package sphinx

Published: May 4, 2020 | License: AGPL-3.0


Package sphinx implements the Katzenpost parameterized Sphinx Packet Format.



const (

	// HeaderLength is the length of a Sphinx packet header in bytes.
	HeaderLength = adLength + crypto.GroupElementLength + routingInfoLength + crypto.MACLength // 460 bytes.

	// PayloadTagLength is the length of the Sphinx packet payload SPRP tag.
	PayloadTagLength = 16
const (
	// SURBLength is the length of a Sphinx SURB in bytes.
	SURBLength = HeaderLength + constants.NodeIDLength + sprpKeyMaterialLength // 556 bytes.


func DecryptSURBPayload

func DecryptSURBPayload(payload, keys []byte) ([]byte, error)

DecryptSURBPayload decrypts the provided Sphinx payload generated via a SURB with the provided keys, and returns the plaintext. The keys are obliterated at the end of this call.

func NewPacket

func NewPacket(r io.Reader, path []*PathHop, payload []byte) ([]byte, error)

NewPacket creates a forward Sphinx packet with the provided path and payload, using the provided entropy source.

func NewPacketFromSURB

func NewPacketFromSURB(surb, payload []byte) ([]byte, *[constants.NodeIDLength]byte, error)

NewPacketFromSURB creates a new reply Sphinx packet with the provided SURB and payload, and returns the packet and ID of the first hop.

func NewSURB

func NewSURB(r io.Reader, path []*PathHop) ([]byte, []byte, error)

NewSURB creates a new SURB with the provided path using the provided entropy source, and returns the SURB and decrypion keys.

func Unwrap

func Unwrap(privKey *ecdh.PrivateKey, pkt []byte) ([]byte, []byte, []commands.RoutingCommand, error)

Unwrap unwraps the provided Sphinx packet pkt in-place, using the provided ECDH private key, and returns the payload (if applicable), replay tag, and routing info command vector.

type PathHop

type PathHop struct {
	ID        [constants.NodeIDLength]byte
	PublicKey *ecdh.PublicKey
	Commands  []commands.RoutingCommand

PathHop describes a hop that a Sphinx Packet will traverse, along with all of the per-hop Commands (excluding NextNodeHop).

