chore: Release rosenpass version 0.1.2-rc.1

chore: Consistently use the term `Key Encapsulation Mechanism`

.github/workflows/nix.yaml

@@ -31,38 +31,37 @@ jobs:
       - name: Generate gitHeadInfo.gin for the whitepaper
         if: ${{ matrix.derivation == 'whitepaper' }}
         run: ( cd papers && ./tex/gitinfo2.sh && git add gitHeadInfo.gin )
-      - name: Build ${{ matrix.derivation }}
+      - name: Build ${{ matrix.derivation }}@${{ matrix.nix-system }}
         run: |
           # build the package
           nix build .#packages.${{ matrix.nix-system }}.${{ matrix.derivation }} --print-build-logs
 
           # copy over the results
           if [[ -f $(readlink --canonicalize result ) ]]; then
-            mkdir -- ${{ matrix.derivation }}
+            mkdir -- ${{ matrix.derivation }}-${{ matrix.nix-system }}
           fi
-          cp --recursive -- $(readlink --canonicalize -- result) ${{ matrix.derivation }}
-          chmod --recursive -- ug+rw ${{ matrix.derivation }}
+          cp --recursive -- $(readlink --canonicalize result) ${{ matrix.derivation }}-${{ matrix.nix-system }}
+          chmod --recursive ug+rw -- ${{ matrix.derivation }}-${{ matrix.nix-system }}
 
           # add version information
-          git rev-parse --abbrev-ref HEAD > ${{ matrix.derivation }}/git-version
-          git rev-parse HEAD > ${{ matrix.derivation }}/git-sha
+          git rev-parse --abbrev-ref HEAD > ${{ matrix.derivation }}-${{ matrix.nix-system }}/git-version
+          git rev-parse HEAD > ${{ matrix.derivation }}-${{ matrix.nix-system }}/git-sha
 
           # override the `rp` script to keep compatible with non-nix systems
-          if [[ -f ${{ matrix.derivation }}/bin/rp ]]
-          then
-            cp --force rp ${{ matrix.derivation }}/bin/
+          if [[ -f ${{ matrix.derivation }}-${{ matrix.nix-system }}/bin/rp ]]; then
+            cp --force -- rp ${{ matrix.derivation }}-${{ matrix.nix-system }}/bin/
           fi
       - name: Upload build results
         uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.derivation }}@${{ matrix.nix-system }}
-          path: ${{ matrix.derivation }}
+          name: ${{ matrix.derivation }}-${{ matrix.nix-system }}
+          path: ${{ matrix.derivation }}-${{ matrix.nix-system }}
       - name: Deploy PDF artifacts
         if: ${{ matrix.derivation == 'whitepaper' && github.ref == 'refs/heads/main' }}
         uses: peaceiris/actions-gh-pages@v3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: whitepaper
+          publish_dir: ${{ matrix.derivation }}-${{ matrix.nix-system }}
           publish_branch: papers-pdf
           force_orphan: true
   checks:

.github/workflows/qc.yaml

@@ -0,0 +1,47 @@
+name: Quality Control
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  checks: write
+  contents: read
+
+jobs:
+  prettier:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actionsx/prettier@v2
+        with:
+          args: --check .
+
+  cargo-clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - run: rustup component add clippy
+      - name: Install xmllint
+        run: sudo apt-get install -y libsodium-dev
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-features
+
+  cargo-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -0,0 +1,49 @@
+name: Release
+permissions:
+  contents: write
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  release:
+    name: Release for ${{ matrix.nix-system }}
+    runs-on:
+      - nix
+      - ${{ matrix.nix-system }}
+    strategy:
+      matrix:
+        nix-system:
+          - x86_64-linux
+          # - aarch64-linux
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build release-package for ${{ matrix.nix-system }}
+        run: nix build .#release-package --print-build-logs
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: ${{ contains(github.ref_name, 'rc') }}
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
+          files: |
+            result/*
+
+          
+  release-darwin:
+    name: Release for ${{ matrix.nix-system }}
+    runs-on:
+      - macos-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v20
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build release-package for ${{ matrix.nix-system }}
+        run: nix build .#release-package --print-build-logs
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: ${{ contains(github.ref_name, 'rc') }}
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
+          files: |
+            result/*

