Skip to content

Backport New MLS ciphersuites (#3964)#4017

Merged
pcapriotti merged 2 commits intoq1-2024from
pcapriotti/new-mls-ciphersuites-q1
Apr 26, 2024
Merged

Backport New MLS ciphersuites (#3964)#4017
pcapriotti merged 2 commits intoq1-2024from
pcapriotti/new-mls-ciphersuites-q1

Conversation

@pcapriotti
Copy link
Contributor

@pcapriotti pcapriotti commented Apr 25, 2024
edited
Loading

Merge #3964

https://wearezeta.atlassian.net/browse/WPB-7169

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@pcapriotti @akshaymankar
New MLS ciphersuites (#3964)
eb2d182 
* Add one ECDSA ciphersuite

* Fix ECDSA signature decoding

* Create test clients using correct signature scheme

* Fix unsupported ciphersuite test

* Create one mls-test-cli store per signature scheme

* Add MLS_256_DHKEMP384_AES256GCM_SHA384_P384

* Add MLS_256_DHKEMP521_AES256GCM_SHA512_P521

* Fix secp384 signature verification

* Fix x509 credential validation

* Update mls-test-cli to 0.11

* Turn TODO into FUTUREWORK

* Add failing test showing incorrect backend signature

* Store private keys for other signature schemes

* Parse ECDSA private keys

* Encode ECDSA signatures

* Pass removal key correctly to mls-test-cli

* MLSKeys: Move from maps to records for config and public key endpoint

* Adapt to MLSKeys changes in galley

* Move GET /mls/public-keys test to new integration suite

* Remove SignaturePurpose type

* Add golden tests for MLSKeys

The JSON files were generated using the code before this refactoring

* Document new removal key config options

* Test public key endpoint when MLS is not enabled

* Fix galley configmap

* Make withCiphersuite exception-safe

---------

Co-authored-by: Akshay Mankar <akshay@wire.com>
@pcapriotti pcapriotti changed the base branch from develop to q1-2024 April 25, 2024 08:40
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Apr 25, 2024
@pcapriotti pcapriotti merged commit d261683 into q1-2024 Apr 26, 2024
@pcapriotti pcapriotti deleted the pcapriotti/new-mls-ciphersuites-q1 branch April 26, 2024 08:13
@echoes-hq echoes-hq bot added echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. labels Jul 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanwire stefanwire stefanwire approved these changes

Assignees

No one assigned

Labels

echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pcapriotti @stefanwire @zebot