Closed chris-wood closed 3 years ago
Looks good. New test vectors pass for BoringSSL's C and BoGo implementations. Note that we only implement the SetupBase and SetupPSK functions, and only support DHKEM(X25519, HKDF-SHA256).
I can confirm: the new vectors pass in NSS as well ([SetupBase*
, SetupPSK*
] with DHKEM(X25519, HKDF-SHA256)
and [ChaCha20Poly1305
, AES-128-GCM
]. Thanks!
Does not validate against rust-hpke. The newest changes to the spec remove the space after the RFC label, i.e., it's now HPKE-06 with no trailing space.
Great catch! Fixed. @dmcardle, @kjacobs-moz, can you please try again?
Yikes, I should have caught that dropped space.
BoringSSL's Go and C implementations are passing again after (1) dropping the space from "HPKE-06 " and (2) replacing the "iv" label with "base_nonce".
Good catch indeed. All passing here with the updates.
Passes with rust-hpke
, which supports everything except for X448, P-384, and P-521
I think this catches everything, and should be the last update for the document. To the folks here: please check your implementation against the main branch of HPKE (and pending changes here) and shout if you see a discrepancy! 🙏
cc @dmcardle, @kevinjacobs, @rozbb, @kjacobs-moz, @blipp, @raphaelrobert, @fredericjacobs