nymtech
diff --git a/‎CLAUDE.md‎
Lines changed: 0 additions & 686 deletions b/‎CLAUDE.md‎
Lines changed: 0 additions & 686 deletions
diff --git a/‎common/nym-kkt/Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎common/nym-kkt/Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎common/nym-kkt/benches/benches.rs‎
Lines changed: 2 additions & 2 deletions b/‎common/nym-kkt/benches/benches.rs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎common/nym-kkt/src/ciphersuite.rs‎
Lines changed: 10 additions & 20 deletions b/‎common/nym-kkt/src/ciphersuite.rs‎
Lines changed: 10 additions & 20 deletions
diff --git a/‎common/nym-kkt/src/context.rs‎
Lines changed: 32 additions & 32 deletions b/‎common/nym-kkt/src/context.rs‎
Lines changed: 32 additions & 32 deletions
diff --git a/‎common/nym-kkt/src/error.rs‎
Lines changed: 3 additions & 8 deletions b/‎common/nym-kkt/src/error.rs‎
Lines changed: 3 additions & 8 deletions
diff --git a/‎common/nym-kkt/src/frame.rs‎
Lines changed: 12 additions & 29 deletions b/‎common/nym-kkt/src/frame.rs‎
Lines changed: 12 additions & 29 deletions
diff --git a/‎common/nym-kkt/src/key_utils.rs‎
Lines changed: 5 additions & 5 deletions b/‎common/nym-kkt/src/key_utils.rs‎
Lines changed: 5 additions & 5 deletions
@@ -2,7 +2,7 @@
 name = "nym-kkt"
 version = "0.1.0"
 authors = ["Georgio Nicolas <[email protected]>"]
-edition = "2021"
+edition = { workspace = true }
 license.workspace = true
 
 [dependencies]
 
@@ -1,11 +1,11 @@
 // Copyright 2025 - Nym Technologies SA <[email protected]>
 // SPDX-License-Identifier: Apache-2.0
 
-use criterion::{criterion_group, criterion_main, Criterion};
+use criterion::{Criterion, criterion_group, criterion_main};
 
 use nym_crypto::asymmetric::ed25519;
 use nym_kkt::{
-    ciphersuite::{Ciphersuite, EncapsulationKey, HashFunction, SignatureScheme, KEM},
+    ciphersuite::{Ciphersuite, EncapsulationKey, HashFunction, KEM, SignatureScheme},
     context::KKTMode,
     frame::KKTFrame,
     key_utils::{generate_keypair_libcrux, generate_keypair_mceliece, hash_encapsulation_key},
 
@@ -157,16 +157,6 @@ impl Ciphersuite {
         self.hash_length as usize
     }
 
-    pub fn default() -> Self {
-        Self::resolve_ciphersuite(
-            KEM::XWing,
-            HashFunction::Blake3,
-            SignatureScheme::Ed25519,
-            None,
-        )
-        .unwrap()
-    }
-
     pub fn resolve_ciphersuite(
         kem: KEM,
         hash_function: HashFunction,
@@ -185,9 +175,9 @@ impl Ciphersuite {
             None => HASH_LEN_256,
         };
         Ok(Self {
-            hash_function: hash_function,
-            signature_scheme: signature_scheme,
-            kem: kem,
+            hash_function,
+            signature_scheme,
+            kem,
             hash_length: hash_len,
             encapsulation_key_length: match kem {
                 // 1184 bytes
@@ -230,7 +220,7 @@ impl Ciphersuite {
             },
             match self.hash_length {
                 HASH_LEN_256 => 0,
-                _ => self.hash_length as u8,
+                _ => self.hash_length,
             },
             match self.signature_scheme {
                 SignatureScheme::Ed25519 => 0,
@@ -247,7 +237,7 @@ impl Ciphersuite {
                 _ => {
                     return Err(KKTError::CiphersuiteDecodingError {
                         info: format!("Undefined KEM: {}", encoding[0]),
-                    })
+                    });
                 }
             };
             let hash_function = match encoding[1] {
@@ -258,7 +248,7 @@ impl Ciphersuite {
                 _ => {
                     return Err(KKTError::CiphersuiteDecodingError {
                         info: format!("Undefined Hash Function: {}", encoding[1]),
-                    })
+                    });
                 }
             };
 