.prettierignore

@@ -0,0 +1,4 @@
+.direnv/
+papers/whitepaper.md
+target/
+src/usage.md

Cargo.lock

@@ -34,9 +34,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.68"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61"
+checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800"
 dependencies = [
  "backtrace",
 ]
@@ -108,18 +108,6 @@ version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
-[[package]]
-name = "bstr"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba3569f383e8f1598449f1a423e72e99569137b47740b1da11ef19af3d5c3223"
-dependencies = [
- "lazy_static",
- "memchr",
- "regex-automata",
- "serde",
-]
-
 [[package]]
 name = "build-deps"
 version = "0.1.4"
@@ -131,9 +119,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.11.1"
+version = "3.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba"
+checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
 
 [[package]]
 name = "byteorder"
@@ -149,9 +137,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 
 [[package]]
 name = "cc"
-version = "1.0.78"
+version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
 
 [[package]]
 name = "cexpr"
@@ -170,9 +158,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "clang-sys"
-version = "1.4.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa2e27ae6ab525c3d369ded447057bca5438d86dc3a68f6faafb8269ba82ebf3"
+checksum = "77ed9a53e5d4d9c573ae844bfac6872b159cb1d1585a83b29e7a64b7eef7332a"
 dependencies = [
  "glob",
  "libc",
@@ -314,13 +302,12 @@ dependencies = [
 
 [[package]]
 name = "csv"
-version = "1.1.6"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22813a6dc45b335f9bade10bf7271dc477e81113e89eb251a0bc2a8a81c536e1"
+checksum = "af91f40b7355f82b0a891f50e70399475945bb0b0da4f1700ce60761c9d3e359"
 dependencies = [
- "bstr",
  "csv-core",
- "itoa 0.4.8",
+ "itoa",
  "ryu",
  "serde",
 ]
@@ -336,9 +323,9 @@ dependencies = [
 
 [[package]]
 name = "either"
-version = "1.8.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
+checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
 
 [[package]]
 name = "env_logger"
@@ -389,14 +376,14 @@ dependencies = [
 
 [[package]]
 name = "filetime"
-version = "0.2.19"
+version = "0.2.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e884668cd0c7480504233e951174ddc3b382f7c2666e3b7310b5c4e7b0c37f9"
+checksum = "8a3de6e8d11b22ff9edc6d916f890800597d60f8b2da1caf2955c274638d6412"
 dependencies = [
  "cfg-if",
  "libc",
  "redox_syscall",
- "windows-sys 0.42.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -420,9 +407,9 @@ dependencies = [
 
 [[package]]
 name = "gimli"
-version = "0.27.0"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dec7af912d60cdbd3677c1af9352ebae6fb8394d165568a2234df0fa00f87793"
+checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4"
 
 [[package]]
 name = "glob"
@@ -499,19 +486,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1abeb7a0dd0f8181267ff8adc397075586500b81b28a73e8a0208b00fc170fb3"
 dependencies = [
  "libc",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
 name = "is-terminal"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22e18b0a45d56fe973d6db23972bf5bc46f988a4a2385deac9cc29572f09daef"
+checksum = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857"
 dependencies = [
  "hermit-abi 0.3.1",
  "io-lifetimes",
  "rustix",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -523,12 +510,6 @@ dependencies = [
  "either",
 ]
 
-[[package]]
-name = "itoa"
-version = "0.4.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
-
 [[package]]
 name = "itoa"
 version = "1.0.5"
@@ -537,9 +518,9 @@ checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
 
 [[package]]
 name = "js-sys"
-version = "0.3.60"
+version = "0.3.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
+checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -564,9 +545,9 @@ checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
 
 [[package]]
 name = "libflate"
-version = "1.2.0"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05605ab2bce11bcfc0e9c635ff29ef8b2ea83f29be257ee7d730cac3ee373093"
+checksum = "97822bf791bd4d5b403713886a5fbe8bf49520fe78e323b0dc480ca1a03e50b0"
 dependencies = [
  "adler32",
  "crc32fast",
@@ -575,9 +556,9 @@ dependencies = [
 
