|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.i2p.router.transport.udp.PacketBuilder
class PacketBuilder
Big ol' class to do all our packet formatting. The UDPPackets generated are fully authenticated, encrypted, and configured for delivery to the peer. The following is from udp.html on the website:
All UDP datagrams begin with a 16 byte MAC (Message Authentication Code) and a 16 byte IV (Initialization Vector followed by a variable size payload encrypted with the appropriate key. The MAC used is HMAC-MD5, truncated to 16 bytes, while the key is a full 32 byte AES256 key. The specific construct of the MAC is the first 16 bytes from:
HMAC-MD5(payload || IV || (payloadLength ^ protocolVersion), macKey)
The protocol version is currently 0.
The payload itself is AES256/CBC encrypted with the IV and the sessionKey, with replay prevention addressed within its body, explained below. The payloadLength in the MAC is a 2 byte unsigned integer in 2s complement.
The protocolVersion is a 2 byte unsigned integer in 2s complement, and currently set to 0. Peers using a different protocol version will not be able to communicate with this peer, though earlier versions not using this flag are.
Within the AES encrypted payload, there is a minimal common structure to the various messages - a one byte flag and a four byte sending timestamp (*seconds* since the unix epoch). The flag byte contains the following bitfields:
bits 0-3: payload type bit 4: rekey? bit 5: extended options included bits 6-7: reserved
If the rekey flag is set, 64 bytes of keying material follow the timestamp. If the extended options flag is set, a one byte option size value is appended to, followed by that many extended option bytes, which are currently uninterpreted.
When rekeying, the first 32 bytes of the keying material is fed into a SHA256 to produce the new MAC key, and the next 32 bytes are fed into a SHA256 to produce the new session key, though the keys are not immediately used. The other side should also reply with the rekey flag set and that same keying material. Once both sides have sent and received those values, the new keys should be used and the previous keys discarded. It may be useful to keep the old keys around briefly, to address packet loss and reordering.
NOTE: Rekeying is currently unimplemented.
Header: 37+ bytes +----+----+----+----+----+----+----+----+ | MAC | | | +----+----+----+----+----+----+----+----+ | IV | | | +----+----+----+----+----+----+----+----+ |flag| time | (optionally | +----+----+----+----+----+ | | this may have 64 byte keying material | | and/or a one+N byte extended options) | +---------------------------------------|
Field Summary | |
---|---|
(package private) static int |
PROTOCOL_VERSION
we only talk to people of the right version |
(package private) static int |
TYPE_ACK
|
(package private) static int |
TYPE_CONF
|
(package private) static int |
TYPE_CREAT
|
(package private) static int |
TYPE_FIRST
For debugging and stats only - does not go out on the wire. |
(package private) static int |
TYPE_INTRO
|
(package private) static int |
TYPE_PUNCH
|
(package private) static int |
TYPE_RESP
|
(package private) static int |
TYPE_RREQ
|
(package private) static int |
TYPE_SREQ
|
(package private) static int |
TYPE_TBC
|
(package private) static int |
TYPE_TCB
|
(package private) static int |
TYPE_TFA
|
(package private) static int |
TYPE_TTA
|
Constructor Summary | |
---|---|
PacketBuilder(I2PAppContext ctx,
UDPTransport transport)
|
Method Summary | |
---|---|
UDPPacket |
buildACK(PeerState peer,
List<ACKBitfield> ackBitfields)
Build the ack packet. |
UDPPacket |
buildHolePunch(UDPPacketReader reader)
Sends an empty unauthenticated packet for hole punching |
UDPPacket |
buildPacket(OutboundMessageState state,
int fragment,
PeerState peer,
List<Long> ackIdsRemaining,
List<ACKBitfield> partialACKsRemaining)
This builds a data packet (PAYLOAD_TYPE_DATA). |
UDPPacket |
buildPeerTestFromAlice(InetAddress toIP,
int toPort,
SessionKey toIntroKey,
long nonce,
SessionKey aliceIntroKey)
Build a packet as if we are Alice and we either want Bob to begin a peer test or Charlie to finish a peer test. |
UDPPacket |
buildPeerTestFromAlice(InetAddress toIP,
int toPort,
SessionKey toCipherKey,
SessionKey toMACKey,
long nonce,
SessionKey aliceIntroKey)
|
UDPPacket |
buildPeerTestToAlice(InetAddress aliceIP,
int alicePort,
SessionKey aliceIntroKey,
SessionKey charlieIntroKey,
long nonce)
Build a packet as if we are either Bob or Charlie and we are helping test Alice. |
UDPPacket |
buildPeerTestToBob(InetAddress bobIP,
int bobPort,
InetAddress aliceIP,
int alicePort,
SessionKey aliceIntroKey,
long nonce,
SessionKey bobCipherKey,
SessionKey bobMACKey)
Build a packet as if we are Charlie sending Bob a packet verifying that we will help test Alice. |
UDPPacket |
buildPeerTestToCharlie(InetAddress aliceIP,
int alicePort,
SessionKey aliceIntroKey,
long nonce,
InetAddress charlieIP,
int charliePort,
SessionKey charlieCipherKey,
SessionKey charlieMACKey)