@@ -272,19 +262,19 @@ impl Ciphersuite {
                 _ => {
                     return Err(KKTError::CiphersuiteDecodingError {
                         info: format!("Undefined Signature Scheme: {}", encoding[3]),
-                    })
+                    });
                 }
             };
 
             Self::resolve_ciphersuite(kem, hash_function, signature_scheme, custom_hash_length)
         } else {
-            return Err(KKTError::CiphersuiteDecodingError {
+            Err(KKTError::CiphersuiteDecodingError {
                 info: format!(
                     "Incorrect Encoding Length: actual: {} != expected: {}",
                     encoding.len(),
                     CIPHERSUITE_ENCODING_LEN
                 ),
-            });
+            })
         }
     }
 }
@@ -306,6 +296,6 @@ pub const fn map_kem_to_libcrux_kem(kem: KEM) -> Algorithm {
         KEM::MlKem768 => Algorithm::MlKem768,
         KEM::XWing => Algorithm::XWingKemDraft06,
         KEM::X25519 => Algorithm::X25519,
-        _ => unreachable!(),
+        KEM::McEliece => panic!("McEliece is not supported in libcrux_kem"),
     }
 }
@@ -3,7 +3,7 @@
 
 use std::fmt::Display;
 
-use crate::{ciphersuite::Ciphersuite, error::KKTError, frame::KKT_SESSION_ID_LEN, KKT_VERSION};
+use crate::{KKT_VERSION, ciphersuite::Ciphersuite, error::KKTError, frame::KKT_SESSION_ID_LEN};
 
 pub const KKT_CONTEXT_LEN: usize = 7;
 
@@ -66,14 +66,14 @@ impl KKTContext {
             version: KKT_VERSION,
             message_sequence: 0,
             status: KKTStatus::Ok,
-            mode: mode,
-            role: role,
-            ciphersuite: ciphersuite,
+            mode,
+            role,
+            ciphersuite,
         })
     }
 
     pub fn derive_responder_header(&self) -> Result<Self, KKTError> {
-        let mut responder_header = self.clone();
+        let mut responder_header = *self;
 
         responder_header.increment_message_sequence_count()?;
         responder_header.role = KKTRole::Responder;
@@ -155,16 +155,16 @@ impl KKTContext {
         header_bytes.push(
             match self.status {
                 KKTStatus::Ok => 0,
-                KKTStatus::InvalidRequestFormat => 0b001_000_00,
-                KKTStatus::InvalidResponseFormat => 0b010_000_00,
-                KKTStatus::InvalidSignature => 0b011_000_00,
-                KKTStatus::UnsupportedCiphersuite => 0b100_000_00,
-                KKTStatus::UnsupportedKKTVersion => 0b101_000_00,
-                KKTStatus::InvalidKey => 0b110_000_00,
-                KKTStatus::Timeout => 0b111_000_00,
+                KKTStatus::InvalidRequestFormat => 0b0010_0000,
+                KKTStatus::InvalidResponseFormat => 0b0100_0000,
+                KKTStatus::InvalidSignature => 0b0110_0000,
+                KKTStatus::UnsupportedCiphersuite => 0b1000_0000,
+                KKTStatus::UnsupportedKKTVersion => 0b1010_0000,
+                KKTStatus::InvalidKey => 0b1100_0000,
+                KKTStatus::Timeout => 0b1110_0000,
             } + match self.mode {
                 KKTMode::OneWay => 0,
-                KKTMode::Mutual => 0b000_001_00,
+                KKTMode::Mutual => 0b0000_0100,
             } + match self.role {
                 KKTRole::Initiator => 0,
                 KKTRole::Responder => 1,
@@ -191,57 +191,57 @@ impl KKTContext {
                 });
             }
 
