Closed kc2rxo closed 1 year ago
Looks like this is still left hanging. We can keep it as is or do we have a preference to change it?
First per SP800-185 pg 7, "L" (the 2nd argument) is in bits, not bytes. So
cSHAKE128(ASTM Message, 64, "", "Remote ID Auth Hash")
Then, "Remote ID Auth Hash" is a perfectly good value of "S", the customization bit string. Though sometimes a bit representation is provided so there are no mistakes. Take, pg 10 in above for KMAC:
N ="KMAC" = 11010010 10110010 10000010 11000010
Presenting in hex is also acceptable so it is not too long. Thus there is no question of the text to bit encoding rules.
Finally, replace:
Informative Note: [RFC9374] specifies cSHAKE128 but is open for
the expansion of other OGAs.
with
Informative Note: For OGAs other than "5" [RFC9374], use the construct
appropriate for the associated hash. e.g. for "2" which is ECDSA/SHA-384:
Ltrunc( SHA-384( ASTM Message | "Remote ID Auth Hash" ), 8 )
Added in -35
There is a comment in the document asking the following question about the cSHAKE hash use.
Should the cSHAKE string be: