Prop. 159 updates

Peer Test fixes and error codes
Handshake packet number fixes

i2p2www/spec/proposals/159-ssu2.rst

@@ -1,11 +1,11 @@
-======
+=====
 SSU2
 ======
 .. meta::
     :author: eyedeekay, orignal, zlatinb, zzz
     :created: 2021-09-12
     :thread: http://zzz.i2p/topics/2612
-    :lastupdated: 2022-03-17
+    :lastupdated: 2022-03-22
     :status: Open
     :target: 0.9.55
 
@@ -2327,7 +2327,8 @@ Current SSU1 Peer Test issues:
 - Peer Test has its own ad-hoc retransmission scheme
 - Peer Test requires a complex state machine to know
   what message is for what state
-
+- Without knowing that Charlie has rejected her,
+  Alice will treat the test as a failuire.
 
 We have the following goals in improving the security of Relay and Peer Test:
 
@@ -3513,8 +3514,7 @@ Unencrypted data (Poly1305 authentication tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0 if no Retry was received
-                   1 if this is a new SessionRequest after a Retry was received
+  Packet Number :: Random 4 byte number generated by Alice, ignored
 
   Source Connection ID :: Randomly generated by Alice,
                           must not be equal to Destination Connection ID
@@ -3798,7 +3798,7 @@ Unencrypted data (Poly1305 auth tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0
+  Packet Number :: Random 4 byte number generated by Bob, ignored
 
   Source Connection ID :: The Destination Connection ID
                           received from Alice in Session Request
@@ -4078,8 +4078,7 @@ Unencrypted data (Poly1305 auth tags not shown):
   Destination Connection ID :: As sent in Session Request,
                                or one received in Session Confirmed?
 
-  Packet Number :: 1 if no Retry was received
-                   2 if a Retry was received
+  Packet Number :: 0 always, even if retransmitted
 
   type :: 2
 
@@ -5321,10 +5320,20 @@ See Relay Process section below.
   flag :: 1 byte flags, Unused, set to 0 for future compatibility
   code :: 1 byte status code:
          0: accept
-         1: reject, reason unspecified
-         2: rejected by Bob, reason unspecified
-         3: rejected by Charlie, reason unspecified
-         4-255: other reject codes TBD
+         1: rejected by Bob, reason unspecified
+         2: rejected by Bob, Charlie is banned
+         3: rejected by Bob, limit exceeded
+         4: rejected by Bob, signature failure
+         5-63: other rejected by Bob codes TBD
+         64: rejected by Charlie, reason unspecified
+         65: rejected by Charlie, unsupported address
+         66: rejected by Charlie, limit exceeded
+         67: rejected by Charlie, signature failure
+         68: rejected by Charlie, Alice is already connected
+         69: rejected by Charlie, Alice is banned
+         70-127: other rejected by Charlie codes TBD
+         128: reject, source and reason unspecified
+         129-255: other reject codes TBD
 
   The data below is covered by the signature if the code is 0 (accept).
   Bob forwards it unmodified.
@@ -5513,10 +5522,21 @@ either in the same payload (if there's room), or in a previous message.
   msg :: 1 byte message number 1-7
   code :: 1 byte status code:
          0: accept
-         1: reject, reason unspecified
-         2: rejected by Bob, reason unspecified
-         3: rejected by Charlie, reason unspecified
-         4-255: other reject codes TBD
+         1: rejected by Bob, reason unspecified
+         2: rejected by Bob, no Charlie available
+         3: rejected by Bob, limit exceeded
+         4: rejected by Bob, signature failure
+         5-63: other rejected by Bob codes TBD
+         64: rejected by Charlie, reason unspecified
+         65: rejected by Charlie, unsupported address
+         66: rejected by Charlie, limit exceeded
+         67: rejected by Charlie, signature failure
+         68: rejected by Charlie, Alice is already connected
+         69: rejected by Charlie, Alice is banned
+         70: rejected by Charlie, Alice is unknown
+         70-127: other rejected by Charlie codes TBD
+         128: reject, source and reason unspecified
+         129-255: other reject codes TBD
          reject codes only allowed in messages 3 and 4
   flag :: 1 byte flags, Unused, set to 0 for future compatibility
   hash :: Alice's or Charlie's 32-byte router hash,
@@ -5530,7 +5550,7 @@ either in the same payload (if there's room), or in a previous message.
          1: Alice
          3: Charlie
   ver ::  1 byte SSU version to be used for messages 5-7:
-         1: SSU 1
+         1: SSU 1 (not supported)
          2: SSU 2
   nonce :: 4 byte test nonce, big endian
   timestamp :: Unix timestamp, unsigned seconds.
@@ -5581,7 +5601,7 @@ Signature algorithm: Sign or verify the following data with the Alice's or Charl
 
 - prologue: 16 bytes "PeerTestValidate", not null-terminated (not included in the message)
 - bhash: Bob's 32-byte router hash (not included in the message)
-- ahash: Alice's 32-byte router hash (for messages 3 and 4 only; not included in message 3)
+- ahash: Alice's 32-byte router hash (for messages 3 and 4 only; not included in the message)
 - role: 1 byte role of the signer
 - ver: 1 byte SSU version
 - nonce: 4 byte test nonce