simplify flake.nix

chore: Consistently use the term `Key Encapsulation Mechanism`

.github/workflows/release.yaml

@@ -7,12 +7,11 @@ on:
 
 jobs:
   release:
-    name: Build ${{ matrix.derivation }} on ${{ matrix.nix-system }}
+    name: Release for ${{ matrix.nix-system }}
     runs-on:
       - nix
       - ${{ matrix.nix-system }}
     strategy:
-      fail-fast: false
       matrix:
         nix-system:
           - x86_64-linux
@@ -24,5 +23,27 @@ jobs:
       - name: Release
         uses: softprops/action-gh-release@v1
         with:
+          draft: ${{ contains(github.ref_name, 'rc') }}
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
+          files: |
+            result/*
+
+          
+  release-darwin:
+    name: Release for x86_64-darwin
+    runs-on:
+      - macos-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v20
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build release-package for ${{ matrix.nix-system }}
+        run: nix build .#release-package --print-build-logs
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: ${{ contains(github.ref_name, 'rc') }}
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
           files: |
             result/*

Cargo.lock

@@ -865,7 +865,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 
 [[package]]
 name = "rosenpass"
-version = "0.1.1"
+version = "0.1.2-rc.3"
 dependencies = [
  "anyhow",
  "base64",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rosenpass"
-version = "0.1.1"
+version = "0.1.2-rc.3"
 authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"

flake.nix

@@ -132,19 +132,15 @@
               default = rosenpass;
               rosenpass = rpDerivation pkgs;
               rosenpass-oci-image = rosenpassOCI "rosenpass";
+              rosenpass-static = rpDerivation pkgs.pkgsStatic;
+              rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
 
               # derivation for the release
               release-package =
                 let
                   version = cargoToml.package.version;
-                  package =
-                    if pkgs.hostPlatform.isLinux then
-                      packages.rosenpass-static
-                    else packages.rosenpass;
-                  oci-image =
-                    if pkgs.hostPlatform.isLinux then
-                      packages.rosenpass-static-oci-image
-                    else packages.rosenpass-oci-image;
+                  package = packages.rosenpass-static;
+                  oci-image = packages.rosenpass-static-oci-image;
                 in
                 pkgs.runCommandNoCC "lace-result" { }
                   ''
@@ -155,10 +151,7 @@
                     cp ${oci-image} \
                       $out/rosenpass-oci-image-${system}-${version}.tar.gz
                   '';
-            } // (if pkgs.stdenv.isLinux then rec {
-              rosenpass-static = rpDerivation pkgs.pkgsStatic;
-              rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
-            } else { });
+            };
           }
         ))
 

papers/graphics/readme.md

@@ -0,0 +1,5 @@
+# Illustrations
+
+## License
+
+The graphics graphics (SVG, PDF, and PNG files) in this folder are released under the CC BY-SA 4.0 license.

papers/prftree.d2

@@ -1,218 +0,0 @@
-root: 0  { shape: text }
-PROTOCOL: "PROTOCOL"  { shape: text }
-
-protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}
-
-ck_init: '"chaining key init"' { shape: text }
-ck_ext: '"chaining key extract"'  { shape: text }
-
-mac: '"mac"' { shape: text }
-mac_param: MAC_WIRE_DATA { shape: text }
-cookie: '"cookie"' { shape: text }
-cookie_param: COOKIE_WIRE_DATA { shape: text }
-peer_id: '"peer_id"' { shape: text }
-peer_id_p1: spkm { shape: text}
-peer_id_p2: spkt { shape: text}
-
-root -> PROTOCOL
-
-PROTOCOL -> mac -> mac_param
-PROTOCOL -> cookie -> cookie_param
-PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
-PROTOCOL -> ck_init
-PROTOCOL -> ck_ext
-
-mix: '"mix"' { shape: text }
-user: '"user"' { shape: text }
-rp_eu: '"rosenpass.eu"' { shape: text }
-wg_psk: '"wireguard psk"' { shape: text }
-hs_enc: '"handshake encryption"' { shape: text }
-ini_enc: '"initiator session encryption"' { shape: text }
-res_enc: '"responder session encryption"' { shape: text }
-
-ck_ext -> mix
-ck_ext -> user -> rp_eu -> wg_psk
-ck_ext -> hs_enc
-ck_ext -> ini_enc
-ck_ext -> res_enc
-
-# ck_init -> InitHello.start
-
-InitHello {
-  start   -> d0 \
-    -> m1 -> d1 \
-    -> m2 -> d2
-
-              d2 -> encaps_spkr.m1
-  encaps_spkr.d3 -> encrypt_ltk.m1
-  encaps_spkr.d3 -> encrypt_ltk.key
-  encrypt_ltk.d1 -> encrypt_auth.m1
-  encrypt_ltk.d1 -> encrypt_auth.key
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '"chaining key init"' { shape: text }
-  d0: "spkr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "epki" { shape: circle }
-
-  encaps_spkr {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spkr" { shape: circle }
-    d2: "sctr" { shape: circle }
-    d3: "sptr" { shape: circle }
-  }
-
-  encrypt_ltk {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(peer_id(spkr, spki))'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    data -> encrypt: {
-      target-arrowhead.label: data
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    data: 'ref from "peer id" branch after spkt' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-RespHello {
-  start -> d0 -> m1 -> d1
-              d1 -> encaps_epki.m1
-  encaps_epki.d3 -> encaps_spki.m1
-  encaps_spki.d3 -> m2 -> d2
-  d2 -> encrypt_auth.m1
-
-  store_biscuit -> d2
-  "pidi" -> store_biscuit {
-    target-arrowhead.label: "field=peerid"
-  }
-  encaps_spki.d3 -> store_biscuit {
-    target-arrowhead.label: "field=ck"
-  }
-
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '(state from InitHello)' { shape: text }
-  d0: "sidr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "biscuit" { shape: diamond }
-
-  store_biscuit: "store_biscuit()"
-
-  encaps_epki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "epki" { shape: circle }
-    d2: "ecti" { shape: circle }
-    d3: "epti" { shape: circle }
-  }
-
-  encaps_spki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spki" { shape: circle }
-    d2: "scti" { shape: circle }
-    d3: "spti" { shape: circle }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-InitConf {
-  start -> d0 -> m1 -> d1 -> encrypt_auth.m1
-
-  encrypt_auth.d1 -> ol1 -> o1
-  encrypt_auth.d1 -> ol2 -> o2
-  encrypt_auth.d1 -> ol3 -> o3
-
-  m1: "mix" { shape: text }
-
-  start: '(state from RespHello)' { shape: text }
-  d0: "sidi" { shape: circle }
-  d1: "sidr" { shape: circle }
-
-  ol1: '"wireguard psk"' { shape: text }
-  ol2: '"initiator session encryption"' { shape: text }
-  ol3: '"responder session encryption"' { shape: text}
-                                                             o2: "" { shape: page }
-  o1: "" { shape: step }
-  o2: "" { shape: step }
-  o3: "" { shape: step }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}

