version 1 .

; Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s, just like Wireguard
; Noise_NKpsk2_25519_ChaChaPoly_BLAKE2s

; - ephemeral public keys are 32 bytes
; - pre-shared-keys (PSKs) are 32 bytes
; - authentication tags (on each AEAD encrypted payload) are 16 bytes each

; IKpsk2:
;   <- s                    (for us, the object's static key is in the cap ref)
;   ...
;   -> e, es, s, ss
;   <- e, ee, se, psk
;
; NKpsk2:
;   <- s                    (for us, the object's static key is in the cap ref)
;   ...
;   -> e, es
;   <- e, ee, psk

; Assertion. Handshake is an ephemeral public key followed by either an encrypted public-key
; (IK) or an encrypted empty payload (NK).
Connect = <connect @handshake bytes @initiatorSession #!any> .

; Assertion (to initiatorSession). Handshake is an encrypted ephemeral public key followed by a
; (differently-)encrypted PSK (which may be all zeros when no PSK is relevant).
Accept = <accept @handshake bytes @responderSession #!any> .