 [[package]]
 name = "libflate_lz77"
-version = "1.1.0"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39a734c0493409afcd49deee13c006a04e3586b9761a03543c6272c9c51f2f5a"
+checksum = "a52d3a8bfc85f250440e4424db7d857e241a3aebbbe301f3eb606ab15c39acbf"
 dependencies = [
  "rle-decode-fast",
 ]
@@ -677,9 +658,9 @@ dependencies = [
 
 [[package]]
 name = "nom"
-version = "7.1.2"
+version = "7.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5507769c4919c998e69e49c839d9dc6e693ede4cc4290d6ad8b41d4f09c548c"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
 dependencies = [
  "memchr",
  "minimal-lexical",
@@ -706,18 +687,18 @@ dependencies = [
 
 [[package]]
 name = "object"
-version = "0.30.1"
+version = "0.30.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d864c91689fdc196779b98dba0aceac6118594c2df6ee5d943eb6a8df4d107a"
+checksum = "ea86265d3d3dcb6a27fc51bd29a4bf387fae9d2986b823079d4986af253eb439"
 dependencies = [
  "memchr",
 ]
 
 [[package]]
 name = "once_cell"
-version = "1.17.0"
+version = "1.17.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66"
+checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
 
 [[package]]
 name = "oorandom"
@@ -797,9 +778,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.49"
+version = "1.0.51"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5"
+checksum = "5d727cae5b39d21da60fa540906919ad737832fe0b1c165da3a34d6548c849d6"
 dependencies = [
  "unicode-ident",
 ]
@@ -825,9 +806,9 @@ dependencies = [
 
 [[package]]
 name = "rayon-core"
-version = "1.10.1"
+version = "1.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cac410af5d00ab6884528b4ab69d1e8e146e8d471201800fa1b4524126de6ad3"
+checksum = "356a0625f1954f730c0201cdab48611198dc6ce21f4acff55089b5a78e6e835b"
 dependencies = [
  "crossbeam-channel",
  "crossbeam-deque",
@@ -846,21 +827,15 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.7.0"
+version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e076559ef8e241f2ae3479e36f97bd5741c0330689e217ad51ce2c76808b868a"
+checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
 dependencies = [
  "aho-corasick",
  "memchr",
  "regex-syntax",
 ]
 
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-
 [[package]]
 name = "regex-syntax"
 version = "0.6.28"
@@ -890,7 +865,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 
 [[package]]
 name = "rosenpass"
-version = "0.1.1-rc.1"
+version = "0.1.2-rc.1"
 dependencies = [
  "anyhow",
  "base64",
@@ -931,7 +906,7 @@ dependencies = [
  "io-lifetimes",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -1006,11 +981,11 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.91"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883"
+checksum = "cad406b69c91885b5107daf2c29572f6c8cdb3c66826821e286c533490c0bc76"
 dependencies = [
- "itoa 1.0.5",
+ "itoa",
  "ryu",
  "serde",
 ]
@@ -1041,9 +1016,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
 [[package]]
 name = "syn"
-version = "1.0.107"
+version = "1.0.109"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1063,9 +1038,9 @@ dependencies = [
 
 [[package]]
 name = "termcolor"
-version = "1.1.3"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
+checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
 dependencies = [
  "winapi-util",
 ]
@@ -1132,9 +1107,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec_macros"
-version = "0.1.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "unicode-bidi"
@@ -1214,9 +1189,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
+checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
 dependencies = [
  "cfg-if",
  "wasm-bindgen-macro",
@@ -1224,9 +1199,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
+checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
 dependencies = [
  "bumpalo",
  "log",
@@ -1239,9 +1214,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
+checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1249,9 +1224,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
+checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1262,15 +1237,15 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
+checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
 
 [[package]]
 name = "web-sys"
-version = "0.3.60"
+version = "0.3.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
+checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -1297,9 +1272,9 @@ dependencies = [
 
 [[package]]
 name = "which"
-version = "4.3.0"
+version = "4.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
+checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269"
 dependencies = [
  "either",
  "libc",
@@ -1337,21 +1312,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
-[[package]]
-name = "windows-sys"
-version = "0.42.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
 [[package]]
 name = "windows-sys"
 version = "0.45.0"
@@ -1438,9 +1398,9 @@ dependencies = [
 
