nym_sphinx_params/lib.rs
1// Copyright 2021 - Nym Technologies SA <contact@nymtech.net>
2// SPDX-License-Identifier: Apache-2.0
3
4use nym_crypto::Aes256GcmSiv;
5use nym_crypto::aes::Aes128;
6use nym_crypto::blake3;
7use nym_crypto::ctr;
8
9type Aes128Ctr = ctr::Ctr64BE<Aes128>;
10
11// Re-export for ease of use
12pub use key_rotation::SphinxKeyRotation;
13pub use packet_sizes::PacketSize;
14pub use packet_types::PacketType;
15pub use packet_version::PacketVersion;
16
17pub mod key_rotation;
18pub mod packet_sizes;
19pub mod packet_types;
20pub mod packet_version;
21
22// TODO: not entirely sure how to feel about those being defined here, ideally it'd be where [`Fragment`]
23// is defined, but that'd introduce circular dependencies as the acknowledgements crate also needs
24// access to that
25pub const FRAG_ID_LEN: usize = 5;
26pub type SerializedFragmentIdentifier = [u8; FRAG_ID_LEN];
27
28// TODO: ask @AP about the choice of below algorithms
29
30/// Hashing algorithm used during hkdf for ephemeral shared key generation per sphinx packet payload.
31pub type PacketHkdfAlgorithm = blake3::Hasher;
32
33/// Hashing algorithm used during hkdf while establishing long-term shared key between client and gateway.
34pub type GatewaySharedKeyHkdfAlgorithm = blake3::Hasher;
35
36/// Hashing algorithm used when computing digest of a reply SURB encryption key.
37pub type ReplySurbKeyDigestAlgorithm = blake3::Hasher;
38
39/// Hashing algorithm used when computing integrity (H)Mac for message exchanged between client and gateway.
40// TODO: if updated, the pem type defined in gateway\gateway-requests\src\registration\handshake\legacy_shared_key
41// needs updating!
42pub type GatewayIntegrityHmacAlgorithm = blake3::Hasher;
43
44/// Encryption algorithm used for encrypting acknowledgement messages.
45// TODO: if updated:
46// - PacketSize::ACK_PACKET_SIZE needs to be manually updated (if nonce/iv size differs);
47// this requirement will eventually go away once const generics are stabilised (and generic_array and co. start using them)
48// - the pem type defined in nym\common\nymsphinx\acknowledgements\src\key needs updating!
49pub type AckEncryptionAlgorithm = Aes128Ctr;
50
51/// Legacy encryption algorithm used for end-to-end encryption of messages exchanged between clients
52/// and their gateways.
53// TODO: if updated, the pem type defined in gateway\gateway-requests\src\registration\handshake\legacy_shared_key
54// needs updating!
55pub type LegacyGatewayEncryptionAlgorithm = Aes128Ctr;
56
57/// Encryption algorithm used for end-to-end encryption of messages exchanged between clients
58/// and their gateways.
59// NOTE: if updated, the pem type defined in gateway\gateway-requests\src\registration\handshake\shared_key
60pub type GatewayEncryptionAlgorithm = Aes256GcmSiv;
61
62/// Encryption algorithm used for end-to-end encryption of messages exchanged between clients that are
63/// encapsulated inside sphinx packets.
64pub type PacketEncryptionAlgorithm = Aes128Ctr;
65
66/// Encryption algorithm used for end-to-end encryption of reply messages constructed using ReplySURBs.
67// TODO: I don't see any reason for it to be different than what is used for regular packets. Perhaps
68// it could be potentially insecure to use anything else?
69pub type ReplySurbEncryptionAlgorithm = PacketEncryptionAlgorithm;