This document describes some data types common to all I2P protocols, like I2NP, I2CP, SSU, etc.
Represents a non-negative integer.
1 to 8 bytes in network byte order representing an unsigned integer
The number of milliseconds since midnight on January 1, 1970 in the GMT timezone. If the number is 0, the date is undefined or null.
8 byte Integer
Represents a UTF-8 encoded string.
1 or more bytes where the first byte is the number of bytes(not characters!) in the string and the remaining 0-255 bytes are the non-null terminated UTF-8 encoded character array
A boolean value, supporting null/unknown representation 0=false, 1=true, 2=unknown/null
1 byte Integer
This structure is used in ElGamal encryption, representing only the exponent, not the primes, which are constant and defined in the cryptography specification.
256 bytes
This structure is used in ElGamal decryption, representing only the exponent, not the primes which are constant and defined in the cryptography specification.
256 bytes
This structure is used for AES256 encryption and decryption.
32 bytes
This structure is used for verifying DSA signatures.
128 bytes
This structure is used for creating DSA signatures.
20 bytes
This structure represents the DSA signature of some data.
40 bytes
Represents the SHA256 of some data.
32 bytes
A random number
32 bytes
Defines an identifier that is unique to each router in a tunnel.
4 byte Integer
A certificate is a container for various receipts or proof of works used throughout the I2P network.
1 byte Integer specifying certificate type, followed by a 2 Integer specifying the size of the certificate payload, then that many bytes.
{% filter escape %}
+----+----+----+----+----+--//
|type| length | payload
+----+----+----+----+----+--//
type :: Integer
length -> 1 byte
case 0 -> NULL
case 1 -> HASHCASH
case 2 -> HIDDEN
case 3 -> SIGNED
case 4 -> MULTIPLE
length :: Integer
length -> 2 bytes
payload :: data
length -> $length bytes
{% endfilter %}
A set of key/value mappings or properties
A 2-byte size Integer followed by a series of String=String; pairs
{% filter escape %}
+----+----+----+----+----+----+----+----+
| size |key string (len + data) | = |
+----+----+----+----+----+----+----+----+
| val string (len + data) | ; | ...
+----+----+----+----+----+----+----+
size :: Integer
length -> 2 bytes
Total number of bytes that follow
key string :: String
A string (one byte length followed by UTF-8 encoded characters)
= :: A single byte containing '='
val string :: String
A string (one byte length followed by UTF-8 encoded characters)
; :: A single byte containing ';'
{% endfilter %}
Defines the way to uniquely identify a particular router
PublicKey followed by SigningPublicKey and then a Certificate
{% filter escape %}
+----+----+----+----+----+----+----+----+
| public_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| signing_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| certificate |
+----+----+----+--//
public_key :: PublicKey
length -> 256 bytes
signing_key :: SigningPublicKey
length -> 128 bytes
certificate :: Certificate
length -> >= 3 bytes
Total length: 387+ bytes
{% endfilter %}
A Destination defines a particular endpoint to which messages can be directed for secure delivery.
PublicKey followed by a SigningPublicKey and then a Certificate
{% filter escape %}
+----+----+----+----+----+----+----+----+
| public_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| signing_public_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| certificate
+---//
public_key :: PublicKey
length -> 256 bytes
signing_public_key :: SigningPublicKey
length -> 128 bytes
certificate :: Certificate
length -> >= 3 bytes
Total length: 387+ bytes
{% endfilter %}
Defines the authorization for a particular tunnel to receive messages targeting a Destination.
