aura_core/effects/route_crypto.rs
1//! Route-layer hop crypto effects.
2//!
3//! This trait defines the stateless cryptographic primitives used by the
4//! anonymous route layer. It is distinct from `NoiseEffects`. `NoiseEffects`
5//! protects one adjacent transport hop. `RouteCryptoEffects` derives and uses
6//! per-hop path-layer keys for multi-hop route setup and peel processing.
7
8use crate::AuraError;
9use async_trait::async_trait;
10
11/// Error type for route-layer cryptographic operations.
12pub type RouteCryptoError = AuraError;
13
14/// Per-hop route-layer key material.
15#[derive(Debug, Clone, PartialEq, Eq)]
16pub struct RouteHopKeyMaterial {
17 /// Forward key used while advancing toward the destination.
18 pub forward_key: [u8; 32],
19 /// Backward key used while returning over a reply block or reply path.
20 pub backward_key: [u8; 32],
21 /// Replay-window binding for this hop.
22 pub replay_window_id: [u8; 32],
23}
24
25/// Stateless route-layer hop cryptography.
26#[async_trait]
27pub trait RouteCryptoEffects: Send + Sync {
28 /// Derive one hop's route-layer keys from a route secret seed and hop index.
29 async fn derive_hop_key_material(
30 &self,
31 route_secret_seed: [u8; 32],
32 hop_index: u16,
33 ) -> Result<RouteHopKeyMaterial, RouteCryptoError>;
34
35 /// Encrypt one hop layer with associated authenticated data and an explicit nonce.
36 async fn encrypt_hop_layer(
37 &self,
38 key: [u8; 32],
39 nonce: [u8; 12],
40 aad: &[u8],
41 plaintext: &[u8],
42 ) -> Result<Vec<u8>, RouteCryptoError>;
43
44 /// Decrypt one hop layer with associated authenticated data and an explicit nonce.
45 async fn decrypt_hop_layer(
46 &self,
47 key: [u8; 32],
48 nonce: [u8; 12],
49 aad: &[u8],
50 ciphertext: &[u8],
51 ) -> Result<Vec<u8>, RouteCryptoError>;
52}