-            let status = match header_bytes[1] & 0b111_000_00 {
+            let status = match header_bytes[1] & 0b1110_0000 {
                 0 => KKTStatus::Ok,
-                0b001_000_00 => KKTStatus::InvalidRequestFormat,
-                0b010_000_00 => KKTStatus::InvalidResponseFormat,
-                0b011_000_00 => KKTStatus::InvalidSignature,
-                0b100_000_00 => KKTStatus::UnsupportedCiphersuite,
-                0b101_000_00 => KKTStatus::UnsupportedKKTVersion,
-                0b110_000_00 => KKTStatus::InvalidKey,
-                0b111_000_00 => KKTStatus::Timeout,
+                0b0010_0000 => KKTStatus::InvalidRequestFormat,
+                0b0100_0000 => KKTStatus::InvalidResponseFormat,
+                0b0110_0000 => KKTStatus::InvalidSignature,
+                0b1000_0000 => KKTStatus::UnsupportedCiphersuite,
+                0b1010_0000 => KKTStatus::UnsupportedKKTVersion,
+                0b1100_0000 => KKTStatus::InvalidKey,
+                0b1110_0000 => KKTStatus::Timeout,
                 _ => {
                     return Err(KKTError::FrameDecodingError {
                         info: format!(
                             "Header - Invalid KKT Status: {}",
-                            header_bytes[1] & 0b111_000_00
+                            header_bytes[1] & 0b1110_0000
                         ),
-                    })
+                    });
                 }
             };
 
-            let role = match header_bytes[1] & 0b000_000_11 {
+            let role = match header_bytes[1] & 0b0000_0011 {
                 0 => KKTRole::Initiator,
                 1 => KKTRole::Responder,
                 2 => KKTRole::AnonymousInitiator,
                 _ => {
                     return Err(KKTError::FrameDecodingError {
                         info: format!(
                             "Header - Invalid KKT Role: {}",
-                            header_bytes[1] & 0b000_000_11
+                            header_bytes[1] & 0b0000_0011
                         ),
-                    })
+                    });
                 }
             };
 
-            let mode = match (header_bytes[1] & 0b000_111_00) >> 2 {
+            let mode = match (header_bytes[1] & 0b0001_1100) >> 2 {
                 0 => KKTMode::OneWay,
                 1 => KKTMode::Mutual,
                 _ => {
                     return Err(KKTError::FrameDecodingError {
                         info: format!(
                             "Header - Invalid KKT Mode: {}",
-                            (header_bytes[1] & 0b000_111_00) >> 2
+                            (header_bytes[1] & 0b0001_1100) >> 2
                         ),
-                    })
+                    });
                 }
             };
 
             Ok(KKTContext {
                 version: kkt_version,
-                status: status,
-                mode: mode,
-                role: role,
+                status,
+                mode,
+                role,
                 ciphersuite: Ciphersuite::decode(&header_bytes[2..6])?,
                 message_sequence: message_sequence_counter,
             })
 
@@ -39,14 +39,9 @@ pub enum KKTError {
 
     #[error("{}", info)]
     X25519Error { info: &'static str },
-    // #[error("Protocol did not complete")]
-    // ProtocolError,
 
-    // #[error("encountered an IO error: {0}")]
-    // IoError(#[from] io::Error),s
-
-    // #[error("Handshake timeout")]
-    // HandshakeTimeout(#[from] tokio::time::error::Elapsed),
+    #[error("Generic libcrux error")]
+    LibcruxError,
 }
 
 impl From<libcrux_kem::Error> for KKTError {
@@ -84,7 +79,7 @@ impl From<libcrux_ecdh::Error> for KKTError {
             libcrux_ecdh::Error::InvalidPoint => KKTError::KEMError {
                 info: "Invalid Remote Public Key",
             },
-            _ => todo!(),
+            _ => KKTError::LibcruxError,
         }
     }
 }
@@ -7,10 +7,8 @@
 // [2..=5] => Ciphersuite
 // [6] => Reserved
 
