Re: [Cfrg] hpke which HKDF to use for eae_prk?

Christopher Wood <caw@heapingbits.net> Thu, 20 August 2020 18:44 UTC

Return-Path: <caw@heapingbits.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFAA33A1302 for <cfrg@ietfa.amsl.com>; Thu, 20 Aug 2020 11:44:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=heapingbits.net header.b=0y42WIE2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ZENFQEq9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RgDibSGxBeHE for <cfrg@ietfa.amsl.com>; Thu, 20 Aug 2020 11:44:11 -0700 (PDT)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E51843A13D5 for <cfrg@irtf.org>; Thu, 20 Aug 2020 11:44:10 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 74AD0E7C for <cfrg@irtf.org>; Thu, 20 Aug 2020 14:44:10 -0400 (EDT)
Received: from imap4 ([10.202.2.54]) by compute1.internal (MEProxy); Thu, 20 Aug 2020 14:44:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heapingbits.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm2; bh=V531S+AP2q20LPyBFGYqal78mq63rgX +PqJ5OsG+6kE=; b=0y42WIE2mJgvA2MypYMppgEGzcZQXqL2ruY2FJNbjUktH+s 7jNbVzsY/1uEVpXqbGjydAech398JhBGo3U5HD8Gzf91mI7fhoAQyPuQ6M711TUg 2943soz4Evz7+qzwNYJNVo0fw990SAuHfufSIWjqPc6bRTDfoElWuLbT1krthbLK oIWmB3iksMbid6nnzpYVOVke/Uj4u6dJixEzTcxisu4YUXO3UKd0HN54DoAaakdZ QY3bpOUYySVZGs39uC6RuJ6vZhVFaapWVPZ8OkdePuNonrCQ9ZdYeFtm0T3fW/EG x0r75KP0O7ct7kwbi1ChqB71m32VANs8EEg/dPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=V531S+ AP2q20LPyBFGYqal78mq63rgX+PqJ5OsG+6kE=; b=ZENFQEq9vjjONlYU768Ozo StkMVHwDpV+VWYSWercKn9uQPDOES0xZk5Ycf7BKN9sSIaQ9hf9tnq+XOum2P54a RM+XndV0lFQGF61w1xzkPYkXDg4WKQAoLmrd/L7CCDR8p4QV/JkYr2dofW8CWDcN YLBo+iUjLRy14CRrfvS+/37xvi0UQgvmg8aQokawhuS3W4GGixyfC9JuTK/1SQ5b 3dcHJqkvUG0lch4sD/xlS9E3cMT9jh4s5+KCwHc0MfsTgfSILqd3mjBEW7s4H8zw SVxrPmWoFgmSOHuMGx6K5xla+UIOUCsmt0cz8REqTmIPit3fQUDDOAQMdDufJO4Q ==
X-ME-Sender: <xms:ecQ-X1c-iA16cx5A6AvogTgEiI9c2-K9MptMeJOnB8qCxPbDeMpAMg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddutddgjeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfvehhrhhishhtohhphhgvrhcuhghoohgufdcuoegtrgif sehhvggrphhinhhgsghithhsrdhnvghtqeenucggtffrrghtthgvrhhnpeduffeitddutd etgfegfeekgedvkeelvdeiiedtjeetteeuvdejveelleeltedtheenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegtrgifsehhvggrphhinhhgsg hithhsrdhnvght
X-ME-Proxy: <xmx:ecQ-XzPRLl2lMyITROTmWGsfaXgo8XwNm7phltRgT5humk1px5XTtQ> <xmx:ecQ-X-g8R8lPY3N-vth4Pcb4_36b4YlZRcbsaF7YiBZ5XyYdji87iw> <xmx:ecQ-X-_K0E756ddXX-X8wHfIGVcxkwpItOc14pqf9IQ_o6Mkcr83bA> <xmx:esQ-X6PVbLzs9BJPkDq4ITabu0HNTcf0MYBpS2XDirs953XhaelXpg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id D2FCD3C00A1; Thu, 20 Aug 2020 14:44:09 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-214-g5a29d88-fm-20200818.002-g5a29d882
Mime-Version: 1.0
Message-Id: <c20f1ac5-0cbd-441a-802d-3fe9baa287f7@www.fastmail.com>
In-Reply-To: <CAL02cgQ1t6crqWno5=iYGjHutX6JqWYVd4Pk7U=wt9zAbz44RQ@mail.gmail.com>
References: <5b60132e-945c-a769-1679-93e0070b1343@cs.tcd.ie> <CAL02cgQ1t6crqWno5=iYGjHutX6JqWYVd4Pk7U=wt9zAbz44RQ@mail.gmail.com>
Date: Thu, 20 Aug 2020 11:43:49 -0700
From: Christopher Wood <caw@heapingbits.net>
To: cfrg@irtf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/7Jj9iSUGeYYFlK7yYyMGYnsNW68>
Subject: Re: [Cfrg] hpke which HKDF to use for eae_prk?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2020 18:44:16 -0000

On Thu, Aug 20, 2020, at 11:42 AM, Richard Barnes wrote:
> I think the spec is right here.  The DHKEM instances are defined with a 
> curve and a KEM, so assuming your descriptor 
> "x25519,hkdf-sha512,aesgcm128" is meant to be "KEM,KDF,AEAD", it's 
> either incomplete or it represents a DHKEM instance that isn't defined 
> in the document.  In the schemes in the document, the KDF in DHKEM is 
> matched to the size of the curve, so x25519 goes with SHA-256.  
> 
> The current test vectors wouldn't catch this misunderstanding, though, 
> so maybe it would be worth adding a case.

+1 -- we can add one such variant to the set of test vectors.

Best,
Chris