IETF Logo Mail Archive

Re: [CFRG] XDR in RFC8391

Carsten Bormann <cabo@tzi.org> Thu, 03 December 2020 07:38 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B9033A091B for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 23:38:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bsy0r7kjLnfD for <cfrg@ietfa.amsl.com>; Wed, 2 Dec 2020 23:38:24 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EF503A0913 for <cfrg@irtf.org>; Wed, 2 Dec 2020 23:38:23 -0800 (PST)
Received: from [192.168.217.118] (p548dca87.dip0.t-ipconnect.de [84.141.202.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Cmnkj45cHzySB; Thu, 3 Dec 2020 08:38:21 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <AM0PR10MB22748B771C4C8F22CB8DBA9B95F20@AM0PR10MB2274.EURPRD10.PROD.OUTLOOK.COM>
Date: Thu, 03 Dec 2020 08:38:21 +0100
Cc: "mcgrew@cisco.com" <mcgrew@cisco.com>, "cfrg@irtf.org" <cfrg@irtf.org>
X-Mao-Original-Outgoing-Id: 628673900.956704-1ee22f9809fa7046dfafa9a4146be070
Content-Transfer-Encoding: quoted-printable
Message-Id: <56ED105E-9796-4222-80B2-D5E234658B1A@tzi.org>
References: <VI1PR10MB22850F4780CA2E97A7EA18F795F30@VI1PR10MB2285.EURPRD10.PROD.OUTLOOK.COM> <0841B5BF-9D2D-4717-A001-FD27A75CFF73@cisco.com> <AM0PR10MB22748B771C4C8F22CB8DBA9B95F20@AM0PR10MB2274.EURPRD10.PROD.OUTLOOK.COM>
To: "Kretschmer, Andreas" <andreas.kretschmer@siemens.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/wS0X8KRT2-QJflRn9nii8DWaIxI>
Subject: Re: [CFRG] XDR in RFC8391
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 07:38:27 -0000

Indeed, the below expansion addresses the thinly documented fall-through, but not what actually should be in that signature.

> The meaning of the following snippet:
> 
>      union xmss_ots_signature switch (xmss_algorithm_type type) {
>        case xmss-sha2_10_256:
>        case xmss-sha2_16_256:
>        case xmss-sha2_20_256:
>          wotsp-sha2_256;
>      }
> Has the same meaning as
> 
>      union xmss_ots_signature switch (xmss_algorithm_type type) {
>        case xmss-sha2_10_256:
>          wotsp-sha2_256;
>        case xmss-sha2_16_256:
>          wotsp-sha2_256;
>        case xmss-sha2_20_256:
>          wotsp-sha2_256;
>      }

Note that wotsp-sha2_256 is defined here:

      enum ots_algorithm_type {
        wotsp_reserved  = 0x00000000,
        wotsp-sha2_256  = 0x00000001,
        wotsp-sha2_512  = 0x00000002,
        wotsp-shake_256 = 0x00000003,
        wotsp-shake_512 = 0x00000004,
      };

So wotsp-sha2_256 is an identifier for a value, not for a type.
(Even if it were a type, an identifier would need to follow it.)

xmss_ots_signature is then used here:

      /* XMSS signature structure */

      struct xmss_signature {
        /* WOTS+ key pair index */
        bytestring4 idx_sig;
        /* Random string for randomized hashing */
        random_string_xmss rand_string;
        /* WOTS+ signature */
        xmss_ots_signature sig_ots;
        /* authentication path */
        xmss_path nodes;
      };

Grüße, Carsten

v2.29.0 | Report a Bug | By Email | System Status