eyedeekay
In case anybody wanted to mess around with P2P-videochat-over-I2P:
eyedeekay
git clone github.com/eyedeekay/rtchat ~/go/src/github.com/YuukanOO/rtcchat
eyedeekay
cd ~/go/src/github.com/YuukanOO/rtcchat
eyedeekay
go run cmd/server/main.go -debug -i2p
eyedeekay
It will generate 2 SAM listeners, one for HTTP and one for TURN, as well as a self-signed cert.pem and keys.pem
eyedeekay
The base32 of the HTTP listener will be in rtcchat.i2p.public.txt, visit that page in a browser and accept the self-signed cert
eyedeekay
You end up in a Jitsi/Whereby/Zoom-ish videochat
eyedeekay
Won't work in TBB, will work in Firefox and Brave when configured to enforce WebRTC proxy obedience
eyedeekay
With just 2 participants it's... OK. Might disable video by default to see if that makes it much better
orignal
what do we put into address block of PeerTest message for mag 5?
orignal
It's required for any PeerTest messgae
orignal
it makes sense for 6 but not for 5
zzz
orignal, I send the exact same thing in msg 3 and msg 5
orignal
no, I mean Address Block explictly
orignal
there is no AddressBlock in mag 3 because it's Data
orignal
only in 5,6,7
zzz
oh sorry
zzz
actually it makes sense for 5 and 7 but not 6
zzz
it's the ip/port you are sending to
zzz
but probably not necessary in 5 or 7 anyway, because it's in the peer test block
orignal
why do it make sense for 5?
orignal
you don't know actual Alice's IP by that moment
orignal
it makes sense only for 6 or maybe 7
orignal
Chralie sends 5 to Alice
orignal
Alice recognizes Cralie's actual address and sends back in 6
orignal
for 7 it might make sense to let Alice know how Chralie sees her address
orignal
to recognize symmetric NAT etc
zzz
so in msg 5 you send the requested ip, but in msg 7 you send the ip received in msg 6?
zzz
I need to look at how SSU 1 works
orignal
but why should I send Alice's IP back in msg5? it doesn't contain any new information
orignal
while in 7 Charlie knows actual Alicer's IP, e.g. where 6 came from
zzz
yeah you are right
zzz
looking at my ssu 1 code...
zzz
ok, here we go
orignal
yes?
zzz
in current SSU 1 code, we send message 7 to wherever message 6 came from. The IP/port we put in message 7 is the ip/port we got message 6 from.
zzz
so this could be different then where we sent message 5, or what we put in message 5.
zzz
I don't believe this is documented in either SSU 1 or 2 specs
zzz
but I think this matches what you're proposing for SSU 2
orignal
I think AddressBlock shouldn't be required for 5
orignal
the difference is
zzz
what do you do in SSU 1 for message 7?
orignal
you send Alice address anyway in Peer Test block
orignal
sec
orignal
LogPrint (eLogDebug, "SSU: Peer test from Alice. We are Charlie");
orignal
SendPeerTest (nonce, senderEndpoint.address (), senderEndpoint.port (), introKey); // to Alice with her actual address
orignal
message 7
zzz
ok, so we both do the same thing for message 7 in SSU 1, correct?
orignal
yes
zzz
ok. So I'm going to document that better in the SSU 1 specs
zzz
and it seems we should do the same thing in SSU 2
orignal
and I send Alice's adress in msg 5 in SSU1
orignal
no, my point is different
zzz
so I don't think we need Address Block at all in 5/6/7 for SSU 2. Just put the address in the Peer Test block
orignal
why should we send Alice's address twice in msg 5?
zzz
agreed, let's get rid of it completely
orignal
huh? I'm confused
zzz
do we need address block in 6 or 7 either?
orignal
you said PeerTest block should alway contain original Alice's
orignal
because it's signed
zzz
ok
zzz
so address block in 7 only?
orignal
no, also in 6
zzz
ok, 6 and 7, but not 5. agreed.
orignal
because Chrarlie is also instersted to know his own IP
orignal
great
zzz
will update the specs
zzz
also need to fix my ssu 2 code
orignal
I'm implementing PeerTest message that's why I'm asking
zzz
yup
zzz
does this sound right for the spec?
