fixed unit-tests within nym-kkt

This commit is contained in:
Jędrzej Stuczyński
2026-02-18 09:00:38 +00:00
parent 26056909b7
commit 39ee22e501
12 changed files with 151 additions and 261 deletions
+23 -24
View File
@@ -2,14 +2,14 @@ use libcrux_chacha20poly1305::TAG_LEN;
use libcrux_psq::handshake::types::{DHKeyPair, DHPublicKey};
use nym_crypto::hkdf::blake3::derive_key_blake3;
use rand09::{CryptoRng, RngCore};
use zeroize::{Zeroize, ZeroizeOnDrop};
use zeroize::{Zeroize, ZeroizeOnDrop, Zeroizing};
use crate::error::KKTError;
// This is arbitrary
pub const MAX_PAYLOAD_LEN: usize = 1_000_000;
const CARRIER_KDF_INFO_TX: &str = "CARRIER_V1_KDF_RX";
const CARRIER_KDF_INFO_RX: &str = "CARRIER_V1_KDF_TX";
const CARRIER_KDF_INFO_TX: &str = "CARRIER_V1_KDF_TX";
const CARRIER_KDF_INFO_RX: &str = "CARRIER_V1_KDF_RX";
#[derive(Zeroize, ZeroizeOnDrop)]
pub struct Carrier {
@@ -52,10 +52,12 @@ impl Carrier {
rx_counter: 1,
}
}
pub fn new<R>(
rng: &mut R,
remote_public_key: &DHPublicKey,
context: &[u8],
is_initiator: bool,
) -> Result<(Self, DHPublicKey), KKTError>
where
R: RngCore + CryptoRng,
@@ -69,31 +71,29 @@ impl Carrier {
})?;
Ok((
Self::from_secret_slice(shared_secret.as_ref(), context),
Self::from_secret_slice(shared_secret.as_ref(), context, is_initiator),
ephemeral_keypair.pk,
))
}
pub(crate) fn from_secret_slice(secret: &[u8], context: &[u8]) -> Self {
let tx_key = derive_key_blake3(CARRIER_KDF_INFO_TX, secret, context);
let rx_key = derive_key_blake3(CARRIER_KDF_INFO_RX, secret, context);
pub(crate) fn from_secret_slice(secret: &[u8], context: &[u8], is_initiator: bool) -> Self {
let (tx_key, rx_key) = if is_initiator {
(
derive_key_blake3(CARRIER_KDF_INFO_TX, secret, context),
derive_key_blake3(CARRIER_KDF_INFO_RX, secret, context),
)
} else {
(
derive_key_blake3(CARRIER_KDF_INFO_RX, secret, context),
derive_key_blake3(CARRIER_KDF_INFO_TX, secret, context),
)
};
Self::init(tx_key, rx_key)
}
pub fn from_secret(mut secret: [u8; 32], context: &[u8]) -> Self {
let tx_key = derive_key_blake3(CARRIER_KDF_INFO_TX, secret.as_ref(), context);
let rx_key = derive_key_blake3(CARRIER_KDF_INFO_RX, secret.as_ref(), context);
secret.zeroize();
Self::init(tx_key, rx_key)
}
pub(crate) fn flip_keys(self) -> Self {
Self {
tx_key: self.rx_key,
rx_key: self.tx_key,
tx_counter: self.rx_counter,
rx_counter: self.tx_counter,
}
pub fn from_secret(secret: [u8; 32], context: &[u8], is_initiator: bool) -> Self {
Self::from_secret_slice(Zeroizing::new(secret).as_slice(), context, is_initiator)
}
pub fn encrypt(&mut self, plaintext: &[u8]) -> Result<Vec<u8>, KKTError> {
@@ -157,9 +157,8 @@ mod tests {
let r_shared_secret = r_x25519.sk().diffie_hellman(&ephemeral_keypair.pk).unwrap();
let mut i_carrier = Carrier::from_secret_slice(i_shared_secret.as_ref(), &context);
let mut r_carrier =
Carrier::from_secret_slice(r_shared_secret.as_ref(), &context).flip_keys();
let mut i_carrier = Carrier::from_secret_slice(i_shared_secret.as_ref(), &context, true);
let mut r_carrier = Carrier::from_secret_slice(r_shared_secret.as_ref(), &context, false);
let test1 = b"test1: i>r #1";
let ct1 = i_carrier.encrypt(test1).unwrap();
