whitepaper-release

.github/workflows/release.yaml

@@ -7,11 +7,12 @@ on:
 
 jobs:
   release:
-    name: Release for ${{ matrix.nix-system }}
+    name: Build ${{ matrix.derivation }} on ${{ matrix.nix-system }}
     runs-on:
       - nix
       - ${{ matrix.nix-system }}
     strategy:
+      fail-fast: false
       matrix:
         nix-system:
           - x86_64-linux
@@ -23,27 +24,5 @@ jobs:
       - name: Release
         uses: softprops/action-gh-release@v1
         with:
-          draft: ${{ contains(github.ref_name, 'rc') }}
-          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
-          files: |
-            result/*
-
-          
-  release-darwin:
-    name: Release for x86_64-darwin
-    runs-on:
-      - macos-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v20
-        with:
-          github_access_token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build release-package for ${{ matrix.nix-system }}
-        run: nix build .#release-package --print-build-logs
-      - name: Release
-        uses: softprops/action-gh-release@v1
-        with:
-          draft: ${{ contains(github.ref_name, 'rc') }}
-          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
           files: |
             result/*

Cargo.lock

@@ -865,7 +865,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 
 [[package]]
 name = "rosenpass"
-version = "0.1.2-rc.2"
+version = "0.1.1"
 dependencies = [
  "anyhow",
  "base64",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rosenpass"
-version = "0.1.2-rc.2"
+version = "0.1.1"
 authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"

papers/graphics/readme.md

@@ -1,5 +0,0 @@
-# Illustrations
-
-## License
-
-The graphics graphics (SVG, PDF, and PNG files) in this folder are released under the CC BY-SA 4.0 license.

