👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/06/06
@eyedeekay
+R4SAS
+RN
+acetone
+orignal
+weko
Irc2PGuest77041
Leopold
Minogami
Onn4l7h
Onn4|7h
ProRu
anon4
eyedeekay_bnc
j6
not_bob_afk
polistern
profetikla
qend-irc2p
x74a6
zer0bitz
eyedeekay In case anybody wanted to mess around with P2P-videochat-over-I2P:
eyedeekay git clone github.com/eyedeekay/rtchat ~/go/src/github.com/YuukanOO/rtcchat
eyedeekay cd ~/go/src/github.com/YuukanOO/rtcchat
eyedeekay go run cmd/server/main.go -debug -i2p
eyedeekay It will generate 2 SAM listeners, one for HTTP and one for TURN, as well as a self-signed cert.pem and keys.pem
eyedeekay The base32 of the HTTP listener will be in rtcchat.i2p.public.txt, visit that page in a browser and accept the self-signed cert
eyedeekay You end up in a Jitsi/Whereby/Zoom-ish videochat
eyedeekay Won't work in TBB, will work in Firefox and Brave when configured to enforce WebRTC proxy obedience
eyedeekay With just 2 participants it's... OK. Might disable video by default to see if that makes it much better
orignal what do we put into address block of PeerTest message for mag 5?
orignal It's required for any PeerTest messgae
orignal it makes sense for 6 but not for 5
zzz orignal, I send the exact same thing in msg 3 and msg 5
orignal no, I mean Address Block explictly
orignal there is no AddressBlock in mag 3 because it's Data
orignal only in 5,6,7
zzz oh sorry
zzz actually it makes sense for 5 and 7 but not 6
zzz it's the ip/port you are sending to
zzz but probably not necessary in 5 or 7 anyway, because it's in the peer test block
orignal why do it make sense for 5?
orignal you don't know actual Alice's IP by that moment
orignal it makes sense only for 6 or maybe 7
orignal Chralie sends 5 to Alice
orignal Alice recognizes Cralie's actual address and sends back in 6
orignal for 7 it might make sense to let Alice know how Chralie sees her address
orignal to recognize symmetric NAT etc
zzz so in msg 5 you send the requested ip, but in msg 7 you send the ip received in msg 6?
zzz I need to look at how SSU 1 works
orignal but why should I send Alice's IP back in msg5? it doesn't contain any new information
orignal while in 7 Charlie knows actual Alicer's IP, e.g. where 6 came from
zzz yeah you are right
zzz looking at my ssu 1 code...
zzz ok, here we go
orignal yes?
zzz in current SSU 1 code, we send message 7 to wherever message 6 came from. The IP/port we put in message 7 is the ip/port we got message 6 from.
zzz so this could be different then where we sent message 5, or what we put in message 5.
zzz I don't believe this is documented in either SSU 1 or 2 specs
zzz but I think this matches what you're proposing for SSU 2
orignal I think AddressBlock shouldn't be required for 5
orignal the difference is
zzz what do you do in SSU 1 for message 7?
orignal you send Alice address anyway in Peer Test block
orignal sec
orignal LogPrint (eLogDebug, "SSU: Peer test from Alice. We are Charlie");
orignal SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey); // to Alice with her actual address
orignal message 7
zzz ok, so we both do the same thing for message 7 in SSU 1, correct?
orignal yes
zzz ok. So I'm going to document that better in the SSU 1 specs
zzz and it seems we should do the same thing in SSU 2
orignal and I send Alice's adress in msg 5 in SSU1
orignal no, my point is different
zzz so I don't think we need Address Block at all in 5/6/7 for SSU 2. Just put the address in the Peer Test block
orignal why should we send Alice's address twice in msg 5?
zzz agreed, let's get rid of it completely
orignal huh? I'm confused
zzz do we need address block in 6 or 7 either?
orignal you said PeerTest block should alway contain original Alice's
orignal because it's signed
zzz ok
zzz so address block in 7 only?