+1 -1
View File
@@ -204,7 +204,7 @@ mod tests {
let valid_context = KKTContext::new(
KKTRole::Initiator,
KKTMode::Mutual,
&Ciphersuite::decode([255, 1, 0, 0]).unwrap(),
Ciphersuite::decode([1, 1, 0, 0]).unwrap(),
);
let encoded = valid_context.encode().unwrap();
let decoded = KKTContext::try_decode(encoded).unwrap();
+1 -4
View File
@@ -12,11 +12,8 @@ use crate::{
carrier::Carrier,
context::{KKT_CONTEXT_LEN, KKTContext},
error::KKTError,
masked_byte::{MASKED_BYTE_LEN, MaskedByte},
};
use libcrux_psq::handshake::types::{DHKeyPair, DHPrivateKey, DHPublicKey};
use nym_kkt_ciphersuite::x25519;
use nym_kkt_ciphersuite::x25519::PUBLIC_KEY_LENGTH;
use libcrux_psq::handshake::types::{DHKeyPair, DHPublicKey};
use rand09::{CryptoRng, RngCore};
pub(crate) const KKT_CARRIER_CONTEXT: &[u8] = b"CARRIER_V1_KKT_V1_KDF";
+3 -14
View File
@@ -1,10 +1,11 @@
use std::collections::HashMap;
// Copyright 2026 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use libcrux_kem::{MlKem768PrivateKey, MlKem768PublicKey};
use libcrux_ml_kem::mlkem768::MlKem768KeyPair;
use libcrux_psq::handshake::types::DHKeyPair;
use nym_kkt_ciphersuite::{DEFAULT_HASH_LEN, HashFunction, KeyDigests};
use rand09::{CryptoRng, RngCore};
use std::collections::HashMap;
pub fn generate_keypair_x25519<R>(rng: &mut R) -> DHKeyPair
where
@@ -65,18 +66,6 @@ pub fn validate_encapsulation_key(
)
}
pub fn validate_key_bytes(
hash_function: HashFunction,
hash_length: usize,
key_bytes: &[u8],
expected_hash_bytes: &[u8],
) -> bool {
compare_hashes(
&hash_key_bytes(hash_function, hash_length, key_bytes),
expected_hash_bytes,
)
}
pub fn hash_encapsulation_key(
hash_function: HashFunction,
hash_length: usize,
+9 -2
View File
@@ -35,7 +35,7 @@ impl KEMKeys {
match kem {
KEM::McEliece => Some(self.mc_eliece.pk.as_ref()),
KEM::MlKem768 => Some(self.ml_kem768.pk()),
_ => None,
// _ => None,
}
}
@@ -69,7 +69,7 @@ impl EncapsulationKey {
}
}
pub fn as_pq_encapsulation_key(&self) -> PQEncapsulationKey {
pub fn as_pq_encapsulation_key(&self) -> PQEncapsulationKey<'_> {
match self {
EncapsulationKey::McEliece(pk) => PQEncapsulationKey::CMC(pk),
EncapsulationKey::MlKem768(pk) => PQEncapsulationKey::MlKem(pk),
@@ -95,6 +95,13 @@ impl EncapsulationKey {
}
}
}
pub fn as_bytes(&self) -> &[u8] {
match self {
EncapsulationKey::McEliece(k) => k.as_ref(),
EncapsulationKey::MlKem768(k) => k.as_ref(),
}
}
}
impl Debug for EncapsulationKey {
+49 -46
View File
@@ -21,6 +21,7 @@ const _: () = assert!(KKT_VERSION < 1 << 4);
mod test {
use nym_kkt_ciphersuite::{Ciphersuite, HashFunction, HashLength, KEM, SignatureScheme};
use crate::keys::KEMKeys;
use crate::{
initiator::KKTInitiator,
key_utils::{
@@ -46,55 +47,47 @@ mod test {
// generate kem public keys
let responder_mlkem_keypair = generate_keypair_mlkem(&mut rng);
let responder_mceliece_keypair = generate_keypair_mceliece(&mut rng);
let responder_kem = KEMKeys::new(responder_mceliece_keypair, responder_mlkem_keypair);
let r_dir_hash_mlkem = hash_encapsulation_key(
// &ciphersuite.hash_function(),
&hash_function,
// ciphersuite.hash_len(),
hash_function,
HashLength::Default.value(),
