sphinx_packet/
constants.rs

1// Copyright 2020 Nym Technologies SA
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use crate::crypto;
16use digest::generic_array::typenum::U16;
17use sha2::Sha256;
18
19pub const SECURITY_PARAMETER: usize = 16; // k in the Sphinx paper. Measured in bytes; 128 bits.
20pub const MAX_PATH_LENGTH: usize = 5; // r in the Sphinx paper
21pub const BLINDING_FACTOR_SIZE: usize = 2 * SECURITY_PARAMETER;
22
23/// Output of the h𝜏 hash function / random oracle
24pub const REPLAY_TAG_SIZE: usize = 2 * SECURITY_PARAMETER;
25
26pub const EXPANDED_SHARED_SECRET_LENGTH: usize = crypto::STREAM_CIPHER_KEY_SIZE
27    + INTEGRITY_MAC_KEY_SIZE
28    + PAYLOAD_KEY_SIZE
29    + BLINDING_FACTOR_SIZE
30    + REPLAY_TAG_SIZE;
31
32pub const STREAM_CIPHER_OUTPUT_LENGTH: usize =
33    (NODE_META_INFO_SIZE + HEADER_INTEGRITY_MAC_SIZE) * (MAX_PATH_LENGTH + 1);
34pub const DESTINATION_ADDRESS_LENGTH: usize = 2 * SECURITY_PARAMETER;
35pub const NODE_ADDRESS_LENGTH: usize = 2 * SECURITY_PARAMETER;
36pub const IDENTIFIER_LENGTH: usize = SECURITY_PARAMETER;
37pub const INTEGRITY_MAC_KEY_SIZE: usize = SECURITY_PARAMETER;
38pub const HEADER_INTEGRITY_MAC_SIZE: usize = SECURITY_PARAMETER;
39pub const PAYLOAD_KEY_SEED_SIZE: usize = SECURITY_PARAMETER;
40pub const PAYLOAD_KEY_SIZE: usize = 192; // must be 192 because of the Lioness implementation we're using
41pub const DELAY_LENGTH: usize = 8; // how many bytes we will use to encode the delay
42pub const NODE_META_INFO_SIZE: usize =
43    NODE_ADDRESS_LENGTH + FLAG_LENGTH + DELAY_LENGTH + VERSION_LENGTH; // the meta info is all the information from sender to the node like: where to forward the packet, what is the delay etc
44pub const FINAL_NODE_META_INFO_LENGTH: usize =
45    DESTINATION_ADDRESS_LENGTH + IDENTIFIER_LENGTH + FLAG_LENGTH + VERSION_LENGTH; // the meta info for the final hop might be of a different size
46pub const FLAG_LENGTH: usize = 1;
47pub const PAYLOAD_SIZE: usize = 1024;
48pub const VERSION_LENGTH: usize = 3; // since version is represented as 3 u8 values: major, minor and patch
49                                     // we need the single byte to detect padding length
50
51#[deprecated(note = "use EXPANDED_SHARED_SECRET_HKDF_INFO instead")]
52pub const HKDF_INPUT_SEED: &[u8] = EXPANDED_SHARED_SECRET_HKDF_INFO;
53
54// content due to legacy reasons
55pub const EXPANDED_SHARED_SECRET_HKDF_INFO: &[u8] =
56    b"Dwste mou enan moxlo arketa makru kai ena upomoxlio gia na ton topothetisw kai tha kinisw thn gh.";
57
58// unfortunately for legacy compatibility reasons, we have to be using an empty salt
59// (nodes need to be able to unconditionally recover version information from the header in order to
60// decide on further processing. this value is behind the initial hkdf
61pub const EXPANDED_SHARED_SECRET_HKDF_SALT: &[u8] = b"";
62
63pub const PAYLOAD_KEY_HKDF_INFO: &[u8] = b"sphinx-payload-key-V01-CS01-HKDF:SHA256-INFO";
64pub const PAYLOAD_KEY_HKDF_SALT: &[u8] = b"sphinx-payload-key-V01-CS01-HKDF:SHA256-SALT";
65
66pub type HeaderIntegrityMacSize = U16;
67
68// TODO: to replace with Blake3
69pub type HeaderIntegrityHmacAlgorithm = Sha256;
70
71#[cfg(test)]
72mod tests {
73    use super::*;
74    use digest::generic_array::typenum::Unsigned;
75
76    #[test]
77    fn generic_type_sizes_are_consistent_with_defined_constants() {
78        assert_eq!(
79            HeaderIntegrityMacSize::to_usize(),
80            HEADER_INTEGRITY_MAC_SIZE
81        )
82    }
83}