 [[package]]
 name = "zip"
-version = "0.6.3"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "537ce7411d25e54e8ae21a7ce0b15840e7bfcff15b51d697ec3266cc76bdf080"
+checksum = "0445d0fbc924bb93539b4316c11afb121ea39296f99a3c4c9edad09e3658cdef"
 dependencies = [
  "byteorder",
  "crc32fast",

Cargo.toml

@@ -1,12 +1,13 @@
 [package]
 name = "rosenpass"
-version = "0.1.1-rc.1"
+version = "0.1.2-rc.1"
 authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
 description = "Build post-quantum-secure VPNs with WireGuard!"
 homepage = "https://rosenpass.eu/"
 repository = "https://github.com/rosenpass/rosenpass"
+readme = "readme.md"
 
 [[bench]]
 name = "handshake"

flake.nix

@@ -132,6 +132,29 @@
               default = rosenpass;
               rosenpass = rpDerivation pkgs;
               rosenpass-oci-image = rosenpassOCI "rosenpass";
+
+              # derivation for the release
+              release-package =
+                let
+                  version = cargoToml.package.version;
+                  package =
+                    if pkgs.hostPlatform.isLinux then
+                      packages.rosenpass-static
+                    else packages.rosenpass;
+                  oci-image =
+                    if pkgs.hostPlatform.isLinux then
+                      packages.rosenpass-static-oci-image
+                    else packages.rosenpass-oci-image;
+                in
+                pkgs.runCommandNoCC "lace-result" { }
+                  ''
+                    mkdir {bin,$out}
+                    cp ${./.}/rp bin/
+                    tar -cvf $out/rosenpass-${system}-${version}.tar bin/rp \
+                      -C ${package} bin/rosenpass
+                    cp ${oci-image} \
+                      $out/rosenpass-oci-image-${system}-${version}.tar.gz
+                  '';
             } // (if pkgs.stdenv.isLinux then rec {
               rosenpass-static = rpDerivation pkgs.pkgsStatic;
               rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
@@ -222,6 +245,7 @@
             nativeBuildInputs = with pkgs; [
               cargo-release
               clippy
+              nodePackages.prettier
               rustfmt
               packages.proverif-patched
             ];
@@ -241,7 +265,11 @@
             # '';
             nixpkgs-fmt = pkgs.runCommand "check-nixpkgs-fmt"
               { nativeBuildInputs = [ pkgs.nixpkgs-fmt ]; } ''
-              nixpkgs-fmt --check ${./.} > $out
+              nixpkgs-fmt --check ${./.} && touch $out
+            '';
+            prettier-check = pkgs.runCommand "check-with-prettier"
+              { nativeBuildInputs = [ pkgs.nodePackages.prettier ]; } ''
+              cd ${./.} && prettier --check . && touch $out
             '';
           };
         }))

papers/graphics/readme.md

@@ -0,0 +1,5 @@
+# Illustrations
+
+## License
+
+The graphics graphics (SVG, PDF, and PNG files) in this folder are released under the CC BY-SA 4.0 license.