responder_mlkem_keypair.1.as_slice().as_slice(),
responder_kem.ml_kem768_encapsulation_key().as_slice(),
);
let r_dir_hash_mceliece = hash_encapsulation_key(
// &ciphersuite.hash_function(),
&hash_function,
// ciphersuite.hash_len(),
hash_function,
HashLength::Default.value(),
responder_mceliece_keypair.1.as_ref(),
responder_kem.mc_eliece_encapsulation_key().as_ref(),
);
let initiator_mlkem_keypair = generate_keypair_mlkem(&mut rng);
let initiator_mceliece_keypair = generate_keypair_mceliece(&mut rng);
let _i_dir_hash_mlkem = hash_encapsulation_key(
// &ciphersuite.hash_function(),
&hash_function,
// ciphersuite.hash_len(),
hash_function,
HashLength::Default.value(),
initiator_mlkem_keypair.1.as_slice().as_slice(),
initiator_mlkem_keypair.public_key().as_slice(),
);
let _i_dir_hash_mceliece = hash_encapsulation_key(
// &ciphersuite.hash_function(),
&hash_function,
// ciphersuite.hash_len(),
hash_function,
HashLength::Default.value(),
initiator_mceliece_keypair.1.as_ref(),
initiator_mceliece_keypair.pk.as_ref(),
);
let responder = KKTResponder::new(
&responder_x25519_keypair,
Some(&responder_mlkem_keypair.1),
Some(&responder_mceliece_keypair.1),
&responder_kem,
&[
HashFunction::Blake3,
HashFunction::SHA256,
HashFunction::Shake128,
HashFunction::Shake256,
],
&[1],
&[SignatureScheme::Ed25519],
&[1],
)
.unwrap();
@@ -107,22 +100,22 @@ mod test {
None,
)
.unwrap();
let (mut initiator, request_bytes) = KKTInitiator::generate_one_way_request(
let (mut initiator, request) = KKTInitiator::generate_one_way_request(
&mut rng,
&ciphersuite,
ciphersuite,
&responder_x25519_keypair.pk,
&r_dir_hash_mlkem,
1u8,
)
.unwrap();
let (response_bytes, _) = responder.process_request(&request_bytes).unwrap();
let response = responder.process_request(request).unwrap();
let (i_obtained_key, _) = initiator.process_response(&response_bytes).unwrap();
let result = initiator.process_response(response.response).unwrap();
assert_eq!(
i_obtained_key,
responder_mlkem_keypair.1.as_slice().as_slice(),
result.encapsulation_key.as_bytes(),
responder_kem.ml_kem768_encapsulation_key().as_slice(),
)
}
// Mutual - MlKem
@@ -134,26 +127,27 @@ mod test {
None,
)
.unwrap();
let (mut initiator, request_bytes) = KKTInitiator::generate_one_way_request(
let (mut initiator, request) = KKTInitiator::generate_one_way_request(
&mut rng,
&ciphersuite,
ciphersuite,
&responder_x25519_keypair.pk,
&r_dir_hash_mlkem,
1u8,
)
.unwrap();
let (response_bytes, r_obtained_key) =
responder.process_request(&request_bytes).unwrap();
let processed_request = responder.process_request(request).unwrap();
// if we keep unverified keys, this should change
assert!(r_obtained_key.is_none());
assert!(processed_request.remote_encapsulation_key.is_none());
let (i_obtained_key, _) = initiator.process_response(&response_bytes).unwrap();
let processed_response = initiator
.process_response(processed_request.response)
.unwrap();
assert_eq!(
i_obtained_key,
responder_mlkem_keypair.1.as_slice().as_slice(),
processed_response.encapsulation_key.as_bytes(),
responder_kem.ml_kem768_encapsulation_key().as_slice(),
)
}
@@ -166,20 +160,25 @@ mod test {
None,
)
.unwrap();
let (mut initiator, request_bytes) = KKTInitiator::generate_one_way_request(
let (mut initiator, request) = KKTInitiator::generate_one_way_request(
&mut rng,
&ciphersuite,
ciphersuite,
&responder_x25519_keypair.pk,
&r_dir_hash_mceliece,
1u8,
)
.unwrap();
let (response_bytes, _) = responder.process_request(&request_bytes).unwrap();
let processed_request = responder.process_request(request).unwrap();
let (i_obtained_key, _) = initiator.process_response(&response_bytes).unwrap();
let processed_response = initiator
.process_response(processed_request.response)
.unwrap();
assert_eq!(i_obtained_key, responder_mceliece_keypair.1.as_ref(),)
assert_eq!(
processed_response.encapsulation_key.as_bytes(),
responder_kem.mc_eliece_encapsulation_key().as_ref()
)
}
// Mutual - MlKem
{
@@ -190,24 +189,28 @@ mod test {
None,
)
.unwrap();
let (mut initiator, request_bytes) = KKTInitiator::generate_one_way_request(
let (mut initiator, request) = KKTInitiator::generate_one_way_request(
&mut rng,
&ciphersuite,
ciphersuite,
&responder_x25519_keypair.pk,
&r_dir_hash_mceliece,
1u8,
)
.unwrap();
let (response_bytes, r_obtained_key) =
responder.process_request(&request_bytes).unwrap();
let processed_request = responder.process_request(request).unwrap();
// if we keep unverified keys, this should change
assert!(r_obtained_key.is_none());
assert!(processed_request.remote_encapsulation_key.is_none());
let (i_obtained_key, _) = initiator.process_response(&response_bytes).unwrap();
let processed_response = initiator
.process_response(processed_request.response)
.unwrap();
assert_eq!(i_obtained_key, responder_mceliece_keypair.1.as_ref(),)
assert_eq!(
processed_response.encapsulation_key.as_bytes(),
responder_kem.mc_eliece_encapsulation_key().as_ref()
)
}
}
}
+11 -3
View File
@@ -143,7 +143,11 @@ impl KKTRequestPlaintext {
.diffie_hellman(responder_pubkey)
.map_err(KKTError::shared_secret_derivation_failure)?;
Ok(Carrier::from_secret_slice(shared_secret.as_ref(), &ctx))
Ok(Carrier::from_secret_slice(
shared_secret.as_ref(),
&ctx,
true,
))
}
pub(crate) fn derive_responder_carrier(
@@ -159,11 +163,15 @@ impl KKTRequestPlaintext {
.sk()
.diffie_hellman(&self.dh_pubkey)
.map_err(KKTError::shared_secret_derivation_failure)?;
Ok(Carrier::from_secret_slice(shared_secret.as_ref(), &ctx).flip_keys())
Ok(Carrier::from_secret_slice(
shared_secret.as_ref(),
&ctx,
false,
))
}
}
pub(crate) struct DecryptedRequestFrame {
pub struct DecryptedRequestFrame {
/// Derived carrier used for decrypting this frame and encrypting the response
pub(crate) carrier: Carrier,
+1 -1
View File
@@ -211,7 +211,7 @@ mod tests {
fn rekey_test() {
let mut rng = rand09::rng();
for kem in [KEM::MlKem768, KEM::XWing] {
for kem in [KEM::MlKem768] {
let (rekey_state, request_message) =
RekeyInitiator::generate_request(&mut rng, kem).unwrap();
+4 -46
View File
@@ -155,18 +155,16 @@ where
let mut psq_initiator = build_psq_principal(rng, protocol, initiator_ciphersuite)?;
// PSQ msg 1 send
let mut buf = [0u8; 2048];
let mut buf = [0u8; 1536];
// annoyingly `RegistrationInitiator` has to write into unresizable `&mut [u8]`...
