rename SKEM -> StaticKEM & EKEM -> EphemeralKEM

benches/handshake.rs

@@ -1,6 +1,6 @@
 use anyhow::Result;
 use rosenpass::{
-    pqkem::{CCAKEM, KEM},
+    pqkem::{EphemeralKEM, CCAKEM},
     protocol::{CcaPk, CcaSk, CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SymKey},
     sodium::sodium_init,
 };

src/main.rs

@@ -4,7 +4,7 @@ use rosenpass::{
     attempt,
     coloring::{Public, Secret},
     multimatch,
-    pqkem::{KEM, SKEM},
+    pqkem::{StaticKEM, KEM},
     protocol::{CryptoServer, MsgBuf, PeerPtr, SPk, SSk, SymKey, Timing},
     sodium::sodium_init,
     util::{b64_reader, b64_writer, fmt_b64},
@@ -313,7 +313,7 @@ pub fn cmd_keygen(mut args: ArgsWalker) -> Result<()> {
     // Cmd
     let (mut ssk, mut spk) = (SSk::random(), SPk::random());
     unsafe {
-        SKEM::keygen(ssk.secret_mut(), spk.secret_mut())?;
+        StaticKEM::keygen(ssk.secret_mut(), spk.secret_mut())?;
         ssk.store_secret(sf.unwrap())?;
         spk.store_secret(pf.unwrap())?;
     }

src/msgs.rs

@@ -244,9 +244,9 @@ data_lense! { InitHello :=
     /// Randomly generated connection id
     sidi: 4,
     /// Kyber 512 Ephemeral Public Key
-    epki: EKEM::PK_LEN,
+    epki: EphemeralKEM::PK_LEN,
     /// Classic McEliece Ciphertext
-    sctr: SKEM::CT_LEN,
+    sctr: StaticKEM::CT_LEN,
     /// Encryped: 16 byte hash of McEliece initiator static key
     pidic: sodium::AEAD_TAG_LEN + 32,
     /// Encrypted TAI64N Time Stamp (against replay attacks)
@@ -259,9 +259,9 @@ data_lense! { RespHello :=
     /// Copied from InitHello
     sidi: 4,
     /// Kyber 512 Ephemeral Ciphertext
-    ecti: EKEM::CT_LEN,
+    ecti: EphemeralKEM::CT_LEN,
     /// Classic McEliece Ciphertext
-    scti: SKEM::CT_LEN,
+    scti: StaticKEM::CT_LEN,
     /// Empty encrypted message (just an auth tag)
     auth: sodium::AEAD_TAG_LEN,
     /// Responders handshake state in encrypted form

src/pqkem.rs

@@ -50,7 +50,7 @@ pub trait KEM {
 /// Classic McEliece is chosen because of its high security margin and its small
 /// ciphertexts. The public keys are humongous, but (being static keys) the are never transmitted over
 /// the wire so this is not a big problem.
-pub struct SKEM;
+pub struct StaticKEM;
 
 /// # Safety
 ///
@@ -65,7 +65,7 @@ pub struct SKEM;
 /// to only check that the buffers are big enough, allowing them to be even
 /// bigger. However, from a correctness point of view it does not make sense to
 /// allow bigger buffers.
-impl KEM for SKEM {
+impl KEM for StaticKEM {
     const SK_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_secret_key as usize;
     const PK_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_public_key as usize;
     const CT_LEN: usize = oqs_sys::kem::OQS_KEM_classic_mceliece_460896_length_ciphertext as usize;
@@ -119,7 +119,7 @@ impl KEM for SKEM {
 /// wireguard paper claimed that CPA security would be sufficient. Nonetheless we choose kyber
 /// which provides CCA security since there are no publicly vetted KEMs out there which provide
 /// only CPA security.
-pub struct EKEM;
+pub struct EphemeralKEM;
 
 /// # Safety
 ///
@@ -134,7 +134,7 @@ pub struct EKEM;
 /// to only check that the buffers are big enough, allowing them to be even
 /// bigger. However, from a correctness point of view it does not make sense to
 /// allow bigger buffers.
-impl KEM for EKEM {
+impl KEM for EphemeralKEM {
     const SK_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_secret_key as usize;
     const PK_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_public_key as usize;
     const CT_LEN: usize = oqs_sys::kem::OQS_KEM_kyber_512_length_ciphertext as usize;