papers/readme.md

@@ -23,3 +23,7 @@ inside `papers/`. The PDF files will be located directly in `papers/`.
 The version info is using gitinfo2. To use the setup one has to run the `papers/tex/gitinfo2.sh` script. In local copies it's also possible to add this as a post-checkout or post-commit hook to keep it automatically up to date.
 
 The version information in the footer automatically includes a “draft”. This can be removed by tagging a release version using `\jobname-release`, e.h. `whitepaper-release` for the `whitepaper.md` file.
+
+## Licensing of assets
+
+The text files and graphics in this folder (i.e. whitepaper.md, the SVG, PDF, and PNG files in the graphics/ folder) are released under the CC BY-SA 4.0 license.

papers/sequencing.d2

@@ -1,81 +0,0 @@
-Protocol: {
-  shape: sequence_diagram
-  ini: "Initiator"
-  res: "Responder"
-  ini -> res: "InitHello"
-  res -> ini: "RespHello"
-  ini -> res: "InitConf"
-  res -> ini: "EmptyData"
-}
-
-Envelope: "Envelope" {
-  shape: class
-  type: "1"
-  '': 3
-  payload: variable
-  mac: 16
-  cookie: 16
-}
-
-Envelope.payload -> InitHello
-InitHello: "InitHello (type=0x81)" {
-  shape: class
-  sidi: 4
-  epki: 800
-  sctr: 188
-  peerid: 32 + 16 = 48
-  auth: 16
-}
-
-Envelope.payload -> RespHello
-RespHello: "RespHello (type=0x82)" {
-  shape: class
-  sidr: 4
-  sidi: 4
-  ecti: 768
-  scti: 188
-  biscuit: 76 + 24 + 16 = 116
-  auth: 16
-}
-
-Envelope.payload -> InitConf
-InitConf: "InitConf (type=0x83)" {
-  shape: class
-  sidi: 4
-  sidr: 4
-  biscuit: 76 + 24 +16 = 116
-  auth: 16
-}
-
-Envelope.payload -> EmptyData
-EmptyData: "EmptyData (type=0x84)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  auth: 16
-}
-
-Envelope.payload -> Data
-Data: "Data (type=0x85)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  data: variable + 16
-}
-
-Envelope.payload -> CookieReply
-CookieReply: "CookieReply (type=0x86)" {
-  shape: class
-  sidx: 4
-  nonce: 24
-  cookie: 16 + 16 = 32
-}
-
-RespHello.biscuit -> Biscuit
-InitConf.biscuit -> Biscuit
-Biscuit: "Biscuit" {
-  shape: class
-  peerid: 32
-  no: 12
-  ck: 32
-}

papers/tex/template-rosenpass.tex

@@ -130,7 +130,7 @@
 \bool_set_false:N \l_tmpa_bool
 \gitAbbrevHash{}~(\gitAuthorDate
 \clist_map_inline:Nn \gitTags {
-	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {test-whitepaper}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
+	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {whitepaper-release}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
 }
 \bool_if:NF \l_tmpa_bool {~--~draft}
 )

papers/whitepaper.md

@@ -33,7 +33,7 @@ abstract: |
 Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository. 
 
 ## Secrecy
-Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
+Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
 
 ## Authenticity