166 lines
5.2 KiB
HTML
166 lines
5.2 KiB
HTML
{% extends "_layout.html" %}
|
|
{% block title %}NTCP{% endblock %}
|
|
{% block content %}
|
|
|
|
Updated August 2010 for release 0.8
|
|
|
|
<h2>NTCP (NIO-based TCP)</h2>
|
|
|
|
<p>
|
|
NTCP
|
|
is one of two <a href="transport.html">transports</a> currently implemented in I2P.
|
|
The other is <a href="udp.html">SSU</a>.
|
|
NTCP
|
|
is a Java NIO-based transport
|
|
introduced in I2P release 0.6.1.22.
|
|
Java NIO (new I/O) does not suffer from the 1 thread per connection issues of the old TCP transport.
|
|
</p><p>
|
|
|
|
By default,
|
|
NTCP uses the IP/Port
|
|
auto-detected by SSU. When enabled on config.jsp,
|
|
SSU will notify/restart NTCP when the external address changes
|
|
or when the firewall status changes.
|
|
Now you can enable inbound TCP without a static IP or dyndns service.
|
|
</p><p>
|
|
|
|
The NTCP code within I2P is relatively lightweight (1/4 the size of the SSU code)
|
|
because it uses the underlying Java TCP transport.
|
|
</p>
|
|
|
|
|
|
<h2>NTCP Protocol Specification</h2>
|
|
|
|
|
|
<h3>Standard Message Format</h3>
|
|
<p>
|
|
The NTCP transport sends individual I2NP messages AES/256/CBC encrypted with
|
|
a simple checksum. The unencrypted message is encoded as follows:
|
|
<pre>
|
|
* +-------+-------+--//--+---//----+-------+-------+-------+-------+
|
|
* | sizeof(data) | data | padding | Adler checksum of sz+data+pad |
|
|
* +-------+-------+--//--+---//----+-------+-------+-------+-------+
|
|
</pre>
|
|
That message is then encrypted with the DH/2048 negotiated session key
|
|
(station to station authenticated per the EstablishState class) using the
|
|
last 16 bytes of the previous encrypted message as the IV.
|
|
</p>
|
|
|
|
<p>
|
|
0-15 bytes of padding are required to bring the total message length
|
|
(including the six size and checksum bytes) to a multiple of 16.
|
|
The maximum message size is currently 16 KB.
|
|
Therefore the maximum data size is currently 16 KB - 6, or 16378 bytes.
|
|
The minimum data size is 1.
|
|
</p>
|
|
|
|
<h3>Time Sync Message Format</h3>
|
|
<p>
|
|
One special case is a metadata message where the sizeof(data) is 0. In
|
|
that case, the unencrypted message is encoded as:
|
|
<pre>
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
* | 0 | timestamp in seconds | uninterpreted
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
* uninterpreted | Adler checksum of bytes 0-11 |
|
|
* +-------+-------+-------+-------+-------+-------+-------+-------+
|
|
</pre>
|
|
Total length: 16 bytes. The time sync message is sent at approximately 15 minute intervals.
|
|
|
|
|
|
<h3>Establishment Sequence</h3>
|
|
In the establish state, the following communication happens.
|
|
There is a 2048-bit Diffie Hellman exchange.
|
|
For more information see the <a href="how_cryptography.html#tcp">cryptography page</a>.
|
|
<pre>
|
|
* Alice contacts Bob
|
|
* =========================================================
|
|
* X+(H(X) xor Bob.identHash)----------------------------->
|
|
* <----------------------------------------Y+E(H(X+Y)+tsB+padding, sk, Y[239:255])
|
|
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB+padding), sk, hX_xor_Bob.identHash[16:31])--->
|
|
* <----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev)
|
|
|
|
</pre>
|
|
|
|
<pre>
|
|
Hints for documentors:
|
|
X, Y: 256 byte DH keys
|
|
H(): 32 byte SHA256 Hash
|
|
E(data, session key, IV): AES256 Encrypt
|
|
S(): 40 byte DSA Signature
|
|
tsA, tsB: timestamps (4 bytes, seconds since epoch)
|
|
sk: 32 byte Session key
|
|
sz: 2 byte size of Alice identity to follow
|
|
</pre>
|
|
|
|
<h4>Step 1</h4>
|
|
Alice sends Bob:
|
|
<pre>
|
|
* X+(H(X) xor Bob.identHash)----------------------------->
|
|
|
|
Size: 288 bytes
|
|
</pre>
|
|
Todo: Explain this in words.
|
|
|
|
|
|
<h4>Step 2</h4>
|
|
Bob sends Alice:
|
|
<pre>
|
|
* <----------------------------------------Y+E(H(X+Y)+tsB+padding, sk, Y[239:255])
|
|
|
|
Size: 304 bytes
|
|
</pre>
|
|
Todo: Explain this in words.
|
|
|
|
|
|
<h4>Step 3</h4>
|
|
Alice sends Bob:
|
|
<pre>
|
|
* E(sz+Alice.identity+tsA+padding+S(X+Y+Bob.identHash+tsA+tsB+padding), sk, hX_xor_Bob.identHash[16:31])--->
|
|
|
|
Size: 448 bytes (typ. for 387 byte identity)
|
|
</pre>
|
|
Todo: Explain this in words.
|
|
|
|
|
|
<h4>Step 4</h4>
|
|
Bob sends Alice:
|
|
<pre>
|
|
* <----------------------E(S(X+Y+Alice.identHash+tsA+tsB)+padding, sk, prev)
|
|
|
|
Size: 48 bytes
|
|
</pre>
|
|
Todo: Explain this in words.
|
|
|
|
<h4>Finally</h4>
|
|
The connection is established and standard messages may be exchanged.
|
|
|
|
|
|
|
|
<h3>Check Connection Message</h3>
|
|
Alternately, when Bob receives a connection, it could be a
|
|
check connection (perhaps prompted by Bob asking for someone
|
|
to verify his listener).
|
|
Check Connection is not currently used.
|
|
However, for the record, check connections are formatted as follows.
|
|
A check info connection will receive 256 bytes containing:
|
|
<ul>
|
|
<li> 32 bytes of uninterpreted, ignored data
|
|
<li> 1 byte size
|
|
<li> that many bytes making up the local router's IP address (as reached by the remote side)
|
|
<li> 2 byte port number that the local router was reached on
|
|
<li> 4 byte i2p network time as known by the remote side (seconds since the epoch)
|
|
<li> uninterpreted padding data, up to byte 223
|
|
<li> xor of the local router's identity hash and the SHA256 of bytes 32 through bytes 223
|
|
</ul>
|
|
</pre>
|
|
|
|
<h2>Discussion</h2>
|
|
Now on the <a href="ntcp_discussion.html">NTCP Discussion Page</a>.
|
|
|
|
<h2><a name="future">Future Work</a></h2>
|
|
<p>The maximum message size should be increased to approximately 32 KB.
|
|
</p>
|
|
|
|
{% endblock %}
|