3 was re: DH. Fixed in 232acf5af06668cc4dc225afa62f0f2f597dddef.

[comment:9](https://trac.i2p2.de/\#comment:9) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-13T17%3A55%3A08Z&precision=second "See timeline at Feb 13, 2014 5:55:08 PM") by zzz Comment 3 was re: DH. Fixed in 232acf5af06668cc4dc225afa62f0f2f597dddef.
idk commented 2025-04-21 14:48:20 -04:00
Author
Owner
Copy Link

comment:8 Changed 7 years ago by zzz

comment 1 fixed in d19c55c7887b96bf1bda4868976a623f94cc9e92

[comment:8](https://trac.i2p2.de/\#comment:8) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-08T00%3A06%3A48Z&precision=second "See timeline at Feb 8, 2014 12:06:48 AM") by zzz comment 1 fixed in d19c55c7887b96bf1bda4868976a623f94cc9e92
idk commented 2025-04-21 14:48:20 -04:00
Author
Owner
Copy Link

comment:7 Changed 7 years ago by zzz

re: comment 1, Oh yeah, I see, the fields are reversed.

[comment:7](https://trac.i2p2.de/\#comment:7) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-07T23%3A37%3A05Z&precision=second "See timeline at Feb 7, 2014 11:37:05 PM") by zzz re: comment 1, Oh yeah, I see, the fields are reversed.
idk commented 2025-04-21 14:48:20 -04:00
Author
Owner
Copy Link

comment:6 Changed 7 years ago by zzz

re: comment 1, it says:

Note that Delivery Instructions are also used inside Garlic Cloves, where the format is slightly different. In a Garlic Clove, messages are not fragmented, and the fragment bit in the flag byte is redefined. See the Garlic Clove documentation for more details.

In the black box it says:

bits 6-5: delivery type

For tunnel messages:

0x0 = LOCAL, 0x01 = TUNNEL, 0x02 = ROUTER, 0x03 = unused

Note: LOCAL is used for inbound tunnels only, unimplemented for outbound tunnels

For garlic cloves:

0x0 = LOCAL, 0x01 = DESTINATION, 0x02 = ROUTER, 0x03 = TUNNEL

I agree that it's too confusing. I will make the docs in tunnel-message for tunnel messages only, and add new docs in i2np for that version.

[comment:6](https://trac.i2p2.de/\#comment:6) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-07T23%3A09%3A15Z&precision=second "See timeline at Feb 7, 2014 11:09:15 PM") by zzz re: comment 1, it says: Note that Delivery Instructions are also used inside Garlic Cloves, where the format is slightly different. In a Garlic Clove, messages are not fragmented, and the fragment bit in the flag byte is redefined. See the Garlic Clove documentation for more details. In the black box it says: > bits 6-5: delivery type > > > For tunnel messages: > > > > > 0x0 = LOCAL, 0x01 = TUNNEL, 0x02 = ROUTER, 0x03 = unused > > > > > > Note: LOCAL is used for inbound tunnels only, unimplemented for outbound tunnels > > > > For garlic cloves: > > > > > 0x0 = LOCAL, 0x01 = DESTINATION, 0x02 = ROUTER, 0x03 = TUNNEL I agree that it's too confusing. I will make the docs in tunnel-message for tunnel messages only, and add new docs in i2np for that version.
idk commented 2025-04-21 14:48:21 -04:00
Author
Owner
Copy Link

comment:5follow-up: 11 Changed 7 years ago by zzz

re: comment 2, the padding is before the zero byte. There is no padding after the zero byte. So I think the doc is correct. Would you please confirm? Any suggestions on how to word it better?

Note that I fixed the checksum information on Dec. 13 2013 after orion told me it was wrong. In that checkin I added the following note:

  • The checksum does NOT cover the padding or the zero byte.

Perhaps you encountered the bad documentation before I fixed it?

[comment:5](https://trac.i2p2.de/\#comment:5)follow-up: [11](https://trac.i2p2.de/\#comment:11) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-07T21%3A13%3A52Z&precision=second "See timeline at Feb 7, 2014 9:13:52 PM") by zzz re: comment 2, the padding is before the zero byte. There is no padding after the zero byte. So I think the doc is correct. Would you please confirm? Any suggestions on how to word it better? Note that I fixed the checksum information on Dec. 13 2013 after orion told me it was wrong. In that checkin I added the following note: - The checksum does NOT cover the padding or the zero byte. Perhaps you encountered the bad documentation before I fixed it?
idk commented 2025-04-21 14:48:21 -04:00
Author
Owner
Copy Link

comment:4 Changed 7 years ago by zzz

re: comment 3, the first bit of which byte?