papers/prftree.d2

@@ -1,218 +0,0 @@
-root: 0  { shape: text }
-PROTOCOL: "PROTOCOL"  { shape: text }
-
-protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}
-
-ck_init: '"chaining key init"' { shape: text }
-ck_ext: '"chaining key extract"'  { shape: text }
-
-mac: '"mac"' { shape: text }
-mac_param: MAC_WIRE_DATA { shape: text }
-cookie: '"cookie"' { shape: text }
-cookie_param: COOKIE_WIRE_DATA { shape: text }
-peer_id: '"peer_id"' { shape: text }
-peer_id_p1: spkm { shape: text}
-peer_id_p2: spkt { shape: text}
-
-root -> PROTOCOL
-
-PROTOCOL -> mac -> mac_param
-PROTOCOL -> cookie -> cookie_param
-PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
-PROTOCOL -> ck_init
-PROTOCOL -> ck_ext
-
-mix: '"mix"' { shape: text }
-user: '"user"' { shape: text }
-rp_eu: '"rosenpass.eu"' { shape: text }
-wg_psk: '"wireguard psk"' { shape: text }
-hs_enc: '"handshake encryption"' { shape: text }
-ini_enc: '"initiator session encryption"' { shape: text }
-res_enc: '"responder session encryption"' { shape: text }
-
-ck_ext -> mix
-ck_ext -> user -> rp_eu -> wg_psk
-ck_ext -> hs_enc
-ck_ext -> ini_enc
-ck_ext -> res_enc
-
-# ck_init -> InitHello.start
-
-InitHello {
-  start   -> d0 \
-    -> m1 -> d1 \
-    -> m2 -> d2
-
-              d2 -> encaps_spkr.m1
-  encaps_spkr.d3 -> encrypt_ltk.m1
-  encaps_spkr.d3 -> encrypt_ltk.key
-  encrypt_ltk.d1 -> encrypt_auth.m1
-  encrypt_ltk.d1 -> encrypt_auth.key
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '"chaining key init"' { shape: text }
-  d0: "spkr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "epki" { shape: circle }
-
-  encaps_spkr {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spkr" { shape: circle }
-    d2: "sctr" { shape: circle }
-    d3: "sptr" { shape: circle }
-  }
-
-  encrypt_ltk {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(peer_id(spkr, spki))'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    data -> encrypt: {
-      target-arrowhead.label: data
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    data: 'ref from "peer id" branch after spkt' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-RespHello {
-  start -> d0 -> m1 -> d1
-              d1 -> encaps_epki.m1
-  encaps_epki.d3 -> encaps_spki.m1
-  encaps_spki.d3 -> m2 -> d2
-  d2 -> encrypt_auth.m1
-
-  store_biscuit -> d2
-  "pidi" -> store_biscuit {
-    target-arrowhead.label: "field=peerid"
-  }
-  encaps_spki.d3 -> store_biscuit {
-    target-arrowhead.label: "field=ck"
-  }
-
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '(state from InitHello)' { shape: text }
-  d0: "sidr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "biscuit" { shape: diamond }
-
-  store_biscuit: "store_biscuit()"
-
-  encaps_epki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "epki" { shape: circle }
-    d2: "ecti" { shape: circle }
-    d3: "epti" { shape: circle }
-  }
-
-  encaps_spki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spki" { shape: circle }
-    d2: "scti" { shape: circle }
-    d3: "spti" { shape: circle }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-InitConf {
-  start -> d0 -> m1 -> d1 -> encrypt_auth.m1
-
-  encrypt_auth.d1 -> ol1 -> o1
-  encrypt_auth.d1 -> ol2 -> o2
-  encrypt_auth.d1 -> ol3 -> o3
-
-  m1: "mix" { shape: text }
-
-  start: '(state from RespHello)' { shape: text }
-  d0: "sidi" { shape: circle }
-  d1: "sidr" { shape: circle }
-
-  ol1: '"wireguard psk"' { shape: text }
-  ol2: '"initiator session encryption"' { shape: text }
-  ol3: '"responder session encryption"' { shape: text}
-                                                             o2: "" { shape: page }
-  o1: "" { shape: step }
-  o2: "" { shape: step }
-  o3: "" { shape: step }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}

papers/readme.md

@@ -23,3 +23,7 @@ inside `papers/`.  The PDF files will be located directly in `papers/`.
 The version info is using gitinfo2. To use the setup one has to run the `papers/tex/gitinfo2.sh` script. In local copies it's also possible to add this as a post-checkout or post-commit hook to keep it automatically up to date.
 
 The version information in the footer automatically includes a “draft”. This can be removed by tagging a release version using `\jobname-release`, e.h. `whitepaper-release` for the `whitepaper.md` file.
+
+## Licensing of assets
+
+The text files and graphics in this folder (i.e. whitepaper.md, the SVG, PDF, and PNG files in the graphics/ folder) are released under the CC BY-SA 4.0 license.

