nym_gateway_requests/
lib.rs

1// Copyright 2020-2022 - Nym Technologies SA <contact@nymtech.net>
2// SPDX-License-Identifier: Apache-2.0
3
4pub use nym_crypto::generic_array;
5use nym_crypto::OutputSizeUser;
6use nym_sphinx::params::GatewayIntegrityHmacAlgorithm;
7
8pub use types::*;
9
10pub mod models;
11pub mod registration;
12pub mod shared_key;
13pub mod types;
14
15pub use shared_key::{SharedKeyConversionError, SharedKeyUsageError, SharedSymmetricKey};
16
17pub type GatewayProtocolVersion = u8;
18
19pub const CURRENT_PROTOCOL_VERSION: GatewayProtocolVersion = UPGRADE_MODE_VERSION;
20
21/// Defines the current version of the communication protocol between gateway and clients.
22/// It has to be incremented for any breaking change.
23// history:
24// 1 - initial release
25// 2 - changes to client credentials structure
26// 3 - change to AES-GCM-SIV and non-zero IVs
27// 4 - introduction of v2 authentication protocol to prevent replay attacks
28// 5 - add key rotation information to the serialised mix packet
29// 6 - support for 'upgrade mode'
30pub const INITIAL_PROTOCOL_VERSION: GatewayProtocolVersion = 1;
31pub const CREDENTIAL_UPDATE_V2_PROTOCOL_VERSION: GatewayProtocolVersion = 2;
32pub const AES_GCM_SIV_PROTOCOL_VERSION: GatewayProtocolVersion = 3;
33pub const AUTHENTICATE_V2_PROTOCOL_VERSION: GatewayProtocolVersion = 4;
34pub const EMBEDDED_KEY_ROTATION_INFO_VERSION: GatewayProtocolVersion = 5;
35pub const UPGRADE_MODE_VERSION: GatewayProtocolVersion = 6;
36
37// TODO: could using `Mac` trait here for OutputSize backfire?
38// Should hmac itself be exposed, imported and used instead?
39pub type LegacyGatewayMacSize = <GatewayIntegrityHmacAlgorithm as OutputSizeUser>::OutputSize;
40
41pub trait GatewayProtocolVersionExt {
42    const CURRENT: GatewayProtocolVersion = CURRENT_PROTOCOL_VERSION;
43
44    fn supports_aes256_gcm_siv(&self) -> bool;
45    fn supports_authenticate_v2(&self) -> bool;
46    fn supports_key_rotation_packet(&self) -> bool;
47    fn supports_upgrade_mode(&self) -> bool;
48    fn is_future_version(&self) -> bool;
49}
50
51impl GatewayProtocolVersionExt for Option<GatewayProtocolVersion> {
52    fn supports_aes256_gcm_siv(&self) -> bool {
53        let Some(protocol) = self else { return false };
54        protocol.supports_aes256_gcm_siv()
55    }
56
57    fn supports_authenticate_v2(&self) -> bool {
58        let Some(protocol) = self else { return false };
59        protocol.supports_authenticate_v2()
60    }
61
62    fn supports_key_rotation_packet(&self) -> bool {
63        let Some(protocol) = self else { return false };
64        protocol.supports_key_rotation_packet()
65    }
66
67    fn supports_upgrade_mode(&self) -> bool {
68        let Some(protocol) = self else { return false };
69        protocol.supports_upgrade_mode()
70    }
71
72    fn is_future_version(&self) -> bool {
73        let Some(protocol) = self else { return false };
74        protocol.is_future_version()
75    }
76}
77
78impl GatewayProtocolVersionExt for GatewayProtocolVersion {
79    fn supports_aes256_gcm_siv(&self) -> bool {
80        *self >= AES_GCM_SIV_PROTOCOL_VERSION
81    }
82
83    fn supports_authenticate_v2(&self) -> bool {
84        *self >= AUTHENTICATE_V2_PROTOCOL_VERSION
85    }
86
87    fn supports_key_rotation_packet(&self) -> bool {
88        *self >= EMBEDDED_KEY_ROTATION_INFO_VERSION
89    }
90
91    fn supports_upgrade_mode(&self) -> bool {
92        *self >= UPGRADE_MODE_VERSION
93    }
94
95    fn is_future_version(&self) -> bool {
96        *self > CURRENT_PROTOCOL_VERSION
97    }
98}