let n = psq_initiator.write_message(&[], &mut buf)?;
debug!("sending PSQ handshake msg");
conn.send_serialised_packet(&buf[..n]).await?;
// 5. receive and process PSQ response
let TODO = "change buf size";
let mut buf = [0u8; 2048];
let psq_msg = conn.receive_raw_packet().await?;
debug!("received PSQ handshake msg");
psq_initiator.read_message(&psq_msg, &mut buf)?;
psq_initiator.read_message(&psq_msg, &mut [])?;
if !psq_initiator.is_handshake_finished() {
return Err(LpError::kkt_psq_handshake(
@@ -281,54 +279,14 @@ mod tests {
let session_init = init_fut.await???;
let i_transport = session_init.session;
let encapsulation_key = session_init.encapsulation_key.unwrap();
let r_transport = responder.into_session().unwrap();
let mut i_transport = session_init.session;
let mut r_transport = responder.into_session().unwrap();
// test serialization, deserialization
let mut msg_channel = vec![0u8; 2048];
let mut payload_buf_responder = vec![0u8; 4096];
let mut payload_buf_initiator = vec![0u8; 4096];
let mut session_storage = vec![0u8; 4096];
i_transport
.serialize(
&mut session_storage,
SessionBinding {
initiator_authenticator: &Authenticator::Dh(init_remote.x25519_public),
responder_ecdh_pk: &responder_x25519_keypair.pk,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut i_transport = Session::deserialize(
&session_storage,
SessionBinding {
initiator_authenticator: &Authenticator::Dh(init_remote.x25519_public),
responder_ecdh_pk: &responder_x25519_keypair.pk,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
r_transport
.serialize(
&mut session_storage,
SessionBinding {
initiator_authenticator: &initiator_authenticator,
responder_ecdh_pk: &responder_x25519_keypair.pk,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut r_transport = Session::deserialize(
&session_storage,
SessionBinding {
initiator_authenticator: &initiator_authenticator,
responder_ecdh_pk: &responder_x25519_keypair.pk,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut channel_i = i_transport.transport_channel().unwrap();
let mut channel_r = r_transport.transport_channel().unwrap();
+2 -4
View File
@@ -1,13 +1,12 @@
// Copyright 2026 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use crate::codec::OuterAeadKey;
use crate::LpMessage;
use crate::packet::version;
use crate::peer::{LpLocalPeer, LpRemotePeer};
use crate::psq::helpers::LpTransportHandshakeExt;
use crate::psq::initiator::PSQHandshakeStateInitiator;
use crate::psq::responder::PSQHandshakeStateResponder;
use crate::{LpError, LpMessage};
use libcrux_psq::handshake::types::Authenticator;
use libcrux_psq::session::Session;
use nym_kkt::keys::EncapsulationKey;
@@ -125,14 +124,13 @@ mod tests {
use libcrux_psq::session::{Session, SessionBinding};
use libcrux_psq::{Channel, IntoSession};
use nym_kkt::initiator::KKTInitiator;
use nym_kkt::message::{KKTRequest, KKTResponse};
use nym_kkt::responder::KKTResponder;
use nym_kkt_ciphersuite::{HashFunction, KEM, SignatureScheme};
use nym_test_utils::helpers::{
DeterministicRng09Send, deterministic_rng_09, u64_seeded_rng_09,
};
use nym_test_utils::mocks::async_read_write::MockIOStream;
use nym_test_utils::traits::{Leak, Timeboxed, TimeboxedSpawnable};
use nym_test_utils::traits::{Leak, TimeboxedSpawnable};
use tokio::join;
#[allow(dead_code)]
+3 -57
View File
@@ -1,8 +1,6 @@
// Copyright 2026 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: Apache-2.0
use crate::codec::OuterAeadKey;
use crate::noise_protocol::NoiseProtocol;
use crate::peer::{LpLocalPeer, LpRemotePeer};
use crate::psq::helpers::kem_to_ciphersuite;
use crate::psq::{
@@ -115,16 +113,6 @@ where
Ok(self.inner_state.connection.receive_raw_packet().await?)
