b5c8b69547
* Experiment with serde * Framed encoding serde POC * Outfox framing * Outfox rest compat (#3333) * Outfox forwarding compat * Tidy up interface * PacketSize compat * Address PR comments * Rebase on develop commit342883fcbeAuthor: durch <durch@users.noreply.github.com> Date: Thu Apr 27 09:17:18 2023 +0200 Put back PacketType 1 commit61a0ee5a19Author: Tommy Verrall <tommyvez@protonmail.com> Date: Wed Apr 26 16:37:29 2023 +0100 change output for cpu-cycle management logs commit3956109c7eAuthor: Tommy Verrall <tommy@nymtech.net> Date: Wed Apr 26 12:13:22 2023 +0100 change the workflow file to build with cpucycles commit8d725b13c5Author: durch <durch@users.noreply.github.com> Date: Mon Apr 24 13:14:58 2023 +0200 Outfox client compat commit4d166c389bAuthor: durch <durch@users.noreply.github.com> Date: Fri Apr 21 00:30:46 2023 +0200 Address PR comments commit145c3c1223Author: durch <durch@users.noreply.github.com> Date: Fri Apr 21 00:12:35 2023 +0200 Rename PacketMode commitcbd654d6fdAuthor: Drazen Urch <drazen@urch.eu> Date: Thu Apr 20 23:59:40 2023 +0200 Outfox rest compat (#3333) * Outfox forwarding compat * Tidy up interface * PacketSize compat commite7be91a94cAuthor: durch <durch@users.noreply.github.com> Date: Wed Apr 19 16:36:48 2023 +0200 Remove serde cruft commit582e7d566aAuthor: durch <durch@users.noreply.github.com> Date: Wed Apr 19 16:24:09 2023 +0200 Outfox framing commit6464da5f01Author: durch <durch@users.noreply.github.com> Date: Tue Apr 18 22:23:02 2023 +0200 Framing compat commitd5e77e499bAuthor: durch <durch@users.noreply.github.com> Date: Tue Apr 18 18:18:54 2023 +0200 Framed encoding serde POC commitf086f9c35aAuthor: durch <durch@users.noreply.github.com> Date: Tue Apr 18 16:54:21 2023 +0200 Experiment with serde * Client tweaks * Speed up from_plaintext * SurbAcks * More work on the reciever end, and outfox format * Cleanup and fmt * Wrap up rebase * Happy clippy * Fix lock files * Final cleanup
76 lines
3.5 KiB
Rust
76 lines
3.5 KiB
Rust
// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
use nym_crypto::aes::Aes128;
|
|
use nym_crypto::blake3;
|
|
use nym_crypto::ctr;
|
|
|
|
type Aes128Ctr = ctr::Ctr64BE<Aes128>;
|
|
|
|
// Re-export for ease of use
|
|
pub use packet_sizes::PacketSize;
|
|
pub use packet_types::PacketType;
|
|
|
|
pub mod packet_sizes;
|
|
pub mod packet_types;
|
|
pub mod packet_version;
|
|
|
|
// If somebody can provide an argument why it might be reasonable to have more than 255 mix hops,
|
|
// I will change this to [`usize`]
|
|
pub const DEFAULT_NUM_MIX_HOPS: u8 = 3;
|
|
|
|
// TODO: not entirely sure how to feel about those being defined here, ideally it'd be where [`Fragment`]
|
|
// is defined, but that'd introduce circular dependencies as the acknowledgements crate also needs
|
|
// access to that
|
|
pub const FRAG_ID_LEN: usize = 5;
|
|
pub type SerializedFragmentIdentifier = [u8; FRAG_ID_LEN];
|
|
|
|
// wait, wait, but why are we starting with version 7?
|
|
// when packet header gets serialized, the following bytes (in that order) are put onto the wire:
|
|
// - packet_version (starting with v1.1.0)
|
|
// - packet_size indicator
|
|
// - packet_type
|
|
// it also just so happens that the only valid values for packet_size indicator include values 1-6
|
|
// therefore if we receive byte `7` (or larger than that) we'll know we received a versioned packet,
|
|
// otherwise we should treat it as legacy
|
|
/// Increment it whenever we perform any breaking change in the wire format!
|
|
const CURRENT_PACKET_VERSION_NUMBER: u8 = 7;
|
|
|
|
// TODO: ask @AP about the choice of below algorithms
|
|
|
|
/// Hashing algorithm used during hkdf for ephemeral shared key generation per sphinx packet payload.
|
|
pub type PacketHkdfAlgorithm = blake3::Hasher;
|
|
|
|
/// Hashing algorithm used during hkdf while establishing long-term shared key between client and gateway.
|
|
pub type GatewaySharedKeyHkdfAlgorithm = blake3::Hasher;
|
|
|
|
/// Hashing algorithm used when computing digest of a reply SURB encryption key.
|
|
pub type ReplySurbKeyDigestAlgorithm = blake3::Hasher;
|
|
|
|
/// Hashing algorithm used when computing integrity (H)Mac for message exchanged between client and gateway.
|
|
// TODO: if updated, the pem type defined in gateway\gateway-requests\src\registration\handshake\shared_key
|
|
// needs updating!
|
|
pub type GatewayIntegrityHmacAlgorithm = blake3::Hasher;
|
|
|
|
/// Encryption algorithm used for encrypting acknowledgement messages.
|
|
// TODO: if updated:
|
|
// - PacketSize::ACK_PACKET_SIZE needs to be manually updated (if nonce/iv size differs);
|
|
// this requirement will eventually go away once const generics are stabilised (and generic_array and co. start using them)
|
|
// - the pem type defined in nym\common\nymsphinx\acknowledgements\src\key needs updating!
|
|
pub type AckEncryptionAlgorithm = Aes128Ctr;
|
|
|
|
/// Encryption algorithm used for end-to-end encryption of messages exchanged between clients
|
|
/// and their gateways.
|
|
// TODO: if updated, the pem type defined in gateway\gateway-requests\src\registration\handshake\shared_key
|
|
// needs updating!
|
|
pub type GatewayEncryptionAlgorithm = Aes128Ctr;
|
|
|
|
/// Encryption algorithm used for end-to-end encryption of messages exchanged between clients that are
|
|
/// encapsulated inside sphinx packets.
|
|
pub type PacketEncryptionAlgorithm = Aes128Ctr;
|
|
|
|
/// Encryption algorithm used for end-to-end encryption of reply messages constructed using ReplySURBs.
|
|
// TODO: I don't see any reason for it to be different than what is used for regular packets. Perhaps
|
|
// it could be potentially insecure to use anything else?
|
|
pub type ReplySurbEncryptionAlgorithm = PacketEncryptionAlgorithm;
|