diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/Hardening.txt | 2 | ||||
-rw-r--r-- | docs/Hardening_docs.txt | 25 | ||||
-rw-r--r-- | docs/Prevent_Tracking.txt | 42 | ||||
-rw-r--r-- | docs/TCP_Network.txt | 10 |
4 files changed, 44 insertions, 35 deletions
diff --git a/docs/Hardening.txt b/docs/Hardening.txt index d95b2cda..50ccfd53 100644 --- a/docs/Hardening.txt +++ b/docs/Hardening.txt | |||
@@ -21,7 +21,7 @@ The only people we really trust on the network are the nodes in our friends | |||
21 | list. | 21 | list. |
22 | 22 | ||
23 | 23 | ||
24 | The behavior of each Tox node is easily predictable this means that it possible | 24 | The behavior of each Tox node is easily predictable. This means that it possible |
25 | for Tox nodes to test the nodes that they are connected to to see if they | 25 | for Tox nodes to test the nodes that they are connected to to see if they |
26 | behave like normal Tox nodes and only send nodes that are confirmed to behave | 26 | behave like normal Tox nodes and only send nodes that are confirmed to behave |
27 | like real Tox nodes as part of send node replies when other nodes query them. | 27 | like real Tox nodes as part of send node replies when other nodes query them. |
diff --git a/docs/Hardening_docs.txt b/docs/Hardening_docs.txt index c5de6ade..53a61034 100644 --- a/docs/Hardening_docs.txt +++ b/docs/Hardening_docs.txt | |||
@@ -1,21 +1,30 @@ | |||
1 | Hardening request packets are sent as crypto request packets (see crypto docs.) | 1 | Hardening request packets are sent as crypto request packets (see crypto docs.) |
2 | NOTE: currently only get nodes requests are tested in the code which is why there is only one test (more will be added soon.) | 2 | NOTE: currently only get nodes requests are tested in the code which is why |
3 | there is only one test (more will be added soon.) | ||
3 | 4 | ||
4 | All hardening requests must contain exactly 768 bytes of data. (The data sent must be padded with zeros if it is smaller than that.) | 5 | All hardening requests must contain exactly 768 bytes of data. (The data sent |
6 | must be padded with zeros if it is smaller than that.) | ||
5 | 7 | ||
6 | 1. Get the information (IP_port, client_id) of the node we want to test. | 8 | 1. Get the information (IP_port, client_id) of the node we want to test. |
7 | 2. Find a couple random nodes that is not that node (one for each test.) | 9 | 2. Find a couple random nodes that is not that node (one for each test.) |
8 | 3. Send crypto request packets to each of these random nodes with the data being: | 10 | 3. Send crypto request packets to each of these random nodes with the data being: |
9 | 11 | ||
10 | [byte with value: 02 (get nodes test request)][struct Node_format (the node to test.)][client_id(32 bytes) the id to query the node with.][padding] | 12 | [byte with value: 02 (get nodes test request)][struct Node_format (the node to |
13 | test.)][client_id(32 bytes) the id to query the node with.][padding] | ||
11 | 14 | ||
12 | 4. The random node receives a packet. | 15 | 4. The random node receives a packet. |
13 | -The packet is a get nodes test request: | 16 | -The packet is a get nodes test request: |
14 | send a get_node request to that node with the id to query in the request. | 17 | send a get_node request to that node with the id to query in the request. |
15 | when a send_node response is received, send the following response to the person who sent us the get nodes test request packet: | 18 | when a send_node response is received, send the following response to the |
16 | [byte with value: 03 (get nodes test response)][client_id(32 bytes): the id of the tested node][The list of nodes it responded with in IPv6 Node format (struct Node_Format)] | 19 | person who sent us the get nodes test request packet: |
17 | PROTIP: (get node requests and response contain an encrypted part that you can use to store information so that you don't | 20 | [byte with value: 03 (get nodes test response)][client_id(32 bytes): |
18 | have to store in your memory where/if to send back the response from the send node) | 21 | the id of the tested node][The list of nodes it responded with in IPv6 |
22 | Node format (struct Node_Format)] | ||
23 | PROTIP: (get node requests and response contain an encrypted part that you | ||
