nym-gateway-requests 1.20.4

Request and response definitions for Nym Gateway <> client communication
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

// Copyright 2024 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0

use crate::registration::handshake::error::HandshakeError;
use crate::registration::handshake::KDF_SALT_LENGTH;
use nym_crypto::asymmetric::{ed25519, x25519};
use nym_crypto::symmetric::aead::{nonce_size, tag_size, Nonce};
use nym_sphinx::params::GatewayEncryptionAlgorithm;

// it is vital nobody changes the serialisation implementation unless you have an EXTREMELY good reason,
// as otherwise you have very high chance of breaking backwards compatibility
pub trait HandshakeMessage {
    fn into_bytes(self) -> Vec<u8>;

    fn try_from_bytes(bytes: &[u8]) -> Result<Self, HandshakeError>
    where
        Self: Sized;
}

#[derive(Debug)]
pub struct Initialisation {
    pub identity: ed25519::PublicKey,
    pub ephemeral_dh: x25519::PublicKey,
    pub initiator_salt: Vec<u8>,
}

#[derive(Debug)]
pub struct MaterialExchange {
    pub signature_ciphertext: Vec<u8>,
    pub nonce: Nonce<GatewayEncryptionAlgorithm>,
}

impl MaterialExchange {
    #[cfg(not(target_arch = "wasm32"))]
    pub fn attach_ephemeral_dh(self, ephemeral_dh: x25519::PublicKey) -> GatewayMaterialExchange {
        GatewayMaterialExchange {
            ephemeral_dh,
            materials: self,
        }
    }
}

#[derive(Debug)]
pub struct GatewayMaterialExchange {
    pub ephemeral_dh: x25519::PublicKey,
    pub materials: MaterialExchange,
}

#[derive(Debug)]
pub struct Finalization {
    pub success: bool,
}

impl Finalization {
    pub fn ensure_success(&self) -> Result<(), HandshakeError> {
        if !self.success {
            return Err(HandshakeError::HandshakeFailure);
        }
        Ok(())
    }
}

impl HandshakeMessage for Initialisation {
    // LOCAL_ID_PUBKEY || EPHEMERAL_KEY || SALT
    // Eventually the ID_PUBKEY prefix will get removed and recipient will know
    // initializer's identity from another source.
    fn into_bytes(self) -> Vec<u8> {
        self.identity
            .to_bytes()
            .into_iter()
            .chain(self.ephemeral_dh.to_bytes())
            .chain(self.initiator_salt)
            .collect()
    }

    // this will need to be adjusted when REMOTE_ID_PUBKEY is removed
    fn try_from_bytes(bytes: &[u8]) -> Result<Self, HandshakeError>
    where
        Self: Sized,
    {
        let current_len = ed25519::PUBLIC_KEY_LENGTH + x25519::PUBLIC_KEY_SIZE + KDF_SALT_LENGTH;
        if bytes.len() != current_len {
            return Err(HandshakeError::MalformedRequest);
        }

        let identity = ed25519::PublicKey::from_bytes(&bytes[..ed25519::PUBLIC_KEY_LENGTH])
            .map_err(|_| HandshakeError::MalformedRequest)?;

        // SAFETY: this can only fail if the provided bytes have len different from encryption::PUBLIC_KEY_SIZE
        // which is impossible
        #[allow(clippy::unwrap_used)]
        let ephemeral_dh = x25519::PublicKey::from_bytes(
            &bytes
                [ed25519::PUBLIC_KEY_LENGTH..ed25519::PUBLIC_KEY_LENGTH + x25519::PUBLIC_KEY_SIZE],
        )
        .unwrap();

        let initiator_salt = bytes[ed25519::PUBLIC_KEY_LENGTH + x25519::PUBLIC_KEY_SIZE..].to_vec();

        Ok(Initialisation {
            identity,
            ephemeral_dh,
            initiator_salt,
        })
    }
}

impl HandshakeMessage for MaterialExchange {
    // AES(k, SIG(PRIV_GATE, G^y || G^x))
    fn into_bytes(self) -> Vec<u8> {
        self.signature_ciphertext
            .iter()
            .cloned()
            .chain(self.nonce)
            .collect()
    }

    fn try_from_bytes(bytes: &[u8]) -> Result<Self, HandshakeError>
    where
        Self: Sized,
    {
        // CURRENT: ed25519 signature ciphertext (+ tag) + AES256-GCM-SIV nonce (76 bytes)
        let current_len = ed25519::SIGNATURE_LENGTH
            + tag_size::<GatewayEncryptionAlgorithm>()
            + nonce_size::<GatewayEncryptionAlgorithm>();

        if bytes.len() != current_len {
            return Err(HandshakeError::MalformedResponse);
        }

        let ciphertext_len = ed25519::SIGNATURE_LENGTH + tag_size::<GatewayEncryptionAlgorithm>();
        let signature_ciphertext = bytes[..ciphertext_len].to_vec();

        // SAFETY: we know the bytes have correct length
        let nonce = Nonce::<GatewayEncryptionAlgorithm>::clone_from_slice(&bytes[ciphertext_len..]);

        Ok(MaterialExchange {
            signature_ciphertext,
            nonce,
        })
    }
}

impl HandshakeMessage for GatewayMaterialExchange {
    // G^y || AES(k, SIG(PRIV_GATE, G^y || G^x))
    fn into_bytes(self) -> Vec<u8> {
        self.ephemeral_dh
            .to_bytes()
            .into_iter()
            .chain(self.materials.into_bytes())
            .collect()
    }

    fn try_from_bytes(bytes: &[u8]) -> Result<Self, HandshakeError>
    where
        Self: Sized,
    {
        // we expect to receive either:
        // LEGACY: x25519 pubkey + ed25519 signature ciphertext (96 bytes)
        // CURRENT: x25519 pubkey + ed25519 signature ciphertext (+ tag)+ AES256-GCM-SIV nonce (124 bytes)
        let legacy_len = x25519::PUBLIC_KEY_SIZE + ed25519::SIGNATURE_LENGTH;
        let current_len = legacy_len
            + nonce_size::<GatewayEncryptionAlgorithm>()
            + tag_size::<GatewayEncryptionAlgorithm>();

        if bytes.len() != legacy_len && bytes.len() != current_len {
            return Err(HandshakeError::MalformedResponse);
        }

        // this can only fail if the provided bytes have len different from PUBLIC_KEY_SIZE
        // which is impossible
        #[allow(clippy::unwrap_used)]
        let ephemeral_dh =
            x25519::PublicKey::from_bytes(&bytes[..x25519::PUBLIC_KEY_SIZE]).unwrap();
        let materials = MaterialExchange::try_from_bytes(&bytes[x25519::PUBLIC_KEY_SIZE..])?;

        Ok(GatewayMaterialExchange {
            ephemeral_dh,
            materials,
        })
    }
}

impl HandshakeMessage for Finalization {
    fn into_bytes(self) -> Vec<u8> {
        if self.success {
            vec![1]
        } else {
            vec![0]
        }
    }

    fn try_from_bytes(bytes: &[u8]) -> Result<Self, HandshakeError>
    where
        Self: Sized,
    {
        if bytes.len() != 1 {
            return Err(HandshakeError::MalformedResponse);
        }

        let success = bytes[0] == 1;
        Ok(Finalization { success })
    }
}