From c6ac0040df8e14e2d5f884f0c5a67cb1fac7ed45 Mon Sep 17 00:00:00 2001
From: Orie Steele <orie@transmute.industries>
Date: Sun, 26 May 2024 13:07:55 -0500
Subject: [PATCH] Add requested kem id making suite_id less wrong

---
 src/cose/encrypt/hpke/direct.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/cose/encrypt/hpke/direct.ts b/src/cose/encrypt/hpke/direct.ts
index 474b032..1c4fafe 100644
--- a/src/cose/encrypt/hpke/direct.ts
+++ b/src/cose/encrypt/hpke/direct.ts
@@ -90,7 +90,7 @@ const Extract = async (salt: Uint8Array, ikm: Uint8Array) => {
 
 const suite_id = Buffer.concat([
   Buffer.from('HPKE'),
-  Buffer.from(i2Osp(0xFFFF, 2)), // 🔥 Not a real kem id  🔥
+  Buffer.from(i2Osp(0x0070, 2)), // 🔥 not registered, but requested in https://datatracker.ietf.org/doc/html/draft-connolly-cfrg-hpke-mlkem-00#name-encap-and-decap
   Buffer.from(i2Osp(0x0001, 2)), // HKDF-SHA256, 32
   Buffer.from(i2Osp(0x0001, 2))  // AES-128-GCM
 ])
@@ -134,7 +134,7 @@ const ExtractAndExpand = async (ss: Uint8Array, ct: Uint8Array) => {
   return shared_secret
 }
 
-// 🔥 This is wrong.
+// 🔥 This relies on unregistered code points.
 // need to follow https://datatracker.ietf.org/doc/html/draft-connolly-cfrg-hpke-mlkem-00#name-encap-and-decap
 const sharedSecretToContentEncryptionKey = async (ss: Uint8Array, ct: Uint8Array) => {
   return ExtractAndExpand(ss, ct)