RouterIdentity of the gateway router, then the TunnelId, and finally an end Date
{% filter escape %}
+----+----+----+----+----+----+----+----+
| tunnel_gw |
+ +
| |
~ ~
~ ~
| |
+ +----+----+----+----+
| | tunnel_id |
+----+----+----+----+----+----+----+----+
| end_date |
+----+----+----+----+----+----+----+----+
tunnel_gw :: RouterIdentity of the tunnel gateway
length -> >= 387 bytes
tunnel_id :: TunnelId
length -> 4 bytes
end_date :: Date
length -> 8 bytes
{% endfilter %}
Contains all of the currently authorized Leases for a particular Destination, the PublicKey to which garlic messages can be encrypted, and then the the public key that can be used to revoke this particular version of the structure. The LeaseSet is one of the two structures stored in the network database( the other being RouterInfo), and is keyed under the SHA256 of the contained Destination.
Destination, followed by a PublicKey for encryption, then a SigningPublicKey which can be used to revoke this version of the LeaseSet, then a 1 byte Integer specifying how many Lease structures are in the set, followed by the actual Lease structures and finally a Signature of the previous bytes signed by the Destination's SigningPrivateKey
{% filter escape %}
+----+----+----+----+----+----+----+----+
| destination |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| encryption_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| signing_key |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
|num | Lease 0 |
+----+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| Lease 1 |
+ +
| |
~ ~
~ ~
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| Lease ($num-1) |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| signature |
+ +
| |
+ +
| |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
destination :: Destination
length -> >= 387 bytes
encryption_key :: PublicKey
length -> 256 bytes
signing_key :: SigningPublicKey
length -> 128 bytes
num :: Integer
length -> 1 byte
value: 0 <= num <= 6
leases :: [Lease]
length -> >= $num*399 bytes
signature :: Signature
length -> 40 bytes
{% endfilter %}
The signature may be verified using the signing public key of the destination. The signing_key is currently unused. It was intended for LeaseSet revocation, which is unimplemented.
This structure defines the means to contact a router through a transport protocol.
1 byte Integer defining the relative cost of using the address, where 0 is free and 255 is expensive, followed by the expiration Date after which the address should not be used, or if null, the address never expires. After that comes a String defining the transport protocol this router address uses. Finally there is a Mapping containing all of the transport specific options necessary to establish the connection, such as IP address, port number, email address, URL, etc.
{% filter escape %}
+----+
|cost|
+----+----+----+----+----+----+----+----+
| expiration |
+----+----+----+----+--//+----+----+----+
| transport_style |
+----+----+----+----+--//+----+----+----+
| options |
+----+----+----+----+--//+----+----+----+
cost :: Integer
length -> 1 byte
case 0 -> free
case 255 -> expensive
expiration :: Date
length -> 8 bytes
case null -> never expires
transport_style :: String
length -> 1-256 bytes
options :: Mapping
{% endfilter %}
Defines all of the data that a router wants to publish for the network to see. The RouterInfo is one of two structures stored in the network database(the other being LeaseSet, and is keyed under the SHA256 of the contained RouterIdentity.
RouterIdentity followed by the Date, when the entry was published
{% filter escape %}
+----+----+----+----+----+----+----+----+
| router_ident |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| published |
+----+----+----+----+----+----+----+----+
|size| RouterAddress 0 |
+----+ +
| |
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| RouterAddress 1 |
+ +
| |
~ ~
~ ~
~ ~
~ ~
| |
+----+----+----+----+----+----+----+----+
| RouterAddress ($size-1) |
+ +
| |
~ ~
~ ~
| |
+----+----+----+----+-//-+----+----+----+
|psiz| options |
+----+----+----+----+-//-+----+----+----+
| signature |
+ +
| |
+ +
| |
+ +
| |
+ +
| |
+----+----+----+----+----+----+----+----+
router_ident :: RouterIdentity
length -> >= 387 bytes
published :: Date
length -> 8 bytes
size :: Integer
length -> 1 byte
addresses :: [RouterAddress]
length -> >= $size*267 bytes
peer_size :: Integer
length -> 1 byte
value -> 0
options :: Mapping
signature :: Signature
length -> 40 bytes
{% endfilter %}
The signature may be verified using the signing public key of the router_ident.