}
/// Attempt to prepare and generate a responder PSQ msg2
async fn send_psq_responder_message(&mut self) -> Result<(), LpError> {
todo!()
}
/// Attempt to receive and process final PSQ msg3
async fn receive_final_psq_message(&mut self) -> Result<(), LpError> {
todo!()
}
pub async fn complete_handshake<R>(mut self, rng: &mut R) -> Result<MinimalSession, LpError>
where
S: LpTransport + Unpin,
@@ -158,8 +146,7 @@ where
// 4. send PSQ response
let mut conn = self.inner_state.connection;
let TODO = "change buf size";
let mut buf = [0u8; 2048];
let mut buf = [0u8; 128];
let n = psq_responder.write_message(&[], &mut buf)?;
debug!("sending PSQ handshake msg");
conn.send_serialised_packet(&buf[..n]).await?;
@@ -274,54 +261,13 @@ mod tests {
let session_resp = resp_fut.await???;
let init_auth = session_resp.init_authenticator.unwrap();
let i_transport = initiator.into_session().unwrap();
let r_transport = session_resp.session;
let mut i_transport = initiator.into_session().unwrap();
let mut r_transport = session_resp.session;
// test serialization, deserialization
let mut msg_channel = vec![0u8; 2048];
let mut payload_buf_responder = vec![0u8; 4096];
let mut payload_buf_initiator = vec![0u8; 4096];
let mut session_storage = vec![0u8; 4096];
i_transport
.serialize(
&mut session_storage,
SessionBinding {
initiator_authenticator: &Authenticator::Dh(init.x25519().pk),
responder_ecdh_pk: &resp_remote.x25519_public,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut i_transport = Session::deserialize(
&session_storage,
SessionBinding {
initiator_authenticator: &Authenticator::Dh(init.x25519().pk),
responder_ecdh_pk: &resp_remote.x25519_public,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
r_transport
.serialize(
&mut session_storage,
SessionBinding {
initiator_authenticator: &init_auth,
responder_ecdh_pk: &resp_remote.x25519_public,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut r_transport = Session::deserialize(
&session_storage,
SessionBinding {
initiator_authenticator: &init_auth,
responder_ecdh_pk: &resp_remote.x25519_public,
responder_pq_pk: Some(encapsulation_key.as_pq_encapsulation_key()),
},
)
.unwrap();
let mut channel_i = i_transport.transport_channel().unwrap();
let mut channel_r = r_transport.transport_channel().unwrap();
+44 -59
View File
@@ -69,9 +69,6 @@ pub struct LpSession {
/// Used for future version negotiation and compatibility checks.
version: u8,
/// Outer AEAD key for packet encryption (derived from PSK after PSQ handshake).
outer_aead_key: OuterAeadKey,
/// Representation of a local Lewes Protocol peer
/// encapsulating all the known information and keys.
local_peer: LpLocalPeer,
@@ -80,14 +77,6 @@ pub struct LpSession {
/// encapsulating all the known information and keys.
remote_peer: LpRemotePeer,
// TODO: ALL BELOW maybe not needed after all?
/// Raw PQ shared secret (K_pq) from PSQ KEM encapsulation/decapsulation.