orignal no, also in 6
zzz ok, 6 and 7, but not 5. agreed.
orignal because Chrarlie is also instersted to know his own IP
orignal great
zzz will update the specs
zzz also need to fix my ssu 2 code
orignal I'm implementing PeerTest message that's why I'm asking
zzz yup
zzz does this sound right for the spec?
zzz * When sent by Charlie to Alice, the IP and port are as follows:
zzz First time (message 5): The requested IP and port as received in message 2.
zzz Second time (message 7): The actual IP and port message 6 was received from.
zzz ^^^ the SSU 1 spec
orignal yes
zzz I keep getting inbound SSU 1 connections from GG1SbAGFxD8riu9jow-WdSHHw6fvTp~oAYUYDRM4DTk= and the signature always fails
zzz can't lookup the RI either so I assume it can't sign it's RI either
orignal I think so too
zzz probably should ban the IP. can't ban the hash, it could be faked
orignal why do you care?
orignal does it consume too much CPU?
zzz he is persistent. just thinking about ways to make the network better
dr|z3d if the router's bad, blacklist the ip and the hash.
zzz like I said, can't do hash, it could be faked
zzz whups
zzz 0) Hi
zzz hi
eyedeekay Meeting today?
eyedeekay hi
orignal hi
zlatinb hi
zzz was staring at logs
zzz what's on today's list?
eyedeekay I've got another go-i2p weekly update
orignal I think your relay status and my peer test status
zzz ok go-i2p is 1); relay and peer test is 2)
zzz anything else ?
orignal no
orignal I was not involved in anuthing else
zzz 1) go-i2p status
eyedeekay Top billing lol, copypasta incoming
eyedeekay Last week I hit a few snags in using the refactored common library, which was to be expected
eyedeekay but it sort of proved that the motivation for the refactor was sound, because the issues while somewhat numerous were also more understandable and easier to address
eyedeekay A few things did get a little wierd, now the structures themselves need to keep track of the errors encountered when parsing them
eyedeekay Whether that behavior remains consistent or becomes unnecessary as I start fitting the rest of the router together remains to be seen, there are some places in the code where the same slice of bytes used to be "validated" multiple times even though it has never changed
eyedeekay That same validation function now just checks for errors encountered the first time the structure was created, and I'm pretty sure it's now also obsolete, but I'll have to go through every usage to be sure
eyedeekay Hypothetically that sounds like it might be an efficiency gain in the long run, but it barely counts since it's not a real router yet
eyedeekay Just an example of some of the ups-and-downs of turning this into a usable router in practice, it's starting to get more fun and less like banging my head against a wall, which I always knew it eventually would
eyedeekay Also spent some time on the crypto, which is turning out to be less of a refactor and more of a just doing it
eyedeekay As you might know go-i2p was an incomplete 0.9.12~ish router when I picked it up, so everything is actually using the oldest of the old crypto, but there is partial implementation of some of the new crypto
eyedeekay The good news is that Go has pretty good support for modern cryptographic primitives as part of it's standard library, so what I have to do, basically, is just make the parts that aren't "standard"
eyedeekay There's also enough already there that it might be usable soon, if so I may move on to something else before I just power through all of them ahead of time
eyedeekay What's also a little confusing is where I might go next, though, I'm wondering "what do I have enough to *do* right now or in the near future"
eyedeekay If I don't answer that then I'm going to run out of things I know how to write tests for and get stuck again
eyedeekay I feel like the obvious thing I can do is reseed and populate a netDB which is why I am interested in using go-i2p libraries in reseed-tools
eyedeekay But following that logic my next leap is "build an exploratory tunnel" and there are definitely steps I need to complete before I can actually "do" that and I think those steps might put me into the weeds with implementing TBM's and updating I2NP at the same time while also not having a working transport
eyedeekay It has only stubs of transports which I've been reluctant to do before the refactor is done, now that I don't have that excuse anymore I'm thinking that maybe I should dive into NTCP2 next, and decide which crypto I focus on based on the needs of NTCP2, which sounds more like doing something
eyedeekay In summary, I have been 1) Shoring up a few in-practice issues in the common lib, 2) figuring out what crypto I need that I don't have and how to implement it and 3) deciding where I go next
eyedeekay EOT
zzz zowie, lets's pause 3 minutes to read
orignal so what do you have so far?