Build a packet as if we are Bob sending Charlie a packet to help test Alice. |
UDPPacket |
buildPing(PeerState peer)
We use this for keepalive purposes. |
(package private) UDPPacket |
buildRelayIntro(RemoteHostId alice,
PeerState charlie,
UDPPacketReader.RelayRequestReader request)
|
UDPPacket |
buildRelayRequest(InetAddress introHost,
int introPort,
byte[] introKey,
long introTag,
SessionKey ourIntroKey,
long introNonce,
boolean encrypt)
|
UDPPacket[] |
buildRelayRequest(UDPTransport transport,
OutboundEstablishState state,
SessionKey ourIntroKey)
build intro packets for each of the published introducers |
(package private) UDPPacket |
buildRelayResponse(RemoteHostId alice,
PeerState charlie,
long nonce,
SessionKey aliceIntroKey)
|
UDPPacket |
buildSessionConfirmedPacket(OutboundEstablishState state,
int fragmentNum,
int numFragments,
byte[] identity)
Build a new SessionConfirmed packet for the given peer |
UDPPacket[] |
buildSessionConfirmedPackets(OutboundEstablishState state,
RouterIdentity ourIdentity)
Build a new series of SessionConfirmed packets for the given peer, encrypting it as necessary. |
UDPPacket |
buildSessionCreatedPacket(InboundEstablishState state,
int externalPort,
SessionKey ourIntroKey)
Build a new SessionCreated packet for the given peer, encrypting it as necessary. |
UDPPacket |
buildSessionDestroyPacket(PeerState peer)
Build a destroy packet, which contains a header but no body. |
UDPPacket |
buildSessionRequestPacket(OutboundEstablishState state)
Build a new SessionRequest packet for the given peer, encrypting it as necessary. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
static final int TYPE_FIRST
static final int TYPE_ACK
static final int TYPE_PUNCH
static final int TYPE_RESP
static final int TYPE_INTRO
static final int TYPE_RREQ
static final int TYPE_TCB
static final int TYPE_TBC
static final int TYPE_TTA
static final int TYPE_TFA
static final int TYPE_CONF
static final int TYPE_SREQ
static final int TYPE_CREAT
static final int PROTOCOL_VERSION
Constructor Detail |
---|
public PacketBuilder(I2PAppContext ctx, UDPTransport transport)
Method Detail |
---|
public UDPPacket buildPacket(OutboundMessageState state, int fragment, PeerState peer, List<Long> ackIdsRemaining, List<ACKBitfield> partialACKsRemaining)
ackIdsRemaining
- list of messageIds (Long) that should be acked by this packet.
The list itself is passed by reference, and if a messageId is
transmitted and the sender does not want the ID to be included
in subsequent acks, it should be removed from the list. NOTE:
right now this does NOT remove the IDs, which means it assumes
that the IDs will be transmitted potentially multiple times,
and should otherwise be removed from the list.partialACKsRemaining
- list of messageIds (ACKBitfield) that should be acked by this packet.
The list itself is passed by reference, and if a messageId is
included, it should be removed from the list.public UDPPacket buildPing(PeerState peer)
public UDPPacket buildACK(PeerState peer, List<ACKBitfield> ackBitfields)
ackBitfields
- list of ACKBitfield instances to either fully or partially ACKpublic UDPPacket buildSessionCreatedPacket(InboundEstablishState state, int externalPort, SessionKey ourIntroKey)
public UDPPacket buildSessionRequestPacket(OutboundEstablishState state)
public UDPPacket[] buildSessionConfirmedPackets(OutboundEstablishState state, RouterIdentity ourIdentity)
public UDPPacket buildSessionConfirmedPacket(OutboundEstablishState state, int fragmentNum, int numFragments, byte[] identity)
public UDPPacket buildSessionDestroyPacket(PeerState peer)
public UDPPacket buildPeerTestFromAlice(InetAddress toIP, int toPort, SessionKey toIntroKey, long nonce, SessionKey aliceIntroKey)
public UDPPacket buildPeerTestFromAlice(InetAddress toIP, int toPort, SessionKey toCipherKey, SessionKey toMACKey, long nonce, SessionKey aliceIntroKey)
public UDPPacket buildPeerTestToAlice(InetAddress aliceIP, int alicePort, SessionKey aliceIntroKey, SessionKey charlieIntroKey, long nonce)
public UDPPacket buildPeerTestToCharlie(InetAddress aliceIP, int alicePort, SessionKey aliceIntroKey, long nonce, InetAddress charlieIP, int charliePort, SessionKey charlieCipherKey, SessionKey charlieMACKey)
public UDPPacket buildPeerTestToBob(InetAddress bobIP, int bobPort, InetAddress aliceIP, int alicePort, SessionKey aliceIntroKey, long nonce, SessionKey bobCipherKey, SessionKey bobMACKey)
public UDPPacket[] buildRelayRequest(UDPTransport transport, OutboundEstablishState state, SessionKey ourIntroKey)
public UDPPacket buildRelayRequest(InetAddress introHost, int introPort, byte[] introKey, long introTag, SessionKey ourIntroKey, long introNonce, boolean encrypt)
UDPPacket buildRelayIntro(RemoteHostId alice, PeerState charlie, UDPPacketReader.RelayRequestReader request)
UDPPacket buildRelayResponse(RemoteHostId alice, PeerState charlie, long nonce, SessionKey aliceIntroKey)
public UDPPacket buildHolePunch(UDPPacketReader reader)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |