[CFRG] [Technical Errata Reported] RFC9180 (7937)

RFC Errata System <rfc-editor@rfc-editor.org> Mon, 13 May 2024 20:18 UTC

Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36F9DC1840E0; Mon, 13 May 2024 13:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.647
X-Spam-Level:
X-Spam-Status: No, score=-6.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CTE_8BIT_MISMATCH=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHK9kdtw_lFr; Mon, 13 May 2024 13:18:50 -0700 (PDT)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8D0CC151992; Mon, 13 May 2024 13:18:50 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id BB1FA4DF2C9; Mon, 13 May 2024 13:18:50 -0700 (PDT)
To: rlb@ipv.sx, karthikeyan.bhargavan@inria.fr, ietf@benjaminlipp.de, caw@heapingbits.net, irsg@irtf.org, cfrg@irtf.org
From: RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20240513201850.BB1FA4DF2C9@rfcpa.amsl.com>
Date: Mon, 13 May 2024 13:18:50 -0700
Message-ID-Hash: NN6JMXB7NH4ABS35GYPF64D47I2VJSDR
X-Message-ID-Hash: NN6JMXB7NH4ABS35GYPF64D47I2VJSDR
X-MailFrom: wwwrun@rfcpa.amsl.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: raul@guardedbox.es, rfc-editor@rfc-editor.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] [Technical Errata Reported] RFC9180 (7937)
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/4e4AA0tUJ5BhP82S7HT3qmOdSHk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

The following errata report has been submitted for RFC9180,
"Hybrid Public Key Encryption".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7937

--------------------------------------
Type: Technical
Reported by: Raul Siles <raul@guardedbox.es>

Section: 7.1.3

Original Text
-------------
- Section 7.1.3:

For X25519 and X448, the DeriveKeyPair() function applies 
a KDF to the input:

<function()>


Corrected Text
--------------
For X25519 and X448, the DeriveKeyPair() function applies 
a KDF to the input:

<function()>

The suite_id used implicitly in LabeledExtract() and LabeledExpand()
for DeriveKeyPair(ikm) is derived from the KEM identifier of the 
DHKEM in use (see section 7.1), that is, based on the type of key 
pair been generated for that DHKEM type.

Notes
-----
RFC 9180 dos not specify all the internal values for LabeledExtract(…) and LabeledExpand(…) for DeriveKeyPair(ikm), specifically the suite_id value. These values are required to standardise the DeriveKeyPair(ikm) function, as it is reference in other IETF drafts, such as https://www.ietf.org/archive/id/draft-westerbaan-cfrg-hpke-xyber768d00-02.html#name-derivekeypair-2, and because it is also used in the RFC 9180 KATs: see Appendix A.

Instructions:
-------------
This erratum is currently posted as "Reported". (If it is spam, it 
will be removed shortly by the RFC Production Center.) Please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
will log in to change the status and edit the report, if necessary.

--------------------------------------
RFC9180 (draft-irtf-cfrg-hpke-12)
--------------------------------------
Title               : Hybrid Public Key Encryption
Publication Date    : February 2022
Author(s)           : R. Barnes, K. Bhargavan, B. Lipp, C. Wood
Category            : INFORMATIONAL
Source              : Crypto Forum Research Group
Stream              : IRTF
Verifying Party     : IRSG