Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design

Ilari Liusvaara <ilariliusvaara@welho.com> Fri, 19 May 2023 20:18 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 655ADC14CE53 for <tls@ietfa.amsl.com>; Fri, 19 May 2023 13:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpD_9pHmxIFL for <tls@ietfa.amsl.com>; Fri, 19 May 2023 13:18:33 -0700 (PDT)
Received: from welho-filter2.welho.com (welho-filter2b.welho.com [83.102.41.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13F1EC14CF17 for <tls@ietf.org>; Fri, 19 May 2023 13:18:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 67DC83FE7C for <tls@ietf.org>; Fri, 19 May 2023 23:18:29 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id jgk1M7Wq6Y-T for <tls@ietf.org>; Fri, 19 May 2023 23:18:29 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-94-129-82.rev.dnainternet.fi [87.94.129.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 300107A for <tls@ietf.org>; Fri, 19 May 2023 23:18:28 +0300 (EEST)
Date: Fri, 19 May 2023 23:18:27 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <ZGfZk/g2Mk5duloh@LK-Perkele-VII2.locald>
References: <64C8E9BD-C183-4998-9A2A-F6B6EF0C9562@akamai.com> <2D86B93D-9694-4AF3-A5C8-F00477EAC0F0@heapingbits.net> <cfe445c5-14f6-0dbe-9b4c-e68c479a1e40@amongbytes.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <cfe445c5-14f6-0dbe-9b4c-e68c479a1e40@amongbytes.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/2TvrTk9kDHL5v0tXl6dH_0uphKk>
Subject: Re: [TLS] Consensus call on codepoint strategy for draft-ietf-tls-hybrid-design
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2023 20:18:37 -0000

On Fri, May 19, 2023 at 06:57:09PM +0100, Kris Kwiatkowski wrote:
> Hello,
> 
> The codepoint for P-256+Kyber768 has been just assigned by IANA. The value
> is 0x639A.
> Thanks Rich for pointing to the request form.

I get off-by-one for the sizes of key shares.

The given size of client key share seems to be size of kyber public key
plus 64 bytes, and given size of server key share seems to be the size
of kyber ciphertext plus 64 bytes.

However, the difference is stated to be UncompressedPointRepresentation
for P256 from TLS 1.3. AFACIT, that is 65 bytes (1 legacy_form byte,
32 bytes for x, 32 bytes for y).

So I get that the client share should be 1249 bytes (instead of 1248
bytes) and the server key share should be 1153 bytes (instead of 1152
bytes).

Obviously something is wrong somewhere, but where?




-Ilari