orignal a transport? crypto? netdb?
orignal IPNP messages?
orignal how about tunnels?
eyedeekay I have crypto and part of a netDB, an incomplete I2NP implementation an incomplete TBM/VTBM implementation and I think that is it
orignal how about garlic for ratchets?
orignal what crypto do you support so far?
eyedeekay I have ecdsa and ed25519 so far of the modern crypto
orignal what about encryption?
orignal zzz, btw I think time to talk about tunnels encryption
eyedeekay Just a sec, lost my window
orignal chhcha20 instead AES
orignal because people are asking
zzz eyedeekay, based on the status I think you might be looking for advice? you have a couple of short questions for us?
orignal thinking that AES-CBC is ugly and obsolete
zzz ok tunnel encryption is topic 3), stand by
eyedeekay AES and RSA are still incomplete in go-i2p but I'm going to do them next
orignal RSA? no it's not used in i2p
orignal excepting for reseeds
orignal how about chacha20 and AEAD?
eyedeekay There is no implementation of them in go-i2p yet
eyedeekay I know i'll need them for transports though which
orignal then you need to obtain them somehow
orignal because even NTCP2 uses them
eyedeekay Yeah that's what I'm working on soon
orignal basically chacha20 is used everywhere
zzz eyedeekay, are you asking for advice on what to do next?
eyedeekay I'm doing the "low-level crypto specification" at the moment but it's a big update
orignal even for STBM
orignal I recoomend to start with STBM then VTBM
eyedeekay Yes, basically, should I do tunnel build message or should I try and do a transport
orignal VTBM is rarely used now
orignal up to you
eyedeekay orignal says VTBM and STBM, which was one of my possibles
orignal STBM is more important now
orignal and you do need chacha20 for it
zzz eyedeekay, I suggest NTCP2, because you can't test anything until you have a transport. And NTCP2 is *much* easier than SSU2, and SSU 1 is going away so don't bother
eyedeekay Then I'll try and do that after I get the crypto primitives
orignal also once you implement NTCP2 you will have all crytto needed for other protocols
zzz once you have a transport, bug hunting is much easier
eyedeekay NTCP2, that is, since tunnel build messages don't look hard
zzz unless you love love love writing unit tests all day, but even then you can't be sure you got the tests right
orignal tunnel build message is harderst part I would sat
orignal because it's real garlic encryption
eyedeekay Yeah that's what I'm trying to not do for at least part of my day now
zzz ratchet is even harder
eyedeekay NTCP2 it is then
orignal ofc ratchets is harderset part but it's another level
zzz you don't really need to build tunnels to be a router
orignal eyedeekay if you want you can take psi's chacha20 implemntation but it's slow
orignal github.com/PurpleI2P/i2pd/blob/openssl/libi2pd/ChaCha20.cpp
zzz I'm sure there's a thousand chacha impls out there. eyedeekay just be sure to keep track of licensing for anything you take
eyedeekay Might try but I'm trying to do it in pure-Go so I can take advantage of the cross compiler
orignal this one decribes the logic
zzz orignal, you know anybody that might want to help?
orignal can be easily rewtitten to go
orignal a go developer?
zzz yes
orignal no
eyedeekay I'll have a look at it then, always worth reading
zlatinb psi himself if he's still into it
orignal he is into his lokinet only
zzz ok, once you have a transport things will be much more fun
zzz anything else on 1) ?
