Hide algorithm name constant

3 files changed, 14 insertions, 6 deletions

diff --git a/talpid-tunnel-config-client/src/hqc.rs b/talpid-tunnel-config-client/src/hqc.rs
index 37e382ed21..36a692c1c0 100644
--- a/talpid-tunnel-config-client/src/hqc.rs
+++ b/talpid-tunnel-config-client/src/hqc.rs
@@ -2,7 +2,7 @@ use pqcrypto_hqc::hqc256;
 use pqcrypto_traits::kem::{Ciphertext as _, PublicKey as _, SharedSecret as _};
 use sha2::{Digest as _, Sha256};
 
-pub const ALGORITHM_NAME: &str = "HQC-256";
+const ALGORITHM_NAME: &str = "HQC-256";
 
 pub struct Keypair {
     public_key: hqc256::PublicKey,
@@ -17,6 +17,10 @@ impl Keypair {
         self.public_key.as_bytes().to_vec()
     }
 
+    pub fn algorithm_name(&self) -> &'static str {
+        ALGORITHM_NAME
+    }
+
     /// Decapsulates a shared secret that was encapsulated to our encapsulation key.
     ///
     // Always inline in order to try to avoid potential copies of `shared_secret` to multiple places
@@ -28,7 +32,7 @@ impl Keypair {
     pub fn decapsulate(&self, ciphertext_slice: &[u8]) -> Result<[u8; 32], super::Error> {
         let ciphertext = hqc256::Ciphertext::from_bytes(ciphertext_slice).map_err(|_| {
             super::Error::InvalidCiphertextLength {
-                algorithm: ALGORITHM_NAME,
+                algorithm: self.algorithm_name(),
                 actual: ciphertext_slice.len(),
                 expected: hqc256::ciphertext_bytes(),
             }
diff --git a/talpid-tunnel-config-client/src/lib.rs b/talpid-tunnel-config-client/src/lib.rs
index 0c5e02bddf..5c5f423790 100644
--- a/talpid-tunnel-config-client/src/lib.rs
+++ b/talpid-tunnel-config-client/src/lib.rs
@@ -236,11 +236,11 @@ fn post_quantum_secrets() -> (PostQuantumRequestV1, (ml_kem::Keypair, hqc::Keypa
         proto::PostQuantumRequestV1 {
             kem_pubkeys: vec![
                 proto::KemPubkeyV1 {
-                    algorithm_name: ml_kem::ALGORITHM_NAME.to_owned(),
+                    algorithm_name: ml_kem_keypair.algorithm_name().to_owned(),
                     key_data: ml_kem_keypair.encapsulation_key(),
                 },
                 proto::KemPubkeyV1 {
-                    algorithm_name: hqc::ALGORITHM_NAME.to_owned(),
+                    algorithm_name: hqc_keypair.algorithm_name().to_owned(),
                     key_data: hqc_keypair.encapsulation_key(),
                 },
             ],
diff --git a/talpid-tunnel-config-client/src/ml_kem.rs b/talpid-tunnel-config-client/src/ml_kem.rs
index 5cf101107c..29ee919f45 100644
--- a/talpid-tunnel-config-client/src/ml_kem.rs
+++ b/talpid-tunnel-config-client/src/ml_kem.rs
@@ -4,7 +4,7 @@ use ml_kem::{Ciphertext, EncodedSizeUser, KemCore, MlKem1024, MlKem1024Params};
 
 /// Use the strongest variant of ML-KEM. It is fast and the keys are small, so there is no practical
 /// benefit of going with anything lower. The servers also only supports the strongest variant.
-pub const ALGORITHM_NAME: &str = "ML-KEM-1024";
+const ALGORITHM_NAME: &str = "ML-KEM-1024";
 
 /// The number of bytes in an ML-KEM 1024 ciphertext.
 const CIPHERTEXT_LEN: usize = <MlKem1024 as KemCore>::CiphertextSize::USIZE;
@@ -22,6 +22,10 @@ impl Keypair {
         self.encapsulation_key.as_bytes().as_slice().to_vec()
     }
 
+    pub fn algorithm_name(&self) -> &'static str {
+        ALGORITHM_NAME
+    }
+
     /// Decapsulates a shared secret that was encapsulated to our encapsulation key.
     ///
     // Always inline in order to try to avoid potential copies of `shared_secret` to multiple places
@@ -36,7 +40,7 @@ impl Keypair {
         let ciphertext_array =
             <Ciphertext<MlKem1024>>::try_from(ciphertext_slice).map_err(|_| {
                 super::Error::InvalidCiphertextLength {
-                    algorithm: ALGORITHM_NAME,
+                    algorithm: self.algorithm_name(),
                     actual: ciphertext_slice.len(),
                     expected: CIPHERTEXT_LEN,
                 }