papers/sequencing.d2

@@ -1,81 +0,0 @@
-Protocol: {
-  shape: sequence_diagram
-  ini: "Initiator"
-  res: "Responder"
-  ini -> res: "InitHello"
-  res -> ini: "RespHello"
-  ini -> res: "InitConf"
-  res -> ini: "EmptyData"
-}
-
-Envelope: "Envelope" {
-  shape: class
-  type: "1"
-  '': 3
-  payload: variable
-  mac: 16
-  cookie: 16
-}
-
-Envelope.payload -> InitHello
-InitHello: "InitHello (type=0x81)" {
-  shape: class
-  sidi: 4
-  epki: 800
-  sctr: 188
-  peerid: 32 + 16 = 48
-  auth: 16
-}
-
-Envelope.payload -> RespHello
-RespHello: "RespHello (type=0x82)" {
-  shape: class
-  sidr: 4
-  sidi: 4
-  ecti: 768
-  scti: 188
-  biscuit: 76 + 24 + 16 = 116
-  auth: 16
-}
-
-Envelope.payload -> InitConf
-InitConf: "InitConf (type=0x83)" {
-  shape: class
-  sidi: 4
-  sidr: 4
-  biscuit: 76 + 24 +16 = 116
-  auth: 16
-}
-
-Envelope.payload -> EmptyData
-EmptyData: "EmptyData (type=0x84)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  auth: 16
-}
-
-Envelope.payload -> Data
-Data: "Data (type=0x85)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  data: variable + 16
-}
-
-Envelope.payload -> CookieReply
-CookieReply: "CookieReply (type=0x86)" {
-  shape: class
-  sidx: 4
-  nonce: 24
-  cookie: 16 + 16 = 32
-}
-
-RespHello.biscuit -> Biscuit
-InitConf.biscuit -> Biscuit
-Biscuit: "Biscuit" {
-  shape: class
-  peerid: 32
-  no: 12
-  ck: 32
-}

papers/tex/template-rosenpass.tex

@@ -130,7 +130,7 @@
 \bool_set_false:N \l_tmpa_bool
 \gitAbbrevHash{}~(\gitAuthorDate
 \clist_map_inline:Nn \gitTags {
-	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {test-whitepaper}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
+	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {whitepaper-release}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
 }
 \bool_if:NF \l_tmpa_bool {~--~draft}
 )

papers/whitepaper.md

@@ -33,7 +33,7 @@ abstract: |
 Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository. 
 
 ## Secrecy
-Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
+Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
 
 ## Authenticity
 

readme.md

@@ -1,5 +1,10 @@
 # Rosenpass README
 
+![Nix](https://github.com/rosenpass/rosenpass/actions/workflows/nix.yaml/badge.svg)
+![QC](https://github.com/rosenpass/rosenpass/actions/workflows/qc.yaml/badge.svg)
+![crates.io](https://img.shields.io/crates/v/rosenpass.svg)
+![Libraries.io dependency status for latest release](https://img.shields.io/librariesio/release/cargo/rosenpass)
+
 This repository contains
 
 1. A description of the [Rosenpass protocol](https://github.com/rosenpass/rosenpass/raw/papers-pdf/whitepaper.pdf)
@@ -9,9 +14,7 @@ This repository contains
 