eyedeekay Nothing else here
orignal kovrik was over on that stage ))
orignal no
zzz 2) relay and peer test status
zzz I'll let you go first orignal
orignal so Alice sends initial peer test, Bob is able to process it and send "no chrlie" response back
orignal I run SSU2 peer test together with SSU test now
orignal so you should see incoming SSU2 sessions from time to time
zzz I haven't looked in the logs for peer test in a couple days, I'll do that and report back later
orignal will finish Bob and Cgharlie part in few day and start publishing code
zzz ok
zzz for me on relay, I've been working on Bob and Charlie sides. I am publishing SSU2 introducers sometimes. Actually publishing duplicates, need to fix that
zzz I don't think I've received a relay intro yet. Need to check the logs and report back
orignal how do you publish them?
orignal e.g. how do we differentiate SSU1 and SSU2 introducers
zzz according to the spec? what do you mean?
orignal no in your SSU address
orignal I hope you don't share them
orignal e.g. ih and ihost in the same introducer
zzz here's an example
zzz [caps] = [B6]
zzz [i] = [GrQCg6lOyqL9xrjJBY-1sob~jifxg-fFhdp-~HDLJo4=]
zzz [iexp0] = [1654536925]
zzz [iexp1] = [1654536925]
zzz [iexp2] = [1654538776]
zzz [ih2] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz [ihost0] = [2001:41d0:401:3100:0:0:0:3d0e]
zzz [ihost1] = [51.255.171.145]
zzz [ikey0] = [PHgAFJrpQlx7TTfEfz4UbgFHcj~F7moX38ha7ufeSmM=]
zzz [ikey1] = [b6oql~pLDBmhfyD20NNUK3Ct3fwlfQaUkMpQP-sG~lU=]
zzz [iport0] = [28761]
zzz [iport1] = [28761]
zzz [itag0] = [562393646]
zzz [itag1] = [562393646]
zzz [itag2] = [3696570889]
zzz [key] = [gE9Cz8ygNv20J6Ml8LHmQj54Q8fABtTLXZaSVyE1STk=]
zzz [s] = [O7EzKQpOIQffYq5jX4ZmeyYXncw2Zou3ad60Kgx1cD4=]
zzz [v] = [2]]
zzz does that look right?
orignal so 2 is SSU2
orignal yes
orignal no mixed instridcers
orignal that's what I mean
zzz yes I'm putting the SSU2 ones last so I don't confuse old routers
zzz good
orignal I mean I don't see ihost0 and ih0
orignal together
zzz correct
orignal fine
orignal will check my code to make sure I read them right
zzz have some test code in there to prefer ssu2 to publish, that's helping get thigns tested
zzz here's an all-ssu2 example (with a duplicate bug)
zzz [caps] = [B6]
zzz [i] = [GrQCg6lOyqL9xrjJBY-1sob~jifxg-fFhdp-~HDLJo4=]
zzz [iexp0] = [1654540525]
zzz [iexp1] = [1654538776]
zzz [iexp2] = [1654540525]
zzz [ih0] = [nYlJtl83P131x6760bTAm2wKN7s6XYi9HbyYO4OllX0=]
zzz [ih1] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz [ih2] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz [itag0] = [1383980634]
zzz [itag1] = [3696570889]
zzz [itag2] = [3696570889]
zzz need to fix that
zzz baby steps
zzz anything else on 2) ?
orignal no
zzz 3) tunnel encryption
orignal people say that AES-CBC is obsolete crap
zzz are the people right?
orignal and since we have that field we can switch to chacha20
orignal idk
zzz well, that's the first thing to answer :)
orignal but AES is really obsolete now
zzz you're talking "layer encryption", right?
orignal yes
zzz just looking at the old proposals
orignal the problem was how we encrypt nonce
orignal if we want to keep double encryption
zzz prop. 157 new tbm says that changing layer encryption was a non-goal
zzz and it points to chisana's proposal 153
orignal we agreed to come back to it later
orignal when worked on STBM
zzz yup
orignal just reserved a field for it
orignal my problem is low class devices
orignal without AESNI
orignal chacha20 is much faster there
zzz well, if SSU2 doesn't kill me, it can be on the list to look at
zzz AES is so fast though, even without NI
orignal remeber after switching to SSU2, tunnel encryption will remain only place with AES
zzz PQC also might be on the list
orignal it's faster but chacha20 is much faster
orignal we don't have PQC anywhere
zzz not sure the speed of any symmetric crypto really matters
orignal while chacha20 is everywhere
orignal it matters because it's called a lot
zzz you have any estimate of what % of CPU is AES (non NI) ?
