From 22bf2e399096d963dd177366e99d9859b6f01c27 Mon Sep 17 00:00:00 2001
From: Karolin Varner <karo@cupdev.net>
Date: Wed, 13 Aug 2025 18:00:37 +0200
Subject: [PATCH] fix(proverif): Incorrect parameter ordering in
 encaps_/decaps_and_mix

---
 analysis/rosenpass/handshake_state.mpv | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/analysis/rosenpass/handshake_state.mpv b/analysis/rosenpass/handshake_state.mpv
index c114d8b..6a6bb29 100644
--- a/analysis/rosenpass/handshake_state.mpv
+++ b/analysis/rosenpass/handshake_state.mpv
@@ -143,10 +143,10 @@ letfun ENCRYPT_AND_MIX(ct, pt) \
 // TODO: Migrate kems to use binary ciphertexts directly
 #define ENCAPS_AND_MIX(ct, pk, shk) \
   ct <- kem_enc(pk, shk);           \
-  MIX3(kem_pk2b(pk), ct, k2b(shk))
+  MIX3(kem_pk2b(pk), k2b(shk), ct)
 #define DECAPS_AND_MIX(sk, pk, ct) \
   DUMMY(shk) <- kem_dec(sk, ct);   \
-  MIX3(kem_pk2b(pk), ct, k2b(DUMMY(shk)))
+  MIX3(kem_pk2b(pk), k2b(DUMMY(shk)), ct)
 
 
 // biscuits