src/protocol.rs

@@ -20,7 +20,7 @@
 //!
 //! ```
 //! use rosenpass::{
-//!     pqkem::{SKEM, KEM},
+//!     pqkem::{StaticKEM, KEM},
 //!     protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
 //! };
 //! # fn main() -> Result<(), rosenpass::RosenpassError> {
@@ -30,11 +30,11 @@
 //!
 //! // initialize public and private key for peer a ...
 //! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
-//! SKEM::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
+//! StaticKEM::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
 //!
 //! // ... and for peer b
 //! let (mut peer_b_sk, mut peer_b_pk) = (SSk::zero(), SPk::zero());
-//! SKEM::keygen(peer_b_sk.secret_mut(), peer_b_pk.secret_mut())?;
+//! StaticKEM::keygen(peer_b_sk.secret_mut(), peer_b_pk.secret_mut())?;
 //!
 //! // initialize server and a pre-shared key
 //! let psk = SymKey::random();
@@ -137,10 +137,10 @@ pub fn has_happened(ev: Timing, now: Timing) -> bool {
 
 // DATA STRUCTURES & BASIC TRAITS & ACCESSORS ////
 
-pub type SPk = Secret<{ SKEM::PK_LEN }>; // Just Secret<> instead of Public<> so it gets allocated on the heap
-pub type SSk = Secret<{ SKEM::SK_LEN }>;
-pub type EPk = Public<{ EKEM::PK_LEN }>;
-pub type ESk = Secret<{ EKEM::SK_LEN }>;
+pub type SPk = Secret<{ StaticKEM::PK_LEN }>; // Just Secret<> instead of Public<> so it gets allocated on the heap
+pub type SSk = Secret<{ StaticKEM::SK_LEN }>;
+pub type EPk = Public<{ EphemeralKEM::PK_LEN }>;
+pub type ESk = Secret<{ EphemeralKEM::SK_LEN }>;
 
 pub type SymKey = Secret<KEY_SIZE>;
 pub type SymHash = Public<KEY_SIZE>;
@@ -1401,10 +1401,10 @@ impl CryptoServer {
         hs.core.init(peer.get(self).spkt.secret())?;        // IHI1
         hs.core.sidi.randomize();                           // IHI2
         ih.sidi_mut().copy_from_slice(&hs.core.sidi.value);
-        EKEM::keygen(hs.eski.secret_mut(), &mut *hs.epki)?; // IHI3
+        EphemeralKEM::keygen(hs.eski.secret_mut(), &mut *hs.epki)?; // IHI3
         ih.epki_mut().copy_from_slice(&hs.epki.value);
         hs.core.mix(ih.sidi())?.mix(ih.epki())?;            // IHI4
-        hs.core.encaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(  // IHI5
+        hs.core.encaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(  // IHI5
             ih.sctr_mut(),
             peer.get(self).spkt.secret(),
         )?;
@@ -1433,7 +1433,7 @@ impl CryptoServer {
 
         core.init(self.spkm.secret())?;                    // IHR1
         core.mix(ih.sidi())?.mix(ih.epki())?;              // IHR4
-        core.decaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(    // IHR5
+        core.decaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(    // IHR5
             self.sskm.secret(),
             self.spkm.secret(),
             ih.sctr(),
@@ -1453,9 +1453,9 @@ impl CryptoServer {
         rh.sidi_mut().copy_from_slice(core.sidi.as_ref());
         rh.sidr_mut().copy_from_slice(core.sidr.as_ref());
         core.mix(rh.sidr())?.mix(rh.sidi())?;              // RHR3
-        core.encaps_and_mix::<EKEM, { EKEM::SHK_LEN }>(    // RHR4
+        core.encaps_and_mix::<EphemeralKEM, { EphemeralKEM::SHK_LEN }>(    // RHR4
             rh.ecti_mut(), ih.epki())?;
-        core.encaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(    // RHR5
+        core.encaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(    // RHR5
             rh.scti_mut(),
             peer.get(self).spkt.secret(),
         )?;
@@ -1513,12 +1513,12 @@ impl CryptoServer {
         //       to save us from the repetitive secret unwrapping
 
         core.mix(rh.sidr())?.mix(rh.sidi())?;             // RHI3
-        core.decaps_and_mix::<EKEM, { EKEM::SHK_LEN }>(   // RHI4
+        core.decaps_and_mix::<EphemeralKEM, { EphemeralKEM::SHK_LEN }>(   // RHI4
             hs!().eski.secret(),
             &*hs!().epki,
             rh.ecti(),
         )?;
-        core.decaps_and_mix::<SKEM, { SKEM::SHK_LEN }>(   // RHI5
+        core.decaps_and_mix::<StaticKEM, { StaticKEM::SHK_LEN }>(   // RHI5
             self.sskm.secret(),
             self.spkm.secret(),
             rh.scti(),