-use nym_crypto::asymmetric::x25519::PublicKey;
-
 use crate::{
-    context::{KKTContext, KKT_CONTEXT_LEN},
+    context::{KKT_CONTEXT_LEN, KKTContext},
     error::KKTError,
 };
 
@@ -37,27 +35,27 @@ impl KKTFrame {
             signature: Vec::from(signature),
         }
     }
-    pub fn context_ref<'a>(&'a self) -> &'a [u8] {
+    pub fn context_ref(&self) -> &[u8] {
         &self.context
     }
-    pub fn signature_ref<'a>(&'a self) -> &'a [u8] {
+    pub fn signature_ref(&self) -> &[u8] {
         &self.signature
     }
-    pub fn body_ref<'a>(&'a self) -> &'a [u8] {
+    pub fn body_ref(&self) -> &[u8] {
         &self.body
     }
 
-    pub fn session_id_ref<'a>(&'a self) -> &'a [u8] {
+    pub fn session_id_ref(&self) -> &[u8] {
         &self.session_id
     }
-    pub fn signature_mut<'a>(&'a mut self) -> &'a mut [u8] {
+    pub fn signature_mut(&mut self) -> &mut [u8] {
         &mut self.signature
     }
-    pub fn body_mut<'a>(&'a mut self) -> &'a mut [u8] {
+    pub fn body_mut(&mut self) -> &mut [u8] {
         &mut self.body
     }
 
-    pub fn session_id_mut<'a>(&'a mut self) -> &'a mut [u8] {
+    pub fn session_id_mut(&mut self) -> &mut [u8] {
         &mut self.session_id
     }
 
@@ -76,13 +74,13 @@ impl KKTFrame {
 
     pub fn from_bytes(bytes: &[u8]) -> Result<(Self, KKTContext), KKTError> {
         if bytes.len() < KKT_CONTEXT_LEN {
-            return Err(KKTError::FrameDecodingError {
+            Err(KKTError::FrameDecodingError {
                 info: format!(
                     "Frame is shorter than expected context length: actual {} != expected {}",
                     bytes.len(),
                     KKT_CONTEXT_LEN
                 ),
-            });
+            })
         } else {
             let context_bytes = Vec::from(&bytes[0..KKT_CONTEXT_LEN]);
 
@@ -118,29 +116,14 @@ impl KKTFrame {
                     context,
                 ))
             } else {
-                return Err(KKTError::FrameDecodingError {
+                Err(KKTError::FrameDecodingError {
                     info: format!(
                         "Frame is shorter than expected: actual {} != expected {}",
                         bytes.len(),
                         context.full_message_len()
                     ),
-                });
+                })
             }
         }
     }
 }
-
-pub struct EncryptedKKTRequest {
-    ephermeral_key: PublicKey,
-    body: Vec<u8>,
-}
-impl EncryptedKKTRequest {
-    pub fn to_bytes(mut self) -> Vec<u8> {
-        self.body.extend(self.ephermeral_key.to_bytes());
-        self.body
-    }
-}
-
-pub struct EncryptedKKTResponse {
-    body: Vec<u8>,
-}
@@ -4,7 +4,7 @@ use crate::{
 };
 
 use classic_mceliece_rust::keypair_boxed;
-use libcrux_kem::{key_gen, Algorithm};
+use libcrux_kem::{Algorithm, key_gen};
 
 use libcrux_sha3;
 use rand::{CryptoRng, RngCore};
@@ -55,13 +55,13 @@ pub fn hash_key_bytes(
             hasher.reset();
         }
         HashFunction::SHAKE256 => {
-            libcrux_sha3::shake256_ema(&mut hashed_key, &key_bytes);
+            libcrux_sha3::shake256_ema(&mut hashed_key, key_bytes);
         }
         HashFunction::SHAKE128 => {
-            libcrux_sha3::shake128_ema(&mut hashed_key, &key_bytes);
+            libcrux_sha3::shake128_ema(&mut hashed_key, key_bytes);
         }
         HashFunction::SHA256 => {
-            libcrux_sha3::sha256_ema(&mut hashed_key, &key_bytes);
+            libcrux_sha3::sha256_ema(&mut hashed_key, key_bytes);
         }
     }
 