24 | can use to store information so that you don't | ||
25 | have to store in your memory where/if to send back the response from the | ||
26 | send node) | ||
19 | 27 | ||
20 | 5. Receive the test responses. | 28 | 5. Receive the test responses. |
21 | -If the test(s) pass (the nodes behave in a satisfactory manner), make these nodes have priority over those who don't pass the test(s). | 29 | -If the test(s) pass (the nodes behave in a satisfactory manner), make these |
30 | nodes have priority over those who don't pass the test(s). | ||
diff --git a/docs/Prevent_Tracking.txt b/docs/Prevent_Tracking.txt index 07e8ae1e..c5f33e96 100644 --- a/docs/Prevent_Tracking.txt +++ b/docs/Prevent_Tracking.txt | |||
@@ -21,36 +21,36 @@ So, every node in the DHT now has a temporary keypair not related to their real | |||
21 | long term one. | 21 | long term one. |
22 | 22 | ||
23 | But, how do people find themselves then? We have to add a way for people to | 23 | But, how do people find themselves then? We have to add a way for people to |
24 | tell their friends what their DHT public key is, we also have to somehow make | 24 | tell their friends what their DHT public key is. We also have to somehow make |
25 | it so people can send/receive friend requests, this has to be done without non | 25 | it so people can send/receive friend requests. This has to be done without |
26 | friends being able to find out where a node is. | 26 | non-friends being able to find out where a node is. |
27 | 27 | ||
28 | The solution: Onion routing + enable the storage of some small amount of data | 28 | The solution: Onion routing + enable the storage of some small amount of data |
29 | on | 29 | on DHT nodes. |
30 | DHT nodes. | ||
31 | 30 | ||
32 | 31 | ||
33 | Alice and bob are friends, before joining the DHT they generate temporary | 32 | Alice and bob are friends. Before joining the DHT they generate temporary |
34 | session keypairs to be used for the DHT instead of their long term keys. | 33 | session keypairs to be used for the DHT instead of their long term keys. |
35 | 34 | ||
36 | Bob finds a bunch of random nodes then picks 3 random working ones (A, B, C). | 35 | Bob finds a bunch of random nodes then picks 3 random working ones (A, B, C). |
37 | 36 | ||
38 | Bob gets the know working node with an id closest to his real one from his list (D) | 37 | Bob gets the known working node with an id closest to his real one from his list (D) |
39 | 38 | ||
40 | Bob then creates an onion (the packet will go through A, B, C and will end up at D) | 39 | Bob then creates an onion (the packet will go through A, B, C and will end up at D) |
41 | announce request packet with his real public key, ping_id as zeros and | 40 | announce request packet with his real public key, ping_id as zeros and |
42 | searching for his real public key. | 41 | searching for his real public key. |
43 | 42 | ||
44 | Bob will announce response packets and will recursively send onion announce request packets | 43 | Bob will announce response packets and will recursively send onion announce request |
45 | to closer and closer nodes until he finds the ones closest to his real public key. | 44 | packets to closer and closer nodes until he finds the ones closest to his real public key. |
46 | 45 | ||
47 | Once he has done this, he will send some onion announce request packets with the right ping_id previously | 46 | Once he has done this, he will send some onion announce request packets with the right |
48 | received from the node when he queried it to announce himself to the node. | 47 | ping_id previously received from the node when he queried it to announce himself to the node. |
49 | 48 | ||
50 | The nodes he announces himself to keep the information to send onion packets to that node in memory. | 49 | The nodes he announces himself to keep the information to send onion packets to that node in |
50 | memory. | ||
51 | 51 | ||
52 | Alice meanwhile searches for the Nodes closest to Bobs real id using a temporary keypair and announce | 52 | Alice meanwhile searches for the nodes closest to Bobs real id using a temporary keypair and |