papers/prftree.d2

@@ -0,0 +1,218 @@
+root: 0  { shape: text }
+PROTOCOL: "PROTOCOL"  { shape: text }
+
+protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}
+
+ck_init: '"chaining key init"' { shape: text }
+ck_ext: '"chaining key extract"'  { shape: text }
+
+mac: '"mac"' { shape: text }
+mac_param: MAC_WIRE_DATA { shape: text }
+cookie: '"cookie"' { shape: text }
+cookie_param: COOKIE_WIRE_DATA { shape: text }
+peer_id: '"peer_id"' { shape: text }
+peer_id_p1: spkm { shape: text}
+peer_id_p2: spkt { shape: text}
+
+root -> PROTOCOL
+
+PROTOCOL -> mac -> mac_param
+PROTOCOL -> cookie -> cookie_param
+PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
+PROTOCOL -> ck_init
+PROTOCOL -> ck_ext
+
+mix: '"mix"' { shape: text }
+user: '"user"' { shape: text }
+rp_eu: '"rosenpass.eu"' { shape: text }
+wg_psk: '"wireguard psk"' { shape: text }
+hs_enc: '"handshake encryption"' { shape: text }
+ini_enc: '"initiator session encryption"' { shape: text }
+res_enc: '"responder session encryption"' { shape: text }
+
+ck_ext -> mix
+ck_ext -> user -> rp_eu -> wg_psk
+ck_ext -> hs_enc
+ck_ext -> ini_enc
+ck_ext -> res_enc
+
+# ck_init -> InitHello.start
+
+InitHello {
+  start   -> d0 \
+    -> m1 -> d1 \
+    -> m2 -> d2
+
+              d2 -> encaps_spkr.m1
+  encaps_spkr.d3 -> encrypt_ltk.m1
+  encaps_spkr.d3 -> encrypt_ltk.key
+  encrypt_ltk.d1 -> encrypt_auth.m1
+  encrypt_ltk.d1 -> encrypt_auth.key
+
+  m1: "mix" { shape: text }
+  m2: "mix" { shape: text }
+
+  start: '"chaining key init"' { shape: text }
+  d0: "spkr" { shape: circle }
+  d1: "sidi" { shape: circle }
+  d2: "epki" { shape: circle }
+
+  encaps_spkr {
+       m1 -> d1 \
+    -> m2 -> d2 \
+    -> m3 -> d3 \
+
+    m1: "mix" { shape: text }
+    m2: "mix" { shape: text }
+    m3: "mix" { shape: text }
+
+    d1: "spkr" { shape: circle }
+    d2: "sctr" { shape: circle }
+    d3: "sptr" { shape: circle }
+  }
+
+  encrypt_ltk {
+    m1 -> d1
+
+    encrypt: 'Aead::enc(peer_id(spkr, spki))'
+    key -> encrypt: {
+      target-arrowhead.label: key
+    }
+    data -> encrypt: {
+      target-arrowhead.label: data
+    }
+    encrypt -> d1: {
+      source-arrowhead.label: output
+    }
+
+    m1: "mix" { shape: text }
+    key: '"handshake encryption"' { shape: text }
+    data: 'ref from "peer id" branch after spkt' { shape: text }
+    d1: "ct" { shape: diamond }
+  }
+
+  encrypt_auth {
+    m1 -> d1
+
+    encrypt: 'Aead::enc(empty())'
+    key -> encrypt: {
+      target-arrowhead.label: key
+    }
+    encrypt -> d1: {
+      source-arrowhead.label: output
+    }
+
+    m1: "mix" { shape: text }
+    key: '"handshake encryption"' { shape: text }
+    d1: "ct" { shape: diamond }
+  }
+}
+
+RespHello {
+  start -> d0 -> m1 -> d1
+              d1 -> encaps_epki.m1
+  encaps_epki.d3 -> encaps_spki.m1
+  encaps_spki.d3 -> m2 -> d2
+  d2 -> encrypt_auth.m1
+
+  store_biscuit -> d2
+  "pidi" -> store_biscuit {
+    target-arrowhead.label: "field=peerid"
+  }
+  encaps_spki.d3 -> store_biscuit {
+    target-arrowhead.label: "field=ck"
+  }
+
+
+  m1: "mix" { shape: text }
+  m2: "mix" { shape: text }
+
+  start: '(state from InitHello)' { shape: text }
+  d0: "sidr" { shape: circle }
+  d1: "sidi" { shape: circle }
+  d2: "biscuit" { shape: diamond }
+
+  store_biscuit: "store_biscuit()"
+
+  encaps_epki {
+       m1 -> d1 \
+    -> m2 -> d2 \
+    -> m3 -> d3 \
+
+    m1: "mix" { shape: text }
+    m2: "mix" { shape: text }
+    m3: "mix" { shape: text }
+
+    d1: "epki" { shape: circle }
+    d2: "ecti" { shape: circle }
+    d3: "epti" { shape: circle }
+  }
+
+  encaps_spki {
+       m1 -> d1 \
+    -> m2 -> d2 \
+    -> m3 -> d3 \
+
+    m1: "mix" { shape: text }
+    m2: "mix" { shape: text }
+    m3: "mix" { shape: text }
+
+    d1: "spki" { shape: circle }
+    d2: "scti" { shape: circle }
+    d3: "spti" { shape: circle }
+  }
+
+  encrypt_auth {
+    m1 -> d1
+
+    encrypt: 'Aead::enc(empty())'
+    key -> encrypt: {
+      target-arrowhead.label: key
+    }
+    encrypt -> d1: {
+      source-arrowhead.label: output
+    }
+
+    m1: "mix" { shape: text }
+    key: '"handshake encryption"' { shape: text }
+    d1: "ct" { shape: diamond }
+  }
+}
+
+InitConf {
+  start -> d0 -> m1 -> d1 -> encrypt_auth.m1
+
+  encrypt_auth.d1 -> ol1 -> o1
+  encrypt_auth.d1 -> ol2 -> o2
+  encrypt_auth.d1 -> ol3 -> o3
+
+  m1: "mix" { shape: text }
+
+  start: '(state from RespHello)' { shape: text }
+  d0: "sidi" { shape: circle }
+  d1: "sidr" { shape: circle }
+
+  ol1: '"wireguard psk"' { shape: text }
+  ol2: '"initiator session encryption"' { shape: text }
+  ol3: '"responder session encryption"' { shape: text}
+                                                             o2: "" { shape: page }
+  o1: "" { shape: step }
+  o2: "" { shape: step }
+  o3: "" { shape: step }
+
+  encrypt_auth {
+    m1 -> d1
+
+    encrypt: 'Aead::enc(empty())'
+    key -> encrypt: {
+      target-arrowhead.label: key
+    }
+    encrypt -> d1: {
+      source-arrowhead.label: output
+    }
+
+    m1: "mix" { shape: text }
+    key: '"handshake encryption"' { shape: text }
+    d1: "ct" { shape: diamond }
+  }
+}