@@ -103,5 +103,5 @@ pub fn hash_encapsulation_key(
     hash_length: usize,
     encapsulation_key: &[u8],
 ) -> Vec<u8> {
-    hash_key_bytes(hash_function, hash_length, &encapsulation_key)
+    hash_key_bytes(hash_function, hash_length, encapsulation_key)
 }
Original file line number	Diff line number	Diff line change
`@@ -39,14 +39,9 @@ pub enum KKTError {`
`39`	`39`
`40`	`40`	`#[error("{}", info)]`
`41`	`41`	`X25519Error { info: &'static str },`
`42`		`- // #[error("Protocol did not complete")]`
`43`		`- // ProtocolError,`
`44`	`42`
`45`		`- // #[error("encountered an IO error: {0}")]`
`46`		`- // IoError(#[from] io::Error),s`
`47`		`-`
`48`		`- // #[error("Handshake timeout")]`
`49`		`- // HandshakeTimeout(#[from] tokio::time::error::Elapsed),`
	`43`	`+ #[error("Generic libcrux error")]`
	`44`	`+ LibcruxError,`
`50`	`45`	`}`
`51`	`46`
`52`	`47`	`impl From<libcrux_kem::Error> for KKTError {`
`@@ -84,7 +79,7 @@ impl From<libcrux_ecdh::Error> for KKTError {`
`84`	`79`	`libcrux_ecdh::Error::InvalidPoint => KKTError::KEMError {`
`85`	`80`	`info: "Invalid Remote Public Key",`
`86`	`81`	`},`
`87`		`- _ => todo!(),`
	`82`	`+ _ => KKTError::LibcruxError,`
`88`	`83`	`}`
`89`	`84`	`}`
`90`	`85`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ use crate::{`
`4`	`4`	`};`
`5`	`5`
`6`	`6`	`use classic_mceliece_rust::keypair_boxed;`
`7`		`-use libcrux_kem::{key_gen, Algorithm};`
	`7`	`+use libcrux_kem::{Algorithm, key_gen};`
`8`	`8`
`9`	`9`	`use libcrux_sha3;`
`10`	`10`	`use rand::{CryptoRng, RngCore};`
`@@ -55,13 +55,13 @@ pub fn hash_key_bytes(`
`55`	`55`	`hasher.reset();`
`56`	`56`	`}`
`57`	`57`	`HashFunction::SHAKE256 => {`
`58`		`- libcrux_sha3::shake256_ema(&mut hashed_key, &key_bytes);`
	`58`	`+ libcrux_sha3::shake256_ema(&mut hashed_key, key_bytes);`
`59`	`59`	`}`
`60`	`60`	`HashFunction::SHAKE128 => {`
`61`		`- libcrux_sha3::shake128_ema(&mut hashed_key, &key_bytes);`
	`61`	`+ libcrux_sha3::shake128_ema(&mut hashed_key, key_bytes);`
`62`	`62`	`}`
`63`	`63`	`HashFunction::SHA256 => {`
`64`		`- libcrux_sha3::sha256_ema(&mut hashed_key, &key_bytes);`
	`64`	`+ libcrux_sha3::sha256_ema(&mut hashed_key, key_bytes);`
`65`	`65`	`}`
`66`	`66`	`}`
`67`	`67`
`@@ -103,5 +103,5 @@ pub fn hash_encapsulation_key(`
`103`	`103`	`hash_length: usize,`
`104`	`104`	`encapsulation_key: &[u8],`
`105`	`105`	`) -> Vec<u8> {`
`106`		`- hash_key_bytes(hash_function, hash_length, &encapsulation_key)`
	`106`	`+ hash_key_bytes(hash_function, hash_length, encapsulation_key)`
`107`	`107`	`}`