mirror of
https://github.com/simplex-chat/simplexmq.git
synced 2026-04-28 06:15:17 +00:00
Evgeny @ SimpleX Chat
37 lines
1.7 KiB
Markdown
37 lines
1.7 KiB
Markdown
# Simplex.Messaging.Crypto.ShortLink
|
|
|
|
> Short link key derivation, encryption, and signature verification for contact/invitation links.
|
|
|
|
**Source**: [`Crypto/ShortLink.hs`](../../../../../src/Simplex/Messaging/Crypto/ShortLink.hs)
|
|
|
|
## Overview
|
|
|
|
Short links encode connection data in two encrypted blobs: fixed data (2048 bytes padded) and user data (13824 bytes padded). Both are encrypted with `sbEncrypt` using a key derived from the link key via HKDF.
|
|
|
|
## KDF schemes
|
|
|
|
Two distinct HKDF derivations with different info strings:
|
|
|
|
- **contactShortLinkKdf**: `HKDF("", linkKey, "SimpleXContactLink", 56)` → splits into 24-byte LinkId + 32-byte SbKey. The LinkId is used as the router-side identifier.
|
|
- **invShortLinkKdf**: `HKDF("", linkKey, "SimpleXInvLink", 32)` → 32-byte SbKey only. No LinkId because invitation links don't use router-side lookup.
|
|
|
|
## Fixed padding lengths
|
|
|
|
- `fixedDataPaddedLength = 2008` (2048 - 24 nonce - 16 auth tag)
|
|
- `userDataPaddedLength = 13784` (13824 - 24 - 16)
|
|
|
|
These are chosen so the encrypted output (with prepended nonce and appended auth tag) fits exactly in round sizes.
|
|
|
|
## decryptLinkData
|
|
|
|
**Security**: Performs three-layer verification in order:
|
|
1. Hash check: `SHA3_256(fixedData) == linkKey` — ensures data integrity
|
|
2. Root key signature: `verify(rootKey, sig1, fixedData)` — ensures authenticity
|
|
3. User data signature: `verify(rootKey, sig2, userData)` for invitations, or verify against any owner key for contact links
|
|
|
|
For contact links, also calls `validateLinkOwners` to verify the owner chain of trust (each owner is signed by the root key).
|
|
|
|
## encodeSign
|
|
|
|
Prepends the Ed25519 signature to the data: `smpEncode(sign(pk, data)) <> data`. This is the format expected by `decryptLinkData`'s parser.
|