zzz
* When sent by Charlie to Alice, the IP and port are as follows:
zzz
First time (message 5): The requested IP and port as received in message 2.
zzz
Second time (message 7): The actual IP and port message 6 was received from.
zzz
^^^ the SSU 1 spec
orignal
yes
zzz
I keep getting inbound SSU 1 connections from GG1SbAGFxD8riu9jow-WdSHHw6fvTp~oAYUYDRM4DTk= and the signature always fails
zzz
can't lookup the RI either so I assume it can't sign it's RI either
orignal
I think so too
zzz
probably should ban the IP. can't ban the hash, it could be faked
orignal
why do you care?
orignal
does it consume too much CPU?
zzz
he is persistent. just thinking about ways to make the network better
dr|z3d
if the router's bad, blacklist the ip and the hash.
zzz
like I said, can't do hash, it could be faked
zzz
whups
zzz
0) Hi
zzz
hi
eyedeekay
Meeting today?
eyedeekay
hi
orignal
hi
zlatinb
hi
zzz
was staring at logs
zzz
what's on today's list?
eyedeekay
I've got another go-i2p weekly update
orignal
I think your relay status and my peer test status
zzz
ok go-i2p is 1); relay and peer test is 2)
zzz
anything else ?
orignal
no
orignal
I was not involved in anuthing else
zzz
1) go-i2p status
eyedeekay
Top billing lol, copypasta incoming
eyedeekay
Last week I hit a few snags in using the refactored common library, which was to be expected
eyedeekay
but it sort of proved that the motivation for the refactor was sound, because the issues while somewhat numerous were also more understandable and easier to address
eyedeekay
A few things did get a little wierd, now the structures themselves need to keep track of the errors encountered when parsing them
eyedeekay
Whether that behavior remains consistent or becomes unnecessary as I start fitting the rest of the router together remains to be seen, there are some places in the code where the same slice of bytes used to be "validated" multiple times even though it has never changed
eyedeekay
That same validation function now just checks for errors encountered the first time the structure was created, and I'm pretty sure it's now also obsolete, but I'll have to go through every usage to be sure
eyedeekay
Hypothetically that sounds like it might be an efficiency gain in the long run, but it barely counts since it's not a real router yet
eyedeekay
Just an example of some of the ups-and-downs of turning this into a usable router in practice, it's starting to get more fun and less like banging my head against a wall, which I always knew it eventually would
eyedeekay
Also spent some time on the crypto, which is turning out to be less of a refactor and more of a just doing it
eyedeekay
As you might know go-i2p was an incomplete 0.9.12~ish router when I picked it up, so everything is actually using the oldest of the old crypto, but there is partial implementation of some of the new crypto
eyedeekay
The good news is that Go has pretty good support for modern cryptographic primitives as part of it's standard library, so what I have to do, basically, is just make the parts that aren't "standard"
eyedeekay
There's also enough already there that it might be usable soon, if so I may move on to something else before I just power through all of them ahead of time
eyedeekay
What's also a little confusing is where I might go next, though, I'm wondering "what do I have enough to *do* right now or in the near future"
eyedeekay
If I don't answer that then I'm going to run out of things I know how to write tests for and get stuck again
eyedeekay
I feel like the obvious thing I can do is reseed and populate a netDB which is why I am interested in using go-i2p libraries in reseed-tools
eyedeekay
But following that logic my next leap is "build an exploratory tunnel" and there are definitely steps I need to complete before I can actually "do" that and I think those steps might put me into the weeds with implementing TBM's and updating I2NP at the same time while also not having a working transport
eyedeekay
It has only stubs of transports which I've been reluctant to do before the refactor is done, now that I don't have that excuse anymore I'm thinking that maybe I should dive into NTCP2 next, and decide which crypto I focus on based on the needs of NTCP2, which sounds more like doing something
eyedeekay
In summary, I have been 1) Shoring up a few in-practice issues in the common lib, 2) figuring out what crypto I need that I don't have and how to implement it and 3) deciding where I go next
eyedeekay
EOT
zzz
zowie, lets's pause 3 minutes to read
orignal
so what do you have so far?
