From 6383231a6a48469361955173d4ed28900e8c26a6 Mon Sep 17 00:00:00 2001 From: Karolin Varner Date: Thu, 14 Aug 2025 16:25:00 +0200 Subject: [PATCH] fix(whitepaper): biscuit_ct destructuring is destructuring a concatenation --- papers/whitepaper.md | 21 ++++++++++++++++++++- rosenpass/src/protocol/protocol.rs | 2 +- rosenpass/src/protocol/test_vector_sets.rs | 4 ++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/papers/whitepaper.md b/papers/whitepaper.md index c006fb2..2881984 100644 --- a/papers/whitepaper.md +++ b/papers/whitepaper.md @@ -492,7 +492,7 @@ Note that the `mix(biscuit_ct)` call updates the chaining key, but that update d fn load_biscuit(biscuit_ct) { // Decrypt the biscuit let k = biscuit_key; - let (n, ct) = biscuit_ct; + let concat(n, ct) = biscuit_ct; let ad = lhash( "biscuit additional data", spkr, sidi, sidr); @@ -957,6 +957,25 @@ Changes, in particular: 17. Consistent naming convention. Always use the term `secret key`, never `private key`. 18. `pidiC` -> `pidi_ct`; to make it clearer that this is a cipher text 19. Where we refer to the biscuit ciphertext, we now use the term `biscuit_ct`. Previously we had used various variable names such as `nct` (nonce followed by cipher text) or just plain `biscuit`. +20. In `load_biscuit`, we make it clear that destructuring of `biscuit_ct` destructures a concatenation. + + ``` {=tex} + \begin{quote} + \begin{minted}{pseudorust} + let (n, ct) = biscuit_ct; + \end{minted} + \end{quote} + ``` + + with + + ``` {=tex} + \begin{quote} + \begin{minted}{pseudorust} + let concat(n, ct) = biscuit_ct; + \end{minted} + \end{quote} + ``` #### 2025-06-24 – Specifying the `osk` used for WireGuard as a protocol extension diff --git a/rosenpass/src/protocol/protocol.rs b/rosenpass/src/protocol/protocol.rs index 6b6dd61..faaa056 100644 --- a/rosenpass/src/protocol/protocol.rs +++ b/rosenpass/src/protocol/protocol.rs @@ -3612,7 +3612,7 @@ impl CryptoServer { self.pidm(peer.get(self).protocol_version.keyed_hash())? .as_ref(), )?; - TV::check_value(&test_values.init_hello_pidic, &ih.pidic); + TV::check_value(&test_values.init_hello_pidi_ct, &ih.pidi_ct); TV::check_value( &test_values.init_handshake_mix_3, &hs.core.ck.clone().danger_into_secret(), diff --git a/rosenpass/src/protocol/test_vector_sets.rs b/rosenpass/src/protocol/test_vector_sets.rs index 615f13a..89cd9e9 100644 --- a/rosenpass/src/protocol/test_vector_sets.rs +++ b/rosenpass/src/protocol/test_vector_sets.rs @@ -61,10 +61,10 @@ pub struct HandleInitiationTestValues { #[test_vec(name = "hs.core.ck 2")] pub init_handshake_mix_2: TestValue>, - #[test_vec(name = "ih.pidic")] + #[test_vec(name = "ih.pidi_ct")] #[test_vec(serialize_with = "serialize_byte_arr")] #[test_vec(deserialize_with = "deserialize_byte_arr")] - pub init_hello_pidic: TestValue<[u8; rosenpass_ciphers::Aead::TAG_LEN + 32]>, + pub init_hello_pidi_ct: TestValue<[u8; rosenpass_ciphers::Aead::TAG_LEN + 32]>, #[test_vec(name = "hs.core.ck 3")] pub init_handshake_mix_3: TestValue>,