orignal I did
orignal but I need to run test on arm
orignal becasue chacha20 on Intel uses SSE
zzz well then if you want to look into it, we have the todo list:
zzz 1) is AES crap or not? 2) speed test data; 3) reread prop. 153
orignal 1. not crap ofc
orignal just not the best symmetric crypto
zzz *obsolete crap ))
orignal also from practice
zzz FYI I've started a PQC thread on my forum; eyedeekay is helping out
orignal NTCP2 is much faster and consumes less CPU than SSU1
eyedeekay Doing the best I can, mostly way over my head still
orignal I saw it
zzz over my head too, I'm faking it
zzz anyway, if the worst crypto we use is AES, we're in pretty good shape
orignal that's true
orignal after switch to SSU2
zzz yup
orignal ofc the worst is DH now
zzz let's keep helping people enable SSU2 for testing, because we don't really have enough for good relay and peer test testing
orignal I'm jus looking forward
orignal NTCP2 was really great performance improvement
zzz sure, good to have a list of what's next
orignal you will have more peer tests soon
zzz ok, I'll report when I see things, good or bad
zzz anything else on 3) ?
orignal no
zzz anything else for the meeting?
orignal zlatinb what are you plans?
orignal regarding I2P
zlatinb well, need to find someone to maintain muwire ideally
orignal when?
zlatinb but there's time, 1-2 years at least
orignal good to know
zzz in two years please find a replacement for me too
orignal why?
orignal also want to become monk?
zzz getting old
orignal and?
orignal not so old, dude
zzz lol we'll see
zzz anything else for the meeting?
orignal no
zzz ok thanks everybody
eyedeekay Thanks zzz
zzz eyedeekay, re: crypto, I'd add support as needed for whatever subsystem. I wouldn't just run down the checklist and do it all
zzz like if you skipped ECDSA and DSA it wouldn't really matter
orignal ECDSA matters
orignal it's used a lot
orignal especially P256
orignal also mind yubikeys
orignal they offer ECDSA only
eyedeekay Well ecdsa was the most-done of what I inherited so I'll probably need to work on it a little, but otherwise I'll implement what I need as I need it
eyedeekay And DSA was done, at least to the extent that it needed to be done to be used in what existed
orignal DSA is deprecated and should be removed completely
orignal asso ECDSA is used for families
orignal only P256 if I remember
zzz true
zzz but in general pick the latest flavor of everything, you can always go back and add older flavors later
eyedeekay Can do
orignal I don't remeber if you support 25519 for families
zzz I can verify them but it's a little shaky to generate them
zzz my test router is 25519 family
zzz eyedeekay, can you generate a router ident and generate and sign a RI?
orignal I support p256 only
orignal where is your cert?
orignal need to check
orignal maybe I should add 25519
eyedeekay I haven't signed a routerinfo yet but I can generate them
zzz i2p-dev-eddsa is the family
zzz a routerinfo is signed so that's part of the generation, technically speaking
orignal will check
zzz you'll need that for NTCP2
orignal NTCP2 itself doesn't verify signatures btw
orignal he deosn't need to for NTCP2
orignal only when we receive RouterInfo
eyedeekay I might be able to sign them, I don't have a unit test for it yet but I'll know once I write it
zzz you have to check the sig in the RI that's in the handshake in message 3
orignal you should
orignal but you don't have to sign anything
zzz you really really should :)
orignal well you must send you RI
zzz if you're alice you have to sign the RI before you send it
orignal or I can read my signed RI for a file
zzz eyedeekay, have you read the noise spec yet?
