fix(whitepaper): biscuit_ct destructuring is destructuring a concatenation

2025-12-05 20:40:02 -08:00 · 2025-08-14 16:25:00 +02:00
parent 4daca9ed56
commit 6383231a6a
3 changed files with 23 additions and 4 deletions
--- a/papers/whitepaper.md
+++ b/papers/whitepaper.md
@@ -492,7 +492,7 @@ Note that the `mix(biscuit_ct)` call updates the chaining key, but that update d
 fn load_biscuit(biscuit_ct) {
    // Decrypt the biscuit
    let k = biscuit_key;
-    let (n, ct) = biscuit_ct;
+    let concat(n, ct) = biscuit_ct;
    let ad = lhash(
      "biscuit additional data",
      spkr, sidi, sidr);
@@ -957,6 +957,25 @@ Changes, in particular:
 17. Consistent naming convention. Always use the term `secret key`, never  `private key`.
 18. `pidiC` -> `pidi_ct`; to make it clearer that this is a cipher text
 19. Where we refer to the biscuit ciphertext, we now use the term `biscuit_ct`. Previously we had used various variable names such as `nct` (nonce followed by cipher text) or just plain `biscuit`.
+20. In `load_biscuit`, we make it clear that destructuring of `biscuit_ct` destructures a concatenation.
+
+    ``` {=tex}
+    \begin{quote}
+        \begin{minted}{pseudorust}
+        let (n, ct) = biscuit_ct;
+        \end{minted}
+    \end{quote}
+    ```
+
+    with
+
+    ``` {=tex}
+    \begin{quote}
+        \begin{minted}{pseudorust}
+        let concat(n, ct) = biscuit_ct;
+        \end{minted}
+    \end{quote}
+    ```

 #### 2025-06-24 – Specifying the `osk` used for WireGuard as a protocol extension

--- a/rosenpass/src/protocol/protocol.rs
+++ b/rosenpass/src/protocol/protocol.rs
@@ -3612,7 +3612,7 @@ impl CryptoServer {
                self.pidm(peer.get(self).protocol_version.keyed_hash())?
                    .as_ref(),
            )?;
-            TV::check_value(&test_values.init_hello_pidic, &ih.pidic);
+            TV::check_value(&test_values.init_hello_pidi_ct, &ih.pidi_ct);
            TV::check_value(
                &test_values.init_handshake_mix_3,
                &hs.core.ck.clone().danger_into_secret(),
--- a/rosenpass/src/protocol/test_vector_sets.rs
+++ b/rosenpass/src/protocol/test_vector_sets.rs
@@ -61,10 +61,10 @@ pub struct HandleInitiationTestValues {
    #[test_vec(name = "hs.core.ck 2")]
    pub init_handshake_mix_2: TestValue<Secret<KEY_LEN>>,

-    #[test_vec(name = "ih.pidic")]
+    #[test_vec(name = "ih.pidi_ct")]
    #[test_vec(serialize_with = "serialize_byte_arr")]
    #[test_vec(deserialize_with = "deserialize_byte_arr")]
-    pub init_hello_pidic: TestValue<[u8; rosenpass_ciphers::Aead::TAG_LEN + 32]>,
+    pub init_hello_pidi_ct: TestValue<[u8; rosenpass_ciphers::Aead::TAG_LEN + 32]>,

    #[test_vec(name = "hs.core.ck 3")]
    pub init_handshake_mix_3: TestValue<Secret<KEY_LEN>>,