[Dcrup] Re: [Editorial Errata Reported] RFC8463 (7930)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sat, 11 May 2024 05:07 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA4A3C169426 for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 22:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, URI_HEX=0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dukhovni.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 66WY7zkU4l5t for <dcrup@ietfa.amsl.com>; Fri, 10 May 2024 22:07:38 -0700 (PDT)
Received: from chardros.imrryr.org (chardros.imrryr.org [144.6.86.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C95A0C151088 for <dcrup@ietf.org>; Fri, 10 May 2024 22:07:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dukhovni.org; i=@dukhovni.org; q=dns/txt; s=f8320d6e; t=1715404087; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to : from; bh=wJlWfiPCpia6IrVw8FHbazGo1lFJSm9mh4+aTValXL0=; b=ojdM2SELqfoJEtSfbUDVbQFeZ5+cCc4xTPOeOUmgbCAnAgk8gxj3Y+IAqcnTn43oU8A1i Oai2t3jzOaTaVL/LSigRVtt3fa8myh+FejIrV+Bo3tMIH9eyA9PP0e++7EPvmrXbitTt6oj Ahj5rJvxnWiTCbIHVkALQLwDG3bIucs=
Received: by chardros.imrryr.org (Postfix, from userid 1000) id 136388DF27A; Sat, 11 May 2024 01:08:07 -0400 (EDT)
Date: Sat, 11 May 2024 01:08:07 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: dcrup@ietf.org
Message-ID: <Zj79NxPmqtBwp-6r@chardros.imrryr.org>
References: <20240509203958.F19D933CD1@rfcpa.amsl.com> <55570A01-CF1B-4D47-B74A-D3BDBDD2E65E@amsl.com> <CAN8C-_KycC_9g5Tviawp8P4YDqzHAptzTiw=i10QhL9JtWouug@mail.gmail.com> <CAL0qLwZ0KYzbMRVfizwc4uKZEVN19C4UoWj8=pK5viT2i4PW+w@mail.gmail.com> <20240510223917.mvkXC0XH@steffen%sdaoden.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20240510223917.mvkXC0XH@steffen%sdaoden.eu>
Message-ID-Hash: VF4YKKHEVWG4GPM54IWSQKL5XPH4DWMC
X-Message-ID-Hash: VF4YKKHEVWG4GPM54IWSQKL5XPH4DWMC
X-MailFrom: ietf-dane@dukhovni.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dcrup.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: steffen@sdaoden.eu
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Dcrup] Re: [Editorial Errata Reported] RFC8463 (7930)
List-Id: DKIM Crypto Update <dcrup.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/Q4rzuQZkFTSXBc7RoWvSZ5Beh1U>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Owner: <mailto:dcrup-owner@ietf.org>
List-Post: <mailto:dcrup@ietf.org>
List-Subscribe: <mailto:dcrup-join@ietf.org>
List-Unsubscribe: <mailto:dcrup-leave@ietf.org>

On Sat, May 11, 2024 at 12:39:17AM +0200, Steffen Nurpmeso wrote:

> Here is key and data
> 
> cat <<'_EOT' | python3 rfc8032-ed25519.py
> nWGxne/9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A=
> ZnJvbTpKb2UgU2l4UGFjayA8am9lQGZvb3RiYWxsLmV4YW1wbGUuY29tPg0KdG86U3V6aWUgUSA8c3V6aWVAc2hvcHBpbmcuZXhhbXBsZS5uZXQ+DQpzdWJqZWN0OklzIGRpbm5lciByZWFkeT8NCmRhdGU6RnJpLCAxMSBKdWwgMjAwMyAyMTowMDozNyAtMDcwMCAoUERUKQ0KbWVzc2FnZS1pZDo8MjAwMzA3MTIwNDAwMzcuNDYzNDEuNUY4SkBmb290YmFsbC5leGFtcGxlLmNvbT4NCmRraW0tc2lnbmF0dXJlOnY9MTsgYT1lZDI1NTE5LXNoYTI1NjsgYz1yZWxheGVkL3JlbGF4ZWQ7IGQ9Zm9vdGJhbGwuZXhhbXBsZS5jb207IGk9QGZvb3RiYWxsLmV4YW1wbGUuY29tOyBxPWRucy90eHQ7IHM9YnJpc2JhbmU7IHQ9MTUyODYzNzkwOTsgaD1mcm9tIDogdG8gOiBzdWJqZWN0IDogZGF0ZSA6IG1lc3NhZ2UtaWQgOiBmcm9tIDogc3ViamVjdCA6IGRhdGU7IGJoPTJqVVNPSDlOaHRWR0NRV05yOUJySUFQcmVLUWpPNlNuN1hJa2ZKVk96djg9OyBiPQ==
> _EOT

Perhaps you failed to hash the data with SHA256 prior to passing it to
PureEdDSA (Ed25519) for signing.  The signature input should be the raw
binary data hash, whose hex dump is below:

    $ printf "%s\n" 'ZnJvbTpKb2UgU2l4UGFjayA8am9lQGZvb3RiYWxsLmV4YW1wbGUuY29tPg0KdG86U3V6aWUgUSA8c3V6aWVAc2hvcHBpbmcuZXhhbXBsZS5uZXQ+DQpzdWJqZWN0OklzIGRpbm5lciByZWFkeT8NCmRhdGU6RnJpLCAxMSBKdWwgMjAwMyAyMTowMDozNyAtMDcwMCAoUERUKQ0KbWVzc2FnZS1pZDo8MjAwMzA3MTIwNDAwMzcuNDYzNDEuNUY4SkBmb290YmFsbC5leGFtcGxlLmNvbT4NCmRraW0tc2lnbmF0dXJlOnY9MTsgYT1lZDI1NTE5LXNoYTI1NjsgYz1yZWxheGVkL3JlbGF4ZWQ7IGQ9Zm9vdGJhbGwuZXhhbXBsZS5jb207IGk9QGZvb3RiYWxsLmV4YW1wbGUuY29tOyBxPWRucy90eHQ7IHM9YnJpc2JhbmU7IHQ9MTUyODYzNzkwOTsgaD1mcm9tIDogdG8gOiBzdWJqZWN0IDogZGF0ZSA6IG1lc3NhZ2UtaWQgOiBmcm9tIDogc3ViamVjdCA6IGRhdGU7IGJoPTJqVVNPSDlOaHRWR0NRV05yOUJySUFQcmVLUWpPNlNuN1hJa2ZKVk96djg9OyBiPQ==' |
        openssl base64 -A -d |
        openssl dgst -sha256 -binary |
        xxd -p -c64
    48ce9a2c710ece1710ff156996b836a7f45470e43efe5643074d6e1690ed62e7

When I fail to hash the data, the signature I obtain is:

    QGeDV9CRdXSybek0z54GoycZ4/kl1PsNnGoOsCZ0ZOOwiGYFE8Ft0SZpy1XLW/fw
    lwNFC1k6VaxsnQAH8+9cAA==

which mathes your proposed erratum.  Mystery solved.

-- 
    Viktor.