orignal
a transport? crypto? netdb?
orignal
IPNP messages?
orignal
how about tunnels?
eyedeekay
I have crypto and part of a netDB, an incomplete I2NP implementation an incomplete TBM/VTBM implementation and I think that is it
orignal
how about garlic for ratchets?
orignal
what crypto do you support so far?
eyedeekay
I have ecdsa and ed25519 so far of the modern crypto
orignal
what about encryption?
orignal
zzz, btw I think time to talk about tunnels encryption
eyedeekay
Just a sec, lost my window
orignal
chhcha20 instead AES
orignal
because people are asking
zzz
eyedeekay, based on the status I think you might be looking for advice? you have a couple of short questions for us?
orignal
thinking that AES-CBC is ugly and obsolete
zzz
ok tunnel encryption is topic 3), stand by
eyedeekay
AES and RSA are still incomplete in go-i2p but I'm going to do them next
orignal
RSA? no it's not used in i2p
orignal
excepting for reseeds
orignal
how about chacha20 and AEAD?
eyedeekay
There is no implementation of them in go-i2p yet
eyedeekay
I know i'll need them for transports though which
orignal
then you need to obtain them somehow
orignal
because even NTCP2 uses them
eyedeekay
Yeah that's what I'm working on soon
orignal
basically chacha20 is used everywhere
zzz
eyedeekay, are you asking for advice on what to do next?
eyedeekay
I'm doing the "low-level crypto specification" at the moment but it's a big update
orignal
even for STBM
orignal
I recoomend to start with STBM then VTBM
eyedeekay
Yes, basically, should I do tunnel build message or should I try and do a transport
orignal
VTBM is rarely used now
orignal
up to you
eyedeekay
orignal says VTBM and STBM, which was one of my possibles
orignal
STBM is more important now
orignal
and you do need chacha20 for it
zzz
eyedeekay, I suggest NTCP2, because you can't test anything until you have a transport. And NTCP2 is *much* easier than SSU2, and SSU 1 is going away so don't bother
eyedeekay
Then I'll try and do that after I get the crypto primitives
orignal
also once you implement NTCP2 you will have all crytto needed for other protocols
zzz
once you have a transport, bug hunting is much easier
eyedeekay
NTCP2, that is, since tunnel build messages don't look hard
zzz
unless you love love love writing unit tests all day, but even then you can't be sure you got the tests right
orignal
tunnel build message is harderst part I would sat
orignal
because it's real garlic encryption
eyedeekay
Yeah that's what I'm trying to not do for at least part of my day now
zzz
ratchet is even harder
eyedeekay
NTCP2 it is then
orignal
ofc ratchets is harderset part but it's another level
zzz
you don't really need to build tunnels to be a router
orignal
eyedeekay if you want you can take psi's chacha20 implemntation but it's slow
zzz
I'm sure there's a thousand chacha impls out there. eyedeekay just be sure to keep track of licensing for anything you take
eyedeekay
Might try but I'm trying to do it in pure-Go so I can take advantage of the cross compiler
orignal
this one decribes the logic
zzz
orignal, you know anybody that might want to help?
orignal
can be easily rewtitten to go
orignal
a go developer?
zzz
yes
orignal
no
eyedeekay
I'll have a look at it then, always worth reading
zlatinb
psi himself if he's still into it
orignal
he is into his lokinet only
zzz
ok, once you have a transport things will be much more fun
zzz
anything else on 1) ?
eyedeekay
Nothing else here
orignal
kovrik was over on that stage ))
orignal
no
zzz
2) relay and peer test status
zzz
I'll let you go first orignal
orignal
so Alice sends initial peer test, Bob is able to process it and send "no chrlie" response back
orignal
I run SSU2 peer test together with SSU test now
orignal
so you should see incoming SSU2 sessions from time to time
zzz
I haven't looked in the logs for peer test in a couple days, I'll do that and report back later
orignal
will finish Bob and Cgharlie part in few day and start publishing code
zzz
ok
zzz
for me on relay, I've been working on Bob and Charlie sides. I am publishing SSU2 introducers sometimes. Actually publishing duplicates, need to fix that
zzz
I don't think I've received a relay intro yet. Need to check the logs and report back
orignal
how do you publish them?
