Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New MLS ciphersuites #3964

Merged
merged 29 commits into from
Apr 24, 2024
Merged

New MLS ciphersuites #3964

merged 29 commits into from
Apr 24, 2024

Conversation

pcapriotti
Copy link
Contributor

@pcapriotti pcapriotti commented Mar 19, 2024

Add support for more MLS ciphersuites:

  • MLS_128_DHKEMP256_AES128GCM_SHA256_P256
  • MLS_256_DHKEMP384_AES256GCM_SHA384_P384
  • MLS_256_DHKEMP521_AES256GCM_SHA512_P521

The latter is not yet supported in openmls, so it is currently untested.

https://wearezeta.atlassian.net/browse/WPB-7169

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@pcapriotti pcapriotti force-pushed the pcapriotti/new-mls-ciphersuites branch from e934b61 to 36b32d8 Compare March 19, 2024 08:56
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Mar 19, 2024
@pcapriotti pcapriotti force-pushed the pcapriotti/new-mls-ciphersuites branch from 5345f8f to d90d76c Compare April 5, 2024 07:57
@pcapriotti pcapriotti force-pushed the pcapriotti/new-mls-ciphersuites branch 4 times, most recently from 7e39139 to 9a43d6f Compare April 17, 2024 08:44
@pcapriotti pcapriotti force-pushed the pcapriotti/new-mls-ciphersuites branch from 89e05c7 to d670a4b Compare April 18, 2024 12:24
@pcapriotti pcapriotti marked this pull request as ready for review April 18, 2024 12:25
@pcapriotti pcapriotti force-pushed the pcapriotti/new-mls-ciphersuites branch from 81e3bee to ec3377e Compare April 18, 2024 13:24
integration/test/MLS/Util.hs Outdated Show resolved Hide resolved
integration/test/Testlib/Env.hs Outdated Show resolved Hide resolved
@pcapriotti pcapriotti merged commit f57321b into develop Apr 24, 2024
8 checks passed
@pcapriotti pcapriotti deleted the pcapriotti/new-mls-ciphersuites branch April 24, 2024 12:14
pcapriotti added a commit that referenced this pull request Apr 25, 2024
* Add one ECDSA ciphersuite

* Fix ECDSA signature decoding

* Create test clients using correct signature scheme

* Fix unsupported ciphersuite test

* Create one mls-test-cli store per signature scheme

* Add MLS_256_DHKEMP384_AES256GCM_SHA384_P384

* Add MLS_256_DHKEMP521_AES256GCM_SHA512_P521

* Fix secp384 signature verification

* Fix x509 credential validation

* Update mls-test-cli to 0.11

* Turn TODO into FUTUREWORK

* Add failing test showing incorrect backend signature

* Store private keys for other signature schemes

* Parse ECDSA private keys

* Encode ECDSA signatures

* Pass removal key correctly to mls-test-cli

* MLSKeys: Move from maps to records for config and public key endpoint

* Adapt to MLSKeys changes in galley

* Move GET /mls/public-keys test to new integration suite

* Remove SignaturePurpose type

* Add golden tests for MLSKeys

The JSON files were generated using the code before this refactoring

* Document new removal key config options

* Test public key endpoint when MLS is not enabled

* Fix galley configmap

* Make withCiphersuite exception-safe

---------

Co-authored-by: Akshay Mankar <akshay@wire.com>
pcapriotti added a commit that referenced this pull request Apr 26, 2024
* New MLS ciphersuites (#3964)

* Add one ECDSA ciphersuite

* Fix ECDSA signature decoding

* Create test clients using correct signature scheme

* Fix unsupported ciphersuite test

* Create one mls-test-cli store per signature scheme

* Add MLS_256_DHKEMP384_AES256GCM_SHA384_P384

* Add MLS_256_DHKEMP521_AES256GCM_SHA512_P521

* Fix secp384 signature verification

* Fix x509 credential validation

* Update mls-test-cli to 0.11

* Turn TODO into FUTUREWORK

* Add failing test showing incorrect backend signature

* Store private keys for other signature schemes

* Parse ECDSA private keys

* Encode ECDSA signatures

* Pass removal key correctly to mls-test-cli

* MLSKeys: Move from maps to records for config and public key endpoint

* Adapt to MLSKeys changes in galley

* Move GET /mls/public-keys test to new integration suite

* Remove SignaturePurpose type

* Add golden tests for MLSKeys

The JSON files were generated using the code before this refactoring

* Document new removal key config options

* Test public key endpoint when MLS is not enabled

* Fix galley configmap

* Make withCiphersuite exception-safe
@echoes-hq echoes-hq bot added echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. labels Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants