rename SKEM -> StaticKEM & EKEM -> EphemeralKEM

2026-02-27 22:13:12 -08:00 · 2023-04-05 15:47:14 +02:00
parent 897fa3daf6
commit 87b08bcee1
5 changed files with 25 additions and 25 deletions
--- a/benches/handshake.rs
+++ b/benches/handshake.rs
@@ -1,6 +1,6 @@
 use anyhow::Result;
 use rosenpass::{
-    pqkem::{CCAKEM, KEM},
+    pqkem::{EphemeralKEM, CCAKEM},
    protocol::{CcaPk, CcaSk, CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SymKey},
    sodium::sodium_init,
 };
--- a/src/main.rs
+++ b/src/main.rs
@@ -4,7 +4,7 @@ use rosenpass::{
    attempt,
    coloring::{Public, Secret},
    multimatch,
-    pqkem::{KEM, SKEM},
+    pqkem::{StaticKEM, KEM},
    protocol::{CryptoServer, MsgBuf, PeerPtr, SPk, SSk, SymKey, Timing},
    sodium::sodium_init,
    util::{b64_reader, b64_writer, fmt_b64},
@@ -313,7 +313,7 @@ pub fn cmd_keygen(mut args: ArgsWalker) -> Result<()> {
    // Cmd
    let (mut ssk, mut spk) = (SSk::random(), SPk::random());
    unsafe {
-        SKEM::keygen(ssk.secret_mut(), spk.secret_mut())?;
+        StaticKEM::keygen(ssk.secret_mut(), spk.secret_mut())?;
        ssk.store_secret(sf.unwrap())?;
        spk.store_secret(pf.unwrap())?;
    }
--- a/src/msgs.rs
+++ b/src/msgs.rs
@@ -244,9 +244,9 @@ data_lense! { InitHello :=
    /// Randomly generated connection id
    sidi: 4,
    /// Kyber 512 Ephemeral Public Key
-    epki: EKEM::PK_LEN,
+    epki: EphemeralKEM::PK_LEN,
    /// Classic McEliece Ciphertext
-    sctr: SKEM::CT_LEN,
+    sctr: StaticKEM::CT_LEN,
    /// Encryped: 16 byte hash of McEliece initiator static key
    pidic: sodium::AEAD_TAG_LEN + 32,
    /// Encrypted TAI64N Time Stamp (against replay attacks)
@@ -259,9 +259,9 @@ data_lense! { RespHello :=
    /// Copied from InitHello
    sidi: 4,
    /// Kyber 512 Ephemeral Ciphertext
-    ecti: EKEM::CT_LEN,
+    ecti: EphemeralKEM::CT_LEN,
    /// Classic McEliece Ciphertext
-    scti: SKEM::CT_LEN,
+    scti: StaticKEM::CT_LEN,
    /// Empty encrypted message (just an auth tag)
    auth: sodium::AEAD_TAG_LEN,
    /// Responders handshake state in encrypted form
--- a/src/pqkem.rs
+++ b/src/pqkem.rs
@@ -50,7 +50,7 @@ pub trait KEM {
 /// Classic McEliece is chosen because of its high security margin and its small
 /// ciphertexts. The public keys are humongous, but (being static keys) the are never transmitted over
 /// the wire so this is not a big problem.
-pub struct SKEM;
+pub struct StaticKEM;
 /// # Safety
 ///
@@ -65,7 +65,7 @@ pub struct SKEM;
 /// to only check that the buffers are big enough, allowing them to be even
 /// bigger. However, from a correctness point of view it does not make sense to
 /// allow bigger buffers.
-impl KEM for SKEM {
+impl KEM for StaticKEM {
    const SK_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_secret_key as usize;
    const PK_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_public_key as usize;
    const CT_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_ciphertext as usize;
@@ -119,7 +119,7 @@ impl KEM for SKEM {
 /// wireguard paper claimed that CPA security would be sufficient. Nonetheless we choose kyber
 /// which provides CCA security since there are no publicly vetted KEMs out there which provide
 /// only CPA security.
-pub struct EKEM;
+pub struct EphemeralKEM;
 /// # Safety
 ///
@@ -134,7 +134,7 @@ pub struct EKEM;
 /// to only check that the buffers are big enough, allowing them to be even
 /// bigger. However, from a correctness point of view it does not make sense to
 /// allow bigger buffers.
-impl KEM for EKEM {
+impl KEM for EphemeralKEM {
    const SK_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_secret_key as usize;
    const PK_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_public_key as usize;
    const CT_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_ciphertext as usize;
--- a/src/protocol.rs
+++ b/src/protocol.rs
@@ -20,7 +20,7 @@
 //!
