RFC Errata


Errata Search
 
Source of RFC  
Summary Table Full Records

Found 3 records.

Status: Reported (3)

RFC 8702, "Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)", January 2020

Source of RFC: lamps (sec)

Errata ID: 6188
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: Panos Kampanakis
Date Reported: 2020-05-26

Section 3.4 says: 

When calculating the KMAC output, the variable N is 0xD2B282C2, S is
an empty string, and L (the integer representing the requested output
length in bits) is 256 or 512 for KmacWithSHAKE128 or
KmacWithSHAKE256, respectively, in this specification.

It should say:

When calculating the KMAC output, the variable N is “KMAC” as defined 
in NIST SP800-185, S is an empty string, and L (the integer 
representing the requested output length in bits) is 256 or 512 for 
KmacWithSHAKE128 or KmacWithSHAKE256, respectively, in this 
specification.

Notes:

The originally described 0xD2B282C2 is the hex value of the binary representation (LSB first) of the string "KMAC" as defined in SP800-185. As it was pointed out to us, that representation was confusing and incorrect because NIST's KAT values include "KMAC" in hex format. Showing "KMAC" in binary (LSB first) is different than showing it in hex (MSB first). So, it is more accurate to keep the text generic as "KMAC" and point implementers to SP800-185.

Errata ID: 7276
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Russ Housley
Date Reported: 2022-12-15

Throughout the document, when it says: 

... id-KmacWithSHAKE128 ...

... id-KmacWithSHAKE256 ...

It should say:

... id-KMACWithSHAKE128 ...

... id-KMACWithSHAKE256 ...

Notes:

The ASN.1 Module in RFC 8702 defines id-KMACWithSHAKE128 and id-KMACWithSHAKE256, but the body of the document uses "Kmac" instead of "KMAC". The different spelling appears in many places in the document.

Errata ID: 7288
Status: Reported
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: David Ireland
Date Reported: 2022-12-26

Section 3.4 says: 

If absent, the SHAKE256 output length used in KMAC is 
32 or 64 bytes, respectively,

It should say:

If absent, the SHAKE128 or SHAKE256 output length 
used in KMAC is 32 or 64 bytes, respectively,

Notes:

The adverb 'Respectively' requires two parallel structures. SHAKE128=>32, SHAKE256=>64.

Report New Errata



Advanced Search