53 | request packets, she does this until she finds nodes that respond with a ping_id of zero. | 53 | announce request packets. She does this until she finds nodes that respond with a ping_id of zero. |
54 | 54 | ||
55 | She sends data to route request packet with information telling Bob her temporary id in the DHT | 55 | She sends data to route request packet with information telling Bob her temporary id in the DHT |
56 | (or a friend request if she is not friends with him). | 56 | (or a friend request if she is not friends with him). |
@@ -58,9 +58,9 @@ She sends data to route request packet with information telling Bob her temporar | |||
58 | Bob finds her by using her temporary id and they connect to each other. | 58 | Bob finds her by using her temporary id and they connect to each other. |
59 | 59 | ||
60 | 60 | ||
61 | NOTE: crypto_box is used for all the asymmetric encryption and crypto_secretbox is used for all the symmetric. | 61 | NOTE: crypto_box is used for all the asymmetric encryption and crypto_secretbox is used for all |
62 | Also every DHT node have a random symmetric key which they use to encrypt the stuff in normal get node request that is | 62 | the symmetric. Also every DHT node have a random symmetric key which they use to encrypt the stuff |
63 | used to encrypt stuff in the following. | 63 | in normal get node request that is used to encrypt stuff in the following. |
64 | 64 | ||
65 | Onion packet (request): | 65 | Onion packet (request): |
66 | 66 | ||
@@ -151,7 +151,7 @@ encrypted with temp symmetric key of Node A: [IP_Port (of us)][data to send back | |||
151 | 151 | ||
152 | Data packets: | 152 | Data packets: |
153 | 153 | ||
154 | To tell our friend what our DHT public key is so that he can connect to us we send a data packet with id 156 and | 154 | To tell our friend what our DHT public key is so that he can connect to us we send a data packet |
155 | the data being:[uint64_t (in network byte order) no_replay, the packet will only be accepted if this number is bigger than the last one recieved] | 155 | with id 156 and the data being:[uint64_t (in network byte order) no_replay, the packet will only be |
156 | [our dht public key][Node_Format * (maximum of 8) nodes closest to us so that the friend can find us faster] | 156 | accepted if this number is bigger than the last one recieved] [our dht public key][Node_Format * ( |
157 | 157 | maximum of 8) nodes closest to us so that the friend can find us faster] | |
diff --git a/docs/TCP_Network.txt b/docs/TCP_Network.txt index e8608791..b1059892 100644 --- a/docs/TCP_Network.txt +++ b/docs/TCP_Network.txt | |||
@@ -14,8 +14,8 @@ How it's probably going to work: | |||
14 | 1. Alice, a Tox client on a TCP only network generates a temporary public key | 14 | 1. Alice, a Tox client on a TCP only network generates a temporary public key |
15 | and connects to a bootstrap node. | 15 | and connects to a bootstrap node. |
16 | 16 | ||
17 | 2. Using the bootstrap node she find and connects to a couple (exact number | 17 | 2. Using the bootstrap node she finds and connects to a (exact number to be |
18 | to be determined later) number of random nodes that have TCP relay support. | 18 | determined later) number of random nodes that have TCP relay support. |
19 | 19 | ||
20 | 3. She uses the onion through the TCP relay connections to send friend requests | 20 | 3. She uses the onion through the TCP relay connections to send friend requests |
21 | or tell online friends which TCP nodes she is connected to and her temporary | 21 | or tell online friends which TCP nodes she is connected to and her temporary |
@@ -28,8 +28,8 @@ with alice using that temporary public key. | |||
28 | 5. That connection is used by both to transmit encrypted Messenger and A/V | 28 | 5. That connection is used by both to transmit encrypted Messenger and A/V |
29 | packets. | 29 | packets. |
30 | 30 | ||
31 | 6. If one of the nodes shuts down while it is currently routing traffic, Alice | 31 | 6. If one of the nodes shuts down while it is routing traffic, Alice and Bob |
32 | and bob just switch to one of the other nodes they are both connected to. | 32 | just switch to one of the other nodes to which they are both connected. |
33 | 33 | ||
34 | 34 | ||
35 | Actual detailed implementation details coming soon. | 35 | Actual implementation details coming soon. |