 //! ```
 //! use rosenpass::{
-//!     pqkem::{SKEM, KEM},
+//!     pqkem::{StaticKEM, KEM},
 //!     protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
 //! };
 //! # fn main() -> Result<(), rosenpass::RosenpassError> {
@@ -30,11 +30,11 @@
 //!
 //! // initialize public and private key for peer a ...
 //! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
-//! SKEM::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
+//! StaticKEM::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
 //!
 //! // ... and for peer b
 //! let (mut peer_b_sk, mut peer_b_pk) = (SSk::zero(), SPk::zero());
-//! SKEM::keygen(peer_b_sk.secret_mut(), peer_b_pk.secret_mut())?;
+//! StaticKEM::keygen(peer_b_sk.secret_mut(), peer_b_pk.secret_mut())?;
 //!
 //! // initialize server and a pre-shared key
 //! let psk = SymKey::random();
@@ -137,10 +137,10 @@ pub fn has_happened(ev: Timing, now: Timing) -> bool {
 // DATA STRUCTURES & BASIC TRAITS & ACCESSORS ////
-pub type SPk = Secret<{ SKEM::PK_LEN }>; // Just Secret<> instead of Public<> so it gets allocated on the heap
+pub type SPk = Secret<{ StaticKEM::PK_LEN }>; // Just Secret<> instead of Public<> so it gets allocated on the heap
-pub type SSk = Secret<{ SKEM::SK_LEN }>;
+pub type SSk = Secret<{ StaticKEM::SK_LEN }>;
-pub type EPk = Public<{ EKEM::PK_LEN }>;
+pub type EPk = Public<{ EphemeralKEM::PK_LEN }>;
-pub type ESk = Secret<{ EKEM::SK_LEN }>;
+pub type ESk = Secret<{ EphemeralKEM::SK_LEN }>;
 pub type SymKey = Secret<KEY_SIZE>;
 pub type SymHash = Public<KEY_SIZE>;
@@ -1401,10 +1401,10 @@ impl CryptoServer {
        hs.core.init(peer.get(self).spkt.secret())?;        // IHI1
        hs.core.sidi.randomize();                           // IHI2
        ih.sidi_mut().copy_from_slice(&hs.core.sidi.value);
-        EKEM::keygen(hs.eski.secret_mut(), &mut *hs.epki)?; // IHI3
+        EphemeralKEM::keygen(hs.eski.secret_mut(), &mut *hs.epki)?; // IHI3
        ih.epki_mut().copy_from_slice(&hs.epki.value);
        hs.core.mix(ih.sidi())?.mix(ih.epki())?;            // IHI4
-        hs.core.encaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(  // IHI5
+        hs.core.encaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(  // IHI5
            ih.sctr_mut(),
            peer.get(self).spkt.secret(),
        )?;
@@ -1433,7 +1433,7 @@ impl CryptoServer {
        core.init(self.spkm.secret())?;                    // IHR1
        core.mix(ih.sidi())?.mix(ih.epki())?;              // IHR4
-        core.decaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(    // IHR5
+        core.decaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(    // IHR5
            self.sskm.secret(),
            self.spkm.secret(),
            ih.sctr(),
@@ -1453,9 +1453,9 @@ impl CryptoServer {
        rh.sidi_mut().copy_from_slice(core.sidi.as_ref());
        rh.sidr_mut().copy_from_slice(core.sidr.as_ref());
        core.mix(rh.sidr())?.mix(rh.sidi())?;              // RHR3
-        core.encaps_and_mix::<EKEM, { EKEM::SHK_LEN }>(    // RHR4
+        core.encaps_and_mix::<EphemeralKEM, { EphemeralKEM::SHK_LEN }>(    // RHR4
            rh.ecti_mut(), ih.epki())?;
-        core.encaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(    // RHR5
+        core.encaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(    // RHR5
            rh.scti_mut(),
            peer.get(self).spkt.secret(),
        )?;
@@ -1513,12 +1513,12 @@ impl CryptoServer {
        //       to save us from the repetitive secret unwrapping
        core.mix(rh.sidr())?.mix(rh.sidi())?;             // RHI3
-        core.decaps_and_mix::<EKEM, { EKEM::SHK_LEN }>(   // RHI4
+        core.decaps_and_mix::<EphemeralKEM, { EphemeralKEM::SHK_LEN }>(   // RHI4
            hs!().eski.secret(),
            &*hs!().epki,
            rh.ecti(),
        )?;
-        core.decaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(   // RHI5
+        core.decaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(   // RHI5
            self.sskm.secret(),
            self.spkm.secret(),
            rh.scti(),