[comment:4](https://trac.i2p2.de/\#comment:4) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-02-07T21%3A06%3A12Z&precision=second "See timeline at Feb 7, 2014 9:06:12 PM") by zzz re: comment 3, the first bit of which byte?
idk commented 2025-04-21 14:48:21 -04:00
Author
Owner
Copy Link

comment:3 Changed 7 years ago by orignal

​https://geti2p.net/en/docs/transport/ntcp

Nothing mentioned that first bit of first byte can't be set, in this case leading 0x00 must be added and actual key length becomes 31 bytes, due the fact Java doesn't support unsigned integers.

However this mentioned at SSU page, but NTCP and SSU are quite independent protocols.

[comment:3](https://trac.i2p2.de/\#comment:3) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-01-30T19%3A29%3A15Z&precision=second "See timeline at Jan 30, 2014 7:29:15 PM") by orignal [​https://geti2p.net/en/docs/transport/ntcp](https://trac.i2p2.de/https://geti2p.net/en/docs/transport/ntcp) Nothing mentioned that first bit of first byte can't be set, in this case leading 0x00 must be added and actual key length becomes 31 bytes, due the fact Java doesn't support unsigned integers. However this mentioned at SSU page, but NTCP and SSU are quite independent protocols.
idk commented 2025-04-21 14:48:21 -04:00
Author
Owner
Copy Link

comment:2 Changed 7 years ago by orignal

​https://geti2p.net/en/docs/spec/tunnel-message

"Checksum ::

4 bytes

the first 4 bytes of the SHA256 hash of the contents of the message after the zero byte concatenated with the IV"

Incorrect. This hash doesn't include padding following right after zero byte.

[comment:2](https://trac.i2p2.de/\#comment:2) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-01-30T19%3A20%3A44Z&precision=second "See timeline at Jan 30, 2014 7:20:44 PM") by orignal [​https://geti2p.net/en/docs/spec/tunnel-message](https://trac.i2p2.de/https://geti2p.net/en/docs/spec/tunnel-message) "Checksum :: > 4 bytes > > the first 4 bytes of the SHA256 hash of the contents of the message after the zero byte concatenated with the IV" Incorrect. This hash doesn't include padding following right after zero byte.
idk commented 2025-04-21 14:48:21 -04:00
Author
Owner
Copy Link

comment:1 Changed 7 years ago by orignal

​https://geti2p.net/en/docs/spec/tunnel-message#delivery is not correct.

It says format of Delivery Instructions should be same for tunnel message and garlic cloves, however it's not true. Positions of TunnelID and Hash fields are inverted in case of Garlic clove.

The page refers to garlic clove documentation page, but that page refers back for delivery instruction.

[comment:1](https://trac.i2p2.de/\#comment:1) Changed [7 years ago](https://trac.i2p2.de//timeline?from=2014-01-30T19%3A15%3A47Z&precision=second "See timeline at Jan 30, 2014 7:15:47 PM") by orignal [​https://geti2p.net/en/docs/spec/tunnel-message#delivery](https://trac.i2p2.de/https://geti2p.net/en/docs/spec/tunnel-message#delivery) is not correct. It says format of Delivery Instructions should be same for tunnel message and garlic cloves, however it's not true. Positions of TunnelID and Hash fields are inverted in case of Garlic clove. The page refers to garlic clove documentation page, but that page refers back for delivery instruction.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
#1120
#1147
#1154
#1336
#1344
#1396
#1427
#1442
#1548
#1583
#1677
#1747
#1756
#1759
#1781
#1809
#1849
#1859
#1885
#2192
#2236
#2290
#2400
#2414
#2430
#2538
#2697
#2698
#2752
#2760
#726
#833
0.9.18
eventually
i2p
installer
soon
undecided
www
No Label
#1147
i2p
www
Milestone
No items
No Milestone undecided
Projects
Clear projects
No project
Assignees
Clear assignees
echelon idk zzz
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: I2P_Developers/i2p.www#46
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?