Closed cdecker closed 5 years ago
Please consider this PR still work in progress, since I'm still working on the command-line tool so we can create test-vectors for the spec.
Would you believe that the only thing I don't like is the you used the 4 MSB not 4 LSB of byte-formerly-known-as-realm? :)
Would you believe that the only thing I don't like is the you used the 4 MSB not 4 LSB of byte-formerly-known-as-realm? :)
How do you mean? Currently the format is rather nice when encoding the former-realm as hex: 41
means that we use 4 additional frames to encode a payload of type 1 :-)
Closing in favor of #36.
Quoting the description from https://github.com/lightningnetwork/lightning-onion/pull/31:
For a payload of length <= 32:
For payloads > 32 and <= 162 for example:
In other words we use the realm byte from the first hop to determine the number of hops to read, the first hop still has room for 64 bytes of payload (per-hop-payload + HMAC size - realm byte). Any intermediate hop has the full 65 bytes available. The last hop has 33 bytes of payload available, since we will use its HMAC to pass it on to the next node in the path. Notice that we do not decrypt the payloads after the first since processing the first hop already decrypted all the following hops, including the ones we'll be processing. In addition we get a better use of the limited space that we have available and the entire payload is contiguous in memory and can be passed out to the parser as is, without having to stitch it together.
The implementation is also rather trivial, all we need to do is to pass the payload as a byte slice out during processing, and to get the next onion instead of shifting by 65 bytes and padding with 0s, we shift by
65*nhops
and pad that with 0s. So the only thing we really need to do is to have therightShift
,headerWithPadding
, andcopy
not take 65, but 65*nhops as arguments.