chore(whitepaper): Biscuit and pidi cipher texts now called pidi_ct/biscuit_ct

2025-12-05 20:40:02 -08:00 · 2025-08-28 15:14:54 +02:00
parent 75ff1e8292
commit 4daca9ed56
9 changed files with 39 additions and 37 deletions
--- a/analysis/rosenpass/03_identity_hiding.mpv
+++ b/analysis/rosenpass/03_identity_hiding.mpv
@@ -58,7 +58,7 @@ let secure_init_hello(initiator: kem_sk_tmpl, sidi : SessionId, psk: key_tmpl, r

  new epkit:kem_pk;    // epki
  new sctrt:bits;      // sctr 
-  new pidiCt:bits;      // pidiC
+  new pidi_ct:bits;      // pidi_ct
  new autht:bits;       // auth

  NEW_TRUSTED_SEED(seski_trusted_seed)
@@ -70,9 +70,9 @@ let secure_init_hello(initiator: kem_sk_tmpl, sidi : SessionId, psk: key_tmpl, r

 let secure_resp_hello(initiator: kem_sk_tmpl, responder: kem_sk_tmpl, sidi:SessionId, sidr:SessionId, biscuit_no:Atom, psk:key_tmpl) =

-  in(D, InitHello(=secure_sidi, epki, sctr, pidiC, auth));
+  in(D, InitHello(=secure_sidi, epki, sctr, pidi_ct, auth));

-  ih <- InitHello(sidi, epki, sctr, pidiC, auth);
+  ih <- InitHello(sidi, epki, sctr, pidi_ct, auth);
  NEW_TRUSTED_SEED(septi_trusted_seed)
  NEW_TRUSTED_SEED(sspti_trusted_seed)
  new last_cookie:key;
--- a/analysis/rosenpass/cookie.mpv
+++ b/analysis/rosenpass/cookie.mpv
@@ -19,7 +19,7 @@ fun CookieMsg(
  COOKIE_EV(event MCAT(eventLbl, _UnderLoadEV) (spkm, spkt, last_cookie);)	\
  msgB <- Envelope(mac1, RH2b(rh));	\
  mac2_key <- create_mac2_key(sskm, spkt)	\
-  let RespHello(sidi, sidr, ecti, scti, biscuit, auth) = rh in \
+  let RespHello(sidi, sidr, ecti, scti, biscuit_ct, auth) = rh in \
  if Envelope(mac2_key, msgB) = mac2 then	\
    COOKIE_EV(event MCAT(eventLbl, _CookieValidated) (spkm, last_cookie);)	\
    innerFunc	\
--- a/analysis/rosenpass/oracles.mpv
+++ b/analysis/rosenpass/oracles.mpv
@@ -86,8 +86,8 @@ MTX_EV( event RHRjct(RespHello_t, key, kem_sk, kem_pk). )
 MTX_EV( event ICSent(RespHello_t, InitConf_t, key, kem_sk, kem_pk). )
 SES_EV( event InitiatorSession(RespHello_t, key). )
 let Oresp_hello(HS_DECL_ARGS) =
-  in(C, Cresp_hello(RespHello(sidr, =sidi, ecti, scti, biscuit, auth)));
-  rh <- RespHello(sidr, sidi, ecti, scti, biscuit, auth);
+  in(C, Cresp_hello(RespHello(sidr, =sidi, ecti, scti, biscuit_ct, auth)));
+  rh <- RespHello(sidr, sidi, ecti, scti, biscuit_ct, auth);
  /* try */ let ic = (
    ck_ini <- ck;
    RESPHELLO_CONSUME()
@@ -124,7 +124,7 @@ let Oinit_hello() =
  call <- Cinit_hello(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih);
 #endif
  // TODO: This is ugly
-  let InitHello(sidi, epki, sctr, pidiC, auth) = ih in
+  let InitHello(sidi, epki, sctr, pidi_ct, auth) = ih in
  SETUP_HANDSHAKE_STATE()
  eski <- kem_sk0;
  epti <- rng_key(setup_seed(Septi)); // RHR4
--- a/analysis/rosenpass/protocol.mpv
+++ b/analysis/rosenpass/protocol.mpv
@@ -7,7 +7,7 @@ fun InitHello(
  SessionId, // sidi
  kem_pk,    // epki
  bits,      // sctr 
-  bits,      // pidiC
+  bits,      // pidi_ct
  bits       // auth
 ) : InitHello_t [data].