orignal
e.g. how do we differentiate SSU1 and SSU2 introducers
zzz
according to the spec? what do you mean?
orignal
no in your SSU address
orignal
I hope you don't share them
orignal
e.g. ih and ihost in the same introducer
zzz
here's an example
zzz
[caps] = [B6]
zzz
[i] = [GrQCg6lOyqL9xrjJBY-1sob~jifxg-fFhdp-~HDLJo4=]
zzz
[iexp0] = [1654536925]
zzz
[iexp1] = [1654536925]
zzz
[iexp2] = [1654538776]
zzz
[ih2] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz
[ihost0] = [2001:41d0:401:3100:0:0:0:3d0e]
zzz
[ihost1] = [51.255.171.145]
zzz
[ikey0] = [PHgAFJrpQlx7TTfEfz4UbgFHcj~F7moX38ha7ufeSmM=]
zzz
[ikey1] = [b6oql~pLDBmhfyD20NNUK3Ct3fwlfQaUkMpQP-sG~lU=]
zzz
[iport0] = [28761]
zzz
[iport1] = [28761]
zzz
[itag0] = [562393646]
zzz
[itag1] = [562393646]
zzz
[itag2] = [3696570889]
zzz
[key] = [gE9Cz8ygNv20J6Ml8LHmQj54Q8fABtTLXZaSVyE1STk=]
zzz
[s] = [O7EzKQpOIQffYq5jX4ZmeyYXncw2Zou3ad60Kgx1cD4=]
zzz
[v] = [2]]
zzz
does that look right?
orignal
so 2 is SSU2
orignal
yes
orignal
no mixed instridcers
orignal
that's what I mean
zzz
yes I'm putting the SSU2 ones last so I don't confuse old routers
zzz
good
orignal
I mean I don't see ihost0 and ih0
orignal
together
zzz
correct
orignal
fine
orignal
will check my code to make sure I read them right
zzz
have some test code in there to prefer ssu2 to publish, that's helping get thigns tested
zzz
here's an all-ssu2 example (with a duplicate bug)
zzz
[caps] = [B6]
zzz
[i] = [GrQCg6lOyqL9xrjJBY-1sob~jifxg-fFhdp-~HDLJo4=]
zzz
[iexp0] = [1654540525]
zzz
[iexp1] = [1654538776]
zzz
[iexp2] = [1654540525]
zzz
[ih0] = [nYlJtl83P131x6760bTAm2wKN7s6XYi9HbyYO4OllX0=]
zzz
[ih1] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz
[ih2] = [2RRYXk4DLmwmsCwDaFcN1u88XPStZiIAi3eNGFMGyJI=]
zzz
[itag0] = [1383980634]
zzz
[itag1] = [3696570889]
zzz
[itag2] = [3696570889]
zzz
need to fix that
zzz
baby steps
zzz
anything else on 2) ?
orignal
no
zzz
3) tunnel encryption
orignal
people say that AES-CBC is obsolete crap
zzz
are the people right?
orignal
and since we have that field we can switch to chacha20
orignal
idk
zzz
well, that's the first thing to answer :)
orignal
but AES is really obsolete now
zzz
you're talking "layer encryption", right?
orignal
yes
zzz
just looking at the old proposals
orignal
the problem was how we encrypt nonce
orignal
if we want to keep double encryption
zzz
prop. 157 new tbm says that changing layer encryption was a non-goal
zzz
and it points to chisana's proposal 153
orignal
we agreed to come back to it later
orignal
when worked on STBM
zzz
yup
orignal
just reserved a field for it
orignal
my problem is low class devices
orignal
without AESNI
orignal
chacha20 is much faster there
zzz
well, if SSU2 doesn't kill me, it can be on the list to look at
zzz
AES is so fast though, even without NI
orignal
remeber after switching to SSU2, tunnel encryption will remain only place with AES
zzz
PQC also might be on the list
orignal
it's faster but chacha20 is much faster
orignal
we don't have PQC anywhere
zzz
not sure the speed of any symmetric crypto really matters
orignal
while chacha20 is everywhere
orignal
it matters because it's called a lot
zzz
you have any estimate of what % of CPU is AES (non NI) ?
