From rusty at rustcorp.com.au  Fri Oct  2 05:48:39 2015
From: rusty at rustcorp.com.au (Rusty Russell)
Date: Fri, 02 Oct 2015 15:18:39 +0930
Subject: [Lightning-dev] Onion routing strawman proposal
Message-ID: <877fn5om6g.fsf@rustcorp.com.au>

Hi all!

        So, I've pushed some test onion routing code in an acceptable
format:
https://github.com/ElementsProject/lightning/blob/onion/test/test_onion.c

        #define MESSAGE_SIZE 128
        #define MAX_HOPS 20

        /* Prepend 0x02 to get pubkey for libsecp256k1 */
        struct pubkey {
        	unsigned char u8[32];
        };

        struct hop {
        	unsigned char msg[MESSAGE_SIZE];
        	struct pubkey pubkey;
        	struct sha256 hmac;
        };

        struct onion {
        	struct hop hop[MAX_HOPS];
        };

That's a fixed 3840 bytes; each node decrypts and removed the tail
entry, then prepends padding.  (Working backwards like that turns out to
be slightly more efficient for generating, see git commits).

There's nothing exotic in here: it's AES128 counter mode, HMAC using
SHA256, and Bitcoin's EC with ECDH.  But crypto review particularly
welcome!

Cheers,
Rusty.