@@ -17,16 +17,16 @@ fun InitHello(
  /* not handled here */                /* IHI3 */ \
  MIX2(sid2b(sidi), kem_pk2b(epki))     /* IHI4 */ \
  ENCAPS_AND_MIX(sctr, spkr, sptr)      /* IHI5 */ \
-  ENCRYPT_AND_MIX(pidiC, pidi)          /* IHI6 */ \
+  ENCRYPT_AND_MIX(pidi_ct, pidi)        /* IHI6 */ \
  MIX2(kem_pk2b(spki), k2b(psk))        /* IHI7 */ \
  ENCRYPT_AND_MIX(auth, empty)          /* IHI8 */ \
-  ih <- InitHello(sidi, epki, sctr, pidiC, auth);
+  ih <- InitHello(sidi, epki, sctr, pidi_ct, auth);

 #define INITHELLO_CONSUME()                       \
  ck <- lprf1(CK_INIT, kem_pk2b(spkr)); /* IHR1 */ \
  MIX2(sid2b(sidi), kem_pk2b(epki))     /* IHR4 */ \
  DECAPS_AND_MIX(sskr, spkr, sctr)      /* IHR5 */ \
-  DECRYPT_AND_MIX(pid, pidiC)           /* IHR6 */ \
+  DECRYPT_AND_MIX(pid, pidi_ct)         /* IHR6 */ \
  LOOKUP_SENDER(pid)                    /* IHR6 */ \
  MIX2(kem_pk2b(spki), k2b(psk))        /* IHR7 */ \
  DECRYPT_AND_MIX(DUMMY(empty), auth)
@@ -46,17 +46,17 @@ fun RespHello(
  MIX2(sid2b(sidr), sid2b(sidi))   /* RHR3 */ \
  ENCAPS_AND_MIX(ecti, epki, epti) /* RHR4 */ \
  ENCAPS_AND_MIX(scti, spki, spti) /* RHR5 */ \
-  STORE_BISCUIT(biscuit)           /* RHR6 */ \
+  STORE_BISCUIT(biscuit_ct)        /* RHR6 */ \
  ENCRYPT_AND_MIX(auth, empty)     /* RHR7 */ \
-  rh <- RespHello(sidr, sidi, ecti, scti, biscuit, auth);
+  rh <- RespHello(sidr, sidi, ecti, scti, biscuit_ct, auth);

 #define RESPHELLO_CONSUME()                                    \
-  let RespHello(sidr, sidi, ecti, scti, biscuit, auth) = rh in \
+  let RespHello(sidr, sidi, ecti, scti, biscuit_ct, auth) = rh in \
  /* not handled here */               /* RHI2 */ \
  MIX2(sid2b(sidr), sid2b(sidi))       /* RHI3 */ \
  DECAPS_AND_MIX(eski, epki, ecti)     /* RHI4 */ \
  DECAPS_AND_MIX(sski, spki, scti)     /* RHI5 */ \
-  MIX(biscuit)                         /* RHI6 */ \
+  MIX(biscuit_ct)                      /* RHI6 */ \
  DECRYPT_AND_MIX(DUMMY(empty), auth)  /* RHI7 */

 type InitConf_t.
@@ -70,11 +70,11 @@ fun InitConf(
 #define INITCONF_PRODUCE()                  \
  MIX2(sid2b(sidi), sid2b(sidr)) /* ICI3 */ \
  ENCRYPT_AND_MIX(auth, empty)   /* ICI4 */ \
-  ic <- InitConf(sidi, sidr, biscuit, auth);
+  ic <- InitConf(sidi, sidr, biscuit_ct, auth);

 #define INITCONF_CONSUME()                        \
-  let InitConf(sidi, sidr, biscuit, auth) = ic in \
-  LOAD_BISCUIT(biscuit_no, biscuit)   /* ICR1 */    \
+  let InitConf(sidi, sidr, biscuit_ct, auth) = ic in \
+  LOAD_BISCUIT(biscuit_no, biscuit_ct)/* ICR1 */    \
  ENCRYPT_AND_MIX(rh_auth, empty)     /* ICIR */    \
  ck_rh <- ck;                        /* ---- */ /* TODO: Move into oracles.mpv */ \
  MIX2(sid2b(sidi), sid2b(sidr))      /* ICR3 */    \