orignal
I did
orignal
but I need to run test on arm
orignal
becasue chacha20 on Intel uses SSE
zzz
well then if you want to look into it, we have the todo list:
zzz
1) is AES crap or not? 2) speed test data; 3) reread prop. 153
orignal
1. not crap ofc
orignal
just not the best symmetric crypto
zzz
*obsolete crap ))
orignal
also from practice
zzz
FYI I've started a PQC thread on my forum; eyedeekay is helping out
orignal
NTCP2 is much faster and consumes less CPU than SSU1
eyedeekay
Doing the best I can, mostly way over my head still
orignal
I saw it
zzz
over my head too, I'm faking it
zzz
anyway, if the worst crypto we use is AES, we're in pretty good shape
orignal
that's true
orignal
after switch to SSU2
zzz
yup
orignal
ofc the worst is DH now
zzz
let's keep helping people enable SSU2 for testing, because we don't really have enough for good relay and peer test testing
orignal
I'm jus looking forward
orignal
NTCP2 was really great performance improvement
zzz
sure, good to have a list of what's next
orignal
you will have more peer tests soon
zzz
ok, I'll report when I see things, good or bad
zzz
anything else on 3) ?
orignal
no
zzz
anything else for the meeting?
orignal
zlatinb what are you plans?
orignal
regarding I2P
zlatinb
well, need to find someone to maintain muwire ideally
orignal
when?
zlatinb
but there's time, 1-2 years at least
orignal
good to know
zzz
in two years please find a replacement for me too
orignal
why?
orignal
also want to become monk?
zzz
getting old
orignal
and?
orignal
not so old, dude
zzz
lol we'll see
zzz
anything else for the meeting?
orignal
no
zzz
ok thanks everybody
eyedeekay
Thanks zzz
zzz
eyedeekay, re: crypto, I'd add support as needed for whatever subsystem. I wouldn't just run down the checklist and do it all
zzz
like if you skipped ECDSA and DSA it wouldn't really matter
orignal
ECDSA matters
orignal
it's used a lot
orignal
especially P256
orignal
also mind yubikeys
orignal
they offer ECDSA only
eyedeekay
Well ecdsa was the most-done of what I inherited so I'll probably need to work on it a little, but otherwise I'll implement what I need as I need it
eyedeekay
And DSA was done, at least to the extent that it needed to be done to be used in what existed
orignal
DSA is deprecated and should be removed completely
orignal
asso ECDSA is used for families
orignal
only P256 if I remember
zzz
true
zzz
but in general pick the latest flavor of everything, you can always go back and add older flavors later
eyedeekay
Can do
orignal
I don't remeber if you support 25519 for families
zzz
I can verify them but it's a little shaky to generate them
zzz
my test router is 25519 family
zzz
eyedeekay, can you generate a router ident and generate and sign a RI?
orignal
I support p256 only
orignal
where is your cert?
orignal
need to check
orignal
maybe I should add 25519
eyedeekay
I haven't signed a routerinfo yet but I can generate them
zzz
i2p-dev-eddsa is the family
zzz
a routerinfo is signed so that's part of the generation, technically speaking
orignal
will check
zzz
you'll need that for NTCP2
orignal
NTCP2 itself doesn't verify signatures btw
orignal
he deosn't need to for NTCP2
orignal
only when we receive RouterInfo
eyedeekay
I might be able to sign them, I don't have a unit test for it yet but I'll know once I write it
zzz
you have to check the sig in the RI that's in the handshake in message 3
orignal
you should
orignal
but you don't have to sign anything
zzz
you really really should :)
orignal
well you must send you RI
zzz
if you're alice you have to sign the RI before you send it
orignal
or I can read my signed RI for a file
zzz
eyedeekay, have you read the noise spec yet?