papers/readme.md

@@ -23,7 +23,3 @@ inside `papers/`. The PDF files will be located directly in `papers/`.
 The version info is using gitinfo2. To use the setup one has to run the `papers/tex/gitinfo2.sh` script. In local copies it's also possible to add this as a post-checkout or post-commit hook to keep it automatically up to date.
 
 The version information in the footer automatically includes a “draft”. This can be removed by tagging a release version using `\jobname-release`, e.h. `whitepaper-release` for the `whitepaper.md` file.
-
-## Licensing of assets
-
-The text files and graphics in this folder (i.e. whitepaper.md, the SVG, PDF, and PNG files in the graphics/ folder) are released under the CC BY-SA 4.0 license.

papers/sequencing.d2

@@ -0,0 +1,81 @@
+Protocol: {
+  shape: sequence_diagram
+  ini: "Initiator"
+  res: "Responder"
+  ini -> res: "InitHello"
+  res -> ini: "RespHello"
+  ini -> res: "InitConf"
+  res -> ini: "EmptyData"
+}
+
+Envelope: "Envelope" {
+  shape: class
+  type: "1"
+  '': 3
+  payload: variable
+  mac: 16
+  cookie: 16
+}
+
+Envelope.payload -> InitHello
+InitHello: "InitHello (type=0x81)" {
+  shape: class
+  sidi: 4
+  epki: 800
+  sctr: 188
+  peerid: 32 + 16 = 48
+  auth: 16
+}
+
+Envelope.payload -> RespHello
+RespHello: "RespHello (type=0x82)" {
+  shape: class
+  sidr: 4
+  sidi: 4
+  ecti: 768
+  scti: 188
+  biscuit: 76 + 24 + 16 = 116
+  auth: 16
+}
+
+Envelope.payload -> InitConf
+InitConf: "InitConf (type=0x83)" {
+  shape: class
+  sidi: 4
+  sidr: 4
+  biscuit: 76 + 24 +16 = 116
+  auth: 16
+}
+
+Envelope.payload -> EmptyData
+EmptyData: "EmptyData (type=0x84)" {
+  shape: class
+  sidx: 4
+  ctr: 8
+  auth: 16
+}
+
+Envelope.payload -> Data
+Data: "Data (type=0x85)" {
+  shape: class
+  sidx: 4
+  ctr: 8
+  data: variable + 16
+}
+
+Envelope.payload -> CookieReply
+CookieReply: "CookieReply (type=0x86)" {
+  shape: class
+  sidx: 4
+  nonce: 24
+  cookie: 16 + 16 = 32
+}
+
+RespHello.biscuit -> Biscuit
+InitConf.biscuit -> Biscuit
+Biscuit: "Biscuit" {
+  shape: class
+  peerid: 32
+  no: 12
+  ck: 32
+}

papers/whitepaper.md

@@ -33,7 +33,7 @@ abstract: |
 Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository. 
 
 ## Secrecy
-Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
+Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
 
 ## Authenticity