root: 0  { shape: text }
PROTOCOL: "PROTOCOL"  { shape: text }

protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}

ck_init: '"chaining key init"' { shape: text }
ck_ext: '"chaining key extract"'  { shape: text }

mac: '"mac"' { shape: text }
mac_param: MAC_WIRE_DATA { shape: text }
cookie: '"cookie"' { shape: text }
cookie_param: COOKIE_WIRE_DATA { shape: text }
peer_id: '"peer_id"' { shape: text }
peer_id_p1: spkm { shape: text}
peer_id_p2: spkt { shape: text}

root -> PROTOCOL

PROTOCOL -> mac -> mac_param
PROTOCOL -> cookie -> cookie_param
PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
PROTOCOL -> ck_init
PROTOCOL -> ck_ext

mix: '"mix"' { shape: text }
user: '"user"' { shape: text }
rp_eu: '"rosenpass.eu"' { shape: text }
wg_psk: '"wireguard psk"' { shape: text }
hs_enc: '"handshake encryption"' { shape: text }
ini_enc: '"initiator session encryption"' { shape: text }
res_enc: '"responder session encryption"' { shape: text }

ck_ext -> mix
ck_ext -> user -> rp_eu -> wg_psk
ck_ext -> hs_enc
ck_ext -> ini_enc
ck_ext -> res_enc

# ck_init -> InitHello.start

InitHello {
  start   -> d0 \
    -> m1 -> d1 \
    -> m2 -> d2

              d2 -> encaps_spkr.m1
  encaps_spkr.d3 -> encrypt_ltk.m1
  encaps_spkr.d3 -> encrypt_ltk.key
  encrypt_ltk.d1 -> encrypt_auth.m1
  encrypt_ltk.d1 -> encrypt_auth.key

  m1: "mix" { shape: text }
  m2: "mix" { shape: text }

  start: '"chaining key init"' { shape: text }
  d0: "spkr" { shape: circle }
  d1: "sidi" { shape: circle }
  d2: "epki" { shape: circle }

  encaps_spkr {
       m1 -> d1 \
    -> m2 -> d2 \
    -> m3 -> d3 \

    m1: "mix" { shape: text }
    m2: "mix" { shape: text }
    m3: "mix" { shape: text }

    d1: "spkr" { shape: circle }
    d2: "sctr" { shape: circle }
    d3: "sptr" { shape: circle }
  }

  encrypt_ltk {
    m1 -> d1

    encrypt: 'Aead::enc(peer_id(spkr, spki))'
    key -> encrypt: {
      target-arrowhead.label: key
    }
    data -> encrypt: {
      target-arrowhead.label: data
    }
    encrypt -> d1: {
      source-arrowhead.label: output
    }

    m1: "mix" { shape: text }
    key: '"handshake encryption"' { shape: text }
    data: 'ref from "peer id" branch after spkt' { shape: text }
    d1: "ct" { shape: diamond }
  }

  encrypt_auth {
    m1 -> d1

    encrypt: 'Aead::enc(empty())'
    key -> encrypt: {
      target-arrowhead.label: key
    }
    encrypt -> d1: {
      source-arrowhead.label: output
    }

    m1: "mix" { shape: text }
    key: '"handshake encryption"' { shape: text }
    d1: "ct" { shape: diamond }
  }
}

RespHello {
  start -> d0 -> m1 -> d1
              d1 -> encaps_epki.m1
  encaps_epki.d3 -> encaps_spki.m1
  encaps_spki.d3 -> m2 -> d2
  d2 -> encrypt_auth.m1

  store_biscuit -> d2
  "pidi" -> store_biscuit {
    target-arrowhead.label: "field=peerid"
  }
  encaps_spki.d3 -> store_biscuit {
    target-arrowhead.label: "field=ck"
  }


  m1: "mix" { shape: text }
  m2: "mix" { shape: text }

  start: '(state from InitHello)' { shape: text }
  d0: "sidr" { shape: circle }
  d1: "sidi" { shape: circle }
  d2: "biscuit" { shape: diamond }

  store_biscuit: "store_biscuit()"

  encaps_epki {
       m1 -> d1 \
    -> m2 -> d2 \
    -> m3 -> d3 \

    m1: "mix" { shape: text }
    m2: "mix" { shape: text }
    m3: "mix" { shape: text }

    d1: "epki" { shape: circle }
    d2: "ecti" { shape: circle }
    d3: "epti" { shape: circle }
  }

  encaps_spki {
       m1 -> d1 \
    -> m2 -> d2 \
    -> m3 -> d3 \

    m1: "mix" { shape: text }
    m2: "mix" { shape: text }
    m3: "mix" { shape: text }

    d1: "spki" { shape: circle }
    d2: "scti" { shape: circle }
    d3: "spti" { shape: circle }
  }

  encrypt_auth {
    m1 -> d1

    encrypt: 'Aead::enc(empty())'
    key -> encrypt: {
      target-arrowhead.label: key
    }
    encrypt -> d1: {
      source-arrowhead.label: output
    }

    m1: "mix" { shape: text }
    key: '"handshake encryption"' { shape: text }
    d1: "ct" { shape: diamond }
  }
}

InitConf {
  start -> d0 -> m1 -> d1 -> encrypt_auth.m1

  encrypt_auth.d1 -> ol1 -> o1
  encrypt_auth.d1 -> ol2 -> o2
  encrypt_auth.d1 -> ol3 -> o3

  m1: "mix" { shape: text }

  start: '(state from RespHello)' { shape: text }
  d0: "sidi" { shape: circle }
  d1: "sidr" { shape: circle }

  ol1: '"wireguard psk"' { shape: text }
  ol2: '"initiator session encryption"' { shape: text }
  ol3: '"responder session encryption"' { shape: text}
                                                             o2: "" { shape: page }
  o1: "" { shape: step }
  o2: "" { shape: step }
  o3: "" { shape: step }

  encrypt_auth {
    m1 -> d1

    encrypt: 'Aead::enc(empty())'
    key -> encrypt: {
      target-arrowhead.label: key
    }
    encrypt -> d1: {
      source-arrowhead.label: output
    }

    m1: "mix" { shape: text }
    key: '"handshake encryption"' { shape: text }
    d1: "ct" { shape: diamond }
  }
}