/// Stored after PSQ handshake completes for subsession PSK derivation.
pq_shared_secret: PqSharedSecret,
/// Noise protocol state machine
noise_state: NoiseProtocol,
/// Counter for outgoing packets
sending_counter: u64,
@@ -129,20 +118,21 @@ impl LpSession {
pq_shared_secret: PqSharedSecret,
noise_state: NoiseProtocol,
) -> Self {
LpSession {
session_id,
version,
outer_aead_key,
local_peer,
remote_peer,
pq_shared_secret,
noise_state,
sending_counter: 0,
receiving_counter: Default::default(),
subsession_counter: 0,
read_only: false,
successor_session_id: None,
}
todo!()
// LpSession {
// session_id,
// version,
// outer_aead_key,
// local_peer,
// remote_peer,
// pq_shared_secret,
// noise_state,
// sending_counter: 0,
// receiving_counter: Default::default(),
// subsession_counter: 0,
// read_only: false,
// successor_session_id: None,
// }
}
/// Create an instance of `Ciphersuite` using hardcoded defaults.
@@ -314,14 +304,6 @@ impl LpSession {
self.receiving_counter.current_packet_cnt()
}
/// Returns the PQ shared secret (K_pq).
///
/// This is the raw KEM output from PSQ before Blake3 KDF combination.
/// Used for deriving subsession PSKs to maintain PQ protection.
pub fn pq_shared_secret(&self) -> &PqSharedSecret {
&self.pq_shared_secret
}
/// Gets the next subsession index and increments the counter.
///
/// Each subsession requires a unique index to ensure unique PSK derivation.
@@ -389,13 +371,14 @@ impl LpSession {
/// * `Ok(Vec<u8>)` containing the encrypted Noise message ciphertext.
/// * `Err(NoiseError)` if the session is not in transport mode or encryption fails.
pub fn encrypt_data(&mut self, payload: &[u8]) -> Result<LpMessage, NoiseError> {
// Check if session is read-only (demoted)
if self.read_only {
return Err(NoiseError::SessionReadOnly);
}
let payload = self.noise_state.write_message(payload)?;
Ok(LpMessage::EncryptedData(EncryptedDataPayload(payload)))
// // Check if session is read-only (demoted)
// if self.read_only {
// return Err(NoiseError::SessionReadOnly);
// }
//
// let payload = self.noise_state.write_message(payload)?;
// Ok(LpMessage::EncryptedData(EncryptedDataPayload(payload)))
todo!()
}
/// Decrypts an incoming Noise message containing application data.
@@ -411,10 +394,11 @@ impl LpSession {
pub fn decrypt_data(&mut self, noise_ciphertext: &LpMessage) -> Result<Vec<u8>, NoiseError> {
let payload = noise_ciphertext.payload();
match self.noise_state.read_message(payload)? {
ReadResult::DecryptedData(data) => Ok(data),
_ => Err(NoiseError::IncorrectStateError),
}
todo!()
// match self.noise_state.read_message(payload)? {
// ReadResult::DecryptedData(data) => Ok(data),
// _ => Err(NoiseError::IncorrectStateError),
// }
}
/// Creates a new subsession using Noise KKpsk0 pattern.
@@ -590,21 +574,22 @@ impl SubsessionHandshake {
// Derive outer AEAD key from the subsession PSK
let outer_key = OuterAeadKey::from_psk(&self.subsession_psk);
Ok(LpSession {
// noiserm
session_id: receiver_index,
noise_state,
sending_counter: 0,
receiving_counter: ReceivingKeyCounterValidator::new(0),
local_peer: self.local_peer,
remote_peer: self.remote_peer,
outer_aead_key: outer_key,
pq_shared_secret: self.pq_shared_secret,
subsession_counter: 0,
read_only: false,
successor_session_id: None,
version: self.negotiated_version,
})
todo!()
// Ok(LpSession {
// // noiserm
// session_id: receiver_index,
// noise_state,
// sending_counter: 0,
// receiving_counter: ReceivingKeyCounterValidator::new(0),
// local_peer: self.local_peer,
// remote_peer: self.remote_peer,
// outer_aead_key: outer_key,
// pq_shared_secret: self.pq_shared_secret,
// subsession_counter: 0,
// read_only: false,
// successor_session_id: None,
// version: self.negotiated_version,
// })
}
}