orignal I mean signning is not part of NTCP2 or SSU2 protocol
zzz orignal, you're right, strictly speaking
orignal I wouldn't recoomend to read whole Noise
orignal worthless
orignal you only need to know about ck and h
orignal ck is for encryption
orignal h is for verification
orignal and must be updated after every operation
zzz well, it's not worthless at all, but it is difficult
orignal initialized by some initial value
eyedeekay I have read the noise spec, also been studying a Go implementation of Noise which I will probably be basing mine on
orignal but you don't need to understand Noise to start using in I2P
orignal we need only small part of it
zzz it's not essential but if you're the kind of person who wants to understand things top-down, you'll need it
zzz if you just want to implement, you can skip it, sure
zzz XK vs IK vs N is helpful
orignal I'm suggesting parctical approach
orignal what you really need to make things working
eyedeekay I have to do both. I get stuck on equations and proofs and formulas and specifications if I don't have someplace to get my hands dirty, but if I don't read the details I don't really understand things.
zzz eyedeekay, one thing to know about our NTCP2 spec - it was our first noise protocol - it's written at a lower level than the later protocols, where we defined more intermediate primitives like mixhash()
orignal you don't need equitions and formulas
orignal unless you want to implemnt something own
orignal like I did own EdDSA
zzz yeah but he's the one going to conferences, helps to know enough to explain things to others or give a talk
orignal рф рф
orignal ha ha
orignal I just remebered another funny thing
orignal RedDSA
zzz just know it took us months to really understand it. str4d kinda rammed it down our throats and it took me quite a while to catch up
orignal eyedeekay does golang support reddsa?
orignal I doubt
orignal and RedDSA is used for encrypted leasesets
orignal that are used more and more
zzz not unless str4d did it for zcash
orignal zcash uses rust not go
zzz true
zzz orignal, here's my cert: stats.i2p/docs/i2p-dev-eddsa.crt
orignal thanks
orignal will try when have time
orignal to extract public key from it
zzz sure, only one member of family, so doesn't matter
orignal if I remeber golang has curve25519 package
zzz did it years ago
orignal but for reddsa it will require own implemnetation of signing schema
eyedeekay Also describing this learning process is significant in and of itself at least to me.
eyedeekay I have not experienced clear delineations between engineering disciplines, just self-taught, so part of this project for me is figuring out the way for disgruntled 30something ex-psychology majors to put the pieces together and do something useful with their lives
eyedeekay Yes to curve25519, no to RedDSA but I can at least read str4d's rust implementation and imitate it
orignal RedDSA is complicated even with curve
orignal need to take care about some modules, etc.
zzz yeah it's a little messy, I'm still not sure str4d knew what he was doing
orignal it's clear for me how it works
orignal just needs to be careful
eyedeekay zlatinb I stickied your seeking maintainer announcement on reddit, hopefully that keeps the attention on it for a while
zlatinb thanks eyedeekay
eyedeekay no problem
zlatinb speaking of reddit, do you want to mention MoneroKon?
eyedeekay Oh right yeah I'll do that
zlatinb can crosspost in r/monero too
eyedeekay Will do
zzz zlatinb, confirming I am adding the deadlock detector to routerconsole.jar, using three java.lang.management classes
zlatinb ok
zlatinb doesn't impact the mac bundle, but it may the windows one
zlatinb idk whether that's jlinked or just includes everything
zzz ^^ eyedeekay
zzz those classes are just interfaces and factories, beats me where the implementation is
zlatinb somewhere under com.sun probably
zlatinb but it should be in the module
eyedeekay Windows one just bundles everything
zzz zlatinb, fyi the module is java.management
zzz *javax.management
zzz *java.management
zlatinb long ago I added a deadlock detector to LimeWire. Formatting the stack traces was a mess but it was still useful to have it
zzz yeah the one in a million things should get easier to find
zzz pretty easy with what's in the jvm now
zlatinb eyedeekay: ok to crosspost your post in r/monero ?
zlatinb too late :)
eyedeekay Thanks
zzz eyedeekay, zlatinb, re: reddit is 1000 dests practical? the answer is no. done and done.
zzz your answers focused on the network effects but the local router would croak too
zzz java router limits to 100