 ## Getting started
 
-[how to install nix]
-[how to build with nix]
-[how to build without nix]
+First, [install rosenpass](#Getting-Rosenpass). Then, check out the help funtions of `rp` & `rosenpass`:
 
 ```sh
 rp help
@@ -36,8 +39,8 @@ and Rosenpass private keys, takes control of the interface and works with exactl
 rp allocates two UDP ports; if port N is specified for rosenpass, it will allocate port N+1 for WireGuard.
 
 Like WireGuard, Rosenpass does not enforce any separation between clients and servers.
-If you do not specify the `listen` option, Rosenpass and WireGuard will choose random ports; this is *client mode*.
-If you do not specify `endpoint`, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is *server mode*.
+If you do not specify the `listen` option, Rosenpass and WireGuard will choose random ports; this is _client mode_.
+If you do not specify `endpoint`, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is _server mode_.
 You may specify both. Leaving out both is not forbidden but also not very useful.
 
 ## Security analysis
@@ -55,7 +58,19 @@ The analysis is implemented according to modern software engineering principles:
 The code uses a variety of optimizations to speed up analysis such as using secret functions to model trusted/malicious setup. We split the model into two separate entry points which can be analyzed in parallel. Each is much faster than both models combined.
 A wrapper script provides instant feedback about which queries execute as expected in color: A red cross if a query fails and a green check if it succeeds.
 
+[^liboqs]: https://openquantumsafe.org/liboqs/
+[^libsodium]: https://doc.libsodium.org/
 [^wg]: https://www.wireguard.com/
 [^pqwg]: https://eprint.iacr.org/2020/379
 [^pqwg-statedis]: Unless supplied with a pre-shared-key, but this defeates the purpose of a key exchange protocol
-[^wg-statedis]: https://lists.zx2c4.com/pipermail/wireguard/2021-August/006916.html
+[^wg-statedis]: https://lists.zx2c4.com/pipermail/wireguard/2021-August/006916.htmlA
+
+# Getting Rosenpass
+
+Rosenpass is packaged for more and more distros, maybe also for the distro of your choice?
+
+[![Packaging status](https://repology.org/badge/vertical-allrepos/rosenpass.svg)](https://repology.org/project/rosenpass/versions)
+
+# Supported by
+
+Funded through <a href="https://nlnet.nl/">NLNet</a> with financial support for the European Commission's <a href="https://nlnet.nl/assure">NGI Assure</a> program.

rp

@@ -123,7 +123,7 @@ fatal() {
 genkey() {
   usagestack+=("PRIVATE_KEYS_DIR")
   local skdir
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
+  skdir="${1%/}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
 
   while (( $# > 0 )); do
     local arg; arg="$1"; shift
@@ -149,8 +149,8 @@ genkey() {
 pubkey() {
   usagestack+=("PRIVATE_KEYS_DIR" "PUBLIC_KEYS_DIR")
   local skdir pkdir
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
-  pkdir="${1/\//}"; shift || fatal "Required positional argument: PUBLIC_KEYS_DIR"
+  skdir="${1%/}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
+  pkdir="${1%/}"; shift || fatal "Required positional argument: PUBLIC_KEYS_DIR"
 
   while (( $# > 0 )); do
     local arg; arg="$1"; shift
@@ -174,7 +174,7 @@ exchange() {
   usagestack+=("PRIVATE_KEYS_DIR" "[dev <device>]" "[listen <ip>:<port>]" "[peer PUBLIC_KEYS_DIR [endpoint <ip>:<port>] [persistent-keepalive <interval>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...]]...")
   local skdir dev lport
   dev="${project_name}0"
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
+  skdir="${1%/}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
 
   while (( $# > 0 )); do
     local arg; arg="$1"; shift
@@ -238,7 +238,7 @@ exchange() {
     shift; # Skip "peer" argument
 
     local peerdir ip port keepalive allowedips
-    peerdir="${1/\//}"; shift || fatal "Required peer argument: PUBLIC_KEYS_DIR"
+    peerdir="${1%/}"; shift || fatal "Required peer argument: PUBLIC_KEYS_DIR"
 
     while (( $# > 0 )); do
       local arg; arg="$1"; shift
@@ -282,6 +282,29 @@ exchange() {
   done
 }
 
+find_rosenpass_binary() {
+  local binary; binary=""
+  if [[ -n "${gitdir}" ]]; then
+    # If rp is run from the git repo, use the newest build artifact
+    binary=$(
+      find "${gitdir}/result/bin/${project_name}" \
+           "${gitdir}"/target/{release,debug}/"${project_name}" \
+           -printf "%T@ %p\n" 2>/dev/null \
+        | sort -nr \
+        | awk 'NR==1 { print($2) }'
+    )
+  elif [[ -n "${nixdir}" ]]; then
+    # If rp is run from nix, use the nix-installed rosenpass version
+    binary="${nixdir}/bin/${project_name}"
+  fi
+
+  if [[ -z "${binary}" ]]; then
+    binary="${project_name}"
+  fi
+
+  echo "${binary}"
+}
+
 main() {
   formatting_init
   cleanup_init
@@ -289,15 +312,11 @@ main() {
   frag_init
 
   project_name="rosenpass"
-  scriptdir="$(dirname "${script}")"
   verbose=0
-  binary="$(
-    find "${scriptdir}"/target/{release,debug}/"${project_name}" -printf "%T@ %p\n" 2>/dev/null \
-      | sort -nr \
-      | awk -v fallback="${project_name}" '
-          NR == 1 { print($2) }
-          END { if (NR == 0) print(fallback) }'
-  )"
+  scriptdir="$(dirname "${script}")"
+  gitdir="$(git -C "${scriptdir}" rev-parse --show-toplevel 2>/dev/null)" || true
+  nixdir="$(readlink -f result/bin/rp | grep -Pio '^/nix/store/[^/]+(?=/bin/[^/]+)')" || true
+  binary="$(find_rosenpass_binary)"
 
   # Parse command