orignal
I mean signning is not part of NTCP2 or SSU2 protocol
zzz
orignal, you're right, strictly speaking
orignal
I wouldn't recoomend to read whole Noise
orignal
worthless
orignal
you only need to know about ck and h
orignal
ck is for encryption
orignal
h is for verification
orignal
and must be updated after every operation
zzz
well, it's not worthless at all, but it is difficult
orignal
initialized by some initial value
eyedeekay
I have read the noise spec, also been studying a Go implementation of Noise which I will probably be basing mine on
orignal
but you don't need to understand Noise to start using in I2P
orignal
we need only small part of it
zzz
it's not essential but if you're the kind of person who wants to understand things top-down, you'll need it
zzz
if you just want to implement, you can skip it, sure
zzz
XK vs IK vs N is helpful
orignal
I'm suggesting parctical approach
orignal
what you really need to make things working
eyedeekay
I have to do both. I get stuck on equations and proofs and formulas and specifications if I don't have someplace to get my hands dirty, but if I don't read the details I don't really understand things.
zzz
eyedeekay, one thing to know about our NTCP2 spec - it was our first noise protocol - it's written at a lower level than the later protocols, where we defined more intermediate primitives like mixhash()
orignal
you don't need equitions and formulas
orignal
unless you want to implemnt something own
orignal
like I did own EdDSA
zzz
yeah but he's the one going to conferences, helps to know enough to explain things to others or give a talk
orignal
рф рф
orignal
ha ha
orignal
I just remebered another funny thing
orignal
RedDSA
zzz
just know it took us months to really understand it. str4d kinda rammed it down our throats and it took me quite a while to catch up
orignal
eyedeekay does golang support reddsa?
orignal
I doubt
orignal
and RedDSA is used for encrypted leasesets
orignal
that are used more and more
zzz
not unless str4d did it for zcash
orignal
zcash uses rust not go
zzz
true
zzz
orignal, here's my cert: stats.i2p/docs/i2p-dev-eddsa.crt
orignal
thanks
orignal
will try when have time
orignal
to extract public key from it
zzz
sure, only one member of family, so doesn't matter
orignal
if I remeber golang has curve25519 package
zzz
did it years ago
orignal
but for reddsa it will require own implemnetation of signing schema
eyedeekay
Also describing this learning process is significant in and of itself at least to me.
eyedeekay
I have not experienced clear delineations between engineering disciplines, just self-taught, so part of this project for me is figuring out the way for disgruntled 30something ex-psychology majors to put the pieces together and do something useful with their lives
eyedeekay
Yes to curve25519, no to RedDSA but I can at least read str4d's rust implementation and imitate it
orignal
RedDSA is complicated even with curve
orignal
need to take care about some modules, etc.
zzz
yeah it's a little messy, I'm still not sure str4d knew what he was doing
orignal
it's clear for me how it works
orignal
just needs to be careful
eyedeekay
zlatinb I stickied your seeking maintainer announcement on reddit, hopefully that keeps the attention on it for a while
zlatinb
thanks eyedeekay
eyedeekay
no problem
zlatinb
speaking of reddit, do you want to mention MoneroKon?
eyedeekay
Oh right yeah I'll do that
zlatinb
can crosspost in r/monero too
eyedeekay
Will do
zzz
zlatinb, confirming I am adding the deadlock detector to routerconsole.jar, using three java.lang.management classes
zlatinb
ok
zlatinb
doesn't impact the mac bundle, but it may the windows one
zlatinb
idk whether that's jlinked or just includes everything
zzz
^^ eyedeekay
zzz
those classes are just interfaces and factories, beats me where the implementation is
zlatinb
somewhere under com.sun probably
zlatinb
but it should be in the module
eyedeekay
Windows one just bundles everything
zzz
zlatinb, fyi the module is java.management
zzz
*javax.management
zzz
*java.management
zlatinb
long ago I added a deadlock detector to LimeWire. Formatting the stack traces was a mess but it was still useful to have it
zzz
yeah the one in a million things should get easier to find
zzz
pretty easy with what's in the jvm now
zlatinb
eyedeekay: ok to crosspost your post in r/monero ?
zlatinb
too late :)
eyedeekay
Thanks
zzz
eyedeekay, zlatinb, re: reddit is 1000 dests practical? the answer is no. done and done.
zzz
your answers focused on the network effects but the local router would croak too
zzz
java router limits to 100