I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Small ECIES updates

Browse Source
This commit is contained in:
zzz
2020-09-13 14:05:17 +00:00
parent 5386074c1b
commit c7ee4e7f1f
4 changed files with 36 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
i2p2www/spec/blockfile.rst
View File

@ -2,8 +2,8 @@
Blockfile and Hosts Database Specification
==========================================
.. meta::
:lastupdated: November 2019
:accuratefor: 0.9.43
:lastupdated: 2020-09
:accuratefor: 0.9.47
.. contents::
@ -168,7 +168,7 @@ The maximum number of entries per span is 16.
Properties Skiplist
-------------------
"%%__INFO__%%" is the master database skiplist with String/Properties key/value
"%%__INFO__%%" is the main database skiplist with String/Properties key/value
entries containing only one entry:
info

17
i2p2www/spec/common-structures.rst
View File

@ -3,8 +3,8 @@ Common structures Specification
===============================
.. meta::
:category: Design
:lastupdated: April 2020
:accuratefor: 0.9.46
:lastupdated: 2020-09
:accuratefor: 0.9.47
.. contents::
@ -86,7 +86,7 @@ ElGamal 256 All Router Identities and Destinations
P256 64 TBD Reserved, see proposal 145
P384 96 TBD Reserved, see proposal 145
P521 132 TBD Reserved, see proposal 145
X25519 32 0.9.38 Little-endian. See proposal 144
X25519 32 0.9.38 Little-endian. See [ECIES]_ and proposal 156
======= ============== ====== =====
JavaDoc: http://{{ i2pconv('echelon.i2p/javadoc') }}/net/i2p/data/PublicKey.html
@ -118,7 +118,7 @@ ElGamal 256 All Router Identities and Destinations
P256 32 TBD Reserved, see proposal 145
P384 48 TBD Reserved, see proposal 145
P521 66 TBD Reserved, see proposal 145
X25519 32 0.9.38 Little-endian. See proposal 144
X25519 32 0.9.38 Little-endian. See [ECIES]_ and proposal 156
======= ============== ====== =====
JavaDoc: http://{{ i2pconv('echelon.i2p/javadoc') }}/net/i2p/data/PrivateKey.html
@ -439,7 +439,7 @@ ElGamal 0 256 All Router Identities and Destin
P256 1 64 Reserved, see proposal 145
P384 2 96 Reserved, see proposal 145
P521 3 132 Reserved, see proposal 145
X25519 4 32 Not for use in key certs. See proposal 144
X25519 4 32 See [ECIES]_ and proposal 156
reserved 65280-65534 Reserved for experimental use
reserved 65535 Reserved for future expansion
======== =========== ======================= =====
@ -1189,10 +1189,10 @@ Notes
* The encryption keys are used for end-to-end ElGamal/AES+SessionTag encryption
[ELGAMAL-AES]_ (type 0) or other end-to-end encryption schemes.
See proposals 123, 144, and 145.
See [ECIES]_ and proposals 145 and 156.
They may be generated anew at every router startup
or they may be persistent.
X25519 (type 4, proposal 144) is supported as of release 0.9.44.
X25519 (type 4, see [ECIES]_) is supported as of release 0.9.44.
* The signature is over the data above, PREPENDED with the single byte
containing the DatabaseStore type (3).
@ -1711,6 +1711,9 @@ Specification [GARLIC-DELIVERY]_.
References
==========
.. [ECIES]
{{ spec_url('ecies') }}
.. [ELGAMAL]
{{ site_url('docs/how/cryptography', True) }}#elgamal

6
i2p2www/spec/ecies.rst
View File

@ -3,8 +3,8 @@ ECIES-X25519-AEAD-Ratchet
=========================
.. meta::
:category: Protocols
:lastupdated: 2020-05-07
:accuratefor: 0.9.46
:lastupdated: 2020-09
:accuratefor: 0.9.47
.. contents::
@ -2936,7 +2936,7 @@ Recommended parameters and timeouts:
- Remove previous ES tagset after: 3 minutes
- Tagset look ahead of tag N: min(tsmax, tsmin + N/4)
- Tagset trim behind tag N: min(tsmax, tsmin + N/4) / 2
- Send next key at tag: TBD
- Send next key at tag: 4096
- Send next key after tagset lifetime: TBD
- Replace session if NS received after: 3 minutes
- Max clock skew: -5 minutes to +2 minutes

22
i2p2www/spec/proposals/152-ecies-tunnels.rst
View File

@ -6,7 +6,7 @@ ECIES Tunnels
:author: chisana, zzz
:created: 2019-07-04
:thread: http://zzz.i2p/topics/2737
:lastupdated: 2020-09-05
:lastupdated: 2020-09-13
:status: Open
:target: 0.9.51
@ -173,6 +173,10 @@ Request Record Unencrypted (ElGamal)
`````````````````````````````````````````
For reference, this is the current specification of the tunnel BuildRequestRecord for ElGamal routers, taken from [I2NP]_.
The unencrypted data is prepended with a nonzero byte and the SHA-256 hash of the data before encryption,
as defined in [Cryptography]_.
All fields are big-endian.
Unencrypted size: 222 bytes
@ -267,6 +271,8 @@ If the Properties structure is empty, this is two bytes 0x00 0x00.
Request Record Encrypted (ECIES)
`````````````````````````````````````
All fields are big-endian except for the ephemeral public key which is little-endian.
Encrypted size: 528 bytes
.. raw:: html
@ -274,7 +280,7 @@ Encrypted size: 528 bytes
{% highlight lang='dataspec' %}
bytes 0-15: Hop's truncated identity hash
bytes 16-47: Sender's ephemeral public key
bytes 16-47: Sender's ephemeral X25519 public key
bytes 48-511: ChaCha20 encrypted BuildRequestRecord
bytes 512-527: Poly1305 MAC
@ -290,6 +296,11 @@ Encrypted BuildReplyRecords are 528 bytes for both ElGamal and ECIES, for compat
Reply Record Unencrypted (ElGamal)
`````````````````````````````````````
ElGamal replies are encrypted with AES.
All fields are big-endian.
Unencrypted size: 528 bytes
.. raw:: html
@ -306,6 +317,9 @@ bytes 0-31 :: SHA-256 Hash of bytes 32-527
Reply Record Unencrypted (ECIES)
`````````````````````````````````````
ECIES replies are encrypted with ChaCha20/Poly1305.
All fields are big-endian.
Unencrypted size: 512 bytes
@ -634,6 +648,10 @@ Issues
* Is an HKDF required for the keys, what's the advantage of doing that vs.
just including them in the build record as before?
* Make KDFs be similar to those in Noise (NTCP2) and Ratchet
* HKDF output no more than 64 bytes preferred
* In the current Java implementation, the full router hash field in the build
request record at bytes 4-35 is not checked and does not appear to be necessary.